diff options
| author | Robert Millan <rmh@debian.org> | 2006-07-20 16:37:19 +0000 |
|---|---|---|
| committer | Robert Millan <rmh@debian.org> | 2006-07-20 16:37:19 +0000 |
| commit | b76b0d1f0b3dba29283eea95ea8d354eeb1b42b9 (patch) | |
| tree | f45ed071c0001bc6bd91f92134ef75e8ec268882 | |
| parent | 1cfc42d9fbc34b4956f657b5fc0a86d3cb694f3f (diff) | |
| download | exim4-b76b0d1f0b3dba29283eea95ea8d354eeb1b42b9.tar.gz | |
* Add (disabled) template to check SPF. Add libmail-spf-query-perl to
Suggests, and remove Q/A about SPF from README.Debian. (rm) Closes: #290464
svn path=/exim/trunk/; revision=1504
| -rw-r--r-- | debian/README.Debian.xml | 52 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/debconf/conf.d/acl/30_exim4-config_check_rcpt | 23 |
4 files changed, 26 insertions, 53 deletions
diff --git a/debian/README.Debian.xml b/debian/README.Debian.xml index b917699..6154ad7 100644 --- a/debian/README.Debian.xml +++ b/debian/README.Debian.xml @@ -1852,58 +1852,6 @@ commands rmail rnews rsmtp </para> </answer> </qandaentry> - <qandaentry> - <question> - <para>Why are you not supporting SPF?</para> - </question> - <answer> - <para> - exiscan 4.34-22 introduced support for the <ulink - url="http://spf.pobox.com">Sender Policy Framework</ulink>? - by means of a <command>spf</command> ACL condition. This - functionality is currently not included in the official - Debian packages. - </para> - <para> - Rationale: - <itemizedlist> - <listitem> - <simpara> - IMHO, SPF has not reached the necessary amount of - standardization and acceptance for inclusion in a - Debian/stable release, it is still in flux. - </simpara> - </listitem> - <listitem> - <simpara> - I do not want to drag in another library dependency. - </simpara> - </listitem> - <listitem> - <simpara> - Checking with <ulink - url="http://packages.debian.org/libmail-spf-query-perl">spfd</ulink> - instead of exiscan's spf-condition offers the same - functionality, AFAICT. - </simpara> - </listitem> - <listitem> - <simpara> - SpamAssassin 3.0+ includes SPF support. - </simpara> - </listitem> - <listitem> - <simpara> - I do not want to encourage SPF because I am not - convinced of its benefits. (Discussion and links on - benefits and downsides of SPF are not listed here - intentionally.) - </simpara> - </listitem> - </itemizedlist> - </para> - </answer> - </qandaentry> </qandaset> </section> diff --git a/debian/changelog b/debian/changelog index 5d149ac..1da71c3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -26,6 +26,8 @@ exim4 (4.62-2.0) UNRELEASED; urgency=low Thanks to Robert Millan. Closes: #378581 * Note in README.Debian that other parts of the Debian system might give outdated and/or wrong advice. See #378684, #378685. + * Add (disabled) template to check SPF. Add libmail-spf-query-perl to + Suggests, and remove Q/A about SPF from README.Debian. (rm) Closes: #290464 -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 19 Jul 2006 15:43:21 +0200 diff --git a/debian/control b/debian/control index 51ed073..d76db13 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,7 @@ Conflicts: exim, exim-tls, exim4-daemon-light (<<${Upstream-Version}), exim4-dae Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy, exim4-daemon-custom Depends: ${shlibs:Depends}, cron (>=3.0pl1-42), ${misc:Depends}, exim4-config (>=4.30) | exim4-config-2, adduser, netbase Recommends: psmisc -Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, gnutls-bin +Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, gnutls-bin, libmail-spf-query-perl Description: support files for all exim MTA (v4) packages Exim (v4) is a mail transport agent. exim4-base provides the support files needed by all exim4 daemon packages. You need an additional package diff --git a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt index 6c26175..3d706e4 100644 --- a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt @@ -208,6 +208,29 @@ acl_check_rcpt: .endif + # Use spfquery to perform a pair of SPF checks (for details, see http://www.openspf.org/) + # + # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not + # enable if that's an issue. + .ifdef CHECK_RCPT_SPF + deny + message = [SPF] $sender_host_address is not allowed to send mail from $sender_address_domain. \ + Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address + log_message = SPF check failed. + condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\ + {no}{${if eq {$runrc}{1}{yes}{no}}}} + + warn + message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{1}{fail}{${if eq {$runrc}{2}{softfail}\ + {${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}}} + + # Support for best-guess (see http://www.openspf.org/developers-guide.html) + warn + message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\ + {pass}{${if eq {$runrc}{1}{fail}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\ + {${if eq {$runrc}{6}{none}{error}}}}}}}}}}}} + .endif + # Check against classic DNS "black" lists (DNSBLs) which list # sender IP addresses .ifdef CHECK_RCPT_IP_DNSBLS |