I just noticed you added me to the commiter list in the SVN. Given that I
resolved your style concerns with the previous patch, I'll assume this gives me
implicit permission to check it in (let me know if anything else needs tweaking
in that part).
As promised, I'll monitor pkg-exim4-maintainers, responding to queries about
SPF support, and provide a solution in case one of the changes introduced by me
was buggy or inadequate.
Thanks!
On Thu, Jul 20, 2006 at 08:40:45AM +0200, Robert Millan wrote:
> diff -ur exim4-4.62.old/debian/control exim4-4.62/debian/control
> --- exim4-4.62.old/debian/control 2006-07-14 21:19:12.000000000 +0200
> +++ exim4-4.62/debian/control 2006-07-19 16:10:42.000000000 +0200
> @@ -13,7 +13,7 @@
> Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy,
> exim4-daemon-custom
> Depends: ${shlibs:Depends}, cron (>=3.0pl1-42), ${misc:Depends},
> exim4-config (>=4.30) | exim4-config-2, adduser, netbase
> Recommends: psmisc
> -Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, gnutls-bin
> +Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, gnutls-bin,
> libmail-spf-query-perl
> Description: support files for all exim MTA (v4) packages
> Exim (v4) is a mail transport agent. exim4-base provides the support
> files needed by all exim4 daemon packages. You need an additional package
> diff -ur exim4-4.62.old/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
> exim4-4.62/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
> --- exim4-4.62.old/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
> 2006-07-14 21:19:12.000000000 +0200
> +++ exim4-4.62/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
> 2006-07-19 19:17:09.000000000 +0200
> @@ -208,6 +208,25 @@
> .endif
>
>
> + # Use spfquery to perform a pair of SPF checks (for details, see
> http://www.openspf.org/)
> + #
> + # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do
> not
> + # enable if this is an issue.
> + .ifdef CHECK_RCPT_SPF
> + deny
> + message = [SPF] $sender_host_address is not allowed to send mail from
> $sender_address_domain. \
> + Please see
> http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
> + log_message = SPF check failed.
> + condition = ${run{/usr/bin/spfquery -ip=$sender_host_address
> -sender=<$sender_address> -helo=$sender_helo_name}{no}{${if eq
> {$runrc}{1}{yes}{no}}}}
> +
> + warn
> + message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
> {$runrc}{1}{fail}{${if eq {$runrc}{2}{softfail}{${if eq
> {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq
> {$runrc}{6}{none}{error}}}}}}}}}}}}
> +
> + # Support for best-guess (see http://www.openspf.org/developers-guide.html)
> + warn
> + message = X-SPF-Guess: ${run{/usr/bin/spfquery -ip=$sender_host_address
> -sender=<$sender_address> -helo=$sender_helo_name -guess=true}{pass}{${if eq
> {$runrc}{1}{fail}{${if eq {$runrc}{2}{softfail}{${if eq
> {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq
> {$runrc}{6}{none}{error}}}}}}}}}}}}
> + .endif
> +
> # Check against classic DNS "black" lists (DNSBLs) which list
> # sender IP addresses
> .ifdef CHECK_RCPT_IP_DNSBLS
> diff -ur exim4-4.62.old/debian/README.Debian.xml
> exim4-4.62/debian/README.Debian.xml
> --- exim4-4.62.old/debian/README.Debian.xml 2006-07-14 21:19:12.000000000
> +0200
> +++ exim4-4.62/debian/README.Debian.xml 2006-07-19 16:45:15.000000000
> +0200
> @@ -1828,58 +1828,6 @@
> </para>
> </answer>
> </qandaentry>
> - <qandaentry>
> - <question>
> - <para>Why are you not supporting SPF?</para>
> - </question>
> - <answer>
> - <para>
> - exiscan 4.34-22 introduced support for the <ulink
> - url="http://spf.pobox.com";>Sender Policy Framework</ulink>?
> - by means of a <command>spf</command> ACL condition. This
> - functionality is currently not included in the official
> - Debian packages.
> - </para>
> - <para>
> - Rationale:
> - <itemizedlist>
> - <listitem>
> - <simpara>
> - IMHO, SPF has not reached the necessary amount of
> - standardization and acceptance for inclusion in a
> - Debian/stable release, it is still in flux.
> - </simpara>
> - </listitem>
> - <listitem>
> - <simpara>
> - I do not want to drag in another library dependency.
> - </simpara>
> - </listitem>
> - <listitem>
> - <simpara>
> - Checking with <ulink
> -
> url="http://packages.debian.org/libmail-spf-query-perl";>spfd</ulink>
> - instead of exiscan's spf-condition offers the same
> - functionality, AFAICT.
> - </simpara>
> - </listitem>
> - <listitem>
> - <simpara>
> - SpamAssassin 3.0+ includes SPF support.
> - </simpara>
> - </listitem>
> - <listitem>
> - <simpara>
> - I do not want to encourage SPF because I am not
> - convinced of its benefits. (Discussion and links on
> - benefits and downsides of SPF are not listed here
> - intentionally.)
> - </simpara>
> - </listitem>
> - </itemizedlist>
> - </para>
> - </answer>
> - </qandaentry>
> </qandaset>
> </section>
>
--
Robert Millan
My spam trap is [EMAIL PROTECTED] Note: this address is only intended for
spam harvesters. Writing to it will get you added to my black list.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
