diff options
author | tv <tv@krebsco.de> | 2022-12-07 19:51:13 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-12-07 19:51:13 +0100 |
commit | e1988655a3a6cbc785bacd3a75595a12de81aa77 (patch) | |
tree | 7e39f11b6b538728c7aec1d21e76d130618ea63a /krebs/3modules | |
parent | 9bcce729ef7de715cfcd61dfe1146d126878d48f (diff) |
Revert "Revert "exim-smarthost: check SPF""
This reverts commit 2eb33e60b45c2b37d51a57b0fbe4a023861a7429.
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 38cc828bb..5923b610d 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -126,8 +126,9 @@ let domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -179,6 +180,36 @@ let accept + acl_check_mail: + accept + sender_domains = +sender_domains + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received begin routers |