Mailing List Archive

spf info in the "Authentication-Results:" header?
Dear Colleagues,

I have the following configuration:

acl_smtp_dkim = acl_check_dkim
begin acl
acl_check_dkim:
accept add_header = :at_start:${authresults {$primary_hostname}}

However I see only the iprev= and dkim= results in the resulting
"Authentication-Results:" header. What and where should I add to also
see the SPF results there?

On another box elsewhere, I have an "spf = fail" check in
acl_check_mail, but on this box, I don't want to block incoming mail on
SPF failure, I just want the result of SPF validation to appear in the
"Authentication-Results".

--
Victor Sudakov VAS4-RIPE
http://vas.tomsk.ru/
2:5005/49@fidonet

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: spf info in the "Authentication-Results:" header? [ In reply to ]
SPF is not 'authentication', its a separate framework for dealing with
Sender Policy, hence the name Sender Policy Framework ;-)

I log SPF results on my public mail relays from the 'acl_check_mail'
like this:


acl_check_mail:

        #
        # log the SPF result
        #
        warn    spf = !none
                logwrite = MAIL: SPF Result=$spf_result
($sender_address_domain / $sender_fullhost)


... you can adapt it to add headers instead.


Mike



On 06/04/2021 03:32, Victor Sudakov via Exim-users wrote:
> Dear Colleagues,
>
> I have the following configuration:
>
> acl_smtp_dkim = acl_check_dkim
> begin acl
> acl_check_dkim:
> accept add_header = :at_start:${authresults {$primary_hostname}}
>
> However I see only the iprev= and dkim= results in the resulting
> "Authentication-Results:" header. What and where should I add to also
> see the SPF results there?
>
> On another box elsewhere, I have an "spf = fail" check in
> acl_check_mail, but on this box, I don't want to block incoming mail on
> SPF failure, I just want the result of SPF validation to appear in the
> "Authentication-Results".
>


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: spf info in the "Authentication-Results:" header? [ In reply to ]
On 06/04/2021 03:32, Victor Sudakov via Exim-users wrote:
> acl_smtp_dkim = acl_check_dkim
> begin acl
> acl_check_dkim:
> accept add_header = :at_start:${authresults {$primary_hostname}}
>
> However I see only the iprev= and dkim= results in the resulting
> "Authentication-Results:" header. What and where should I add to also
> see the SPF results there?
>
> On another box elsewhere, I have an "spf = fail" check in
> acl_check_mail, but on this box, I don't want to block incoming mail on
> SPF failure, I just want the result of SPF validation to appear in the
> "Authentication-Results".
>

Doing an spf verify operation (either by using an ACL "spf" condition or
by using an spf lookup string-expansion) records info that the
authresults expansion can incorporate. You do not need to take any
action (specifically, you do not need to reject the message) as a
result of doing the spf verify; a warn verb (with no message...)
would do the job.


Your use of the dkim acl for adding the auth-results header will
go wrong when there are multiple or no dkim signatures. Use the
data acl instead.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/