This is an old revision of the document!
Table of Contents
Exim4 - Validating SPF
SPF-Checking at SMTP-time
The spf-tools-perl package provides you with a simple daemon, and a simple application which allows you to test that a given IP address may send mail from a particular domain.
apt-get install spf-tools-perl
This needs the exim4-daemon-heavy package installed, and not the light variants of exim.
To perform such a test
spfquery.mail-spf-perl --ip-address 1.2.3.4 --mfrom john@example.com
shows
example.com: Sender is not authorized by default to use 'john@example.com' in 'mfrom' identity (mechanism '-all' matched)
That command showed that the IP address 1.2.3.4 was not permitted to send mail for the domain example.com. By contrast this example shows that the IP address 212.110.179.70 is permitted to send mail from this domain:
spfquery.mail-spf-perl --ip-address 5.42.134.35 --mfrom john@sharewiz.net
shows
Enable this in exim4
Add the following to the file /etc/exim4/conf.d/main/00_local_macros, creating that file if necessary:
CHECK_RCPT_SPF=true
Once you've done that, and applied the change, you'll find that SPF-failures will be rejected at SMTP-time.
update-exim4.conf service exim4 restart