From 65a7d8c381dfb4788ecd5c40a28365acb1f377e1 Mon Sep 17 00:00:00 2001 From: Nigel Metheringham Date: Tue, 12 Feb 2008 12:52:51 +0000 Subject: Integrated SPF Best Guess. Fixes: bug #521 --- doc/doc-txt/ChangeLog | 6 +++++- doc/doc-txt/NewStuff | 9 ++++++++- doc/doc-txt/experimental-spec.txt | 36 +++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3d939c718..6c84133b4 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.543 2008/02/06 18:57:46 fanf2 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.544 2008/02/12 12:52:51 nm4 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -29,6 +29,10 @@ TF/03 Bugzilla 615: When checking the local_parts router precondition does not use the address's named list lookup cache, since this contains cached lookups for the whole local part. +NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by + Robert Millan. Documentation is in experimental-spec.txt + + Exim version 4.69 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index e18d215aa..1470efc92 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/NewStuff,v 1.157 2007/08/23 11:01:49 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/NewStuff,v 1.158 2008/02/12 12:52:51 nm4 Exp $ New Features in Exim -------------------- @@ -8,6 +8,13 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.70 +------------ + + 1. Preliminary SPF Best Guess support. Documentation for this is in + experimental-spec.txt. + + Version 4.68 ------------ diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 15fd247ae..4175173c3 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/experimental-spec.txt,v 1.10 2008/01/16 09:36:19 tom Exp $ +$Cambridge: exim/doc/doc-txt/experimental-spec.txt,v 1.11 2008/02/12 12:52:51 nm4 Exp $ From time to time, experimental features may be added to Exim. While a feature is experimental, there will be a build-time @@ -799,6 +799,9 @@ variables. draft, this header must be added at the top of the header list. Please see section 10 on how you can do this. + Note: in case of "Best-guess" (see below), the convention is + to put this string in a header called X-SPF-Guess: instead. + $spf_result This contains the outcome of the SPF check in string form, one of pass, fail, softfail, none, neutral, err_perm or @@ -808,6 +811,37 @@ variables. This contains a string that can be used in a SMTP response to the calling party. Useful for "fail". +In addition to SPF, you can also perform checks for so-called +"Best-guess". Strictly speaking, "Best-guess" is not standard +SPF, but it is supported by the same framework that enables SPF +capability. Refer to http://www.openspf.org/FAQ/Best_guess_record +for a description of what it means. + +To access this feature, simply use the spf_guess condition in place +of the spf one. For example: + +/* ----------------- +deny message = $sender_host_address doesn't look trustworthy to me + spf_guess = fail +--------------------- */ + +In case you decide to reject messages based on this check, you +should note that although it uses the same framework, "Best-guess" +is NOT SPF, and therefore you should not mention SPF at all in your +reject message. + +When the spf_guess condition has run, it sets up the same expansion +variables as when spf condition is run, described above. + +Additionally, since Best-guess is not standarized, you may redefine +what "Best-guess" means to you by redefining spf_guess variable in +global config. For example, the following: + +/* ----------------- +spf_guess = v=spf1 a/16 mx/16 ptr ?all +--------------------- */ + +would relax host matching rules to a broader network range. 4. SRS (Sender Rewriting Scheme) Support -- cgit v1.2.3