0

I'm playing with Exim trying to create a mail server for a company, basically i'm able to send email without problem using command line or via localhost. I was trying to set SPF header but I can figure out how, documentation is very low level and i shoud be pointed in the right direction. As you can see in the email's header i have this

Delivered-To: mymail@mail.com
Received: by 10.194.54.131 with SMTP id j3csp145253wjp;
        Sun, 23 Nov 2014 14:04:51 -0800 (PST)
X-Received: by 10.194.189.81 with SMTP id gg17mr28397292wjc.115.1416780291387;
        Sun, 23 Nov 2014 14:04:51 -0800 (PST)
Return-Path: <bounce@mydomain.com>
Received: from mydomain ([2a01:7e00::f03c:91ff:fe89:9bac])
        by mx.google.com with ESMTPS id l17si9093719wiv.106.2014.11.23.14.04.51
        for <mymail@mail.com>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Sun, 23 Nov 2014 14:04:51 -0800 (PST)
Received-SPF: fail (google.com: domain of bounce@mydomain.com does not designate 2a01:7e00::f03c:91ff:fe89:9bac as permitted sender) client-ip=2a01:7e00::f03c:91ff:fe89:9bac;
Authentication-Results: mx.google.com;
       spf=fail (google.com: domain of bounce@mydomain.com does not designate 2a01:7e00::f03c:91ff:fe89:9bac as permitted sender) smtp.mail=bounce@mydomain.com
Received: from root by mydomain with local (Exim 4.76)
    (envelope-from <bounce@mydomain.com>)
    id 1XsfH1-00032X-53
    for mymail@mail.com; Sun, 23 Nov 2014 22:04:51 +0000
Subject: subject2
From: EmailControls <bounce@mydomain.com>
To: <mymail@mail.com>
X-Mailer: mail (GNU Mailutils 2.2)
Message-Id: <E1XsfH1-00032X-53@mydomain>
Date: Sun, 23 Nov 2014 22:04:51 +0000

body mail

in this case the email was delivered to a gmail account. I never touched the SPF configuration so I think it's normal it does not pass. I know i have to set some txt record into my DNS but I don't know how to manage the SPF configuration in Exim. Thank you

Mattia Lipreri
  • 103
  • 1
  • 4

2 Answers2

4

You don't touch postfix; from an SPF point of view, that would only be relevant to incoming mail. For outgoing mail, set the DNS record correctly - you may find this question and answer to be of use - and let others worry about the headers.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • So for outcoming email i just need to set DNS record correctly. For example if mydomain.com with ip x is just used to send email i have to set this: "v=spf1 a a:y ip4:y ~all" where y is the ip of my outcoming server (i'using exim4). is it correct? thank you – Mattia Lipreri Nov 24 '14 at 10:31
  • The details of your particular SPF record are off-topic for SF, being a duplicate of the (linked) canonical question on the subject. However, assuming the server Y is the only one that sends mail from your domain, yes, that looks OK, if a little redundant. I would **strongly** encourage you to use a record that ends `-all` not `~all`; again, see the linked answer for more detail. – MadHatter Nov 24 '14 at 10:38
3

You can't configure the SPF header. The header you show is added by Google after looking up your SPF records. You can however, configure you server so it will show an SPF pass. I have written an article on Securing your Email Reputation with SPF. Once you get all this working look at DKIM and DMARC.

I see a few problems. It appears you have IPv6 enabled, so you want to bind exim to a static IPv6 address, and configure DNS appropriately. (IP addresses and domains are documentation examples. Edit accordingly.)

  • Ensure you have a fixed IPv4 address for your mail server.
  • Configure a fixed IPv6 address on your server (2001:DB8::25).
  • Pick a suitable name for your SMTP server (smtp.example.com).
  • Get the PTR records for both addresses configured to return the SMTP name. (This will likely be in the control of your ISP / Network Provider.)
  • Add an AAAA DNS record for the IPv6 address and an A record for the IPv4 record
  • Add an SPF TXT DNS record 'v=spf1 a -all' to both of the above addresses.
  • Configure Exim to bind to the addresses (interface = <; 192.0.2.25 ; 2001:DB8::25; ::1).
  • Configure Exim to use the specified domain (primary_hostname = smtp.example.com).
  • Send a test message from you@smtp.example.com and check the headers. Get this working before you proceed.
  • Configure the abuse and postmaster addresses to deliver email to you.
  • Send a test message to postmaset@smtp.example.com and verify it. Get this working before proceeding.
  • If this is to be the incoming server for the company, change the MX record on example.com to smtp.example.com.
  • Get the company policy set so that all mail using the company domain must come from approved servers. (Pass through this server, or other listed MX servers.)
  • Configure an SPF TXT DNS record for the main domain (example.com) such as vspf1 ipv4:192.0.2.25 ipv6:2001:DB8::25 mx -all.

Study the RFCs and other relevant documentation. I have more information on my blog starting with a rant on Running and Email Server. I have several other EMail articles some of which are Exim specific.


BillThor
  • 27,354
  • 3
  • 35
  • 69