after a few days respite from spam, it started up again. the SPF check was obviously failing still, but exim4 let it sail on through. to figure out why, I had to run it with the -bhc switches and look at the output.

turns out that the spammers had wised up to the SPF check and added the needed records to their domains. but they did it wrong (for their purposes anyway) and put -all at the end. so the check failed with permerror instead of a simple fail.

the fix: I had to dig into the bowels of the ACLs, specifically /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt, and change if eq {$runrc} {1} to if inlist {$runrc}{1:4}.

let's see how long before they figure this one out.

Back to blog or home page

last updated 2017-02-21 13:43:19. served from tektonic.jcomeau.com