I had Debian 9 server with exim4-daemon-heavy which supported SPF and DMARC. After upgrade to Debian 11 I see that exim4-daemon-heavy does no longer assume supporting those features. Looks like a bad joke. But maybe I don't know something.
Could you please advice how to use or maybe configure SPF and DMARC support in fresh versions of Exim4 in Debian.
p.s. I mean except building exim4 from sources.
Thank you.
At least in terms of SPF, no, it doesn't.
The wiki page explains:
1.8.2. Why are you not using exim's built-in SPF interface?
exiscan 4.34-22 introduced support for the Sender Policy Framework by means of a spf
ACL condition. We have chosen not to use this command, but implement this functionality in the Debian packages by means of external calls to spfquery
Rationale:
Calling spfquery is a reliable method, because it's the most transparent and easy to debug. It is also the method we have tested more thoroughly and are most experienced with.
We do not want to drag in another library dependency. That would add more potential for bugs and maintenance work than a configuration snippet that is disabled by default.
We haven't verified that all the features of spfquery are available using built-in support as well (in particular, support for X-SPF-Guess header, or the ability to add user extensions that rely on the same checks).
If you'd rather use exiscan's own SPF interface, you need to rebuild exim. The source package offers infrastructure to build your own exim4-daemon-custom with your own feature set.
Perhaps more helpfully, if you would like SPF support it you only need to
# as root
apt install spf-tools-perl
Then, I have a file at /etc/exim4/conf.d/01a_exim4-config_custom into which I put:
# Reject failed SPF
CHECK_RCPT_SPF=true
That variable (macro?) is checked in acl/30_exim4-config_check_rcpt
Nb. if you use the combined file aproach, instead of split config files you'll need to dig for the right place for this. Also remember to run systemctl stop exim4; update-exim4.conf; systemctl start exim4 after editing.
