So while the rest of the team are having a knees-up at the 62nd IETF in Minneapolis, I’m quietly implementing CSA for Exim. There’s about 450 lines of reasonably straightforward new code to do this. You can now say something like the following in an ACL to reject any hosts which are not authorized.
require verify = csa
In addition to that, the
dnsdb lookup type will also handle CSA records. A straight SRV lookup isn’t enough because CSA also involves a search for a site policy record. The dnsdb CSA lookup also does some extra checking and pretty-prints the contents of the CSA record for extra friendliness.
There are a few more details to the implementation which I will be writing down tomorrow when I get stuck into the documentation. That will be after the code has been tested (as opposed to just compiled).