1) Apply the patch. 2) Add the following to your Local/Makefile: SUPPORT_SRS=yes SUPPORT_SPF=yes EXTRALIBS_EXIM=-L -L -lspf2 -lsrs2 3) Build. 4) Add the following global configuration variables to exim.conf. All variables are optional, except where stated: spf_debug_level (int) The verbosity of the debug messages output by libspf2. spf_default_explaination (string) A quick explaination as to why a message may have been rejected. spf_dns_cache_bits (int) The number of bits used by libspf2s caching DNS client. spf_local_record (string) An SPF record which is inserted into ALL spf records processed, this allows you to accept mail from a backup MX. spf_use_default_whitelist (bool) Enables a simple whitelist built into libspf2 srs_alwaysrewrite (bool) If true, perform SRS rewriting for ALL forwarding, even when not required. srs_domain (string) A domain to use in rewritten addresses. This must point only to machines which know the encoding secret used by this system. It defaults to [something sensible]. srs_hashlength (int) The hash length to generate in a rewritten address. srs_hashmin (int) The hash length to require when checking an address. srs_maxage (int) The maximum permitted age of a rewritten address. hide srs_secrets (string) [required] A list of secrets with which to generate and check addresses. srs_separator (string) The separator to appear immediately after SRS[01] in rewritten addresses. See http://www.libsrs2.org/ and http://www.libspf2.org/ for more information about the meaningof these variables. They are standard across MTAs. 5) Add the following parameters to routers in exim.conf: forwarding_router: driver = redirect srs = forward data = ... [or file =, as usual] srs_router: driver = redirect srs = reverse data = ${srs_recipient} condition = ... [if desired] 6) Add the following parameters to your acls in exim.conf: acl_check_mail: drop spf=fail 7) Add the following parameter into the main section in exim.conf acl_smtp_mail = acl_check_mail 8) Sit back, relax, and enjoy