spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Warren <da...@hireahit.com>
Subject Re: SPF_HELO_PASS,SPF_NONE
Date Tue, 06 Jan 2015 05:21:56 GMT
On 2015-01-05 18:34, Reindl Harald wrote:
>
> if the envelope-domain has no SPF published and want to verify 
> anything in context of HELO then you can check:
>
> * does the HELO hostname exist at all
> * does the IP match in both directions
>
> but you are far away from a SPF_HELO_PASS in context of the incoming 
> mail, frankly it's wrong and unrelated until the envelope sender is 
> not @helo-hostname

You might want to give the SPF specs another read, SPF can optionally 
apply to the HELO/EHLO field. 
https://tools.ietf.org/html/rfc7208#section-2.3, which reads in part:

>     It is RECOMMENDED that SPF verifiers not only check the "MAIL FROM"
>     identity but also separately check the "HELO" identity by applying
>     the check_host() function (Section 4  <https://tools.ietf.org/html/rfc7208#section-4>)
to the "HELO" identity as the
>     <sender>.

Since this applies to the HELO/EHLO field separately from the MAIL FROM 
based checks, it is perfectly valid to have a SPF_HELO_PASS even if the 
sending domain has no SPF policy. This is normal and expected behaviour.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


Mime
View raw message