spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Warren <>
Date Tue, 06 Jan 2015 05:21:56 GMT
On 2015-01-05 18:34, Reindl Harald wrote:
> if the envelope-domain has no SPF published and want to verify 
> anything in context of HELO then you can check:
> * does the HELO hostname exist at all
> * does the IP match in both directions
> but you are far away from a SPF_HELO_PASS in context of the incoming 
> mail, frankly it's wrong and unrelated until the envelope sender is 
> not @helo-hostname

You might want to give the SPF specs another read, SPF can optionally 
apply to the HELO/EHLO field., which reads in part:

>     It is RECOMMENDED that SPF verifiers not only check the "MAIL FROM"
>     identity but also separately check the "HELO" identity by applying
>     the check_host() function (Section 4  <>)
to the "HELO" identity as the
>     <sender>.

Since this applies to the HELO/EHLO field separately from the MAIL FROM 
based checks, it is perfectly valid to have a SPF_HELO_PASS even if the 
sending domain has no SPF policy. This is normal and expected behaviour.

Dave Warren

View raw message