spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bowie Bailey <Bowie_Bai...@BUC.com>
Subject SPF confusion
Date Wed, 15 Jul 2015 19:52:32 GMT
I am trying to use whitelist_auth to whitelist emails from 
staplesbilling.com.  This should work, as they have an SPF record:

$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.rrdesp.com a +short
162.27.43.121
162.27.247.118
162.27.247.119
162.27.247.120
162.27.247.121
162.27.43.107
162.27.43.118
162.27.43.119
162.27.43.120

But SA seems to be trying to find an SPF record for the connecting 
server rather than for the sending domain.

dbg: spf: checking to see if the message has a Received-SPF header that 
we can use
dbg: spf: using Mail::SPF for SPF checks
dbg: spf: checking HELO (helo=sr03a.SMTPNA11.rrdesp.com, ip=162.27.43.120)
dbg: spf: query for /162.27.43.120/sr03a.SMTPNA11.rrdesp.com: result: 
none, comment: , text: No applicable sender policy available
dbg: spf: already checked for Received-SPF headers, proceeding with DNS 
based checks
dbg: spf: relayed through one or more trusted relays, cannot use 
header-based Envelope-From, skipping
dbg: spf: def_spf_whitelist_from: already checked spf and didn't get 
pass, skipping whitelist check
dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, 
skipping whitelist check

Why is it looking for an SPF record for rrdesp.com?  That is the sending 
server, shouldn't it be using the domain from the From or Envelope-From 
instead?  This SPF check looks backwards to me.  Am I missing something?

-- 
Bowie

Mime
View raw message