https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8280
--- Comment #6 from Bill Cole <billc...@apache.org> --- (In reply to William Herrin from comment #3) > Howdy, > > My resolver does TCP fallback fine, as evidenced by the successful "dig" > command. Dig sidesteps the system resolver and does DNS on its own without looking at nsswitch or resolv.conf. > Does the SPF module successfully do TCP fallback? Well, it does on the 3 machines I've tested this on, because it relies on Net::DNS which is at v1.46 on all of them. That does not guarantee that the version on your system will. You can get (LOTS) more details on what SA thinks it is doing here by adding "-D spf,dns" to the spamassassin command line. In the resulting spew of information, each DNS query will have a line like this: Sep 24 16:54:20.805 [98443] dbg: dns: providing a callback for id: 8883/IN/TXT/overdrive.com And an answer later in the scan with the same id followed by a SPF line, like these: Sep 24 16:54:20.814 [98443] dbg: dns: dns reply 8883 is OK, 18 answer records Sep 24 16:54:20.826 [98443] dbg: spf: query for donotre...@overdrive.com/207.54.136.3/postfix1c.hq.overdrive.com: result: pass, comment: , text: Mechanism 'ip4:207.54.136.3' matched Of course, those are from a successful scan, but you will at least have the 'callback' line when the query is issued and *something* with the same ID later. That will hopefully provide a useful clue. -- You are receiving this mail because: You are the assignee for the bug.