I am running SA 4.0.0-r1823176 on Perl 5.26.2. On a number of domains I
administer, outbound mail triggers the SPF_HELO_FAIL rule - but the
regular SPF check passes. I am struggling to see why this is happening,
as the HELO name is set to the same value as the name of the server/dns
name, it has rDNS - and it clearly passes during the regular SPF check -
but not the SPF_HELO check. I have re-checked the domain settings at
mxtoolbox.com - and there doesn't seem to be any problem. Any ideas please?
# spamassassin -D 2>&1 < /test.eml | grep -i spf
</snip>
Jun 11 08:46:30.177 [5534] dbg: spf: checking to see if the message has
a Received-SPF header that we can use
Jun 11 08:46:30.341 [5534] dbg: spf: using Mail::SPF for SPF checks
Jun 11 08:46:30.342 [5534] dbg: spf: found Envelope-From in first
external Received header
Jun 11 08:46:30.342 [5534] dbg: spf: checking EnvelopeFrom
(helo=mail.sinclair-accounting.co.uk, ip=80.229.84.190,
envfrom=<email_removed>)
Jun 11 08:46:30.519 [5534] dbg: spf: query for
<email_removed>/80.229.84.190/mail.sinclair-accounting.co.uk: result:
pass, comment: , text: Mechanism 'mx' matched
Jun 11 08:46:30.758 [5534] dbg: spf: already checked for Received-SPF
headers, proceeding with DNS based checks
Jun 11 08:46:30.758 [5534] dbg: spf: checking HELO
(helo=mail.sinclair-accounting.co.uk, ip=80.229.84.190)
Jun 11 08:46:30.776 [5534] dbg: spf: query for
<email_removed>/80.229.84.190/mail.sinclair-accounting.co.uk: result:
fail, comment: Please see
http://www.openspf.org/Why?s=helo;id=mail.sinclair-accounting.co.uk;ip=80.229.84.190;r=obelisk.open-t.lan,
text: Mechanism '-all' matched
Jun 11 08:46:30.836 [5534] dbg: spf: def_whitelist_from_spf:
ser...@sinclair-accounting.co.uk is not in DEF_WHITELIST_FROM_SPF
Jun 11 08:46:30.846 [5534] dbg: rules: ran eval rule SPF_PASS ======>
got hit (1)
Jun 11 08:46:30.853 [5534] dbg: rules: ran eval rule SPF_HELO_FAIL
======> got hit (1)