On 05.05.22 18:01, Alex wrote:
I'm trying to understand why some domains are not whitelisted even
though they pass SPF and are in my local welcomelist_auth entries. I'm
using policyd-spf with postfix, and it appears to be adding the
following header:
X-Comment: SPF skipped for whitelisted relay domain -
client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com;
envelope-from=re...@support.meridianlink.com; receiver=<UNKNOWN>
you seem to have domain listed in whitelist policyd-spf whitelist.
salesforce.com probably?
I'm not sure if this is needed, policyd-spf could add Received-SPF: header
that SA could use (and avoid duplicate lookups)
I realize this may not necessarily be directly related to SA, but it's
apparently affecting my ability to process SPF headers with
amavisd/SA, and I hoped someone could help.
What's happening where the mail passes SPF but still bypasses my
welcomelist entries? My skip_addresses list doesn't include this
particular IP:
skip_addresses =
139.138.56.0/24,127.0.0.0/8,::ffff:127.0.0.0/104,::1,52.128.98.0/24,74.203.184.0/24,74.200.60.0/24,209.222.82.0/24,12.15.90.10
My welcomelist entry in SA for this specific email is as:
welcomelist_auth re...@support.meridianlink.com
is this in spamassassin's local.cf ?
The amavisd headers show it passed SPF:
Return-Path: <re...@support.meridianlink.com>
X-Spam-Status: No, score=-2.491 tagged_above=-200 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, EXTRACTTEXT=0.001,
FMBLA_HELO_OUTMX=-0.01, FMBLA_RDNS_OUTMX=-0.01,
HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1,
LOC_IMGSPAM=0.1, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_SENDERSCORE_90_100=-0.6, RELAYCOUNTRY_US=0.01,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TXREP=0.016] autolearn=disabled
This one didn't need to be added to the welcomelist, but others do.
The last header received before reaching our server is as:
Received: from smtp14-ph2-sp4.mta.salesforce.com
(smtp14-ph2-sp4.mta.salesforce.com [13.110.6.221])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail01.example.com (Postfix) with ESMTPS id 5FC7010024E93
for <ade...@example.com>; Thu, 5 May 2022 12:01:59 -0400 (EDT)
salesforce is also listed in their SPF record:
$ dig +short txt support.meridianlink.com
"v=spf1 include:spf.protection.outlook.com include:_spf.salesforce.com -all"
SPF_PASS idicates that the SPF hit.
however, posting full headers could help us a bit.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
