Since I am using spamassassin via MailScanner, I dug into my config files more (took a while) I found an option in spam.assassin.prefs.conf called envelope_sender_header that was not set properly, now all SPF checks work...
As for the scores, score of 0 for PASS makes perfect sense, but a FAIL should receive at least the same score as a SOFTFAIL, because a FAIL means the email is definately from a forged sender (on the other hand the FAIL may be because the person who created the SPF records had no idea what they were doing)... catch 22.... oh well.... > Brian Taber wrote: >> I am using spamassassin 3.0.4-1 with MailScanner. I have 2 >> questions/issues about SPF checks. >> >> It seams that SA is only doing HELO SPF checks (I didn't even know those >> existed till now) and not actual checks on the from addresses. Is this >> a >> config issue? I would like to enable these. I can't fing any config >> options pertaining to this... >> >> The second is about the scores assigned to SPF failures. >> SPF_HELO_SOFTFAIL >> has a score of 3.140 (so if the provider has ~all in their SPF record, >> they aren't really sure if their SPF record covers all of their servers, >> you get SOFTFAIL), but SPF_HELO_FAIL has a score of 0.001 (the provider >> has -all in their SPF record, sure their SPF record covers all of their >> servers, you get FAIL). >> >> Am I missing something? >> >> >> Brian > > SA 3.0.x won't do "regular" SPF checks if the message is passed through > any trusted hosts (the top most header passed to SA must be the first > trusted host). There's an option in 3.1 to override this. > > So if SA isn't running on your border MX then you won't see any of these > SPF checks. If it is running on your border MX then either your > trusted_networks aren't set correctly or there is something else > happening I've yet to see. > > Of course running a message through SpamAssassin (on the same host that > normally runs SA) with debugging enabled will probably tell you why the > check isn't being done (if it's a message that should hit an SPF test). > > > Daryl > >
