Chris Purves wrote:
Chris Purves wrote:
I am not getting SPF_ hits for most messages that I expect should pass
SPF. On one message when I run through spamassassin with debug I see:
[5959] dbg: spf: checking HELO (helo=, ip=66.111.4.28)
[5959] dbg: spf: cannot get HELO, cannot use SPF
[5959] dbg: spf: checking EnvelopeFrom (helo=, ip=66.111.4.28,
[EMAIL PROTECTED])
[5959] dbg: spf: cannot get HELO, cannot use SPF
The received header looks like:
Received: from out4.smtp.messagingengine.com ([66.111.4.28])
by aurora.northfolk.ca with esmtp (Exim 4.50)
id 1FCneI-0001Q8-Hs
for [EMAIL PROTECTED]; Sat, 25 Feb 2006 08:51:09 +0800
I found another clue...
In one of my e-mails sent to this list, the header shows:
X-Spam-Report:
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* -1.3 AWL AWL: From: address is in the auto white-list
But if I run the same message from a user account with spamassassin -t <
... I get:
-100 USER_IN_WHITELIST From: address is in the user's white-list
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
-0.0 SPF_PASS SPF: sender matches SPF record
It looks like SPF and whitelisting (I have spamassassin set in
whitelist_from_rcvd) are not being run when SA is called from exim, but
it works when calling spamassassin manually.
Any suggestions?
I believe I have found what is causing the problem, but don't yet know
how to fix it.
I added "-D spf" to spamd options. In spamd.log I see:
Mon Feb 27 11:44:32 2006 [20290] info: spamd: connection from
localhost.localdomain [127.0.0.1] at port 58443
Mon Feb 27 11:44:32 2006 [20290] info: spamd: processing message
<[EMAIL PROTECTED]> for Debian-exim:102
Mon Feb 27 11:44:32 2006 [20290] dbg: spf: checking HELO
(helo=mail.apache.org,ip=209.237.227.199)
Mon Feb 27 11:44:32 2006 [20290] dbg: spf: query for
/209.237.227.199/mail.apache.org: result: none, comment: SPF: domain of
sender mail.apache.org does not designate mailers
Mon Feb 27 11:44:32 2006 [20290] dbg: spf: cannot get Envelope-From,
cannot use SPF
Mon Feb 27 11:44:32 2006 [20290] dbg: spf: def_spf_whitelist_from: could
not find useable envelope sender
Mon Feb 27 11:44:32 2006 [20290] dbg: spf: spf_whitelist_from: could not
find useable envelope sender
Mon Feb 27 11:44:40 2006 [20290] info: spamd: clean message (0.1/5.0)
for Debian-exim:102 in 7.8 seconds, 3480 bytes.
Mon Feb 27 11:44:40 2006 [20290] info: spamd: result: . 0 -
FORGED_RCVD_HELO
scantime=7.8,size=3480,user=Debian-exim,uid=102,required_score=5.0,rhost=localhost
.localdomain,raddr=127.0.0.1,rport=58443,mid=<[EMAIL PROTECTED]>,aut
olearn=unavailable
Mon Feb 27 11:44:40 2006 [20280] info: prefork: child states: II
The I run "sudo -u Debian-exim spamc < ..." on the same message. This
is what is in spamd.log:
Mon Feb 27 11:48:50 2006 [20290] info: spamd: connection from
localhost.localdomain [127.0.0.1] at port 58451
Mon Feb 27 11:48:50 2006 [20290] info: spamd: processing message
<[EMAIL PROTECTED]> for Debian-exim:102
Mon Feb 27 11:48:50 2006 [20290] dbg: spf: checking HELO
(helo=mail.apache.org,ip=209.237.227.199)
Mon Feb 27 11:48:51 2006 [20290] dbg: spf: query for
/209.237.227.199/mail.apache.org: result: none, comment: SPF: domain of
sender mail.apache.org does not designate mailers
Mon Feb 27 11:48:51 2006 [20290] dbg: spf: checking EnvelopeFrom
(helo=mail.apache.org, ip=209.237.227.199,
[EMAIL PROTECTED])
Mon Feb 27 11:48:51 2006 [20290] dbg: spf: query for
[EMAIL PROTECTED]/209.237.227.199/mail.apache.org:
result: pass, comment: Please see
http://spf.pobox.com/why.html?sender=users-return-38258-chris%3Dnorthfolk.ca%40spamassassin.apache.org&ip=209.237.227.199&receiver=aurora.northfolk.ca:
spamassassin.apache.org MX mail.apache.org A 209.237.227.199
Mon Feb 27 11:48:51 2006 [20290] dbg: spf: def_whitelist_from_spf:
[EMAIL PROTECTED] is not in
DEF_WHITELIST_FROM_SPF
Mon Feb 27 11:48:51 2006 [20290] dbg: spf: whitelist_from_spf:
[EMAIL PROTECTED] is not in
user's WHITELIST_FROM_SPF
Mon Feb 27 11:49:03 2006 [20290] info: spamd: clean message (-99.9/5.0)
for Debian-exim:102 in 12.7 seconds, 4019 bytes.
Mon Feb 27 11:49:03 2006 [20290] info: spamd: result: . -99 -
AWL,FORGED_RCVD_HELO,SPF_PASS,USER_IN_WHITELIST
scantime=12.7,size=4019,user=Debian-exim,uid=102,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=58451,mid=<4
[EMAIL PROTECTED]>,autolearn=unavailable
Mon Feb 27 11:49:03 2006 [20280] info: prefork: child states: II
So...when called by exim, spamc cannot find EnvelopeFrom, but when
called by me after the message has been delivered it can find
EnvelopeFrom and complete the SPF check. I expect this is also the
reason that whitelist_from_rcvd doesn't work.
What spamc calls EnvelopeFrom is the top header of the message:
Return-path: <[EMAIL PROTECTED]>
I am guessing that exim calls spamc before it adds this header so that
spamc has less information to work with than when running the tests.
I'm sorry for the very long e-mail...I hope someone has a suggestion as
to what I can do now. I am using sa-exim inbetween exim and SA.
--
Good day, eh.
Chris
