On 8/31/2006 11:33 AM, Rosenbaum, Larry M. wrote:
SpamAssassin version 3.1.4
running on Perl version 5.8.7 (and 5.8.5)
Any idea why a message with the following headers:
X-Envelope-From: <[EMAIL PROTECTED]>
Received: from mail.ans.org (mail.ans.org [206.222.45.53])
by emroute1.ornl.gov (PMDF V6.2-1x9 #31038)
with ESMTP id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED]
(ORCPT [EMAIL PROTECTED]); Wed, 30 Aug 2006 11:51:52 -0400 (EDT)
Received: from GWDOMAIN-MTA by mail.ans.org with Novell_GroupWise;
Wed,
30 Aug 2006 10:49:21 -0500
would get the following hits:
* 1.4 SPF_SOFTFAIL SPF: sender does not match SPF record
(softfail)
* [SPF failed: ]
* 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
(softfail)
* [SPF failed: ]
I see no SPF records for ans.org or mail.ans.org.
A message sent 14 minutes earlier with the same IP address, HELO address
and return address did not hit these SPF rules.
(note: usernames munged with xxxxxx and yyyyyy)
I noticed this a few months ago and forgot all about it. :(
This happens when DNS queries timeout as the plugin defaults to SOFTFAIL
per the recommendation of the then current draft. I'm not sure what the
current experimental RFC says about it, but regardless, we really need
to assume that the domain isn't publishing SPF records.
See bug 5077 for status on this bug.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5077
Daryl
