I am running Postfix with Amavisd-maia which in turn uses Mail::SpamAssassin..
I am running SPF checks with Postfix and that works reasonably well
but it fails at catching fake senders in the 'DATA' portion of the
SMTP conversation.
Say my domain is: test.com
the envelope of the message will contain something like:
From: w...@remotedomain.com
and the sending ip/domain will properly pass SPF checking
the 'DATA' portion of the message however will contain a different
from, usually my own domain name:
From: u...@test.com
How do I tell SpamAssassin to run an SPF check against that From:
field and not just analyze the results Postfix added in. I am already
using this configuration variable: ignore_received_spf_header 1 but
it doesn't help at all.
My current debugging output looks like this:
[27379] dbg: spf: ignoring any Received-SPF headers from internal
hosts, by admin setting
[27379] dbg: spf: checking HELO (helo=remotedomain.com, ip=X.X.X.X)
[27379] dbg: spf: query for /X.X.X.X/remotedomain.com: result: pass,
comment: , text: Mechanism 'include:remotedomain.com' matched
[27379] dbg: rules: ran eval rule SPF_HELO_PASS ======> got hit (1)
[27379] dbg: spf: ignoring any Received-SPF headers from internal
hosts, by admin setting
[27379] dbg: spf: checking EnvelopeFrom (helo=remotedomain.com,
ip=X.X.X.X, envfrom=...@remotedomain.com)
[27379] dbg: spf: query for
w...@remotedomain.com/X.X.X.X/remotedomain.com: result: pass, comment:
, text: Mechanism 'include:remotedomain.com' matched
[27379] dbg: rules: ran eval rule SPF_PASS ======> got hit (1)
[27379] dbg: spf: def_whitelist_from_spf: w...@remotedomain.com is not
in DEF_WHITELIST_FROM_SPF
[27379] dbg: spf: whitelist_from_spf: w...@remotedomain.com is not in
user's WHITELIST_FROM_SPF
How do I get SpamAssassin to do an SPF check on the From provided in
the 'DATA' portion ? Is that even possible ?
If not, how do I stop this type of Spam ?
