Hello,
I'm running 2 mail servers where one is a backup server in case the
primary is unreachable. Both are set to include the SPF result in the
mail header. I have put these rules into my local.cf file.
#Check for SPF headers
header LOCAL_SPF_PASS Received-SPF =~ /^pass/
header LOCAL_SPF_NEUTRAL Received-SPF =~ /^neutral/
header LOCAL_SPF_SOFTFAIL Received-SPF =~ /^softfail/
header LOCAL_SPF_FAIL Received-SPF =~ /^fail/
score LOCAL_SPF_PASS -0.001
score LOCAL_SPF_NEUTRAL 2.500
score LOCAL_SPF_SOFTFAIL 5.000
score LOCAL_SPF_FAIL 8.000
# Check if mail came first from the secundary mailserver, then there are
2 SPF records, one pass and one fail, so recalc accordingly
header __SPF_PASS Received-SPF =~ /^pass \((server|srv2)\.ehealth\.be:/
header __SPF_NEUTRAL Received-SPF =~ /^neutral \(server3:/
header __SPF_SOFTFAIL Received-SPF =~ /^softfail \(server3:/
header __SPF_FAIL Received-SPF =~ /^fail \(server3:/
header __RECEIVED_MXSECONDARY Received =~ /mail\.srv2\.ehealth\.be/
meta LOCAL_SPF_PASS2 (__SPF_PASS)
score LOCAL_SPF_PASS2 -0.001
meta LOCAL_SPF_NEUTRAL2 (__SPF_NEUTRAL)
score LOCAL_SPF_NEUTRAL2 -0.001
meta LOCAL_SPF_SOFTFAIL2 (__SPF_SOFTFAIL)
score LOCAL_SPF_SOFTFAIL2 -0.001
meta LOCAL_SPF_FAIL2 (__SPF_FAIL)
score LOCAL_SPF_FAIL2 -0.001
meta LOCAL_SPF_MX2 (__RECEIVED_MXSECONDARY)
score LOCAL_SPF_MX2 -0.001
meta LOCAL_SPF_MXSECUNDARY_PASS_NEUTRAL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_NEUTRAL)
score LOCAL_SPF_MXSECUNDARY_PASS_NEUTRAL -2.500
meta LOCAL_SPF_MXSECUNDARY_PASS_SOFTFAIL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_SOFTFAIL)
score LOCAL_SPF_MXSECUNDARY_PASS_SOFTFAIL -5.000
meta LOCAL_SPF_MXSECUNDARY_PASS_FAIL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_FAIL)
score LOCAL_SPF_MXSECUNDARY_PASS_FAIL -8.000
But I still receive mails tagged as SPAM if they have been relayed by
the secondary mx, because one rule is not firing as expected. For
example, in this mail header:
Return-Path: <x...@ehealth.be>
Delivered-To: x...@ehealth.be
Received: (qmail 13361 invoked by uid 89); 15 Aug 2011 23:00:30 -0000
DomainKey-Status: no signature
Received: by simscan 1.3.1 ppid: 13309, pid: 13339, t: 15.0550s
scanners: attach: 1.3.1 clamav: 0.93/m:46 spam: 3.2.4
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
server3.higis.eu.org
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.1 required=5.0
tests=AWL,BAYES_00,LOCAL_SPF_FAIL,
LOCAL_SPF_FAIL2,LOCAL_SPF_MX2,MIME_QP_LONG_LINE,RCVD_NUMERIC_HELO,RDNS_NONE
autolearn=no version=3.2.4
X-Spam-Report:
* 8.0 LOCAL_SPF_FAIL LOCAL_SPF_FAIL
* 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used
for HELO
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.0000]
* 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than
76 chars
* -0.0 LOCAL_SPF_FAIL2 LOCAL_SPF_FAIL2
* 0.1 RDNS_NONE Delivered to trusted network by a host with no
rDNS
* -0.0 LOCAL_SPF_MX2 LOCAL_SPF_MX2
* -3.8 AWL AWL: From: address is in the auto white-list
Received: from unknown (HELO mail.srv2.ehealth.be) (67.219.63.204)
by server3 with (DHE-RSA-AES256-SHA encrypted) SMTP; 15 Aug 2011
23:00:14 -0000
Received-SPF: fail (server3: SPF record at bgc.spf.secure-mail.be does
not designate 67.219.63.204 as permitted sender)
Received: (qmail 13983 invoked from network); 15 Aug 2011 22:13:21 +0200
Received: from relaygateway01.edpnet.net (212.71.1.210)
by server.ehealth.be with SMTP; 15 Aug 2011 22:13:21 +0200
Received-SPF: pass (server.ehealth.be: SPF record at edpnet.net
designates 212.71.1.210 as permitted sender)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result:
AkIAAKJ9SU5NbWcu/2dsb2JhbAAMNoRIlACOZIMhAQEDAQEjVgULCw4DBAEBAQICIwMCAkYJCAYTh3AEqAaRVoEshAsxXwSkCQ
X-IronPort-AV: E=Sophos;i="4.67,375,1309730400";
d="scan'208";a="26553513"
Received: from 77.109.103.46.adsl.dyn.edpnet.net (HELO [192.168.2.66])
([77.109.103.46])
by relaygateway01.edpnet.net with ESMTP; 15 Aug 2011 22:13:25 +0200
References: <FECA0A4681D74A4D956410B8427B8B74@Gris>
<900a79ede361874abe1d01b0c14c123303a59...@gbcocg220m.eu.corp.car.com>
<3c5d6c47a8c173a414d68dc5d4480692.squir...@www.ehealth.be>
<130EAEFE666749B4B7F59F775491DF38@Gris>
In-Reply-To: <130EAEFE666749B4B7F59F775491DF38@Gris>
Mime-Version: 1.0 (iPad Mail 8J2)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Message-Id: <70a9433f-2c30-4f83-8b9c-d70068119...@ehealth.be>
Cc: X Y <x...@ehealth.be>,
A B <a...@ehealth.be>
X-Mailer: iPad Mail (8J2)
From: X Y <x...@ehealth.be>
Subject: ***SPAM(5.1)*** Re: Offerte JV
Date: Mon, 15 Aug 2011 22:14:39 +0200
To: J V <j...@telenet.be>
X-Spam-Prev-Subject: Re: Offerte JV
I wonder why I didn't get the metarule LOCAL_SPF_PASS2 and hence also
the metarule LOCAL_SPF_MXSECUNDARY_PASS_FAIL? The expressions seems
valid to me but I could be wrong of course.
thx,
Geert
