Spam detection software, running on the system "quack.kfu.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see The administrator of that system for details.
Content preview: On Jan 4, 2012, at 4:45 PM, Noel Butler wrote: > On Wed, 2012-01-04 at 12:51 -0800, nsayer wrote: >> >> I'm running a brand new installation of SA 3.3.2 with the Milter on FreeBSD >> 8.2. >> >> Everything is going smoothly, for the most part (there seems to be one >> particular spammer who's evading SA, but whatever), but there's one little >> thing that bugs me slightly. >> >> I use authenticated SMTP to send e-mail. The SPF records for my domain >> (kfu.com) basically say that mail must come from my mail server and nowhere >> else. However, my expectation is that my mail server should make an >> exception if (and only if) the mail is sent with SMTP AUTH. >> >> However, such mail winds up getting SPF_FAIL in the SA report. >> > > Ummm, I know I'm still in holiday mode (at least for another 4 days wahhhhh) but, you're not making sense, > If they are using smtp auth, then the server is what gets the mail and sends it, so, so long as that server is in your SPF RR entry, then the receiving server should only care about that. [...] Content analysis details: (9.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date 0.9 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=nsayer%40kfu.com;ip=166.250.45.174;r=quack.kfu.com] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [166.250.45.174 listed in bl.score.senderscore.com] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [166.250.45.174 listed in zen.spamhaus.org] 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.7 KHOP_DYNAMIC Relay looks like a dynamic address 0.0 HELO_MISC_IP Looking for more Dynamic IP Relays The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
--- Begin Message ---On Jan 4, 2012, at 4:45 PM, Noel Butler wrote: > On Wed, 2012-01-04 at 12:51 -0800, nsayer wrote: >> >> I'm running a brand new installation of SA 3.3.2 with the Milter on FreeBSD >> 8.2. >> >> Everything is going smoothly, for the most part (there seems to be one >> particular spammer who's evading SA, but whatever), but there's one little >> thing that bugs me slightly. >> >> I use authenticated SMTP to send e-mail. The SPF records for my domain >> (kfu.com) basically say that mail must come from my mail server and nowhere >> else. However, my expectation is that my mail server should make an >> exception if (and only if) the mail is sent with SMTP AUTH. >> >> However, such mail winds up getting SPF_FAIL in the SA report. >> > > Ummm, I know I'm still in holiday mode (at least for another 4 days wahhhhh) > but, you're not making sense, > If they are using smtp auth, then the server is what gets the mail and sends > it, so, so long as that server is in your SPF RR entry, then the receiving > server should only care about that. If I am sending mail to another person on quack, then SpamAssassin tags the e-mail with SPF_FAIL. As I said, it's a minor concern, but it's a concern nonetheless. > > ~$ host -t spf kfu.com > kfu.com has no SPF record > > It is not the problem, but fix the above, as SPF in TXT is deprecated and > has been for years. I must have missed the memo. > > ~$ host -t txt kfu.com > kfu.com descriptive text "v=spf1 mx -all" > > As 'quack' is in the above, and so long as you are not using a smart host, > there is no reason, when sending via quack, that it should fail. I agree, when you're talking about forwarding mail from quack to elsewhere. But that's not the issue here. > > >> Here's a received header example: >> >> >> Received: from {my laptop} ({hostname of NAT gateway it happens to be >> behind} [x.x.x.x]) >> (authenticated bits=0) >> by quack.kfu.com (8.14.5/8.14.5) with ESMTP id q04K12lj052202 >> (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) >> for <nsa...@kfu.com>; Wed, 4 Jan 2012 12:01:05 -0800 (PST) >> (envelope-from nsa...@kfu.com) >> >> I assert that Mail::SPF should regard Received: headers that have the > > It should only ever look at the connecting server, nothing else. As an admin of my mail server, I'd appreciate the ability to declare that if SMTP AUTH is used that for all intents and purposes SPF doesn't matter. > > Further.. get rid of sid-milter, what an abomination, I dont think even > micro$lop use sid anymore, last time I had to look into it. > This could be your problem. No, the behavior is the same without it, but the Authorization-Result: header is helpful. And it does support SPF and SMTP auth as well as sid. > > Since you're using sendmail, try smf-spf. I'll look for it in the ports tree.
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
