On Tue, 19 Feb 2013, Philippe Ratté wrote:
Benny,
Feb 19 10:02:25.354 [19195] dbg: spf: cannot get Envelope-From, cannot
use SPF
is this why whitelist_from are the only one that works ?
first get it to work from local.cf, if this is working move the same
rule to sql is the right way to test
[snip..]
I'm using qmail, along with qmail-scanner-st, and I just added a patch so that
qmail adds the envelope-from to the headers
It works; this is what the first header now looks like:
Received: from mail-ve0-f193.google.com (209.85.128.193)
by myserver.com (envelope-from u...@gmail.com)
with SMTP; 19 Feb 2013 22:12:37 -0000
If I run spamassassin using these params, I don't see any SPF errors:
spamassassin -D < email.msg 2>debug.log
[...]
Feb 19 17:39:22.803 [10817] dbg: spf: checking to see if the message has a
Received-SPF header that we can use
Feb 19 17:39:22.848 [10817] dbg: spf: using Mail::SPF for SPF checks
Feb 19 17:39:22.848 [10817] dbg: spf: checking HELO
(helo=falcon594.startdedicated.com, ip=69.64.33.211)
Feb 19 17:39:22.850 [10817] dbg: dns: providing a callback for id:
55831/falcon594.startdedicated.com/SPF/IN
Feb 19 17:39:22.857 [10817] dbg: spf: query for
/69.64.33.211/falcon594.startdedicated.com: result: none, comment: , text: No
applicable sender policy available
Feb 19 17:39:22.858 [10817] dbg: spf: already checked for Received-SPF headers,
proceeding with DNS based checks
Feb 19 17:39:22.858 [10817] dbg: spf: found Envelope-From in first external
Received header
OK, this says that your envelope-from patch to qmail is working
Feb 19 17:39:22.858 [10817] dbg: spf: checking EnvelopeFrom
(helo=falcon594.startdedicated.com, ip=69.64.33.211, envfrom=nore...@sonico.com)
Feb 19 17:39:22.949 [10817] dbg: rules: ran eval rule SPF_FAIL ======> got hit
(1)
Feb 19 17:39:22.950 [10817] dbg: spf: whitelist_from_spf: already checked spf
and didn't get pass, skipping whitelist check
Feb 19 17:39:23.222 [10817] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit:
"http://www.openspf.org";
[...]
this says that SA can now make valid decisions about whitelist_from_spf, so you
should be good to go with using whitelist_from_spf
However, if I run spamassassin 2>&1 -D --lint | less I still see the error:
Feb 19 17:41:54.196 [11019] dbg: spf: cannot get Envelope-From, cannot use SPF
Feb 19 17:41:54.196 [11019] dbg: spf: def_spf_whitelist_from: could not find
useable envelope sender
Don't worry about this error. When you do a "--lint" SA uses a special built-in
test message for system configuration checking which has very little network
related info, including lacking anything that it can use for "Envelope-From"
detection.
Bottom line, this error is expected with "--lint". As long as you
get that "found Envelope-From in..." debug message when checking with live
data you're OK.
Now, on with your whitelist testing.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
