David B Funk skrev den 2013-02-20 01:18:
On Tue, 19 Feb 2013, Philippe Ratté wrote:
Benny,
Feb 19 10:02:25.354 [19195] dbg: spf: cannot get Envelope-From,
cannot
use SPF
is this why whitelist_from are the only one that works ?
first get it to work from local.cf, if this is working move the
same
rule to sql is the right way to test
[snip..]
I'm using qmail, along with qmail-scanner-st, and I just added a
patch so that qmail adds the envelope-from to the headers
It works; this is what the first header now looks like:
Received: from mail-ve0-f193.google.com (209.85.128.193)
by myserver.com (envelope-from u...@gmail.com)
with SMTP; 19 Feb 2013 22:12:37 -0000
If I run spamassassin using these params, I don't see any SPF
errors:
spamassassin -D < email.msg 2>debug.log
[...]
Feb 19 17:39:22.803 [10817] dbg: spf: checking to see if the message
has a Received-SPF header that we can use
Feb 19 17:39:22.848 [10817] dbg: spf: using Mail::SPF for SPF checks
read perldoc Mail::SpamAssassin::Plugin::SPF was not fun when i say it
:)
if you want to reuse that received-spf header then tell spf plugin to
not use Mail::SPF
and see more info on perldoc Mail::SpamAssassin::Conf for
envelope-sender-header
Feb 19 17:39:22.848 [10817] dbg: spf: checking HELO
(helo=falcon594.startdedicated.com, ip=69.64.33.211)
Feb 19 17:39:22.850 [10817] dbg: dns: providing a callback for id:
55831/falcon594.startdedicated.com/SPF/IN
Feb 19 17:39:22.857 [10817] dbg: spf: query for
/69.64.33.211/falcon594.startdedicated.com: result: none, comment: ,
text: No applicable sender policy available
Feb 19 17:39:22.858 [10817] dbg: spf: already checked for
Received-SPF headers, proceeding with DNS based checks
Feb 19 17:39:22.858 [10817] dbg: spf: found Envelope-From in first
external Received header
OK, this says that your envelope-from patch to qmail is working
but it still miss what header is the envelope-from ?, received-spf is
not envelope-from
Feb 19 17:39:22.858 [10817] dbg: spf: checking EnvelopeFrom
(helo=falcon594.startdedicated.com, ip=69.64.33.211,
envfrom=nore...@sonico.com)
Feb 19 17:39:22.949 [10817] dbg: rules: ran eval rule SPF_FAIL
======> got hit (1)
Feb 19 17:39:22.950 [10817] dbg: spf: whitelist_from_spf: already
checked spf and didn't get pass, skipping whitelist check
Feb 19 17:39:23.222 [10817] dbg: rules: ran uri rule
__LOCAL_PP_NONPPURL ======> got hit: "http://www.openspf.org"
[...]
this says that SA can now make valid decisions about
whitelist_from_spf, so you
should be good to go with using whitelist_from_spf
+1
However, if I run spamassassin 2>&1 -D --lint | less I still see the
error:
Feb 19 17:41:54.196 [11019] dbg: spf: cannot get Envelope-From,
cannot use SPF
Feb 19 17:41:54.196 [11019] dbg: spf: def_spf_whitelist_from: could
not find useable envelope sender
Don't worry about this error. When you do a "--lint" SA uses a
special built-in
test message for system configuration checking which has very little
network
related info, including lacking anything that it can use for
"Envelope-From" detection.
it was to detect loadplugin errors
Bottom line, this error is expected with "--lint". As long as you
get that "found Envelope-From in..." debug message when checking with
live
data you're OK.
Now, on with your whitelist testing.
yep but first test is in local.cf, when that works try sql problems :)