I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.rrdesp.com a +short
162.27.43.121
162.27.247.118
162.27.247.119
162.27.247.120
162.27.247.121
162.27.43.107
162.27.43.118
162.27.43.119
162.27.43.120
But SA seems to be trying to find an SPF record for the connecting
server rather than for the sending domain.
dbg: spf: checking to see if the message has a Received-SPF header that
we can use
dbg: spf: using Mail::SPF for SPF checks
dbg: spf: checking HELO (helo=sr03a.SMTPNA11.rrdesp.com, ip=162.27.43.120)
dbg: spf: query for /162.27.43.120/sr03a.SMTPNA11.rrdesp.com: result:
none, comment: , text: No applicable sender policy available
dbg: spf: already checked for Received-SPF headers, proceeding with DNS
based checks
dbg: spf: relayed through one or more trusted relays, cannot use
header-based Envelope-From, skipping
dbg: spf: def_spf_whitelist_from: already checked spf and didn't get
pass, skipping whitelist check
dbg: spf: whitelist_from_spf: already checked spf and didn't get pass,
skipping whitelist check
Why is it looking for an SPF record for rrdesp.com? That is the sending
server, shouldn't it be using the domain from the From or Envelope-From
instead? This SPF check looks backwards to me. Am I missing something?
--
Bowie
