On Wed, 15 Jul 2015, Bill Cole wrote:
[snip..]
SPF is NEVER appropriate for use to check the domain part of the "From:"
header or any other header not KNOWN to be added by a trusted MTA and to
contain the Envelope-From address. For example, many MTAs prepend a
"Return-Path" header when passing a message to filters or to the local
delivery agent. If I'm reading that debug output correctly, SA doesn't seem
to be able to parse out an Envelope-From from the message, so maybe a tweak
to the MTA and/or explicit specification of envelope_sender_header in
local.cf is in order.
On the other hand, that debug output does seem to be making excuses that
don't make sense, so maybe I'm reading it wrong. For example, "relayed
through one or more trusted relays, cannot use header-based Envelope-From"
seems like an irrational non sequitur.
What that debug output is saying is:
I cannot find a straight-forward indication of the Envelope-From address
(see "envelope_sender_header" in SA man page) so I'm going to fall back
to hacks to see if I can guess the Envelope-From address from the Received
headers. Oops, found a condition that invalidates that process, bailing out
as a bad show.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
