On Wed, 18 Nov 2015 16:10:13 +0200
Elod G wrote:
> I am using Spamassassin 3.4.0 called by spamass-milter with Postfix
> 2.11 on Ubuntu 14.04. I can't get SA to recognize Auth-results
> headers added by policyd-spf, a Postfix policy server.
> If I run SA with -D -lint with the message source (as received) piped
> into it, it works and the headers are recognized and used.
> However, when called through the milter SPF checks are (re)done by SA.
> Looking at
> /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm
> it seems that
> my @internal_hdrs = split("\n", $scanner->get('ALL-INTERNAL'));
> is parsed for Auth-results and it doesn't find anything. In fact, it
> seems that ALL-INTERNAL only has 3 headers: X-Envelope-From,
> X-Envelope-To and Received.
>
> Changing to ALL makes it work,
Do you mean that it works in the milter on new mail without a
pre-exiting Received-SPF header?
For it to work the SPF header presumably needs to be above the MX
Received header. From what you've written it works correctly when
rescanning delivered mail, but not in the milter, unless external
headers are allowed. That suggests that the SPF header and the Received
header are in the opposite order in the milter copy compared with the
final delivered version. I don't know much about Postfix; is that
possible?
> but I was wondering what are the security implications
It should be OK, if you have:
use_newest_received_spf_header 1
