inconsistent SPF warning

Mark Nienberg mark at TIPPINGMAR.COM
Wed Dec 8 18:29:22 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have resolved (well, worked around) the issue described in the thread
"inconsistent SPF and this list", and want to warn others who might be
experiencing the same problem without realizing it.  When I first
installed SA3.01 I used the setting :
"envelope_sender_header X-MailScanner-From" in spam.assasin.prefs.conf.

My logs showed that SPF tests were being triggered, so I assumed all was
OK.  But then I noticed that mail forging my own domain was not always
getting SPF_FAIL as it should have.  This led me to manually check SPF
records for many messages to see if I could reproduce the results that
SA was giving.  Usually I could, but sometimes, I could not.

It appeared that SA wasn't always using the value of
"envelope_sender_header".  (I assume MailScanner really does pass the
correct value to SA, because I'm pretty sure Julian is infallible).
Ultimately, I removed the "envelope_sender_header" option and instead
tweaked my sendmail setup to add the header "X-Envelope-From" instead,
as is suggested in the installation docs  SA seems to know what to do
with this, and I am now getting consistent SPF results.

By the way, when I say SPF, I mean the tests SPF_PASS, SPF_FAIL, and
SPF_SOFTFAIL.  I am not talking about the SPF_HELO tests, which aren't
really SPF at all.

I haven't gone so far as to study the SA code or anything, so I don't
know if this is a general problem or something specific to my
installation, but if you are using SPF in this way, you might want to
have a look to see if it is really giving correct results.  For
starters, see if your server has added SPF_PASS to every message
received from this list.

--
Mark Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list