inconsistent SPF - bug

Mark Nienberg mark at TIPPINGMAR.COM
Mon Dec 13 18:03:04 GMT 2004 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian,

I think I've tracked down the problem with inconsistent SPF test
results. In the following discussion I will assume that MailScanner is
set up with the defaults of :

Envelope From Header = X-MailScanner-From:  (in MailScanner.conf)
envelope_sender_header X-MailScanner-From  (in spam.assassin.prefs.conf)

Bad SPF results seem to come from messages that have  passed through
another MailScanner server and already had the X-MailScanner-From
header added.

In  "SA.pm" you  construct  the message to pass to SA by starting with
an X-MailScanner-From header at the top,  then addding the original
headers (which might include an X-MailScanner-From header), and then
adding the message body.  Spamassassin then extracts the  envelope
information from  the headers by looking for X-MailScanner-From.  If
there is more than one such header, SA joins the values rather than
using the first one, as you might expect.  See SA's "get_envelope_from"
subroutine in "PerMsgStatus.pm" for the procedure it uses.  I haven't
invetigated what SPF does with the mess it receives, but I suspect it
throws away everything before the final @, so that it performs the check
using the domain that was in the final X-MailScanner-From header instead
of the one that you added at the top of the message.

I think the solution is for MailScanner to delete any X-MailScanner-From
headers (or whatever is specified in envelope_sender_header) from the
original message headers before adding  them to  the  message that will
be passed to SpamAssassin.

--
Mark Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list