inconsistent SPF - bug

Julian Field mailscanner at ecs.soton.ac.uk
Mon Dec 13 21:51:36 GMT 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for that, I will work on this tomorrow.

Mark Nienberg wrote:

> Julian,
>
> I think I've tracked down the problem with inconsistent SPF test
> results. In the following discussion I will assume that MailScanner is
> set up with the defaults of :
>
> Envelope From Header = X-MailScanner-From:  (in MailScanner.conf)
> envelope_sender_header X-MailScanner-From  (in spam.assassin.prefs.conf)
>
> Bad SPF results seem to come from messages that have  passed through
> another MailScanner server and already had the X-MailScanner-From
> header added.
>
> In  "SA.pm" you  construct  the message to pass to SA by starting with
> an X-MailScanner-From header at the top,  then addding the original
> headers (which might include an X-MailScanner-From header), and then
> adding the message body.  Spamassassin then extracts the  envelope
> information from  the headers by looking for X-MailScanner-From.  If
> there is more than one such header, SA joins the values rather than
> using the first one, as you might expect.  See SA's "get_envelope_from"
> subroutine in "PerMsgStatus.pm" for the procedure it uses.  I haven't
> invetigated what SPF does with the mess it receives, but I suspect it
> throws away everything before the final @, so that it performs the check
> using the domain that was in the final X-MailScanner-From header instead
> of the one that you added at the top of the message.
>
> I think the solution is for MailScanner to delete any X-MailScanner-From
> headers (or whatever is specified in envelope_sender_header) from the
> original message headers before adding  them to  the  message that will
> be passed to SpamAssassin.
>
> --
> Mark Nienberg, SE
> Tipping Mar + associates
> 1906 Shattuck Ave
> Berkeley, CA 94704
> http://www.tippingmar.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list