mails with valid SPF sender don't get marked SPF_PASS

Thom van der Boon thom at vdb.nl
Thu Jul 23 08:39:57 UTC 2020 

Hi guys, 

I have something weird. Most mails with valid SPF record are marked correctly (SPF_FAIL or SPF_PASS), but I see some messages which should be marked as SPF_PASS get no SPF_PASS 

Anonimised example: 

Return-Path: <some.user at somedomain.com> 
Received: from out1-36.antispamcloud.com (out1-36.antispamcloud.com [185.201.16.36]) 
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) 
(No client certificate requested) 
by mail.vdb.eu (Postfix) with ESMTPS id 16EA01403EA 
for <thom at vdb.nl>; Thu, 23 Jul 2020 09:43:03 +0200 (CEST) 
Received: from [xx.xx.xx.xx] (helo=mail.somedomain.com) 
by mx41.antispamcloud.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-SHA384:256) 
(Exim 4.92) 
(envelope-from <some.user at somedomain.com>) 
id 1jyVsb-0001hb-Fv 
for thom at vdb.nl; Thu, 23 Jul 2020 09:43:02 +0200 
Content-Type: multipart/related; 
boundary="_2c714b49-0f22-469c-ac6b-a16d0bccfe6b_" 
Received: from someinternalserver (10.14.1.110) by internalserver.somedomain.com 
(10.14.1.100) with Microsoft SMTP Server id 14.3.487.0; Thu, 23 Jul 2020 
09:38:57 +0200 
MIME-Version: 1.0 
Date: Thu, 23 Jul 2020 09:38:57 +0200 
To: <thom at vdb.nl> 
From: Some User <some.user at somedomain.com> 
Reply-To: < some.user at somedomain.com > 
Subject: Some subject 
(...) 
X-Report-Abuse-To: spam at quarantine10.antispamcloud.com 
X-vdbeu-MailScanner-Information: Please contact the ISP for more information 
X-vdbeu-MailScanner-ID: 16EA01403EA.A1841 
X-vdbeu-MailScanner: Found to be clean 
X-vdbeu-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, 
score=-1.786, required 5, BAYES_00 -1.90, HTML_MESSAGE 0.00, 
KAM_DMARC_STATUS 0.01, MIME_HTML_ONLY 0.10, RCVD_IN_DNSWL_NONE -0.00, 
RCVD_IN_MSPIKE_H4 0.00, RCVD_IN_MSPIKE_WL 0.00, SPF_HELO_NONE 0.00) 
X-vdbeu-MailScanner-From: some.user at somedomain.com 

SPF record for the senders domain: 

v=spf1 a mx ip4:y.y.y.y ip4:y.y.y.y ip4:y.y.y.y ip4:xx.xx.xx.xx include:spf.antispamcloud.com include:spf.protection.outlook.com include:include.com include:some.otherinclude.com ~all 


The host my server (mail.vdb.eu) receives the mail from ( out1-36.antispamcloud.com ) which is a valid sender. 

When I run the headers of the mail via the "Header analyse" tool at mxtoolbox.com it says "SPF Authenticated" (see attached image) 

Versions: 
MailScanner: 5.3.3 
Postfix: 3.3.0 
Mail::SPF v2.009 

Any clues where to dig deeper? 



Met vriendelijke groet, Best regards, 


Thom van der Boon 
E-Mail: thom at vdb.nl 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20200723/23ac3f19/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mxtoolbox result.jpg
Type: image/jpeg
Size: 120825 bytes
Desc: not available
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20200723/23ac3f19/attachment-0001.jpg>

More information about the MailScanner mailing list