mails with valid SPF sender don't get marked SPF_PASS

Thom van der Boon thom at vdb.nl
Sat Jul 25 19:04:29 UTC 2020 

Hi guys, 

After digging much much more deeper..... the problem was caused by a DNS timeout 

The weird thing was that running spamassassin with no config file I got a SPF_PASS but with in the configuration file "envelope_sender_header" set to something I got a dns timeout 

Solution was to install a local dns caching server on the mailserver. 

I would suggest that in the instructions how to install MailScanner installing a local dns caching server is included 

Thanks 

Met vriendelijke groet, Best regards, 


Thom van der Boon 
E-Mail: thom at vdb.nl 



Van: "Shawn Iverson" <shawniverson at summitgrid.com> 
Aan: "Thom van der Boon" <thom at vdb.nl>, "MailScanner Discussion" <mailscanner at lists.mailscanner.info> 
Verzonden: Vrijdag 24 juli 2020 13:33:33 
Onderwerp: Re: mails with valid SPF sender don't get marked SPF_PASS 



You need to merge those two into just spamassassin.conf and ditch spam.assassin.prefs.conf. 
On 7/24/20 7:32 AM, Thom van der Boon wrote: 



MailScanner 5.3.3 

root at mail:/etc/MailScanner# ls -l 
total 888 
(...) 
-rw-r--r-- 1 root root 11404 Apr 30 2019 spamassassin.conf 
-rw-r--r-- 1 root root 1870 Jul 24 08:48 spam.assassin.prefs.conf 
(...) 


Met vriendelijke groet, Best regards, 


Thom van der Boon 
E-Mail: [ mailto:thom at vdb.nl | thom at vdb.nl ] 




Van: "MailScanner Discussion" [ mailto:mailscanner at lists.mailscanner.info | <mailscanner at lists.mailscanner.info> ] 
Aan: "MailScanner Discussion" [ mailto:mailscanner at lists.mailscanner.info | <mailscanner at lists.mailscanner.info> ] 
Cc: "Shawn Iverson" [ mailto:shawniverson at summitgrid.com | <shawniverson at summitgrid.com> ] 
Verzonden: Vrijdag 24 juli 2020 13:24:23 
Onderwerp: Re: mails with valid SPF sender don't get marked SPF_PASS 



What version of MailScanner do you have? 

And out of curiosity, do you have the following both present? 

/etc/MailScanner/spam.assassin.prefs.conf 

/etc/MailScanner/spamassassin.conf 
On 7/24/20 3:02 AM, Thom van der Boon wrote: 

BQ_BEGIN

Mark, 

It is a MailScanner issue (I think) 

When I run the message through SA directly by the following command: 

spamassassin -t -p /etc/MailScanner/spam.assassin.prefs.conf < message.txt 

I get a SPF_PASS 

pts rule name description 
---- ---------------------- -------------------------------------------------- 
0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) 
[185.201.16.36 listed in wl.mailspike.net] 
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at [ https://www.dnswl.org/ | https://www.dnswl.org/ ] , 
no trust 
[185.201.16.36 listed in list.dnswl.org] 
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% 
[score: 0.0000] 
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 
-0.0 SPF_PASS SPF: sender matches SPF record 
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 
0.0 HTML_MESSAGE BODY: HTML included in message 
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict 
Alignment 

but as stated before; the "live" message that went through my mailscanner 

X-vdbeu-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-1.786, required 5, BAYES_00 -1.90, HTML_MESSAGE 0.00,
	KAM_DMARC_STATUS 0.01, MIME_HTML_ONLY 0.10, RCVD_IN_DNSWL_NONE -0.00,
	RCVD_IN_MSPIKE_H4 0.00, RCVD_IN_MSPIKE_WL 0.00, SPF_HELO_NONE 0.00) 

So, I don't get it 

MailScanner --link reports nothing weird 

Met vriendelijke groet, Best regards, 


Thom van der Boon 
E-Mail: [ mailto:thom at vdb.nl | thom at vdb.nl ] 


Van: "Mark Sapiro" [ mailto:mark at msapiro.net | <mark at msapiro.net> ] 
Aan: "MailScanner Discussion" [ mailto:mailscanner at lists.mailscanner.info | <mailscanner at lists.mailscanner.info> ] 
Verzonden: Donderdag 23 juli 2020 22:38:17 
Onderwerp: Re: mails with valid SPF sender don't get marked SPF_PASS 

On 7/23/20 1:39 AM, Thom van der Boon wrote: 
> Hi guys, 
> 
> I have something weird. Most mails with valid SPF record are marked 
> correctly (SPF_FAIL or SPF_PASS), but I see some messages which should 
> be marked as SPF_PASS get no SPF_PASS 


Assuming you are talking about the SPF_PASS rule in the SpamAssassin 
report in the X-vdbeu-MailScanner-SpamCheck: header, this is a 
SpamAssassin question, not a MailScanner question per se. You might do 
better on a SpamAssassin list. See 
[ https://cwiki.apache.org/confluence/display/SPAMASSASSIN/MailingLists | <https://cwiki.apache.org/confluence/display/SPAMASSASSIN/MailingLists> ] . 

-- 
Mark Sapiro [ mailto:mark at msapiro.net | <mark at msapiro.net> ] The highway is for gamblers, 
San Francisco Bay Area, California better use your sense - B. Dylan 


-- 
MailScanner mailing list 
[ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] 
[ http://lists.mailscanner.info/mailman/listinfo/mailscanner | http://lists.mailscanner.info/mailman/listinfo/mailscanner ] 




-- 

Shawn Iverson 
[ mailto:shawniverson at summitgrid.com | shawniverson at summitgrid.com ] 



-- 
MailScanner mailing list 
[ mailto:mailscanner at lists.mailscanner.info | mailscanner at lists.mailscanner.info ] 
[ http://lists.mailscanner.info/mailman/listinfo/mailscanner | http://lists.mailscanner.info/mailman/listinfo/mailscanner ] 

BQ_END

-- 

Shawn Iverson 
[ mailto:shawniverson at summitgrid.com | shawniverson at summitgrid.com ] 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20200725/b9d21c94/attachment.html>

More information about the MailScanner mailing list