Yes, I do get the "spoofed header" warnings with the problematic messages. And no, I did not change the HEADER_NAME macro in source code :-)
Here are the config snippets: main.cf: ------------------------------------------------------- smtpd_milters = inet:127.0.0.1:12345, # unix:/var/run/dkim-filter/dkim-filter.sock, unix:/var/run/clamav/clamav-milter.ctl milter_default_action = accept ------------------------------------------------------- /etc/default/spfmilter: ------------------------------------------------------- DAEMON_OPTS="-l a:master.debian.org" NO_MACROS_CHECK=1 SOCKET="inet:[EMAIL PROTECTED]" # listen just on loopback on port 12345 ------------------------------------------------------- If you'd like to see complete configs, I can send them to you privately. The only other non-standard thing I can think of is libspf0, patched for #392927 and #464029 (interdiff attached), but I don't think this matters. -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
diff -u libspf-0.999-1.0.0-p3/debian/changelog libspf-0.999-1.0.0-p3/debian/changelog --- libspf-0.999-1.0.0-p3/debian/changelog +++ libspf-0.999-1.0.0-p3/debian/changelog @@ -1,3 +1,10 @@ +libspf (0.999-1.0.0-p3-3.0.sl.1) unstable; urgency=low + + * Patched to avoid #392927 + * Patched to avoid #464029 + + -- Marcin Owsiany <[EMAIL PROTECTED]> Thu, 13 Mar 2008 13:41:00 +0000 + libspf (0.999-1.0.0-p3-3) unstable; urgency=low * Fixed debian/rules file syntax (closes: #353857) only in patch2: unchanged: --- libspf-0.999-1.0.0-p3.orig/src/libspf/main.c +++ libspf-0.999-1.0.0-p3/src/libspf/main.c @@ -1683,7 +1683,8 @@ xfree(p->from); } - if (p->spf_rlevel > 0) + if ((p->spf_rlevel > 0) && + (p->current_domain != p->original_domain)) { xfree(p->current_domain); } @@ -1830,6 +1831,11 @@ xvprintf("local-part: [%s]; domain: [%s]; sender: [%s]\n", p->local_part, p->current_domain, p->from); + /* + * We need to reset this, otherwise we'll hit the recursion limit after N rejected MAIL FROMs. + */ + p->spf_rlevel = 0; + return(SPF_TRUE); } only in patch2: unchanged: