Re: First 3.1 observation
Well, that one failed and it wasn't the list-posted copy. That was my direct email. And the HELO *should* pass due to the inclusion of IP address. It looks like you've got a broken trust path and SA is checking the wrong Received: header. Is your mailserver NATed? Do you have trusted_networks declared? Steve Martin wrote: Well, it doesn't ;-) On Aug 15, 2005, at 6:02 PM, Matt Kettler wrote: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by cheezmo.com (Postfix, from userid 88) id 30552EBDC5; Mon, 15 Aug 2005 18:03:32 -0500 (CDT) X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.1.0-rc1 (2005-08-11) on closet.local X-Spam-Level: X-Spam-Hammy: Tokens not available. X-Spam-Status: No, score=-5.2 required=5.0 tests=AWL,FORGED_RCVD_HELO, SPF_HELO_SOFTFAIL,USER_IN_WHITELIST_TO autolearn=no version=3.1.0-rc1 X-Spam-Spammy: Tokens not available. X-Spam-Tokens: Bayes not run. X-Spam-Report: * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.8 AWL AWL: From: address is in the auto white-list Received: from xanadu.evi-inc.com (xan.evitechnology.com [208.39.141.86]) by cheezmo.com (Postfix) with ESMTP id 816AAEBDBA for [EMAIL PROTECTED]; Mon, 15 Aug 2005 18:02:57 -0500 (CDT) Received: from [10.0.6.1] (EVI802-275.evitechnology.com [10.0.6.1]) (authenticated bits=0) by xanadu.evi-inc.com (8.12.8/8.12.8) with ESMTP id j7FN27bt005517; Mon, 15 Aug 2005 19:02:07 -0400
Re: First 3.1 observation
I still have something strange going on that I can't figure out. When your mail came this morning, it did NOT have SPF_PASS, but if I run things manually now, I get it. Here is what I'm seeing when I run things manually now... The HELO fails like this... [5056] dbg: spf: checking HELO (helo=xanadu.evi-inc.com, ip=208.39.141.86) [5056] dbg: spf: query for /208.39.141.86/xanadu.evi-inc.com: result: none, comment: SPF: domain of sender xanadu.evi-i\ nc.com does not designate mailers [5056] dbg: eval: all '*From' addrs: [EMAIL PROTECTED] [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=evi- inc.com by=cheezmo.com [5056] dbg: eval: forged-HELO: mismatch on HELO: 'evi-inc.com' != 'evitechnology.com' [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=!10.0.6.1! by=evi-inc.com [5056] dbg: eval: forged-HELO: mismatch on from: 'evitechnology.com' ! = 'evi-inc.com' [5056] dbg: rules: ran eval rule FORGED_RCVD_HELO == got hit [5056] dbg: spf: checking EnvelopeFrom (helo=xanadu.evi-inc.com, ip=208.39.141.86, [EMAIL PROTECTED]) [5056] dbg: spf: query for [EMAIL PROTECTED]/208.39.141.86/ xanadu.evi-inc.com: result: pass, comment: Please see htt\ p://spf.pobox.com/why.html?sender=mkettler%40evi- inc.comip=208.39.141.86receiver=closet.local: 208.39.141.80/28 conta\ ins 208.39.141.86 My listserver is NATed. I do have trusted_networks declared. On Aug 16, 2005, at 6:29 AM, Matt Kettler wrote: Well, that one failed and it wasn't the list-posted copy. That was my direct email. And the HELO *should* pass due to the inclusion of IP address. It looks like you've got a broken trust path and SA is checking the wrong Received: header. Is your mailserver NATed? Do you have trusted_networks declared? Steve Martin wrote: Well, it doesn't ;-) On Aug 15, 2005, at 6:02 PM, Matt Kettler wrote: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by cheezmo.com (Postfix, from userid 88) id 30552EBDC5; Mon, 15 Aug 2005 18:03:32 -0500 (CDT) X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.1.0-rc1 (2005-08-11) on closet.local X-Spam-Level: X-Spam-Hammy: Tokens not available. X-Spam-Status: No, score=-5.2 required=5.0 tests=AWL,FORGED_RCVD_HELO, SPF_HELO_SOFTFAIL,USER_IN_WHITELIST_TO autolearn=no version=3.1.0-rc1 X-Spam-Spammy: Tokens not available. X-Spam-Tokens: Bayes not run. X-Spam-Report: * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.8 AWL AWL: From: address is in the auto white-list Received: from xanadu.evi-inc.com (xan.evitechnology.com [208.39.141.86]) by cheezmo.com (Postfix) with ESMTP id 816AAEBDBA for [EMAIL PROTECTED]; Mon, 15 Aug 2005 18:02:57 -0500 (CDT) Received: from [10.0.6.1] (EVI802-275.evitechnology.com [10.0.6.1]) (authenticated bits=0) by xanadu.evi-inc.com (8.12.8/8.12.8) with ESMTP id j7FN27bt005517; Mon, 15 Aug 2005 19:02:07 -0400 -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
Running spamd with --debug=spf I'm getting some clues In the spamd log, I'm seeing... Aug 16 09:16:37 xx spamassassin[6390]: spf: cannot get Envelope- From, cannot use SPF But, after I receive the email and run it through, it has no problem finding Envelope-From. Anyone know what may be causing that? Something in how postfix passes the message to spamc? On Aug 16, 2005, at 7:35 AM, Steve Martin wrote: I still have something strange going on that I can't figure out. When your mail came this morning, it did NOT have SPF_PASS, but if I run things manually now, I get it. Here is what I'm seeing when I run things manually now... The HELO fails like this... [5056] dbg: spf: checking HELO (helo=xanadu.evi-inc.com, ip=208.39.141.86) [5056] dbg: spf: query for /208.39.141.86/xanadu.evi-inc.com: result: none, comment: SPF: domain of sender xanadu.evi-i\ nc.com does not designate mailers [5056] dbg: eval: all '*From' addrs: [EMAIL PROTECTED] [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=evi- inc.com by=cheezmo.com [5056] dbg: eval: forged-HELO: mismatch on HELO: 'evi-inc.com' != 'evitechnology.com' [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=! 10.0.6.1! by=evi-inc.com [5056] dbg: eval: forged-HELO: mismatch on from: 'evitechnology.com' != 'evi-inc.com' [5056] dbg: rules: ran eval rule FORGED_RCVD_HELO == got hit [5056] dbg: spf: checking EnvelopeFrom (helo=xanadu.evi-inc.com, ip=208.39.141.86, [EMAIL PROTECTED]) [5056] dbg: spf: query for [EMAIL PROTECTED]/208.39.141.86/ xanadu.evi-inc.com: result: pass, comment: Please see htt\ p://spf.pobox.com/why.html?sender=mkettler%40evi- inc.comip=208.39.141.86receiver=closet.local: 208.39.141.80/28 conta\ ins 208.39.141.86 My listserver is NATed. I do have trusted_networks declared. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
That was it. I had for some reason has removed the R flag in the postfix filter that was sending the mail to spamc. That of course broke spf's ability to do lookups on Return-Path. On Aug 16, 2005, at 9:29 AM, Steve Martin wrote: Running spamd with --debug=spf I'm getting some clues In the spamd log, I'm seeing... Aug 16 09:16:37 xx spamassassin[6390]: spf: cannot get Envelope- From, cannot use SPF But, after I receive the email and run it through, it has no problem finding Envelope-From. Anyone know what may be causing that? Something in how postfix passes the message to spamc? On Aug 16, 2005, at 7:35 AM, Steve Martin wrote: I still have something strange going on that I can't figure out. When your mail came this morning, it did NOT have SPF_PASS, but if I run things manually now, I get it. Here is what I'm seeing when I run things manually now... The HELO fails like this... [5056] dbg: spf: checking HELO (helo=xanadu.evi-inc.com, ip=208.39.141.86) [5056] dbg: spf: query for /208.39.141.86/xanadu.evi-inc.com: result: none, comment: SPF: domain of sender xanadu.evi-i\ nc.com does not designate mailers [5056] dbg: eval: all '*From' addrs: [EMAIL PROTECTED] [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=evi- inc.com by=cheezmo.com [5056] dbg: eval: forged-HELO: mismatch on HELO: 'evi-inc.com' != 'evitechnology.com' [5056] dbg: eval: forged-HELO: from=evitechnology.com helo=! 10.0.6.1! by=evi-inc.com [5056] dbg: eval: forged-HELO: mismatch on from: 'evitechnology.com' != 'evi-inc.com' [5056] dbg: rules: ran eval rule FORGED_RCVD_HELO == got hit [5056] dbg: spf: checking EnvelopeFrom (helo=xanadu.evi-inc.com, ip=208.39.141.86, [EMAIL PROTECTED]) [5056] dbg: spf: query for [EMAIL PROTECTED]/208.39.141.86/ xanadu.evi-inc.com: result: pass, comment: Please see htt\ p://spf.pobox.com/why.html?sender=mkettler%40evi- inc.comip=208.39.141.86receiver=closet.local: 208.39.141.80/28 conta\ ins 208.39.141.86 My listserver is NATed. I do have trusted_networks declared. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
Steve Martin wrote: The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. Why? it should work perfectly for this message. SPF should be looking at the Return-Path header, not the From: header.
Re: First 3.1 observation
... The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED]
Re: First 3.1 observation
Well, it doesn't ;-) On Aug 15, 2005, at 6:02 PM, Matt Kettler wrote: Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by cheezmo.com (Postfix, from userid 88) id 30552EBDC5; Mon, 15 Aug 2005 18:03:32 -0500 (CDT) X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.1.0-rc1 (2005-08-11) on closet.local X-Spam-Level: X-Spam-Hammy: Tokens not available. X-Spam-Status: No, score=-5.2 required=5.0 tests=AWL,FORGED_RCVD_HELO, SPF_HELO_SOFTFAIL,USER_IN_WHITELIST_TO autolearn=no version=3.1.0-rc1 X-Spam-Spammy: Tokens not available. X-Spam-Tokens: Bayes not run. X-Spam-Report: * 0.1 FORGED_RCVD_HELO Received: contains a forged HELO * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.8 AWL AWL: From: address is in the auto white-list Received: from xanadu.evi-inc.com (xan.evitechnology.com [208.39.141.86]) by cheezmo.com (Postfix) with ESMTP id 816AAEBDBA for [EMAIL PROTECTED]; Mon, 15 Aug 2005 18:02:57 -0500 (CDT) Received: from [10.0.6.1] (EVI802-275.evitechnology.com [10.0.6.1]) (authenticated bits=0) by xanadu.evi-inc.com (8.12.8/8.12.8) with ESMTP id j7FN27bt005517; Mon, 15 Aug 2005 19:02:07 -0400 Message-ID: [EMAIL PROTECTED] Date: Mon, 15 Aug 2005 19:02:06 -0400 From: Matt Kettler [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Steve Martin [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: First 3.1 observation References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-2.0b2 (xanadu.evi-inc.com [192.168.50.2]); Mon, 15 Aug 2005 19:02:07 -0400 (EDT) X-EVI-MailScanner-Information: Please contact the EVI IT dept for more information X-EVI-MailScanner: Found to be clean X-EVI-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.001, required 5, BAYES_00 -3.00, INFO_GREYLIST_NOTDELAYED -0.00) X-MailScanner-From: [EMAIL PROTECTED] Status: -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
Not for me... * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.3 AWL AWL: From: address is in the auto white-list That is from your message... On Aug 15, 2005, at 6:17 PM, List Mail User wrote: ... The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED] -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
Looks like I was having a DNS problem. Not sure why it would turn into SPF_FAIL's, though since I think it would fail to get the SPF record and at that point shouldn't it not run SPF rules? I reran some of the messages that had been failing and they are fine now. On Aug 15, 2005, at 6:17 PM, List Mail User wrote: ... The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED] -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
... Not for me... * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.3 AWL AWL: From: address is in the auto white-list That is from your message... On Aug 15, 2005, at 6:17 PM, List Mail User wrote: ... The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED] -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html I get SPF_PASS; Do you have any internal forwarding happening that might be upseting the trusted path? Also, maybe an exploder (for multiple recipients at your site) or a forwarder (generally breaks SPF, one of the *real* problems with it). I do forward internally, but check SPF in the first machine in the chain, so all the lists I subscribe to (quite a large number - hence List Mail User), give either SPF_PASS, both SPF_PASS and SPF_HELO_PASS, I can't find any of dezens that give a FAILURE. But I only run 3.1 for testing and am using 3.0.4 for the production machines, so there might be a bug Can you give an example of headers (recipient can be munged away) and the SPF record (i.e. for this list I see: % dig spamassassin.apache.org any @ns1.us.bitnames.com ... spamassassin.apache.org. 1800 IN TXT v=spf1 mx -all ... and % dig spamassassin.apache.org mx @ns1.us.bitnames.com ... spamassassin.apache.org. 1800 IN MX 10 asf.osuosl.org. spamassassin.apache.org. 1800 IN MX 20 mail.apache.org. ... and the mail is indeed delivered from hermes.apache.org[209.237.227.199] % host 209.237.227.199 199.227.237.209.in-addr.arpa domain name pointer hermes.apache.org. % host mail.apache.org mail.apache.org has address 209.237.227.199 So everything matches. Possibly I haven't played enough with real mail and 3.1 to see the problem - it appears that the double-lookup is required to get the answer correct (again a reason for a possible code bug). Simple matching of rDNS will give the wrong result and I haven't looked at the SPF code, ever. With the given SPF record the 'MX' RRs must be fetched and the mapped to IPs and the resilts checked (because of aliasing - real in this case and always possible - i.e. name - IP is many to one, but IP - name is only one to one). Also, for the list I don't get any SPF_HELO_xxx, for some lists I do. Paul Shupak [EMAIL PROTECTED]
Re: First 3.1 observation
I replied elsewhere, but I was having some strange DNS problems today that probably caused every other lookup to fail. I THINK that was what was causing it. I'll watch for a while... On Aug 15, 2005, at 8:12 PM, List Mail User wrote: ... Not for me... * -6.0 USER_IN_WHITELIST_TO User is listed in 'whitelist_to' * 2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) * [SPF failed: ] * -1.3 AWL AWL: From: address is in the auto white-list That is from your message... On Aug 15, 2005, at 6:17 PM, List Mail User wrote: ... The first thing I've noticed after running 3.1pre1 for a few days is that I'm getting much less bayes auto learning of ham due to the fact that most of my messages from mailings lists fail SPF tests and get penalized 2.4-2.6 points or so for it. They still aren't marked as spam, but with higher scores than before. Seems like we should have a way to disable SPF tests for mailing lists since SPF is known not to work for them. -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED] -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html I get SPF_PASS; Do you have any internal forwarding happening that might be upseting the trusted path? Also, maybe an exploder (for multiple recipients at your site) or a forwarder (generally breaks SPF, one of the *real* problems with it). I do forward internally, but check SPF in the first machine in the chain, so all the lists I subscribe to (quite a large number - hence List Mail User), give either SPF_PASS, both SPF_PASS and SPF_HELO_PASS, I can't find any of dezens that give a FAILURE. But I only run 3.1 for testing and am using 3.0.4 for the production machines, so there might be a bug Can you give an example of headers (recipient can be munged away) and the SPF record (i.e. for this list I see: % dig spamassassin.apache.org any @ns1.us.bitnames.com ... spamassassin.apache.org. 1800 IN TXT v=spf1 mx -all ... and % dig spamassassin.apache.org mx @ns1.us.bitnames.com ... spamassassin.apache.org. 1800 IN MX 10 asf.osuosl.org. spamassassin.apache.org. 1800 IN MX 20 mail.apache.org. ... and the mail is indeed delivered from hermes.apache.org [209.237.227.199] % host 209.237.227.199 199.227.237.209.in-addr.arpa domain name pointer hermes.apache.org. % host mail.apache.org mail.apache.org has address 209.237.227.199 So everything matches. Possibly I haven't played enough with real mail and 3.1 to see the problem - it appears that the double- lookup is required to get the answer correct (again a reason for a possible code bug). Simple matching of rDNS will give the wrong result and I haven't looked at the SPF code, ever. With the given SPF record the 'MX' RRs must be fetched and the mapped to IPs and the resilts checked (because of aliasing - real in this case and always possible - i.e. name - IP is many to one, but IP - name is only one to one). Also, for the list I don't get any SPF_HELO_xxx, for some lists I do. Paul Shupak [EMAIL PROTECTED] -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
Re: First 3.1 observation
Hi, on a well-behaved mailing list sends all mails are sent by Mr. Majordomo or such, and they should work well. Less well-behaved ones have the list server send mail as the originating user :( I installed something on a MTA a while ago which would ask senders from a local domain to authenticate even for sending to a local domain, and it turned out to trap Ebay messages. So at this time Ebay was sending with the envelope from set to the originating user Wolfgang Hamann It must be the mailing lists you subscribe to (or some exploder or forwarder). I find most lists, like this one, pass SPF checks. Paul Shupak [EMAIL PROTECTED]