On 15 Jan 2019, at 12:15, Grant Taylor wrote: > On 01/15/2019 09:24 AM, Kevin A. McGrail wrote: >> What is your glue for SA? Is it getting the received header you are >> expecting in time for the parsing? > > Both SA and my spfmilter are are milters on the same inbound Internet edge > MTA. > > I will have to research to see if the header is added by the time that SA > checks things. > > I do know that the Received: header isn't there by the time that SA runs. I > don't know if my MTA has added the proper Authentication-Results: header yet > or not. > > … > > As sure as I type that, "…the Received: header isn't there…", which may mean > that SA is running the contents of the previous Received: header through SPF > checks. > > … > > That seems to be part of the problem. > > Thank you Kevin. I now have something more specific to investigate.
This strikes me as a flaw in whatever milter you're using. Some (e.g. MIMEDefang) milters deal with the fact that they don't get a local Received header by constructing one from what they know before passing the message to SA.
signature.asc
Description: OpenPGP digital signature