On May 03, 2020, at 10.55, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > > On 29.04.20 00:05, listsb wrote: >> i'm experimenting with whitelist_from_spf, just to learn a little about how >> it works, and not getting the result i am expecting. i've created a small >> test message emulating mail from github [taken from an actual message] and >> have added an entry for whitelist_from_spf. when testing, it doesn't >> appear to be working: >> >> http://dpaste.com/0MCGSBN > >> Apr 28 23:32:43.287 [21556] dbg: spf: relayed through one or more trusted >> relays, cannot use header-based Envelope-From, skipping >> Apr 28 23:32:43.287 [21556] dbg: spf: def_spf_whitelist_from: could not find >> useable envelope sender >> Apr 28 23:32:43.342 [21556] dbg: spf: whitelist_from_spf: already checked >> spf and didn't get pass, skipping whitelist check > >> >> this appears to be because of the presence of this header: >> >> Received: from mta.example.com (mta.example.com [198.19.20.212]) >> by mda.example.com (Postfix) with ESMTPS id 49BRLq64qfzGpCT >> for <j...@example.com>; Tue, 28 Apr 2020 12:05:23 -0400 (EDT) >> >> with that header removed, it works as expected, but i don't understand why. >> mail passes through the mta, is relayed to mda, which then passes it to >> spamassassin [amavis]. >> >> why does spamassassin have a problem when mail passes through this >> additional relay? what am i missing [or doing wrong]? > > you apparently need to add 198.19.20.212 to your trusted_networks and > internal_networks - I assume It's your ISP from which you receive the email. > sorrect?
i have the following defined in the config: internal_networks 198.19.20.50/32 internal_networks 198.19.20.212/32 198.19.20.212 isn't my isp, it's my mta, which relays mail to 198.19.20.50, which is the content filter on which amavis/spamassassin is running.