Brian Taber wrote:
I am using spamassassin 3.0.4-1 with MailScanner. I have 2
questions/issues about SPF checks.
It seams that SA is only doing HELO SPF checks (I didn't even know those
existed till now) and not actual checks on the from addresses. Is this a
config issue? I would like to enable these. I can't fing any config
options pertaining to this...
The second is about the scores assigned to SPF failures. SPF_HELO_SOFTFAIL
has a score of 3.140 (so if the provider has ~all in their SPF record,
they aren't really sure if their SPF record covers all of their servers,
you get SOFTFAIL), but SPF_HELO_FAIL has a score of 0.001 (the provider
has -all in their SPF record, sure their SPF record covers all of their
servers, you get FAIL).
Am I missing something?
Brian
SA 3.0.x won't do "regular" SPF checks if the message is passed through
any trusted hosts (the top most header passed to SA must be the first
trusted host). There's an option in 3.1 to override this.
So if SA isn't running on your border MX then you won't see any of these
SPF checks. If it is running on your border MX then either your
trusted_networks aren't set correctly or there is something else
happening I've yet to see.
Of course running a message through SpamAssassin (on the same host that
normally runs SA) with debugging enabled will probably tell you why the
check isn't being done (if it's a message that should hit an SPF test).
Daryl