Hi, I have a problem that mails from internal (private) IPs generate SPF_FAIL hits. E.g. my configuration is
| internal_networks 62.153.82.30 | internal_networks 192.168.0.0/16 | | trusted_networks 62.153.82.30 | trusted_networks 192.168.8.0/24 Then, an (untrusted but internal) host like 192.168.3.24 sends a mail from <[EMAIL PROTECTED]>. The generated header is | Received: from ...intern.sigma-chemnitz.de (...intern.sigma-chemnitz.de [192.168.3.24]) | by mail.cvg.de ... 'spamassassin -D -t' reports then | [19221] dbg: spf: checking EnvelopeFrom (helo=...intern.sigma-chemnitz.de, ip=192.168.3.24, [EMAIL PROTECTED]) | [19221] dbg: spf: query for [EMAIL PROTECTED]/192.168.3.24/...intern.sigma-chemnitz.de: result: fail, comment: Please see http://www.openspf.org/Why?s=mfrom&id=...%40sigma-chemnitz.de&ip=192.168.3.24&r=...intern.sigma-chemnitz.de, text: Mechanism '-all' matched and marks mail with SPF_FAIL. What is the correct/recommended way to avoid SPF checks for hosts from the internal network (internal hosts are having private ip addresses usually so they won't appear in any SPF record). Something like 'whitelist_from_rcvd' but affecting SPF only would be perfect... The SPF plugin supports sender address based whitelists only, but not relay host based ones :( Or shall I add the 192.168.0.0/16 network to the SPF entry? Adding them to 'trusted_networks' is not an option as they are not trusted (e.g. could be operated by virii sending out spam and/or forging headers). I am using spamassassin 3.2.4, perl-Mail-SPF 2.005 and/or perl-Mail-SPF-Query 1.999.1. Enrico
