On 19 Nov 2015, at 13:05, Jonathan Hilgeman wrote:
I just recently noticed that I hadn't enabled the SPF plugin, so I did
that and ran a quick test to test an SPF failure.
However, in the resulting email, I get an SPF_HELO_PASS result and no
other SPF_ test results.
Did the plugin only run the HELO test and not check the actual IP
against the SPF record? If so, that seems like a very
easily-faked and inaccurate test.-
Assuming that is true, is there a good way to force the main SPF tests
to run instead of only checking the HELO values?
That's not normal SA SPF checking behavior, but since you didn't provide
a single piece of data about your test or config it is hard to nail down
a certain explanation for why you got the result you got.
In general, it is important to understand what SPF tests and what it
does not test and what the possible results are. The primary SPF test is
of the envelope sender address, NOT an address extracted from the
"From:" header or anything else in the message data. If the domain part
of the envelope sender has no SPF record in DNS, there is no SPF test of
that domain possible, so there can be no result. Such a message might
have a HELO name that does have a SPF record, so that would be testable.
You can test for missing SPF records by giving a non-zero score to the
SPF_NONE rule, since any rules scored at 0 are skipped entirely.
