Hi, I'm having some problems with SPF and hoped someone could help me to understand. I've just set up SPF for a domain and now trying to make sure that spamassassin for that domain is properly blocking/scoring mail attempting to spoof the envelope sender.
I'm seeing a number of emails hit T_SPF_PERMERROR, but not SPF_FAIL. I know SPF_FAIL is a broad rule that doesn't specifically mean SPF failed for my domain. I'm seeking a rule that will hit when someone attempts to send mail as my domain without going through one of my mail servers. I've investigated a number of the SPF records for which the T_SPF_PERMERROR hits, and it looks to be malformed SPF records. However, it's also hit occasionally on my domain. What are the conditions under which this rule would hit? Do I need to write a meta that somehow combines SPF_FAIL with my domain to generate a rule that can be used to score spoof/phishing emails for my domain? Should I be able to run an email through "spamassassin -t -D" and have it evaluate SPF? It seems that once it's received, it's no longer possible: Dec 8 22:46:30.700 [19165] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks Dec 8 22:46:30.700 [19165] dbg: spf: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping I'm using postfix, and will probably eventually reject mail that fails SPF there, but was having some problems with the current pyspf code, and would just like to use spamassassin for now. Thanks, Alex
