SPF Fail for Amazon mails, although mail headers say its a pass

2019-06-05 Thread MarcelM 
I am not sure how Spamassassin checks SPF, but this mail did pass and fail at
the same time!Spamassassin scored a fail, although it passed...

This is the complete header of an example:

Return-Path:
X-Spam-Checker-Version:
SpamAssassin 3.4.2 (2018-09-13) on ampel24.deX-Spam-Level:
***X-Spam-Status: No, score=7.8 required=99.0
tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_24,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,*LOCAL_DKIM_SPF_FAIL*,MIME_HTML_ONLY,
MPART_ALT_DIFF,SPF_HELO_NONE,*SPF_SOFTFAIL*,T_REMOTE_IMAGE autolearn=no
autolearn_force=no version=3.4.2X-Original-To:
info_cc@ampel24.deDelivered-To: info_cc@ampel24.deReceived: by ampel24.de
(Postfix, from userid 110)  id 2FC9C1CD89945; Wed, 5 Jun 2019 14:00:36 +0200
(CEST)Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ampel24.de;
s=default; t=1559736036;bh=+W7tJa2A3Tv0UoWgSux8x7jDPDAqc70qPYiuewXV5cg=;
l=56112;h=Received:Received:From:To:Subject;
b=IO3BMaJz3OxJYyn0ngRHwttwfN0pAOpliUzs0DWL0wxMZFkp/s00bGQnbU4vRvh+h
/FCzwfhs5TaIbFWciHcCVD3wgLkF77vsrdRs62Oq8JrplKkNDf8uP29qSJJLLQCH/1  
iRIU5I8LU1XhnPtUyS4ANmbEyHPund3ZSQVsNQ6o=X-Original-To:
info@ampel24.deDelivered-To: info@ampel24.deReceived: by ampel24.de
(Postfix, from userid 110)  id D9B001CD89939; Wed, 5 Jun 2019 14:00:35 +0200
(CEST)X-Original-To: marketplace@ampel-24.deDelivered-To:
marketplace@ampel-24.deReceived: from a1-14.smtp-out.eu-west-1.amazonses.com
(a1-14.smtp-out.eu-west-1.amazonses.com [54.240.1.14])  by ampel24.de
(Postfix) with ESMTPS id 2A2441CD89929  for ;
Wed, 5 Jun 2019 14:00:35 +0200 (CEST)Authentication-Results: ampel24.de;
spf=pass (sender IP is 54.240.1.14)
smtp.mailfrom=201906051200349bb96326a7864e6eb55a703df7c0p...@bounces.amazon.de
smtp.helo=a1-14.smtp-out.eu-west-1.amazonses.com*Received-SPF: pass*
(ampel24.de: domain of bounces.amazon.de designates 54.240.1.14 as permitted
sender) client-ip=54.240.1.14;
envelope-from=201906051200349bb96326a7864e6eb55a703df7c0p...@bounces.amazon.de;
helo=a1-14.smtp-out.eu-west-1.amazonses.com;Dkim-Signature: v=1;
a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=llktbq2gwxn3x3xrq5ljspgjk2nc5ajv; d=amazon.de; t=1559736034;
h=From:To:Message-ID:Subject:MIME-Version:Content-Type:Date;
bh=h14FShcDxxZ7mdhU/R4vgSkgqdUydQag6xqT/QNXGY4=;
b=XEK3rWuvO4jS0FcLPPkO3OcJuwE072bp2/kapdc1jJPsoxD2sQpEKI0q4NE2fMn/
2KWPkInPOfM/XxDnNlYlmDxmDvLHJwoDxTyTpB7sFufw/a9LtnjtZcWu8IzH2g1td0o
8lz5DhH7vJYSZNjB771dF+vGNV07vWbNesT7DZWY=Dkim-Signature: v=1; a=rsa-sha256;
q=dns/txt; c=relaxed/simple; s=ihchhvubuqgjsxyuhssfvqohv7z3u4hn;
d=amazonses.com; t=1559736034;
h=From:To:Message-ID:Subject:MIME-Version:Content-Type:Date:Feedback-ID;
bh=h14FShcDxxZ7mdhU/R4vgSkgqdUydQag6xqT/QNXGY4=;
b=SalJRCvb0YnyRNSy8uXCNASBRtr/xFMUHsN7B4XXg/vmOvnQbuK+SnFH7jqpFiaL
olUNFkuy9ApZ01cM5Lx/QH2bpjCo/fONHI36Kf3RgadfMESw3WMthuW76ahhzGMQTRz
5qxOKHaAXzgnH7TJBJclWJETg0jwSh1t7DzPPN84=From: self-bill...@amazon.deto:
marketplace@ampel-24.deMessage-ID:
<0102016b2783243c-baf98d96-0a53-4d5e-8c95-ba6b90ef40c6-000...@eu-west-1.amazonses.com>Subject:
=?UTF-8?B?SWhyZSBBbWF6b24gR2xvYmFsIExpc3RpbmctUmVjaG51bmc=?= [5/2019]---
snipp ---


Either SA is checking SPF itself, and doing it wrong, or SA is checking for
the Received-SPF header, but not detecting it. Or not ?Thank youMarcel



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SPF Fail for Amazon mails, although mail headers say its a pass

2019-06-05 Thread MarcelM 
Thanks Bill, I will check that!



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SPF Fail for Amazon mails, although mail headers say its a pass

2019-06-05 Thread MarcelM 
These are the full headers. (Sorry, did not realise all emails get redacted)

https://pastebin.com/Z6hkL9hD

and the non-forwared mail header too:

https://pastebin.com/WGM0aYrh

Does not look like SRS (but a good readup, something learned again).
I really don't get this. The spf record for 'amazon.de' states : v=spf1
include:amazon.com -all
So I understand the SPF fail, since there is no 'amazon.com' to be found
here... but the mail server obviously thinks it's valid, which it probably
is, at least it is legit and amazon should have correctly configured mail
servers - I hope...



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SPF Fail for Amazon mails, although mail headers say its a pass

2019-06-06 Thread MarcelM 
Ahh... I see. So probably other headers are modified by the mail server as
well, and that is why SA's SPF check fails! 
Why would it do that ? I will read up on that.
Thank you!



--
Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html