Hi,
I am trying to test the SPF capablities of SA-3.0-rc2 (also using perl
5.6.0, postfix 1.1.11, amavisd-new-20030616-p10). I have 2 instances of
postfix sandwiching amavisd-new which calls SA). I am using telnet from
my optonline.net machine setting the MAIL FROM: to [EMAIL PROTECTED] to my test
server that is running the above software. (I am also putting in the
header "From: [EMAIL PROTECTED]" as well). I am not getting any SPF test hits in
the resulting mail during transmission or when I run the mail using
"spamassassin -D --lint <test.eml". (I am including the debug output,
test email, init.pre and local.cf).
The line of interest in the debug output is
debug: SPF: query for /XXX.XXX.XXX.XXX/optonline.net: result: none,
comment: SPF: domain of sender optonline.net does not designate mailers
I would think the fact that optonline.net isn't advertising mailers is too
important. Isn't that fact that aol.com does advertise it's servers via
SPF that thing that matters since that is the domain that I impersonating?
[EMAIL PROTECTED] dig -t txt aol.com
; <<>> DiG 8.3 <<>> -t aol.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; aol.com, type = TXT, class = IN
;; ANSWER SECTION:
aol.com. 5M IN TXT "v=spf1 ip4:152.163.225.0/24
ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23
ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com
?all"
What is that I am not understanding?
TIA,
John
From [EMAIL PROTECTED] Wed Sep 1 17:05:30 2004
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by localhost (Postfix) with ESMTP id D8228ED40
for <[EMAIL PROTECTED]>; Wed, 1 Sep 2004 17:05:29 -0400 (EDT)
Received: from server.domain.com ([127.0.0.1])
by localhost (server.domain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 23583-01 for <[EMAIL PROTECTED]>;
Wed, 1 Sep 2004 17:05:28 -0400 (EDT)
Received: from aaa-nnnnnnnn.dyn.optonline.net (aaa-nnnnnnnn.dyn.optonline.net
[XXX.XXX.XXX.XXX])
by server.domain.com (Postfix) with SMTP id C7F97ECEE
for <[EMAIL PROTECTED]>; Wed, 1 Sep 2004 17:04:51 -0400 (EDT)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: XXXX
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 1 Sep 2004 17:04:51 -0400 (EDT)
XXXX
debug: SpamAssassin version 3.0.0-rc2
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: Final PATH set to: /usr/bin:/usr/sbin:/bin:/sbin
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "/usr/share/spamassassin" for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/local.cf
debug: using "/home/pete/.spamassassin" for user state dir
debug: using "/home/pete/.spamassassin/user_prefs" for user prefs file
debug: config: read file /home/pete/.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a1e3fc)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0)
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a1e3fc) implements
'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) implements
'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) inhibited
further callbacks
debug: Score set 1 chosen.
debug: received-header: parsed as [ ip=127.0.0.1 rdns=localhost helo=localhost
by=localhost ident= envfrom= intl=0 id=D8228ED40 ]
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: trying (3) comcast.net...
debug: looking up NS for 'comcast.net'
debug: NS lookup of comcast.net succeeded => Dns available (set dns_available
to hardcode)
debug: is DNS available? 1
debug: IP is reserved, not looking up PTR: 127.0.0.1
debug: received-header: parsed as [ ip=127.0.0.1 rdns= helo=server.domain.com
by=localhost ident= envfrom= intl=0 id=23583-01 ]
debug: received-header: parsed as [ ip=XXX.XXX.XXX.XXX
rdns=aaa-nnnnnnnn.dyn.optonline.net helo=aaa-nnnnnnnn.dyn.optonline.net
by=server.domain.com ident= envfrom= intl=0 id=C7F97ECEE ]
debug: looking up A records for 'localhost'
debug: A records for 'localhost': 127.0.0.1
debug: received-header: 'from' 127.0.0.1 has reserved IP
debug: received-header: 'from' 127.0.0.1 is near to first 'by'
debug: received-header: relay 127.0.0.1 trusted? yes internal? no
debug: received-header: 'from' 127.0.0.1 has reserved IP
debug: received-header: 'from' 127.0.0.1 is near to first 'by'
debug: received-header: relay 127.0.0.1 trusted? yes internal? no
debug: looking up A records for 'server.domain.com'
debug: A records for 'server.domain.com': YYY.YYY.YYY.YYY
debug: received-header: 'by' server.domain.com has public IP YYY.YYY.YYY.YYY
debug: received-header: relay XXX.XXX.XXX.XXX trusted? no internal? no
debug: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=localhost
helo=localhost by=localhost ident= envfrom= intl=0 id=D8228ED40 ] [
ip=127.0.0.1 rdns= helo=server.domain.com by=localhost ident= envfrom= intl=0
id=23583-01 ]
debug: metadata: X-Spam-Relays-Untrusted: [ ip=XXX.XXX.XXX.XXX
rdns=aaa-nnnnnnnn.dyn.optonline.net helo=aaa-nnnnnnnn.dyn.optonline.net
by=server.domain.com ident= envfrom= intl=0 id=C7F97ECEE ]
debug: ---- MIME PARSER START ----
debug: main message type: text/plain
debug: parsing normal part
debug: added part, type: text/plain
debug: ---- MIME PARSER END ----
debug: decoding: no encoding detected
debug: Message too short for language analysis
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) implements
'parsed_metadata'
debug: URIDNSBL: domains to query:
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: all '*From' addrs: [EMAIL PROTECTED]
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for check_uridnsbl
(Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c))
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0))
debug: SPF: relayed through one or more trusted relays, cannot use header-based
Envelope-From, skipping
debug: forged-HELO: from=optonline.net helo=optonline.net by=domain.com
debug: all '*To' addrs: [EMAIL PROTECTED]
debug: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a1e3fc))
debug: registering glue method for check_for_spf_helo_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0))
debug: SPF: checking HELO (helo=aaa-nnnnnnnn.dyn.optonline.net,
ip=XXX.XXX.XXX.XXX)
debug: SPF: trimmed HELO down to 'optonline.net'
debug: SPF: query for /XXX.XXX.XXX.XXX/optonline.net: result: none, comment:
SPF: domain of sender optonline.net does not designate mailers
debug: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0))
debug: registering glue method for check_hashcash_double_spend
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a1e3fc))
debug: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0))
debug: registering glue method for check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x89fa4a0))
debug: running body-text per-line regexp tests; score so far=4.39
debug: running uri tests; score so far=4.39
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) implements
'check_tick'
debug: running raw-body-text per-line regexp tests; score so far=4.39
debug: running full-text regexp tests; score so far=4.39
debug: Razor2 is not available
debug: DCCifd is not available: no r/w dccifd socket found.
debug: Current PATH is: /usr/bin:/usr/sbin:/bin:/sbin
debug: dccproc was found at /usr/bin/dccproc, but isn't executable
debug: DCC is not available: no executable dccproc found.
debug: Pyzor is not available: pyzor not found
debug: Running tests for priority: 500
debug: RBL: success for 12 of 12 queries
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x844f84c) implements
'check_post_dnsbl'
debug: running meta tests; score so far=7.932
debug: running header regexp tests; score so far=7.932
debug: running body-text per-line regexp tests; score so far=7.932
debug: running uri tests; score so far=7.932
debug: running raw-body-text per-line regexp tests; score so far=7.932
debug: running full-text regexp tests; score so far=7.932
debug: Running tests for priority: 1000
debug: running meta tests; score so far=7.932
debug: running header regexp tests; score so far=7.932
debug: using "/home/pete/.spamassassin" for user state dir
debug: lock: 32047 created
/home/pete/.spamassassin/auto-whitelist.lock.server.domain.com.32047
debug: lock: 32047 trying to get lock on
/home/pete/.spamassassin/auto-whitelist with 0 retries
debug: lock: 32047 link to /home/pete/.spamassassin/auto-whitelist.lock: link ok
debug: Tie-ing to DB file R/W in /home/pete/.spamassassin/auto-whitelist
debug: auto-whitelist (db-based): [EMAIL PROTECTED]|ip=68.193 scores 22/82.091
debug: AWL active, pre-score: 7.932, autolearn score: 7.932, mean:
3.73140909090909, IP: XXX.XXX.XXX.XXX
debug: add_score: New count: 23, new totscore: 90.023
debug: DB addr list: untie-ing and unlocking.
debug: DB addr list: file locked, breaking lock.
debug: unlock: 32047 unlink /home/pete/.spamassassin/auto-whitelist.lock
debug: Post AWL score: 5.83170454545454
debug: running body-text per-line regexp tests; score so far=5.83170454545454
debug: running uri tests; score so far=5.83170454545454
debug: running raw-body-text per-line regexp tests; score so
far=5.83170454545454
debug: running full-text regexp tests; score so far=5.83170454545454
debug: is spam? score=5.832 required=5
debug:
tests=AWL,DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,HELO_DYNAMIC_OOL,MSGID_FROM_MTA_ID,NO_REAL_NAME,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
debug:
subtests=__AOL_FROM,__HAS_MSGID,__HAS_SUBJECT,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RCVD_IN_NJABL,__RCVD_IN_SORBS,__RFC_IGNORANT_ENVFROM,__SANE_MSGID
From [EMAIL PROTECTED] Wed Sep 1 17:05:30 2004
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by localhost (Postfix) with ESMTP id D8228ED40
for <[EMAIL PROTECTED]>; Wed, 1 Sep 2004 17:05:29 -0400 (EDT)
Received: from server.domain.com ([127.0.0.1])
by localhost (server.domain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 23583-01 for <[EMAIL PROTECTED]>;
Wed, 1 Sep 2004 17:05:28 -0400 (EDT)
Received: from aaa-nnnnnnnn.dyn.optonline.net (aaa-nnnnnnnn.dyn.optonline.net
[XXX.XXX.XXX.XXX])
by server.domain.com (Postfix) with SMTP id C7F97ECEE
for <[EMAIL PROTECTED]>; Wed, 1 Sep 2004 17:04:51 -0400 (EDT)
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: XXXX
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 1 Sep 2004 17:04:51 -0400 (EDT)
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0-rc2 (2004-08-15) on
server.domain.com
X-Spam-Report:
* 0.2 NO_REAL_NAME From: does not include a real name
* 2.5 HELO_DYNAMIC_OOL Relay HELO'd using suspicious hostname
(OptOnline)
* 1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally
* 0.4 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
* 1.4 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
* 0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [XXX.XXX.XXX.XXX listed in dnsbl.sorbs.net]
* 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
* [XXX.XXX.XXX.XXX listed in combined.njabl.org]
* -2.1 AWL AWL: From: address is in the auto white-list
X-Spam-Status: Yes, score=5.8 required=5.0 tests=AWL,DNS_FROM_RFC_ABUSE,
DNS_FROM_RFC_POST,HELO_DYNAMIC_OOL,MSGID_FROM_MTA_ID,NO_REAL_NAME,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=disabled
version=3.0.0-rc2
X-Spam-Level: *****
XXXX
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# This file will be loaded before *all other* configuration files, including
# the system configuration. As such, it's a good place to set things that
# will affect how those files are parsed, like which plugins are loaded
# etc.
#
###########################################################################
# RelayCountry - add metadata for Bayes learning, marking the countries
# a message was relayed through
#
# loadplugin Mail::SpamAssassin::Plugin::RelayCountry
# URIDNSBL - look up URLs found in the message against several DNS
# blocklists.
#
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
# Hashcash - perform hashcash verification.
#
loadplugin Mail::SpamAssassin::Plugin::Hashcash
# SPF - perform SPF verification.
#
loadplugin Mail::SpamAssassin::Plugin::SPF
skip_rbl_checks 0
rbl_timeout 8
ok_languages en
ok_locales en
use_bayes 0
bayes_auto_learn 0
report_safe 0
clear_report_template
report SPAM Content analysis details: (_HITS_ points)
report _SUMMARY_
# FOR SPF
envelope_sender_header Return-Path
clear_trusted_networks
clear_internal_networks
