Arvinn Løkkebakken wrote:
I have two questions about the SPF plugin in SA.
What is the difference between FAIL and SOFTFAIL on Helo? When running
SA with bayes and network FAIL scores close to zero while SOFTFAIL
gives a solid 3.1. Does FAIL hit a lot of ham? According to my stats,
SPF_HELO_FAIL gets triggered about as often as SPF_HELO_SOFTFAIL does.
But I haven't looked to deep after false positives.
Scores for all tests are determined by automated processes.
Next question. On my qmail-scanner server (in the middle between
front-end MX and bakend final destination) only the Helo SPF checks
gets triggered. I have a few thousand hits of SPF_HELO_* every day but
zero of the other SPF checks.
My front-end MX servers are running Qmail and trusted_network and
internal_network is set properly. Does it have to do with format of
the Received headers created by Qmail?
I had the same problem. It turns out that if the email is being
relayed through trusted or internal hosts, SA will skip the SPF checks
on the belief that it cannot trust that one of those hosts hasn't
changed the envelope headers. I ended up opening an enhancement
request to allow an option to get SA to run the SPF checks if the admin
is sure that the envelope headers are not being altered. This will
appear in 3.1, but there is a patch you can get if you want it
earlier. See http://bugzilla.spamassassin.org/show_bug.cgi?id=4140
Kevin
