Hi Alex, sometimes I see this when the envelope from doesn't match the header from. So what you think might pass SPF does not. That's my only guess from looking at the example you posted. That example looked like it would work perfectly. KAM
On Thu, May 5, 2022, 18:02 Alex <mysqlstud...@gmail.com> wrote: > Hi, > > I'm trying to understand why some domains are not whitelisted even > though they pass SPF and are in my local welcomelist_auth entries. I'm > using policyd-spf with postfix, and it appears to be adding the > following header: > > X-Comment: SPF skipped for whitelisted relay domain - > client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com; > envelope-from=re...@support.meridianlink.com; receiver=<UNKNOWN> > > I realize this may not necessarily be directly related to SA, but it's > apparently affecting my ability to process SPF headers with > amavisd/SA, and I hoped someone could help. > > What's happening where the mail passes SPF but still bypasses my > welcomelist entries? My skip_addresses list doesn't include this > particular IP: > skip_addresses = > > 139.138.56.0/24,127.0.0.0/8,::ffff:127.0.0.0/104,::1,52.128.98.0/24,74.203.184.0/24,74.200.60.0/24,209.222.82.0/24,12.15.90.10 > > > My welcomelist entry in SA for this specific email is as: > welcomelist_auth re...@support.meridianlink.com > > The amavisd headers show it passed SPF: > > Return-Path: <re...@support.meridianlink.com> > X-Spam-Status: No, score=-2.491 tagged_above=-200 required=5 > tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, > DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, EXTRACTTEXT=0.001, > FMBLA_HELO_OUTMX=-0.01, FMBLA_RDNS_OUTMX=-0.01, > HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, LOC_CDIS_INLINE=0.1, > LOC_IMGSPAM=0.1, RCVD_IN_DNSWL_NONE=-0.0001, > RCVD_IN_SENDERSCORE_90_100=-0.6, RELAYCOUNTRY_US=0.01, > SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TXREP=0.016] autolearn=disabled > > This one didn't need to be added to the welcomelist, but others do. > The last header received before reaching our server is as: > > Received: from smtp14-ph2-sp4.mta.salesforce.com > (smtp14-ph2-sp4.mta.salesforce.com [13.110.6.221]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (No client certificate requested) > by mail01.example.com (Postfix) with ESMTPS id 5FC7010024E93 > for <ade...@example.com>; Thu, 5 May 2022 12:01:59 -0400 (EDT) > > salesforce is also listed in their SPF record: > $ dig +short txt support.meridianlink.com > "v=spf1 include:spf.protection.outlook.com include:_spf.salesforce.com > -all" > > Thanks, > Alex >
