Ben Lentz wrote:
Okay, I've added
always_trust_envelope_sender 1
trusted_networks 10.1.0.0/16
trusted_networks 205.246.7.107
and restarted. Still not acknoledgement that SPF is working for
gmail.com. SPF-based whitelisting might be great, but at this point I'm
still not confident that SPF is working for me.
Here's the debug info. The line "domain of sender wproxy.gmail.com does
not designate mailers" leads me to believe that SA thinks gmail's SPF
record is bad because they don't have any IN TXT wproxy.gmail.com SPF
record, they're only publishing at the domain level.
If you look at the dbg line before that you'll see that it's doing an
SPF_HELO check for wproxy.gmail.com. which doesn't have an SPF record --
all is good here.
[28988] dbg: spf: checking HELO (helo=wproxy.gmail.com, ip=64.233.184.199)
[28988] dbg: spf: query for /64.233.184.199/wproxy.gmail.com: result:
none, comment: SPF: domain of sender wproxy.gmail.com does not designate
mailers
All good (see above).
[28988] dbg: spf: cannot get Envelope-From, cannot use SPF
Not good. Make sure whatever is passing the mail to SpamAssassin is
including a Return-Path header. This is a must.
Daryl
