After I added "always_trust_envelope_sender 1" and run spamassassin -Dspf on several test messages they all have this error:
dbg: spf: cannot get Envelope-From, cannot use SPF I guess I must be missing something else. I've been watching my logs since the change and still none have anything other than SPF_HELO_*. SA is running on my gateway MX. Anything else I should look at? Kris -----Original Message----- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Monday, January 23, 2006 5:30 PM To: Kristopher Austin Cc: users@spamassassin.apache.org Subject: Re: USER_IN_SPF_WHITELIST not firing On 1/23/2006 12:10 PM, Kristopher Austin wrote: > After seeing all the SPF discussion lately I decided to actually ask you > guys about this problem. > > I have many whitelist_from_spf entries where I usually keep my whitelist > entries. For some reason, I have never seen a hit on > USER_IN_SPF_WHITELIST. I have received plenty of emails that I believe > should have hit. Here are some example entries: > whitelist_from_spf [EMAIL PROTECTED] > > After further investigation I notice that I have plenty of SPF_HELO_* > hits, but no SPF_* hits. I assume this issue is probably related to the > other. What is the difference between SPF_HELO rules and the plain SPF > versions? Why would I not be seeing any hits on the non-HELO ones? If SpamAssassin isn't running on your gateway MX, and your trusted_networks are set correctly, which they are... > > I have trusted_networks configured correctly. I have the plugin enabled > and I see no errors with a spamassassin --lint -D. All the SPF > dependencies are loaded. I am using SA 3.1 / sa-exim / exim 4.60 / > Debian 3.1. ...you won't see anything but SPF_HELO_* hits unless you add this line to your local.cf: always_trust_envelope_sender 1 By default (I'm starting to think that it shouldn't be by default), SA will not trust the envelope sender since it could possibly have been modified by one of the (trusted) internal_networks hosts. Without an envelope sender that it can trust, SA can't do SPF checks on the envelope sender (which is what the SPF_* checks are). > I really have no idea on how to proceed from here. How does one test > the SPF tests and get debug output on it? spamassassin -Dspf < test.msg Daryl
