Ramprasad wrote: > On Tue, 2006-05-02 at 10:18 -0400, Matt Kettler wrote: >> Ramprasad wrote: >>> Hi, >>> I am using SA 3.1.1 as a module in MailScanner. >>> I am not able to get whitelist_from_spf working. >>> >>> In my local.cf I have >>> >>> ifplugin Mail::SpamAssassin::Plugin::SPF >>> whitelist_from_spf [EMAIL PROTECTED] >>> endif >>> >>> A mail from a SPF allowed IP is scored SPF_HELO_PASS ( evidently spf >>> checks are working ), but no USER_IN_SPF_WHITELIST >>> >>> why, do I have to do anything else ?? >>> >> Follow-up: >> >> Looking at your SPF records, you don't have 127.0.0.1 listed. Any mail >> generated locally on darkstar.netcore.co.in will NOT pass SPF because >> the actual IP address is 127.0.0.1, which isn't listed. SA. However, the >> HELO string is (darkstar.netcore.co.in). That presumably resolves to one >> of the listed IP addresses, which causes the SPF_HELO_PASS (I can't >> resolve darkstar right now so so I cannot verify this) >> >> Add 127.0.0.1, and any other local IPs, to your SPF record and you >> should be good to go. >> >> Personally, I do this at my work, but we use split-dns. The external >> view doesn't see 127.0.0.1, or any internal IP addresses, but the >> internal one (used by SA) does. > > darkstar.netcore is just my desktop. > So any mailserver who sees this ip from outside just gets the mail from > my gateway-ip ( ip masquaraded ) , and that one is listed in SPF > records.
Yes, but what box performs the SA scan? is it darkstar? or some other box? Does the box performing the SA scan see the masquerade, or is it also behind your firewall and thus sees the private IPs? You're not concerned with what outside machines see here. You are trying to diagnose why YOUR local SA box does not cause SPF_PASS for messages that you sent to your own domain.
