jdow wrote: > From: "Matt Kettler" <[EMAIL PROTECTED]> > >> Ramprasad wrote: >>> Hi, >>> I am using SA 3.1.1 as a module in MailScanner. >>> I am not able to get whitelist_from_spf working. >>> In my local.cf I have >>> ifplugin Mail::SpamAssassin::Plugin::SPF >>> whitelist_from_spf [EMAIL PROTECTED] >>> endif >>> >>> A mail from a SPF allowed IP is scored SPF_HELO_PASS ( evidently spf >>> checks are working ), but no USER_IN_SPF_WHITELIST >>> why, do I have to do anything else ?? >>> >> >> Follow-up: >> >> Looking at your SPF records, you don't have 127.0.0.1 listed. Any mail >> generated locally on darkstar.netcore.co.in will NOT pass SPF because >> the actual IP address is 127.0.0.1, which isn't listed. SA. However, the >> HELO string is (darkstar.netcore.co.in). That presumably resolves to one >> of the listed IP addresses, which causes the SPF_HELO_PASS (I can't >> resolve darkstar right now so so I cannot verify this) >> >> Add 127.0.0.1, and any other local IPs, to your SPF record and you >> should be good to go. >> >> Personally, I do this at my work, but we use split-dns. The external >> view doesn't see 127.0.0.1, or any internal IP addresses, but the >> internal one (used by SA) does. > > Ahhmmmm, if he adds local host that would then allow ANY localhost > in the world to authenticate with his SPF, wouldn't it? Wouldn't > that be a bad thing?
Only from localhost to localhost... ie: this could never happen over the internet, but you could send yourself mail on your own mailserver, forge his domain and have it pass SPF.
