Does it mean anything with there is no test after the SPF failed: part of
the report?
I checked the from domain and it did not have a TXT or SPF record. It is
possible that it refused my DNS connection. I don't recall. I saved the
message to a file and ran spamassassin on it and it passes now.
Here is the example:
pts rule name description
---- ---------------------- -----------------------------------------
1.4 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
[SPF failed: ]
2.4 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
[SPF failed: ]
2.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4352]
0.0 RAZOR2_CF_RANGE_00_01 Razor2 gives confidence between 00 and 01
[cf: 0]
Here are the pertinent headers:
Return-Path: <[EMAIL PROTECTED]>
X-ClientAddr: 165.212.64.31
Received: from cmsout01.mbox.net (cmsout01.mbox.net [165.212.64.31])
by host.uuserver.net (8.12.11/8.12.11) with ESMTP id k594MO4s003948
for <[EMAIL PROTECTED]>; Thu, 8 Jun 2006 23:22:54 -0500
Received: from cmsout01.mbox.net (cmsout01.mbox.net [165.212.64.31])
by cmsout01.mbox.net (Postfix) with ESMTP id 7B70D7814F;
Fri, 9 Jun 2006 04:22:22 +0000 (GMT)
Received: from xxxx.cms.usa.net [z.z.z.z] by cmsout01.mbox.net via smtad
(C8.MAIN.3.27X);
Fri, 09 Jun 2006 04:22:22 GMT
X-USANET-Source: z.z.z.z IN [EMAIL PROTECTED] xxxx.cms.usa.net
X-USANET-MsgId: XID739kFieww4796X01
Received: from [x.x.x.x] [y.y.y.y] by xxxx.cms.usa.net
(ASMTP/[EMAIL PROTECTED]) via mtad (C8.MAIN.3.27X)
with ESMTP id 170kFiewV0308M37; Fri, 09 Jun 2006 04:22:21 GMT
X-USANET-Auth: y.y.y.y AUTH [EMAIL PROTECTED] [x.x.x.x]
-----Original Message-----
From: JamesDR [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 18, 2006 05:16 PM
To: users@spamassassin.apache.org
Subject: Re: SPF SOFTFAIL definition
AFAIK, you would get nothing. Just like if any other DNS test would fail.
What spamassassin reports as *FAIL is not an indicator that DNS isn't
working. You would need to consult your logs and do some testing.
However, since this is a DNS lookup, this does add time to the scanning
(I've seen where this can add a lot of time..) I prefer to use SPF for
my whitelisting needs in SA, I block anything that hardfails at the
server level -- allowing SA to add points for a softfail. Keep in mind,
it seems most servers that implement SPF use softfail (~all).
HTH
--
Thanks,
JamesDR
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.0/368 - Release Date: 06/16/06
