On 29/02/2008 1:11 PM, Matus UHLAR - fantomas wrote: > Hello, > > I wonder if SPF rules shouldn't be considered network... they require DNS > lookups, don't they?
Network, no... the rules just need a suitable message, SA and a Perl interpreter. :) Seriously though, the SPF plugin (in 3.2+) can reuse the results from Received-SPF headers, if present, without doing any lookups itself. So it's not strictly a DNS based test itself. The plugin will not attempt lookups if you do not have network checks enabled (not using scoresets 1 or 3). It will only attempt to reuse results. If you do have network checks enabled, it will attempt to get results from the network if there are no results to reuse. >From the M::SA::P::SPF POD: > ignore_received_spf_header (0|1) (default: 0) > By default, to avoid unnecessary DNS lookups, the plugin will try > to use the SPF results found in any "Received-SPF" headers it finds in the > message that could only have been added by an internal relay. > > Set this option to 1 to ignore any "Received-SPF" headers present > and to have the plugin perform the SPF check itself. > > Note that unless the plugin finds an "identity=helo", or some > unsupported identity, it will assume that the result is a mfrom SPF check > result. > The only identities supported are "mfrom", "mailfrom" and "helo". > > use_newest_received_spf_header (0|1) (default: 0) > By default, when using "Received-SPF" headers, the plugin will > attempt to use the oldest (bottom most) "Received-SPF" headers, that were > added > by internal relays, that it can parse results from since they are > the most likely to be accurate. This is done so that if you have an incoming > mail setup where one of your primary MXes doesn't know about a > secondary MX (or your MXes don't know about some sort of forwarding relay that > SA considers trusted+internal) but SA is aware of the actual > domain boundary (internal_networks setting) SA will use the results that are > most > accurate. > > Use this option to start with the newest (top most) "Received-SPF" > headers, working downwards until results are successfully parsed. Daryl
