> whitelist_from_rcvd only works for hosts that have a valid DNS map, both > forward & reverse. This is to prevent spammers from forging a > DNS reverse map to exploit a known whitelist_from_rcvd. > > As your host '[75.145.201.209]' only has a reverse map (no forward map > for that name) you cannot use whitelist_from_rcvd. > > # host 75.145.201.209 > 209.201.145.75.in-addr.arpa domain name pointer 75-145-201-209- > Jacksonville.hfc.comcastbusiness.net. > # host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net. > Host 75-145-201-209-Jacksonville.hfc.comcastbusiness.net not found: > 3(NXDOMAIN) > > So if you can get Comcast to put in a valid DNS forward map for that > host name it should work. >
I think the problem is caused by the program I'm using to call SA. If I feed the message to SA directly from the command line, it matches the whitelist and stops processing more rules. To me, this implies whitelist_from_rcvd doesn't really care about full circle rDNS. If I'm wrong on this assessment, I can stop bothering my other list. However, since we know that nobody can get the big ISP's to do anything about forward or reverse DNS, what would be the appropriate way to whitelist this sender? Unfortunately, the sender has botched their SPF record(s) so that option is out. [3106] dbg: spf: checking to see if the message has a Received-SPF header that we can use [3106] dbg: spf: using Mail::SPF for SPF checks [3106] dbg: spf: checking HELO (helo=!75.145.201.209!, ip=75.145.201.209) [3106] dbg: spf: cannot check HELO of '!75.145.201.209!', skipping [3106] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [3106] dbg: spf: checking EnvelopeFrom (helo=!75.145.201.209!, ip=75.145.201.209, [EMAIL PROTECTED]) [3106] dbg: spf: query for [EMAIL PROTECTED]/75.145.201.209/!75.145.201.209!: result: permerror, comment: , text: Redundant applicable 'v=spf1' sender policies found [3106] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [3106] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check
