Hello, I'm having problems using whitelist_from_spf to whitelist a domain.
[23227] dbg: spf: checking to see if the message has a Received-SPF header that we can use [23227] dbg: spf: using Mail::SPF for SPF checks [23227] dbg: spf: checking HELO (helo=out10.wanadoo.es, ip=62.36.20.210) [23227] dbg: dns: hit <dns:103.134.102.80.zen.spamhaus.org> 127.0.0.11 [23227] dbg: spf: query for /62.36.20.210/out10.wanadoo.es: result: none, comment: , text: No applicable sender policy available [23227] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [23227] dbg: spf: checking EnvelopeFrom (helo=out10.wanadoo.es, ip=62.36.20.210, envfrom=...@orange.es) [23227] warn: Exception: incomplete data at /usr/local/lib/perl/5.10.0/Net/DNS/RR.pm line 561. [23227] warn: caught at /usr/local/share/perl/5.10.0/Mail/SpamAssassin/DnsResolver.pm line 440 [23227] dbg: spf: query for x...@orange.es/62.36.20.210/out10.wanadoo.es: result: fail, comment: Please see http://www.openspf.org/Why?s=mfrom;id=xxx%40orange.es;ip=62.36.20.210;r=relay09.dns-servicios.com, text: Mechanism '-all' matched [23227] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [23227] dbg: rules: ran eval rule SPF_FAIL ======> got hit (1) It seems that there is a problem resolving DNS records of that domain so I want to whitelist it. If I add: whitelist_from_spf *...@orange.es It's ignored by SA, as the log says. Reviewing code of SPF.pm from SpamAssassin, I see: # if the message doesn't pass SPF validation, it can't pass an SPF whitelist if ($scanner->{def_spf_whitelist_from}) { if ($self->check_for_spf_pass($scanner)) { dbg("spf: def_whitelist_from_spf: $scanner->{sender} is in DEF_WHITELIST_FROM_SPF and passed SPF check"); } else { dbg("spf: def_whitelist_from_spf: $scanner->{sender} is in DEF_WHITELIST_FROM_SPF but failed SPF check"); $scanner->{def_spf_whitelist_from} = 0; } } else { dbg("spf: def_whitelist_from_spf: $scanner->{sender} is not in DEF_WHITELIST_FROM_SPF"); } So, which is the purpose of this whitelist feature? If the SPF check fails, it can't do whitelist? Thanks! Regards, -- Álvaro Marín Illera HOSTALIA INTERNET www.hostalia.com
