I just got some spam that was erroneously spf whitelisted hitting
WHITELIST_FROM_SPF
It took me a while to figure out why it was getting WHITELIST_FROM_SPF
but I eventually tracked it down down to this whitelist entry:
whitelist_from_spf *@*buy.com
The *@*buy.com (obviously) matches *@odysseyshop.ribsbuy.com.
It would have been easier to figure out why it was matching if the
matching spf entry was printed out, for example something like this:
May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com matches ^.*\@.*buy\.com$ entry
May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com is in user's WHITELIST_FROM_SPF and
passed SPF check
sub _wlcheck {
my ($self, $scanner, $param) = @_;
if (defined ($scanner->{conf}->{$param}->{$scanner->{sender}})) {
return 1;
} else {
study $scanner->{sender};
foreach my $regexp (values %{$scanner->{conf}->{$param}}) {
if ($scanner->{sender} =~ qr/$regexp/i) {
##New dbg output here:
dbg("spf: $param: $scanner->{sender} matches $regexp entry");
return 1;
}
}
}
return 0;
}
-jeff
