On 17.05.14 14:11, Jeff Mincy wrote:
I just got some spam that was erroneously spf whitelisted hitting
WHITELIST_FROM_SPF
It took me a while to figure out why it was getting WHITELIST_FROM_SPF
but I eventually tracked it down down to this whitelist entry:
whitelist_from_spf *@*buy.com
The *@*buy.com (obviously) matches *@odysseyshop.ribsbuy.com.
It would have been easier to figure out why it was matching if the
matching spf entry was printed out, for example something like this:
May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com matches ^.*\@.*buy\.com$ entry
May 8 18:21:27.859 [22058] dbg: spf: whitelist_from_spf:
amandarodriq...@odysseyshop.ribsbuy.com is in user's WHITELIST_FROM_SPF and
passed SPF check
According to the documentation, they are not regexp's (as one could/should
expect):
Whitelist and blacklist addresses are now file-glob-style patterns,
sub _wlcheck {
my ($self, $scanner, $param) = @_;
if (defined ($scanner->{conf}->{$param}->{$scanner->{sender}})) {
return 1;
} else {
study $scanner->{sender};
foreach my $regexp (values %{$scanner->{conf}->{$param}}) {
if ($scanner->{sender} =~ qr/$regexp/i) {
##New dbg output here:
dbg("spf: $param: $scanner->{sender} matches $regexp entry");
return 1;
I assume the contents of *_networks is modified before RE matching, so you'd
wonder what is the content...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
