On Jan 5, 2015 at 18:52 +0100, Reindl Harald wrote: =>how can "SPF_HELO_PASS,SPF_NONE" fire both?
Just by going off the names... The domain presented in the HELO (RFC5321.HELO) command passed the SPF check_host() test while the domain used in the mail from (RFC5321.MailFrom) command didn't have a SPF record. S1: 220 mx.example.com ESMTP C1: EHLO smtp.example.net S2: 250-mx.example.com Hello...pleased to meet you C2: MAIL FROM:<sen...@example.net> S2: 250 Sender OK C3: RCPT TO:<recipi...@example.com> S3: 250 Recipient OK C4: DATA So the SPF_HELO_PASS is testing the SPF record for smtp.example.net (line C1 above), while the SPF_NONE is testing the domain (example.net) used in the "MAIL FROM" (line C2). Remember that SPF checks both the HELO name presented as well as the domain used in the Mail From command. (Which is why "you" should have a simple "v=spf1 a -all" record for the A record of your sending systems as well as not having your sending systems HELO as your top level domain.) -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ ***********************************************************************
