Policyd is not doing any rejection. While it is a policy server, it is
configured to always permit and its only purpose is to add SPF
authentication headers. These are later parsed by the opendmarc milter.
It would be nice, if SA too would parse them and not redo the SPF
validation.
I am still counting on SA to apply its rules and score the message
accordingly.
Elod G
On 11/18/2015 16:20, Reindl Harald wrote:
>
>
> Am 18.11.2015 um 15:10 schrieb Elod G:
>> I am using Spamassassin 3.4.0 called by spamass-milter with Postfix 2.11
>> on Ubuntu 14.04. I can't get SA to recognize Auth-results headers added
>> by policyd-spf, a Postfix policy server
>
> why? SA has it's own SPF rules - the job of the policyd is a hardfail
> or in case of the python-implementation place it before dangerous
> postfix rules to skip them in case of SPF_PASS
> _______________________________________________
>
> end of smtpd_recipient_restrictions:
> check_policy_service unix:private/spf-policy
> reject_unknown_reverse_client_hostname
> check_policy_service unix:/var/spool/postfix/postgrey/socket
> ${stress?sleep 0}${stress: sleep 3}
> check_helo_access proxy:pcre:/etc/postfix/blacklist_helo.cf
> check_reverse_client_hostname_access proxy:pcre:/etc/postfix/ptr.cf
> reject_unverified_sender
>
> cat /etc/python-policyd-spf/policyd-spf.conf
> # For a fully commented sample config file see
> /usr/share/doc/pypolicyd-spf/policyd-spf.conf.commented
> debugLevel = 1
> defaultSeedOnly = 1
> HELO_reject = No_Check
> Mail_From_reject = Fail
> Mail_From_pass_restriction = OK
> PermError_reject = False
> TempError_Defer = True
> _______________________________________________
>
> SA has it's own rules
>
> /var/lib/spamassassin/3.004001/updates_spamassassin_org
> score RCVD_IN_IADB_SPF 0 -0.001 0 -0.059 # n=0 n=2
> score USER_IN_SPF_WHITELIST -100.000
> score USER_IN_DEF_SPF_WL -7.500
> score ENV_AND_HDR_SPF_MATCH -0.5
> score SPF_NONE 0
> score SPF_HELO_NONE 0
> score SPF_PASS -0.001
> score SPF_HELO_PASS -0.001
> score SPF_FAIL 0 0.919 0 0.001 # n=0 n=2
> score SPF_HELO_FAIL 0 0.001 0 0.001 # n=0 n=2
> score SPF_HELO_NEUTRAL 0 0.001 0 0.112 # n=0 n=2
> score SPF_HELO_SOFTFAIL 0 0.896 0 0.732 # n=0 n=2
> score SPF_NEUTRAL 0 0.652 0 0.779 # n=0 n=2
> score SPF_SOFTFAIL 0 0.972 0 0.665 # n=0 n=2
> score FROM_MISSP_SPF_FAIL 0.001 1.000 0.001 1.000
> score TO_EQ_FM_DOM_SPF_FAIL 0.001 0.001 0.001 0.001
> score TO_EQ_FM_SPF_FAIL 0.001 0.001 0.001 0.001
>
> /etc/mail/spamassassin/local-*.cf
> score RCVD_IN_IADB_SPF -0.1
> score T_SPF_PERMERROR 0
> score T_SPF_TEMPERROR 0
> score T_SPF_HELO_PERMERROR 0
> score T_SPF_HELO_TEMPERROR 0
> score SPF_NEUTRAL 0.5
> score SPF_NONE 0.05
> score SPF_PASS -0.05
> score SPF_HELO_PASS 0
> score SPF_HELO_NONE 0
> score SPF_HELO_NEUTRAL 0
> score SPF_HELO_SOFTFAIL 0.5
> score SPF_HELO_FAIL 1.5
> score SPF_SOFTFAIL 1.5
> score SPF_FAIL 2.5
> score USER_IN_DEF_SPF_WL -5.0
> score USER_IN_SPF_WHITELIST -100.0
>
