Re: Spamassassin SPF plugin headers

Wed, 18 Nov 2015 06:34:21 -0800 


Am 18.11.2015 um 15:27 schrieb Elod G:

Policyd is not doing any rejection. While it is a policy server, it is
configured to always permit and its only purpose is to add SPF
authentication headers. These are later parsed by the opendmarc milter.
It would be nice, if SA too would parse them and not redo the SPF
validation.
I am still counting on SA to apply its rules and score the message
accordingly.


well, than stay at the SA rules and re-score them if needed


as you can see by the amount of different rules and scores you gain 
nohting by just parse a header and "SA too would parse them and not redo 
the SPF" is more then questionable, the DNS results are cached anyways 
and get the same results by parse a header is error prone



On 11/18/2015 16:20, Reindl Harald wrote:



Am 18.11.2015 um 15:10 schrieb Elod G:

I am using Spamassassin 3.4.0 called by spamass-milter with Postfix 2.11
on Ubuntu 14.04. I can't get SA to recognize Auth-results headers added
by policyd-spf, a Postfix policy server


why? SA has it's own SPF rules - the job of the policyd is a hardfail
or in case of the python-implementation place it before dangerous
postfix rules to skip them in case of SPF_PASS
_______________________________________________

end of smtpd_recipient_restrictions:
  check_policy_service unix:private/spf-policy
  reject_unknown_reverse_client_hostname
  check_policy_service unix:/var/spool/postfix/postgrey/socket
  ${stress?sleep 0}${stress: sleep 3}
  check_helo_access proxy:pcre:/etc/postfix/blacklist_helo.cf
  check_reverse_client_hostname_access proxy:pcre:/etc/postfix/ptr.cf
  reject_unverified_sender

cat /etc/python-policyd-spf/policyd-spf.conf
# For a fully commented sample config file see
/usr/share/doc/pypolicyd-spf/policyd-spf.conf.commented
debugLevel = 1
defaultSeedOnly = 1
HELO_reject = No_Check
Mail_From_reject = Fail
Mail_From_pass_restriction = OK
PermError_reject = False
TempError_Defer = True
_______________________________________________

SA has it's own rules

/var/lib/spamassassin/3.004001/updates_spamassassin_org
score RCVD_IN_IADB_SPF 0 -0.001 0 -0.059 # n=0 n=2
score USER_IN_SPF_WHITELIST -100.000
score USER_IN_DEF_SPF_WL -7.500
score ENV_AND_HDR_SPF_MATCH -0.5
score SPF_NONE 0
score SPF_HELO_NONE 0
score SPF_PASS -0.001
score SPF_HELO_PASS -0.001
score SPF_FAIL 0 0.919 0 0.001 # n=0 n=2
score SPF_HELO_FAIL 0 0.001 0 0.001 # n=0 n=2
score SPF_HELO_NEUTRAL 0 0.001 0 0.112 # n=0 n=2
score SPF_HELO_SOFTFAIL 0 0.896 0 0.732 # n=0 n=2
score SPF_NEUTRAL 0 0.652 0 0.779 # n=0 n=2
score SPF_SOFTFAIL 0 0.972 0 0.665 # n=0 n=2
score FROM_MISSP_SPF_FAIL                   0.001 1.000 0.001 1.000
score TO_EQ_FM_DOM_SPF_FAIL                 0.001 0.001 0.001 0.001
score TO_EQ_FM_SPF_FAIL                     0.001 0.001 0.001 0.001

/etc/mail/spamassassin/local-*.cf
score RCVD_IN_IADB_SPF -0.1
score T_SPF_PERMERROR 0
score T_SPF_TEMPERROR 0
score T_SPF_HELO_PERMERROR 0
score T_SPF_HELO_TEMPERROR 0
score SPF_NEUTRAL 0.5
score SPF_NONE 0.05
score SPF_PASS -0.05
score SPF_HELO_PASS 0
score SPF_HELO_NONE 0
score SPF_HELO_NEUTRAL 0
score SPF_HELO_SOFTFAIL 0.5
score SPF_HELO_FAIL 1.5
score SPF_SOFTFAIL 1.5
score SPF_FAIL 2.5
score USER_IN_DEF_SPF_WL -5.0
score USER_IN_SPF_WHITELIST -100.0





Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to