Am 11.07.2016 um 21:02 schrieb David B Funk:
On Mon, 11 Jul 2016, Reindl Harald wrote:SA has also a weakness or design mistake here "envelope_sender_header X-Local-Envelope-From" while that header comes from postfix with customized configuration because we use it in own rules has no fallback __________________________________ By default, various MTAs will use different headers, such as the following: X-Envelope-From Envelope-Sender X-Sender Return-Path __________________________________ well, in case of "envelope_sender_header" present in the configuration and that header is missing for whatever reason there is *no fallback* while for most cases it would be better to use "envelope_sender_header" as prefered one instead the only one that it is not the case can you see when "add_header all Status _YESNO_, score=_SCORE_, tag-level=_REQD_, block-level=8.0, envelope=_SENDERDOMAIN_, from=_AUTHORDOMAIN_, _TOKENSUMMARY_" ends with SENDERDOMAIN_ in your headersThe SA Conf man page seems to indicate that it -should- fall back to its heuristic if the envelope_sender_header is missing: To avoid this heuristic failure, the "envelope_sender_header" setting may be helpful. Name the header that your MTA or MDA adds to messages containing the address used at the MAIL FROM step of the SMTP transaction. If the header in question contains "<" or ">" characters at the start and end of the email address in the right-hand side, as in the SMTP transaction, these will be stripped. If the header is not found in a message, or if it's value does not contain an "@" sign, SpamAssassin will issue a warning in the logs and fall back to its default heuristics. It doesn't look like that fall-back is working. If you completely omit the envelope_sender_header config setting, the heuristic works. Maybe you should file a bug-report.
looks so
One additional question, if you're setting the envelope_sender_header configwhy aren't you actually supplying it?
because i have *no idea* from where it comes that postfix sometimes ignores check_sender_access proxy:pcre:/etc/postfix/x_envelope_from.cf check_recipient_access proxy:pcre:/etc/postfix/x_envelope_to.cf
If you cannot depend upon your system to actually supply the header you list in your envelope_sender_header config, then don't set that parameter
well, the idea is to add a own heaer in the MTA instead rely on heuristic which hopefully don't use a randm but wrong header (if that would be impossible the other problem also won't exist)
signature.asc
Description: OpenPGP digital signature
