Discussion:
Enabling/testing SPF?
Henry Kwan
2006-11-03 10:21:04 UTC
Permalink
Am finally getting around to making SPF records for our domains so naturally
I was fiddling with SA to see SPF-checking was enabled. Running 3.17 with
Mail-SPF-Query-1.999.1 installed. During "make test", it seemed to pass all
36 tests in "t/spf.......................ok".

But when I do a debug test via "spamassassin -D < sample-nonspam.txt", it
doesn't seem to return "debug: registering glue method for
check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8d21990))".

I then sent a test email from another machine, forging an email with a
domain known to have a good SPF record and I didn't see any references to
SPF in the tests section.

So what might be the issue here? TIA for any insights.
Ramprasad
2006-11-03 12:18:26 UTC
Permalink
Post by Henry Kwan
Am finally getting around to making SPF records for our domains so naturally
I was fiddling with SA to see SPF-checking was enabled. Running 3.17 with
Mail-SPF-Query-1.999.1 installed. During "make test", it seemed to pass all
36 tests in "t/spf.......................ok".
But when I do a debug test via "spamassassin -D < sample-nonspam.txt", it
doesn't seem to return "debug: registering glue method for
check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8d21990))".
I then sent a test email from another machine, forging an email with a
domain known to have a good SPF record and I didn't see any references to
SPF in the tests section.
So what might be the issue here? TIA for any insights.
spamassassin -D < file 2>&1 | grep -i spf

check the output

which MTA do you use ? Your MTA must insert an X-Envelope-From: header
( or similar )

Thanks
Ram
Henry Kwan
2006-11-03 18:35:35 UTC
Permalink
Post by Ramprasad
spamassassin -D < file 2>&1 | grep -i spf
check the output
which MTA do you use ? Your MTA must insert an X-Envelope-From: header
( or similar )
Thanks
Ram
Hi.

I'm using sendmail so I see that I have to modify sendmail.cf by adding
"H?l?X-Envelope-From: $f". By the way, how can I add
that bit via sendmail.mc instead of modifying sendmail.cf directly?

Anyway, this is what I get with the sample non-sample:

[***@mail Mail-SpamAssassin-3.1.7]# spamassassin -D < sample-nonspam.txt 2>&1 |
grep -i spf
[25342] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[25342] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf

Even with a piece of mail that I had saved from a domain that has a confirmed
SPF record (and a X-Envelope-From: header), I get
the same output as above.

Thanks.

--Henry

P.S. Sorry if this is a dupe. Wasn't sure if this got sent as Pine complained
about my mailbox when I tried to send it earlier.
Henry Kwan
2006-11-03 19:29:10 UTC
Permalink
Post by Ramprasad
spamassassin -D < file 2>&1 | grep -i spf
check the output
which MTA do you use ? Your MTA must insert an X-Envelope-From: header
( or similar )
Thanks
Ram
Hi,

After some more banging my head against the wall, I discovered that SPF checking
was disabled because I wasn't loading the plugin in my init.pre. Apparently my
init.pre is so old that it never included a section on SPF. So everytime I
upgraded, the new version SA would never replace my old init.pre so the SPF
plugin was never getting loaded. After I insert the load plugin section into
init.pre and restarted spamd, SPF checking is now working.

Doh!

Thanks for your help.

Loading...