You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ax...@t-systems.com on 2006/12/27 14:17:48 UTC
SPF and helo detection
Hi!
I've enabled spf in SA 3.1.4 and have set an logging spf and received
headers. Now i see many errors like this:
Dec 27 14:07:29 vps832469583 spamd[15485]: spamd: processing message
<29...@thebat.net> for Debian-exim:107
Dec 27 14:07:29 vps832469583 spamd[15485]: received-header: parsed as [
ip=83.21.129.46 rdns=ein46.neoplus.adsl.tpnet.pl helo=pc by=vps8324
69583.serverpool.info ident= envfrom= intl=0 id=1GzYVD-0000yA-9V auth= ]
Dec 27 14:07:29 vps832469583 spamd[15485]: received-header: relay
83.21.129.46 trusted? no internal? no
Dec 27 14:07:30 vps832469583 spamd[15485]: received-header: parsed as [
ip=208.191.87.114 rdns= helo=mail.woccisd.net by=axelcity.de ident=
envfrom= intl=0 id= auth= ]
Dec 27 14:07:30 vps832469583 spamd[15485]: received-header: relay
208.191.87.114 trusted? no internal? no
Dec 27 14:07:30 vps832469583 spamd[15485]: spf: checking HELO (helo=pc,
ip=83.21.129.46)
Dec 27 14:07:30 vps832469583 spamd[15485]: spf: cannot check HELO of
'pc', skipping
Dec 27 14:07:30 vps832469583 spamd[15485]: spf: cannot get
Envelope-From, cannot use SPF
Dec 27 14:07:30 vps832469583 spamd[15485]: spf: def_spf_whitelist_from:
could not find useable envelope sender
Dec 27 14:07:30 vps832469583 spamd[15485]: spf: spf_whitelist_from:
could not find useable envelope sender
It seems that checking helo is a problem (helo = Pc???), not always but
quite often.
Is this a known bug?
--
With best regards
Axel Mueller
Re: SPF and helo detection
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 27 Dec 2006 Axel.Mueller@t-systems.com wrote:
> I've enabled spf in SA 3.1.4 and have set an logging spf and received
> headers. Now i see many errors like this:
>
> Dec 27 14:07:30 vps832469583 spamd[15485]: spf: checking HELO (helo=pc,
> ip=83.21.129.46)
> Dec 27 14:07:30 vps832469583 spamd[15485]: spf: cannot check HELO of
> 'pc', skipping
>
> It seems that checking helo is a problem (helo = Pc???), not always but
> quite often.
>
> Is this a known bug?
No. How can any network information be derived from "pc" for SPF to
check?
If the mail is being generated internally, you shouldn't need to do an
SPF check. If the mail is being accepted from the world at large, the
HELO string *should* be the computer's FQDN or properly-formatted
(i.e. with square brackets) IP address. Anything else is a sign of
either malice or serious system misconfiguration, and shouldn't even
get as far as SA. (IMHO of course...)
I reject mail at the MTA level (with a helpful message) if the HELO
string doesn't look like a FQDN or properly-formatted IP address, or
if the HELO claims to be my server. See the milter-regex examples I've
posted here before.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Men by their constitutions are naturally divided in to two parties:
1. Those who fear and distrust the people and wish to draw all
powers from them into the hands of the higher classes. 2. Those who
identify themselves with the people, have confidence in them,
cherish and consider them as the most honest and safe, although not
the most wise, depository of the public interests.
-- Thomas Jefferson
-----------------------------------------------------------------------
678 days until the Presidential Election