You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris Purves <ch...@northfolk.ca> on 2006/03/12 10:19:53 UTC

Re: Why does SPF need HELO to verify? - Problem with Received.pm

On Friday 10 March 2006 19:11, Chris Purves wrote:
>
> What I would like to know is, why does the SPF plugin need HELO, when it
> can use the "from" information from the Received header?
>
> I found a discussion on the exim mailing list where it states that the
> header does not show HELO information if the reverse entry matches.
>
> http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20031117/msg00116.
>html
>
I have done some more digging and I believe that the problem lies not with the 
SPF plugin, but with the Received.pm file.  I believe that it is not properly 
reading the HELO information from the header.  You can see below that it 
specifies "helo=".

From spamd.log:

Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
  [ ip=66.111.4.28 rdns=out4.smtp.messagingengine.com helo=
  by=aurora.northfolk.ca ident= envfrom=christine@northfolk.ca intl=0
  id=1FIMM3-0000bJ-5k auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 66.111.4.28
  trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
  [ ip=10.202.2.149 rdns=mysql-sessions.internal helo=frontend1.internal
  by=frontend1.messagingengine.com ident= envfrom= intl=0 id=690F5D3B608
  auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 10.202.2.149
  trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
  [ ip=10.202.2.152 rdns= helo=frontend3.messagingengine.com
  by=frontend1.internal ident= envfrom= intl=0 id=auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 10.202.2.152
  trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: spf: checking HELO (helo=,
  ip=66.111.4.28)
Sun Mar 12 16:55:11 2006 [2311] dbg: spf: cannot get HELO, cannot use SPF

The actual received headers are:

Received: from out4.smtp.messagingengine.com ([66.111.4.28])
	by aurora.northfolk.ca (envelope-from
	<ch...@northfolk.ca>)
	with esmtp (Exim 4.50)
	id 1FIMM3-0000bJ-5k
	for chris@northfolk.ca; Sun, 12 Mar 2006 16:55:38 +0800
Received: from frontend1.internal (mysql-sessions.internal [10.202.2.149])
	by frontend1.messagingengine.com (Postfix) with ESMTP id 690F5D3B608
	for <ch...@northfolk.ca>; Sun, 12 Mar 2006 03:55:08 -0500 (EST)
Received: from frontend3.messagingengine.com ([10.202.2.152])
  by frontend1.internal (MEProxy); Sun, 12 Mar 2006 03:55:08 -0500
Received: by frontend3.messagingengine.com (Postfix, from userid 99)
	id 6112A387; Sun, 12 Mar 2006 03:55:07 -0500 (EST)

I am using the custom recevied header described at 
http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived, so I would 
expect it to play nice with spamassassin.  I am running the spamassassin 
3.1.0a-2 Debian package.

Can someone confirm if this is a problem with Received.pm, or suggest how I 
can test it seperately on my mail.  This just may be driving me insane...

Thanks.

-- 
Good day, eh.
Chris