You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris Purves <ch...@northfolk.ca> on 2006/03/10 12:11:34 UTC
Why does SPF need HELO to verify?
I have found that most mail I receive has received headers as:
Received: from sesame.csx.cam.ac.uk ([131.111.8.41])
by aurora.northfolk.ca (envelope-from
<ex...@exim.org>)
with esmtp (Exim 4.50)
id 1FHfBB-0006Bq-GL
for chris@northfolk.ca; Fri, 10 Mar 2006 18:49:22 +0800
But in my spamd.log I see:
Fri Mar 10 18:49:06 2006 [15923] dbg: spf: checking EnvelopeFrom (helo=,
ip=131.111.8.41, envfrom=exim-users-bounces+chris=northfolk.ca@exim.org)
Fri Mar 10 18:49:06 2006 [15923] dbg: spf: cannot get HELO, cannot use SPF
What I would like to know is, why does the SPF plugin need HELO, when it
can use the "from" information from the Received header?
I found a discussion on the exim mailing list where it states that the
header does not show HELO information if the reverse entry matches.
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20031117/msg00116.html
Is this something that exim does differently than other MTA's or is it a
problem with the SPF plugin?
Mail from this list looks like:
Received: from hermes.apache.org ([209.237.227.199] helo=mail.apache.org)
by aurora.northfolk.ca (envelope-from
<us...@spamassassin.apache.org>)
with smtp (Exim 4.50)
id 1FHele-00069Q-UO
for chris@northfolk.ca; Fri, 10 Mar 2006 18:23:19 +0800
In which case SPF works fine. What are others doing about this?
Thanks.
--
Good day, eh.
Chris
Re: Why does SPF need HELO to verify? - Problem with Received.pm
Posted by Chris Purves <ch...@northfolk.ca>.
On Friday 10 March 2006 19:11, Chris Purves wrote:
>
> What I would like to know is, why does the SPF plugin need HELO, when it
> can use the "from" information from the Received header?
>
> I found a discussion on the exim mailing list where it states that the
> header does not show HELO information if the reverse entry matches.
>
> http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20031117/msg00116.
>html
>
I have done some more digging and I believe that the problem lies not with the
SPF plugin, but with the Received.pm file. I believe that it is not properly
reading the HELO information from the header. You can see below that it
specifies "helo=".
From spamd.log:
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
[ ip=66.111.4.28 rdns=out4.smtp.messagingengine.com helo=
by=aurora.northfolk.ca ident= envfrom=christine@northfolk.ca intl=0
id=1FIMM3-0000bJ-5k auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 66.111.4.28
trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
[ ip=10.202.2.149 rdns=mysql-sessions.internal helo=frontend1.internal
by=frontend1.messagingengine.com ident= envfrom= intl=0 id=690F5D3B608
auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 10.202.2.149
trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: parsed as
[ ip=10.202.2.152 rdns= helo=frontend3.messagingengine.com
by=frontend1.internal ident= envfrom= intl=0 id=auth= ]
Sun Mar 12 16:55:11 2006 [2311] dbg: received-header: relay 10.202.2.152
trusted? no internal? no
Sun Mar 12 16:55:11 2006 [2311] dbg: spf: checking HELO (helo=,
ip=66.111.4.28)
Sun Mar 12 16:55:11 2006 [2311] dbg: spf: cannot get HELO, cannot use SPF
The actual received headers are:
Received: from out4.smtp.messagingengine.com ([66.111.4.28])
by aurora.northfolk.ca (envelope-from
<ch...@northfolk.ca>)
with esmtp (Exim 4.50)
id 1FIMM3-0000bJ-5k
for chris@northfolk.ca; Sun, 12 Mar 2006 16:55:38 +0800
Received: from frontend1.internal (mysql-sessions.internal [10.202.2.149])
by frontend1.messagingengine.com (Postfix) with ESMTP id 690F5D3B608
for <ch...@northfolk.ca>; Sun, 12 Mar 2006 03:55:08 -0500 (EST)
Received: from frontend3.messagingengine.com ([10.202.2.152])
by frontend1.internal (MEProxy); Sun, 12 Mar 2006 03:55:08 -0500
Received: by frontend3.messagingengine.com (Postfix, from userid 99)
id 6112A387; Sun, 12 Mar 2006 03:55:07 -0500 (EST)
I am using the custom recevied header described at
http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived, so I would
expect it to play nice with spamassassin. I am running the spamassassin
3.1.0a-2 Debian package.
Can someone confirm if this is a problem with Received.pm, or suggest how I
can test it seperately on my mail. This just may be driving me insane...
Thanks.
--
Good day, eh.
Chris