You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Xepher <an...@xepher.net> on 2006/08/15 00:45:32 UTC
SPF and SORBS problems
I've got a server configured with postfix and spamassassin. The
mailserver is the only one for the domain, and thus receives mail from
other servers, as well as letting users connect directly (with smtp
auth) to send mail. Everything works fine, EXCEPT when users send email
to each other. In those cases, the emails get tagged both by SPF_FAIL
and RCVD_IN_SORBS_DUL as those tests see the email as coming from the
user's personal IP address. I've tried
whitelist_from_spf *@xepher.net
in local.cf, but it doesn't work. Messages still get tagged with
SPF_FAIL. I didn't see any similar option for the RBL stuff. Is there
any way to do conditional tests, such that SMTP Auth messages get
whitelisted? I don't know if there's a way in postfix to add a header
only to auth connections? All I could find for postfix was address
rewriting stuff, nothing about conditional situations like an
authenticated user.
Any help would be appreciated, as I'd really rather not disable SPF and
RBL completely.
Thanks,
James
Re: SPF and SORBS problems
Posted by Xepher <an...@xepher.net>.
Daryl C. W. O'Shea wrote:
> See the third heading on this wiki page that tells you how to resolve
> this specific issue:
>
> http://wiki.apache.org/spamassassin/DynablockIssues
>
>
> Daryl
Thank you. That solved the problem. Upgrade to new SA and Postfix
versions and everything plays nicely now, as postfix puts in a header
for authentication, and SA can read it. I even get "all_trust" to fire
on authenticated emails. Sadly I never found that page on my own, as it
doesn't have any of the keywords I searched for. The phrase "dynablock"
never came up in anything I was having trouble with.
Thanks again,
--James
Re: SPF and SORBS problems
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
On 8/14/2006 6:45 PM, Xepher wrote:
> I've got a server configured with postfix and spamassassin. The
> mailserver is the only one for the domain, and thus receives mail from
> other servers, as well as letting users connect directly (with smtp
> auth) to send mail. Everything works fine, EXCEPT when users send email
> to each other. In those cases, the emails get tagged both by SPF_FAIL
> and RCVD_IN_SORBS_DUL as those tests see the email as coming from the
> user's personal IP address. I've tried
>
> whitelist_from_spf *@xepher.net
>
> in local.cf, but it doesn't work. Messages still get tagged with
> SPF_FAIL. I didn't see any similar option for the RBL stuff. Is there
> any way to do conditional tests, such that SMTP Auth messages get
> whitelisted? I don't know if there's a way in postfix to add a header
> only to auth connections? All I could find for postfix was address
> rewriting stuff, nothing about conditional situations like an
> authenticated user.
>
> Any help would be appreciated, as I'd really rather not disable SPF and
> RBL completely.
See the third heading on this wiki page that tells you how to resolve
this specific issue:
http://wiki.apache.org/spamassassin/DynablockIssues
Daryl
Re: SPF and SORBS problems
Posted by Benny Pedersen <me...@junc.org>.
On Tue, August 15, 2006 02:23, Xepher wrote:
> I tried them, and still have the exact same problem. Any other ideas?
clear_internal_networks
internal_networks 127.0.0.1
clear_trusted_networks
trusted_networks <smtp-auth-ip>
trusted_networks 127.0.0.1
save my msg with full header
and then test my msg with
spamassassin 2>&1 -D -t mymsg
you should see where the problem is then
--
Benny
Re: SPF and SORBS problems
Posted by Xepher <an...@xepher.net>.
Benny Pedersen wrote:
> i had the same problem once :-)
>
> see attached
>
> for rbl check the internal_networks and trusted_networks, spf test is disable
> on internal networks, so make sure your smtp auth ip is not listed as internal
> in your spamassassin, but it should still be in trusted_networks
>
> when this is done it works, atleast here :-)
>
Let me clarify, there is no "internal network" save the host itself.
This is a machine by itself on the internet, with users connecting from
various places all over the world. No ip address is trusted, except for
the mailserver itself.
The attached config had these two lines.
envelope_sender_header Return-Path
always_trust_envelope_sender 1
I tried them, and still have the exact same problem. Any other ideas?
--James
Re: SPF and SORBS problems
Posted by Benny Pedersen <me...@junc.org>.
On Tue, August 15, 2006 00:45, Xepher wrote:
> Any help would be appreciated, as I'd really rather not disable SPF and
> RBL completely.
i had the same problem once :-)
see attached
for rbl check the internal_networks and trusted_networks, spf test is disable
on internal networks, so make sure your smtp auth ip is not listed as internal
in your spamassassin, but it should still be in trusted_networks
when this is done it works, atleast here :-)
--
Benny