先检测是否支持spf模块
[root@localhost ~]# sa-update -D
[13454] dbg: logger: adding facilities: all
[13454] dbg: logger: logging level is DBG
[13454] dbg: generic: SpamAssassin version 3.2.0
[13454] dbg: config: score set 0 chosen.
[13454] dbg: dns: no ipv6
[13454] dbg: dns: is Net::DNS::Resolver available? yes
[13454] dbg: dns: Net::DNS version: 0.59
[13454] dbg: generic: sa-update version svn523403
[13454] dbg: generic: using update directory: /var/lib/spamassassin/3.002000
[13454] dbg: diag: perl platform: 5.008008 linux
[13454] dbg: diag: module installed: Digest::SHA1, version 2.11
[13454] dbg: diag: module installed: HTML::Parser, version 3.55
[13454] dbg: diag: module installed: Net::DNS, version 0.59
[13454] dbg: diag: module installed: MIME::Base64, version 3.07
[13454] dbg: diag: module installed: DB_File, version 1.814
[13454] dbg: diag: module installed: Net::SMTP, version 2.29
[13454] dbg: diag: module not installed: Mail::SPF ('require' failed)
[13454] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[13454] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[13454] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)
[13454] dbg: diag: module not installed: Net::Ident ('require' failed)
这提示odule not installed: Mail::SPF ('require' failed),表示没安装spf模块,先安装
[root@localhost ~]# yum install epel-release -y
[root@localhost ~]# yum install perl-Mail-SPF perl-Mail-SPF-Query -y
[root@localhost ~]# sa-update -D
[19738] dbg: logger: adding facilities: all
[19738] dbg: logger: logging level is DBG
[19738] dbg: generic: SpamAssassin version 3.2.0
[19738] dbg: config: score set 0 chosen.
[19738] dbg: dns: no ipv6
[19738] dbg: dns: is Net::DNS::Resolver available? yes
[19738] dbg: dns: Net::DNS version: 0.59
[19738] dbg: generic: sa-update version svn523403
[19738] dbg: generic: using update directory: /var/lib/spamassassin/3.002000
[19738] dbg: diag: perl platform: 5.008008 linux
[19738] dbg: diag: module installed: Digest::SHA1, version 2.11
[19738] dbg: diag: module installed: HTML::Parser, version 3.55
[19738] dbg: diag: module installed: Net::DNS, version 0.59
[19738] dbg: diag: module installed: MIME::Base64, version 3.07
[19738] dbg: diag: module installed: DB_File, version 1.814
[19738] dbg: diag: module installed: Net::SMTP, version 2.29
[19738] dbg: diag: module installed: Mail::SPF, version v2.007
[19738] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
现在查看已经安装了,下面添加spf评分并测试
trusted_networks 127.0.0.1 #信任的IP地址
envelope_sender_header From
score SPF_PASS -1
score SPF_FAIL 200
score SPF_SOFTFAIL 200
[root@localhost ~]# spamassassin -D </root/a.eml
/*
[1337] dbg: spf: query for /192.168.2.2/localhost.localdomain: result: none, comment: , text: No applicable sender policy available
[1337] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks
[1337] dbg: spf: checking EnvelopeFrom (helo=localhost.localdomain, ip=192.168.2.2, envfrom=admin@test.com)
[1337] dbg: spf: query for admin@test.com/192.168.2.2/localhost.localdomain: result: softfail, comment: , text: Mechanism '~all' matched
X-Spam-Report:
* 0.0 MISSING_MID Missing Message-Id: header
* 1.2 HELO_LH_LD HELO_LH_LD
* 1.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
* [118.244.232.82 listed in zen.spamhaus.org]
* 0.7 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
* 200 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
*/
测试已经生效,重启spamassassin即可
注意,如果测试spf检测未通过,提示
[5033] dbg: spf: query for /118.244.232.82/localhost.localdomain: result: none, comment: , text: No applicable sender policy available
[5033] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks
[5033] dbg: spf: cannot get Envelope-From, cannot use SPF
[5033] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check
[5033] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check
这个错误就要检查 envelope_sender_header From 这行参数是否正确 信头的白名单检查按照如下顺序:如果信头设置了 Resent-From 地址,那么就检查它;否则检查来自下列信头的全部地址: Envelope-Sender Resent-Sender X-Envelope-From From
来源:oschina
链接:https://my.oschina.net/u/161739/blog/668223