[Rspamd-Users] Multiple SPF-Received, R_SPF_ALLOW, expected R_SPF_FAIL

Scott Serr scott at theserrs.net
Mon Sep 25 01:16:59 UTC 2023 

Hello,

I have back to back Received-SPF: headers.  The last one (the top one?) 
fails with PermError, also Authentication-Results has spf=permerror 
smtp.mailfrom=bu.edu.  Rspamd is somehow not seeing the issue.  Details 
follow:

############## LOG
2023-09-24 17:39:14 #1067(normal) <5d0c15>; task; rspamd_task_write_log: 
id: <20230924103854.5989B6640E1E31E5 at bu.edu>, qid: 
<AF9394D1-3234-442C-8914-9FF20AC5205E.1>, ip: 216.71.140.200, from: 
<Online at bu.edu>, (default: F (no action): [3.19/14.00] 
[MISSING_SUBJECT(2.00){},MISSING_TO(2.00){},DMARC_POLICY_ALLOW(-0.50){bu.edu;none;},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){bu.edu:s=S1ESAVAProd;},R_SPF_ALLOW(-0.20){+ip4:216.71.140.200;},MIME_GOOD(-0.10){multipart/related;},ARC_NA(0.00){},ASN(0.00){asn:16417, 
ipnet:216.71.140.0/24, 
country:US;},DKIM_TRACE(0.00){bu.edu:+;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROM(0.00){},MIME_TRACE(0.00){0:+;1:~;2:~;},NEURAL_HAM(0.00){-1.000;},RCVD_COUNT_THREE(0.00){3;},RCVD_TLS_LAST(0.00){}]), 
len: 22060, time: 1785.882ms, dns req: 41, digest: 
<46df2bf4a896ca245c632a6f7e280179>, rcpts: <fastest1 at 2wilsons.net>

############## (relavent) HEADERS
Return-Path: <Online at bu.edu>
Delivered-To: fastest1 at 2wilsons.net
Received: from m.geeksite.org
	by m.geeksite.org with LMTP
	id SNpOOUJ0EGUsfAkATjJzIg
	(envelope-from <Online at bu.edu>)
	for <fastest1 at 2wilsons.net>; Sun, 24 Sep 2023 17:39:14 +0000
Authentication-Results: m.geeksite.org;
	iprev=pass;
	spf=permerror smtp.mailfrom=bu.edu;
	dkim=pass header.i=@bu.edu header.d=bu.edu header.s=S1ESAVAProd
Received-SPF: PermError (m.geeksite.org: domain of bu.edu does not 
designate 216.71.140.200 as permitted sender) receiver=m.geeksite.org; 
identity=mailfrom; client-ip=216.71.140.200 
helo=esa15.hc2706-39.iphmx.com; envelope-from=<Online at bu.edu>
Received-SPF: Pass (m.geeksite.org: domain of esa15.hc2706-39.iphmx.com 
designates 216.71.140.200 as permitted sender) receiver=m.geeksite.org; 
identity=helo; client-ip=216.71.140.200 helo=esa15.hc2706-39.iphmx.com; 
envelope-from=<Online at bu.edu>
Received: from esa15.hc2706-39.iphmx.com (esa15.hc2706-39.iphmx.com 
[216.71.140.200])
	by m.geeksite.org (Haraka/3.0.1) with ESMTPS id 
AF9394D1-3234-442C-8914-9FF20AC5205E.1
	envelope-from <Online at bu.edu>
	tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
	Sun, 24 Sep 2023 17:39:09 +0000
Received: from ist-esava-pr01.bu.edu ([128.197.229.101])
   by ob1.hc2706-39.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 
24 Sep 2023 13:39:00 -0400
Received: from dhcp-acadmin-128-197-41-144.bu.edu (HELO bu.edu) 
([128.197.41.144])
   by ist-esava-pr01.bu.edu with ESMTP; 24 Sep 2023 13:38:55 -0400
 From: "America First Credit Union" <Online at bu.edu>
Date: 24 Sep 2023 10:38:54 -0700
Message-ID: <20230924103854.5989B6640E1E31E5 at bu.edu>
X-Rspamd-Bar: +++
X-Rspamd-Report: R_DKIM_ALLOW(-0.2) R_SPF_ALLOW(-0.2) MIME_GOOD(-0.1) 
DMARC_POLICY_ALLOW(-0.5) MISSING_SUBJECT(2) MISSING_TO(2) 
MIME_HTML_ONLY(0.2)
X-Rspamd-Score: 3.199999

I was expecting a R_SPF_FAIL, not a R_SPF_ALLOW.
Rspamd version is 3.5-2~0c671194e~bullseye.
Ideas?

Thanks,
Scott

More information about the Users mailing list