Envelope-from headers for SPF

[Ramprasad]

Hi,
I am using spamassassin 3.1.1 + postfix 2.2.5 for my mailservers. I am
trying to get def_spf_whitelist_from working but I am getting errors
like

----------------
[29194] dbg: spf: cannot get Envelope-From, cannot use SPF
[29194] dbg: spf: def_spf_whitelist_from: could not find useable
envelope sender
--------------------

Which headers is spamassassin looking for and how do I get postfix put
those headers.

Thanks
Ram

[Noel Jones]

add a custom header:
# main.cf
smtpd_data_restrictions =
check_sender_access regexp:/etc/postfix/add_x_envelope_from

# add_x_envelope_from
/^$/ PREPEND X-Envelope-From: <>
/^(.*)$/ PREPEND X-Envelope-From: <$1>

--
Noel Jones

[Victor Duchovni]

On Tue, May 02, 2006 at 11:54:28AM -0500, Noel Jones wrote:

> add a custom header:
> # main.cf
> smtpd_data_restrictions =
> check_sender_access regexp:/etc/postfix/add_x_envelope_from
>
> # add_x_envelope_from
> /^$/ PREPEND X-Envelope-From: <>
> /^(.*)$/ PREPEND X-Envelope-From: <$1>

The first expression should have been (else it is redundant):

/^<>$/ PREPEND X-Envelope-From: <>

the second one is correct. This assumes the default:

smtpd_null_access_lookup_key = <>

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majo...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

[mouss]

Mostly the Return-Path header. (although SA can use other headers).

How are you running SA? If using a pipe, include 'R' in the flags. See
pipe(8).

[Ramprasad]

On Tue, 2006-05-02 at 19:08 +0200, mouss wrote:

> Mostly the Return-Path header. (although SA can use other headers).
>
> How are you running SA? If using a pipe, include 'R' in the flags. See
> pipe(8).

I am using spamassassin as Module in Mailscanner. I think postfix is not
inserting the headers before it puts messages in the hold queue, is
there a workaround

Thanks
Ram

[Ramprasad]

On Tue, 2006-05-02 at 13:03 -0400, Victor Duchovni wrote:
> On Tue, May 02, 2006 at 11:54:28AM -0500, Noel Jones wrote:
>
> > add a custom header:
> > # main.cf
> > smtpd_data_restrictions =
> > check_sender_access regexp:/etc/postfix/add_x_envelope_from
> >
> > # add_x_envelope_from
> > /^$/ PREPEND X-Envelope-From: <>
> > /^(.*)$/ PREPEND X-Envelope-From: <$1>
>
> The first expression should have been (else it is redundant):
>
> /^<>$/ PREPEND X-Envelope-From: <>
>
> the second one is correct. This assumes the default:
>
> smtpd_null_access_lookup_key = <>
>

That did it , thanks a lot

[Magnus Bäck]

On Wednesday, May 03, 2006 at 07:28 CEST,
Ramprasad <r...@netcore.co.in> wrote:

Some of the delivery agents add the Return-Path header upon delivery,
but it's not present in the queue file. Since MailScanner manipulates
the queue file (which of course contains the envelope sender address),
MailScanner should be able to help you.

You could theoretically use check_sender_access and the PREPEND action
to add the Return-Path header, but that would be very wrong.

--
Magnus Bäck
mag...@dsek.lth.se

[Noel Jones]

Using check_sender_access to PREPEND an
X-Envelope-From: header is sufficient. Do this
under smtpd_data_restrictions to insure only one
header per message. Examples (and a minor
correction) were posted yesterday.

--
Noel Jones

[mouss]

Ramprasad wrote:
> I am using spamassassin as Module in Mailscanner. I think postfix is not
> inserting the headers before it puts messages in the hold queue, is
> there a workaround
>

the right (tm) way would be to have mailscanner "solve" this. If not
possible, then use the PREPEND approach suggested by Noel.
you can select the header to prepend and configure this in SA, or you
can use one of the headers that SA checks by default.

[mouss]

Victor Duchovni wrote:
> On Tue, May 02, 2006 at 11:54:28AM -0500, Noel Jones wrote:
>
>
>> add a custom header:
>> # main.cf
>> smtpd_data_restrictions =
>> check_sender_access regexp:/etc/postfix/add_x_envelope_from
>>
>> # add_x_envelope_from
>> /^$/ PREPEND X-Envelope-From: <>
>> /^(.*)$/ PREPEND X-Envelope-From: <$1>
>>
>
> The first expression should have been (else it is redundant):
>
> /^<>$/ PREPEND X-Envelope-From: <>
>
> the second one is correct. This assumes the default:
>
> smtpd_null_access_lookup_key = <>
>
>

why ever care? SA (and other software) should be able to read addresses
with or without <>. so just
/(.)/ PREPEND X-Envelope-From: $1
should handle both empty and non empty senders.

[Victor Duchovni]

On Wed, May 03, 2006 at 11:44:25PM +0200, mouss wrote:

> why ever care? SA (and other software) should be able to read addresses
> with or without <>. so just
> /(.)/ PREPEND X-Envelope-From: $1
> should handle both empty and non empty senders.

Perhaps, but not exactly as posted :-)

[mouss]

Victor Duchovni wrote:
> On Wed, May 03, 2006 at 11:44:25PM +0200, mouss wrote:
>
>
>> why ever care? SA (and other software) should be able to read addresses
>> with or without <>. so just
>> /(.)/ PREPEND X-Envelope-From: $1
>> should handle both empty and non empty senders.
>>
>
> Perhaps, but not exactly as posted :-)
>
>

Oops. For some reason, /(.)/ seems like ascii art and more pleasant than
/(.*)/.