# SpamAssassin - SPF rules
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use /etc/mail/spamassassin/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
# Requires the Mail::SpamAssassin::Plugin::SPF plugin be loaded.
ifplugin Mail::SpamAssassin::Plugin::SPF
# SPF support:
# "pass" is nice
# "neutral" is somewhat bad
# "fail" is bad
# "softfail" is bad, but not as bad as "fail"
# "permerror" is very bad, and means the domain doesn't have a valid spf record
# These are more trustworthy results than the SPF_HELO rules.
# some are "userconf" so that scores are set by hand?
header SPF_PASS eval:check_for_spf_pass()
describe SPF_PASS SPF: sender matches SPF record
tflags SPF_PASS nice userconf net
reuse SPF_PASS
header SPF_NEUTRAL eval:check_for_spf_neutral()
describe SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
tflags SPF_NEUTRAL net
reuse SPF_NEUTRAL
header SPF_FAIL eval:check_for_spf_fail()
describe SPF_FAIL SPF: sender does not match SPF record (fail)
tflags SPF_FAIL net
reuse SPF_FAIL
header SPF_SOFTFAIL eval:check_for_spf_softfail()
describe SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
tflags SPF_SOFTFAIL net
reuse SPF_SOFTFAIL
# NOTE: SPF_HELO_PASS is not incredibly hard to fake, so shouldn't
# provide much in the way of points compared to SPF_PASS et al.
# However, a *failure* is still a very good spamsign.
header SPF_HELO_PASS eval:check_for_spf_helo_pass()
describe SPF_HELO_PASS SPF: HELO matches SPF record
tflags SPF_HELO_PASS nice userconf net
reuse SPF_HELO_PASS
header SPF_HELO_NEUTRAL eval:check_for_spf_helo_neutral()
describe SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
tflags SPF_HELO_NEUTRAL net
reuse SPF_HELO_NEUTRAL
header SPF_HELO_FAIL eval:check_for_spf_helo_fail()
describe SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
tflags SPF_HELO_FAIL net
reuse SPF_HELO_FAIL
header SPF_HELO_SOFTFAIL eval:check_for_spf_helo_softfail()
describe SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
tflags SPF_HELO_SOFTFAIL net
reuse SPF_HELO_SOFTFAIL
# Implementing the Sender Check for No SPF REcord defaulting to disabled so Admins can override
header SPF_NONE eval:check_for_spf_none()
describe SPF_NONE SPF: sender does not publish an SPF Record
tflags SPF_NONE net
reuse SPF_NONE
header SPF_HELO_NONE eval:check_for_spf_helo_none()
describe SPF_HELO_NONE SPF: HELO does not publish an SPF Record
tflags SPF_HELO_NONE net
reuse SPF_HELO_NONE
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
header T_SPF_PERMERROR eval:check_for_spf_permerror()
describe T_SPF_PERMERROR SPF: test of record failed (permerror)
tflags T_SPF_PERMERROR net
reuse T_SPF_PERMERROR
header T_SPF_TEMPERROR eval:check_for_spf_temperror()
describe T_SPF_TEMPERROR SPF: test of record failed (temperror)
tflags T_SPF_TEMPERROR net
reuse T_SPF_TEMPERROR
header T_SPF_HELO_PERMERROR eval:check_for_spf_helo_permerror()
describe T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)
tflags T_SPF_HELO_PERMERROR net
reuse T_SPF_HELO_PERMERROR
header T_SPF_HELO_TEMPERROR eval:check_for_spf_helo_temperror()
describe T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
tflags T_SPF_HELO_TEMPERROR net
reuse T_SPF_HELO_TEMPERROR
endif
endif # Mail::SpamAssassin::Plugin::SPF