Understanding SPF skipped for whitelisted relay domain

Asked by Gossamer

I'm trying to understand the reasoning behind how domains get skipped:

May 5 21:17:58 xavier policyd-spf[2883049]: prepend X-Comment: SPF skipped for whitelisted relay domain - client-ip=40.107.100.123; helo=nam04-bn8-obe.outbound.protection.outlook.com; <email address hidden>; receiver=<UNKNOWN>

Nothing in the above log entry appears on anything in my policyd-spf.conf file:

HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 139.138.56.0/24,127.0.0.0/8,::ffff:127.0.0.0/104,::1,52.128.98.0/24,74.203.184.0/24,74.200.60.0/24,209.222.82.0/24,12.15.90.10
Domain_Whitelist = harrimanre.com,ventusnetworks.com,digi.com,magicwrighter.com
Reject_Not_Pass_Domains = harrimanre.com

Where does policyd-spf get this information?

The problem I'm having is with amavisd and SA - when SPF is bypassed, my welcomelist_auth entries fail, even though SPF_PASS is triggered.

Question information

Language:
English Edit question
Status:
Answered
For:
pypolicyd-spf Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said :
#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Scott Kitterman (kitterman) said :
#2

The key to figuring this out is "whitelisted relay domain". In your Domain_Whitelist you have harrimanre.com. It's SPF record is:

harrimanre.com. 300 IN TXT "v=spf1 include:spf.protection.outlook.com -all"

40.107.100.123 is listed in the spf.protection.outlook.com SPF record.

Since that address passes SPF for a whitelisted domain, it is skipped.

Can you help with this problem?

Provide an answer of your own, or ask Gossamer for more information if necessary.

To post a message you must log in.