Created attachment 224393 [details] freebsd-mail-spam.eml See the attached message pulled from the spam folder. --------------------------------- Content analysis details: (9.4 points, 7.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.6 J_CHICKENPOX_46 BODY: 4alpha-pock-6alpha 0.6 J_CHICKENPOX_65 BODY: 6alpha-pock-5alpha 0.6 J_CHICKENPOX_93 BODY: 9alpha-pock-3alpha 0.6 J_CHICKENPOX_83 BODY: 8alpha-pock-3alpha 0.6 J_CHICKENPOX_63 BODY: 6alpha-pock-3alpha 0.6 J_CHICKENPOX_43 BODY: 4alpha-pock-3alpha 0.6 J_CHICKENPOX_72 BODY: 7alpha-pock-2alpha 0.6 J_CHICKENPOX_42 BODY: 4alpha-pock-2alpha 0.6 J_CHICKENPOX_33 BODY: 3alpha-pock-3alpha 0.6 J_CHICKENPOX_13 BODY: 1alpha-pock-3alpha 0.6 J_CHICKENPOX_12 BODY: 1alpha-pock-2alpha 0.6 J_CHICKENPOX_23 BODY: 2alpha-pock-3alpha 0.6 J_CHICKENPOX_53 BODY: 5alpha-pock-3alpha 0.6 J_CHICKENPOX_73 BODY: 7alpha-pock-3alpha
Same happens with fallout messages.
Looks like this is scoring mostly on content. I don't know what those rules check specifically. As far as I can tell, there is no SPF problem here. The message came from mx2.freebsd.org, which is listed in the freebsd.org SPF record.
(In reply to Philip Paeps from comment #2) > As far as I can tell, there is no SPF problem here. SpamAssassin though flags every message from FreeBSD MLs with SPF. Do you think that SpamAssassin has a bug?
In the headers you've attached, I don't see anywhere SPF can fail. Return-Path: <owner-ports-committers@freebsd.org> Received: from mail0.{redacted}.com (mail0.{redacted}.com [198.144.192.41]) by mail1.{redacted}.com (8.14.2/8.14.2) with ESMTP id 13MHIACI036176 for <yuri@mail1.{redacted}.com>; Thu, 22 Apr 2021 10:18:10 -0700 (PDT) (envelope-from owner-ports-committers@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [96.47.72.81]) by mail0.{redacted}.com (8.15.2/8.15.2) with ESMTPS id 13MHI4Un080645 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=FAIL) for <yuri+freebsd@{redacted}.com>; Thu, 22 Apr 2021 10:18:10 -0700 (PDT) (envelope-from owner-ports-committers@freebsd.org) 198.144.192.41 receives the message from mx2.freebsd.org, which is in the SPF record. Unless you're running SpamAssassin after that and SpamAssassin thinks that the message came from 198.144.192.41 and not from mx2.freebsd.org? But I think the SPF is a red herring here. The message scored 8.4 on *CHICKENPOX* tests. The 1.0 is scores on the SPF match is not making much of a difference. Note that it's probably a good idea for FreeBSD committers (i.e. people with forwarders configured on freefall.freebsd.org) to whitelist mx2.freebsd.org from SPF checks. While freebsd.org SPF is ~all, some people misconfigure their domains with -all and those messages will not arrive unless you whitelist mx2.freebsd.org. That isn't what's happening here though since this message originated within freebsd.org. The only thing I can think of why this specific message is failing SPF for you, is that it's being relayed somewhere after it's been received from mx2.freebsd.org.
Chickenpox rules are very poor, outdated and almost all the time broken (I can tell the same about SA in general though). I can confirm that all auth checks for git emails are satisfied: SPF, DKIM, ARC. Authentication-Results: mail.rspamd.net; dkim=pass header.d=freebsd.org header.s=dkim header.b=ZxrEnZPK; dmarc=none; spf=pass (mail.rspamd.net: domain of owner-ports-committers@freebsd.org designates 96.47.72.81 as permitted sender) smtp.mailfrom=owner-ports-committers@freebsd.org; arc=pass ("freebsd.org:s=dkim:i=1")
The SA version is also very old - 11 yo. I suggested the owners of that mail server to upgrade SA. Closing for now. Thanks everybody for insightful comments! Yuri