Our Webmin / Virtualmin installations Spamassasin module is not catching any spoof emails. It is not even scoring them with an SPF failure despite my attempts to up the score for the SPF failure.
I have installed the SPF perl module as originally we had the issue where the module was not installed so now Spamassasin can use it, if i run it from the command line here some lines confirming its doing SPF checks:
May 23 13:52:19.592  dbg: spf: checking to see if the message has a Received-SPF header that we can use May 23 13:52:19.633  dbg: spf: using Mail::SPF for SPF checks May 23 13:52:19.633  dbg: spf: checking HELO (helo=xxxx, ip=xxxx) May 23 13:52:19.634  dbg: dns: providing a callback for id: 40225/xxxx/SPF/IN May 23 13:52:19.637  dbg: dns: providing a callback for id: 18076/xxxxx/TXT/IN May 23 13:52:19.639  dbg: spf: query for /xxxxx: result: none, comment: , text: No applicable sender policy available May 23 13:52:19.641  dbg: dkim: author xxxxx, not in any dkim whitelist May 23 13:52:19.642  dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks May 23 13:52:19.642  dbg: spf: checking EnvelopeFrom (helo=xxxxx, envfrom=xxxx@xxxx)
My local.cf file has the following:
required_hits 5 report_safe 0 rewrite_header subject [SPAM]
score SPF_FAIL 8
score SPF_SOFTFAIL 6 *
score SPF_NEUTRAL 4
score RDNS_NONE 5
Now when i spoof a mail the headers at the receiving address have the following:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xxxxx X-Spam-Level: X-Spam-Status: No, score=0.8 required=4.0 tests=HTML_IMAGE_RATIO_02, HTML_MESSAGE,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=no version=3.3.1
How can i be explicitly telling Spamassasin to increase score for SPF failures and not see anything in the receiving email?
The system is Centos 6 and i am running as spamassasin as opposed to spamc / spamd
Any help is hugely appreciated