Spamassasin not catching spoof emails - despite SPF failure

1 post / 0 new
Topic locked
#1 Tue, 05/23/2017 - 10:06
pablocullen

Spamassasin not catching spoof emails - despite SPF failure

Hey

Our Webmin / Virtualmin installations Spamassasin module is not catching any spoof emails. It is not even scoring them with an SPF failure despite my attempts to up the score for the SPF failure.

I have installed the SPF perl module as originally we had the issue where the module was not installed so now Spamassasin can use it, if i run it from the command line here some lines confirming its doing SPF checks:

May 23 13:52:19.592 [19469] dbg: spf: checking to see if the message has a Received-SPF header that we can use
May 23 13:52:19.633 [19469] dbg: spf: using Mail::SPF for SPF checks
May 23 13:52:19.633 [19469] dbg: spf: checking HELO (helo=xxxx, ip=xxxx)
May 23 13:52:19.634 [19469] dbg: dns: providing a callback for id: 40225/xxxx/SPF/IN
May 23 13:52:19.637 [19469] dbg: dns: providing a callback for id: 18076/xxxxx/TXT/IN
May 23 13:52:19.639 [19469] dbg: spf: query for /xxxxx: result: none, comment: , text: No applicable sender policy available
May 23 13:52:19.641 [19469] dbg: dkim: author xxxxx, not in any dkim whitelist
May 23 13:52:19.642 [19469] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks
May 23 13:52:19.642 [19469] dbg: spf: checking EnvelopeFrom (helo=xxxxx, envfrom=xxxx@xxxx)

My local.cf file has the following:

required_hits 5
report_safe 0
rewrite_header subject [SPAM]

required_score 4
trusted_networks siorconnect.com
trusted_networks scottroe.ky
report_header 1
fold_headers 1
detailed_phrase_score 1
use_bayes 1
dns_available yes
score SPF_FAIL 8
score SPF_SOFTFAIL 6 *
score SPF_NEUTRAL 4
score RDNS_NONE 5

Now when i spoof a mail the headers at the receiving address have the following:

X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xxxxx
X-Spam-Level:
X-Spam-Status: No, score=0.8 required=4.0 tests=HTML_IMAGE_RATIO_02, HTML_MESSAGE,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=no version=3.3.1

How can i be explicitly telling Spamassasin to increase score for SPF failures and not see anything in the receiving email?

The system is Centos 6 and i am running as spamassasin as opposed to spamc / spamd

Any help is hugely appreciated

Paul