File: //var/lib/spamassassin/4.000001/updates_spamassassin_org/25_spf.cf
# SpamAssassin - SPF rules
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use /etc/mail/spamassassin/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
# 
#     http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################
# Requires the Mail::SpamAssassin::Plugin::SPF plugin be loaded.
ifplugin Mail::SpamAssassin::Plugin::SPF
# SPF support:
#   "pass" is nice
#   "neutral" is somewhat bad
#   "fail" is bad
#   "softfail" is bad, but not as bad as "fail"
#   "permerror" is very bad, and means the domain doesn't have a valid spf record
# These are more trustworthy results than the SPF_HELO rules.
# some are "userconf" so that scores are set by hand?
header   SPF_PASS	eval:check_for_spf_pass()
describe SPF_PASS	SPF: sender matches SPF record
tflags   SPF_PASS	nice userconf net
reuse    SPF_PASS
header   SPF_NEUTRAL	eval:check_for_spf_neutral()
describe SPF_NEUTRAL	SPF: sender does not match SPF record (neutral)
tflags   SPF_NEUTRAL	net
reuse    SPF_NEUTRAL
header   SPF_FAIL	eval:check_for_spf_fail()
describe SPF_FAIL	SPF: sender does not match SPF record (fail)
tflags   SPF_FAIL	net
reuse    SPF_FAIL
header   SPF_SOFTFAIL	eval:check_for_spf_softfail()
describe SPF_SOFTFAIL	SPF: sender does not match SPF record (softfail)
tflags   SPF_SOFTFAIL	net
reuse    SPF_SOFTFAIL
# NOTE: SPF_HELO_PASS is not incredibly hard to fake, so shouldn't
# provide much in the way of points compared to SPF_PASS et al.
# However, a *failure* is still a very good spamsign.
header   SPF_HELO_PASS		eval:check_for_spf_helo_pass()
describe SPF_HELO_PASS		SPF: HELO matches SPF record
tflags   SPF_HELO_PASS		nice userconf net
reuse    SPF_HELO_PASS
header   SPF_HELO_NEUTRAL	eval:check_for_spf_helo_neutral()
describe SPF_HELO_NEUTRAL	SPF: HELO does not match SPF record (neutral)
tflags   SPF_HELO_NEUTRAL	net
reuse    SPF_HELO_NEUTRAL
header   SPF_HELO_FAIL		eval:check_for_spf_helo_fail()
describe SPF_HELO_FAIL		SPF: HELO does not match SPF record (fail)
tflags   SPF_HELO_FAIL		net
reuse    SPF_HELO_FAIL
header   SPF_HELO_SOFTFAIL	eval:check_for_spf_helo_softfail()
describe SPF_HELO_SOFTFAIL	SPF: HELO does not match SPF record (softfail)
tflags   SPF_HELO_SOFTFAIL	net
reuse    SPF_HELO_SOFTFAIL
# Implementing the Sender Check for No SPF REcord defaulting to disabled so Admins can override
header   SPF_NONE		eval:check_for_spf_none()
describe SPF_NONE		SPF: sender does not publish an SPF Record
tflags   SPF_NONE		net
reuse    SPF_NONE
header   SPF_HELO_NONE		eval:check_for_spf_helo_none()
describe SPF_HELO_NONE		SPF: HELO does not publish an SPF Record
tflags   SPF_HELO_NONE		net
reuse    SPF_HELO_NONE
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
header   T_SPF_PERMERROR	eval:check_for_spf_permerror()
describe T_SPF_PERMERROR	SPF: test of record failed (permerror)
tflags   T_SPF_PERMERROR	net
reuse    T_SPF_PERMERROR
header   T_SPF_TEMPERROR	eval:check_for_spf_temperror()
describe T_SPF_TEMPERROR	SPF: test of record failed (temperror)
tflags   T_SPF_TEMPERROR	net
reuse    T_SPF_TEMPERROR
header   T_SPF_HELO_PERMERROR	eval:check_for_spf_helo_permerror()
describe T_SPF_HELO_PERMERROR	SPF: test of HELO record failed (permerror)
tflags   T_SPF_HELO_PERMERROR	net
reuse    T_SPF_HELO_PERMERROR
header   T_SPF_HELO_TEMPERROR	eval:check_for_spf_helo_temperror()
describe T_SPF_HELO_TEMPERROR	SPF: test of HELO record failed (temperror)
tflags   T_SPF_HELO_TEMPERROR	net
reuse    T_SPF_HELO_TEMPERROR
endif
endif   # Mail::SpamAssassin::Plugin::SPF