Hello group!
Can someone explain this behavour to me?
Consider the following RACL rules:
# Add a Received-SPF header to all messages
#
racl continue spf unknown addheader "Received-SPF: unknown (%Mj: domain of %f uses a mechanism not recognized by this client)",1
racl continue spf none addheader "Received-SPF: none (%Mj: domain of %f does not designate permitted sender hosts)",1
racl continue spf error addheader "Received-SPF: error (%Mj: error in processing during lookup of %f)",1
racl continue spf fail addheader "Received-SPF: fail (%Mj: domain of %f does not designate %i as permitted sender)",1
racl continue spf pass addheader "Received-SPF: pass (%Mj: domain of %f designates %i as permitted sender) client_ip=%i;",1
racl continue spf neutral addheader "Received-SPF: neutral (%Mj: %i is neither permitted nor denied by domain of %f)",1
racl continue spf softfail addheader "Received-SPF: softfail (%Mj: domain of transitioning %f does not designate %i as permitted sender)",1
And this DACL rule:
# Add Authentication-Results header
#
dacl continue addheader "Authentication-Results: %QA",1
With the above rules, I sometimes see headers with "Received-SPF: pass" and "Authentication-Results: mx.example.com; spf=softfail" in the same message.
How is this possible? My only conclusion is that checked domains has "~al"l in their spf records. But why different result from spf check and the %QA format string?
Any ideas?
Markus