This file is indexed.

/usr/share/spamassassin/25_spf.cf is in spamassassin 3.4.1-8build1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# SpamAssassin - SPF rules
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
# 
#     http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################

# Requires the Mail::SpamAssassin::Plugin::SPF plugin be loaded.

ifplugin Mail::SpamAssassin::Plugin::SPF

# SPF support:
#   "pass" is nice
#   "neutral" is somewhat bad
#   "fail" is bad
#   "softfail" is bad, but not as bad as "fail"
#   "permerror" is very bad, and means the domain doesn't have a valid spf record
# These are more trustworthy results than the SPF_HELO rules.

header SPF_PASS			eval:check_for_spf_pass()
header SPF_NEUTRAL		eval:check_for_spf_neutral()
header SPF_FAIL			eval:check_for_spf_fail()
header SPF_SOFTFAIL		eval:check_for_spf_softfail()
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
  header T_SPF_PERMERROR		eval:check_for_spf_permerror()
  header T_SPF_TEMPERROR		eval:check_for_spf_temperror()
endif

# NOTE: SPF_HELO_PASS is not incredibly hard to fake, so shouldn't
# provide much in the way of points compared to SPF_PASS et al.
# However, a *failure* is still a very good spamsign.

header SPF_HELO_PASS		eval:check_for_spf_helo_pass()
header SPF_HELO_NEUTRAL		eval:check_for_spf_helo_neutral()
header SPF_HELO_FAIL		eval:check_for_spf_helo_fail()
header SPF_HELO_SOFTFAIL	eval:check_for_spf_helo_softfail()
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
  header T_SPF_HELO_PERMERROR	eval:check_for_spf_helo_permerror()
  header T_SPF_HELO_TEMPERROR	eval:check_for_spf_helo_temperror()
endif

describe SPF_PASS		SPF: sender matches SPF record
describe SPF_NEUTRAL		SPF: sender does not match SPF record (neutral)
describe SPF_FAIL		SPF: sender does not match SPF record (fail)
describe SPF_SOFTFAIL		SPF: sender does not match SPF record (softfail)
describe SPF_HELO_PASS		SPF: HELO matches SPF record
describe SPF_HELO_NEUTRAL	SPF: HELO does not match SPF record (neutral)
describe SPF_HELO_FAIL		SPF: HELO does not match SPF record (fail)
describe SPF_HELO_SOFTFAIL	SPF: HELO does not match SPF record (softfail)
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
  describe T_SPF_PERMERROR        SPF: test of record failed (permerror)
  describe T_SPF_TEMPERROR        SPF: test of record failed (temperror)
  describe T_SPF_HELO_PERMERROR	SPF: test of HELO record failed (permerror)
  describe T_SPF_HELO_TEMPERROR	SPF: test of HELO record failed (temperror)
endif

# these are "userconf" so that scores are set by hand
tflags SPF_PASS			nice userconf net
tflags SPF_HELO_PASS		nice userconf net
tflags SPF_NEUTRAL		net
tflags SPF_FAIL		        net
tflags SPF_SOFTFAIL		net
tflags SPF_HELO_NEUTRAL	        net
tflags SPF_HELO_FAIL		net
tflags SPF_HELO_SOFTFAIL	net
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
  tflags T_SPF_HELO_PERMERROR	net
  tflags T_SPF_HELO_TEMPERROR	net
  tflags T_SPF_PERMERROR          net
  tflags T_SPF_TEMPERROR          net
endif

# rules from earlier than current release that can be reused
reuse  SPF_PASS
reuse  SPF_FAIL
reuse  SPF_SOFTFAIL
reuse  SPF_HELO_PASS
reuse  SPF_HELO_FAIL
reuse  SPF_HELO_SOFTFAIL
reuse  SPF_NEUTRAL
reuse  SPF_HELO_NEUTRAL
if can(Mail::SpamAssassin::Plugin::SPF::has_check_for_spf_errors)
  reuse  T_SPF_PERMERROR
  reuse  T_SPF_TEMPERROR
  reuse  T_SPF_HELO_PERMERROR
  reuse  T_SPF_HELO_TEMPERROR
endif

# Implementing the Sender Check for No SPF REcord defaulting to disabled so Admins can override
header		SPF_NONE    eval:check_for_spf_none()
describe	SPF_NONE    SPF: sender does not publish an SPF Record

header		SPF_HELO_NONE	eval:check_for_spf_helo_none()
describe	SPF_HELO_NONE	SPF: HELO does not publish an SPF Record


endif   # Mail::SpamAssassin::Plugin::SPF