Postfix; Why did this email not get blocked?

Question

Consider the following junk email received in which the recipient address is the same as the sender's address, but this users didn't send them self the email, it is junk mail;

(All hostnames and IPs have been changed for privacy):

Return-Path: <someuser@lala.net>
X-Original-To: realuser_realdomain.com@vmail.mailplatform.com
Delivered-To: realuser_realdomain.com@vmail.mailplatform.com
Received: from mx1.mailplatform.net (mx1.mailplatform.net [1.2.3.47])
                by mx1.mailplatform.net (Postfix) with ESMTP id 9F7DB8406E6;
                Thu, 21 Jun 2012 08:11:54 +0100 (BST)
Received: from localhost (localhost [127.0.0.1])
                by mx1.mailplatform.net (Postfix) with ESMTP id 66B6C27C6D1;
                Thu, 21 Jun 2012 08:11:54 +0100 (BST)
X-Virus-Scanned: by Mailplatform Anti-Virus
Received: from mx1.mailplatform.net ([1.2.3.47])
                by localhost (mx1.mailplatform.net [127.0.0.1]) (amavisd-new, port 10024)
                with ESMTP id rOsEgrThepcJ; Thu, 21 Jun 2012 08:11:52 +0100 (BST)
Received: from dialup.user.some.isp.net (dialup.user.some.isp.net [5.5.5.5])
                by mx1.mailplatform.net (Postfix) with ESMTP id 3AA3127C6C1;
                Thu, 21 Jun 2012 08:11:51 +0100 (BST)
Message-ID: <4FE2D446.301090@realdomain.com>
Date: Thu, 21 Jun 2012 08:11:51 +0100
From: <allusers@realdomain.com>,
                <realuser@realdomain.com>,
                <realuser2@readldomain.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: <allusers@realdomain.com>,
                <realuser@realdomain.com>,
                <realuser2@realdomain.com>
Subject: Vacancy - apply online
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 120621-0, 21/06/2012), Inbound message
X-Antivirus-Status: Clean

As we can see here, the email was originally submitted to the MX host mx1, by a dial up user (as the reverse PTR records indicates, so a good indication of spam right there!). What I can't understand is why postfix didn't do an SPF lookup, see that the sender isn't an authorised source for this domain (realdomain.com), and adjust the score accordingly. mx1 is the sending and receiving host for the end user's domain "realdomain.com". This was in the postfix logs;

Jun 21 08:11:51 mx1 meta-greylist[4080]: 5.5.5.5:dialup.user.some.isp.net is not in DB 
Jun 21 08:11:51 mx1 meta-greylist[4080]: has_A_or_MX (A): dialup.user.some.isp.net RR A 
Jun 21 08:11:52 mx1 meta-greylist[4080]: SPF result neutral/Please see http://www.openspf.org/why.html?sender=someuser@lala.net&ip=5.5.5.5&receiver=mx1.mailplatform.net 
Jun 21 08:11:52 mx1 meta-greylist[4080]: suspect level 0 
Jun 21 08:11:52 mx1 meta-greylist[4080]: 5.5.5.5:dialup.user.some.isp.net:lala.net set to whitelisted 
Jun 21 08:11:52 mx1 meta-greylist[4080]: action=DUNNO 
Jun 21 08:11:52 mx1 postfix/smtpd[3800]: 3AA3127C6C1: client=dialup.user.some.isp.net[5.5.5.5]
Jun 21 08:11:52 mx1 postfix/trivial-rewrite[3934]: warning: do not list domain readldomain.com in BOTH virtual_alias_domains and relay_domains

Sorry if this seems ridiculous, I'm new to Postfix. If I have not posted something that I obviously should have (piece of a log for example), please let me know, and I will. Thank you.

EDIT-Update: What I meant to say was, did this get through because the sending user has used 'someuser@lala.net' for the return-path value which has somehow thrown off postfix/amavis/spamassassin?

Answer 1

well for one postfix isn't a spam detection tool.. it is a MTA. So you need to run some software along with postfix like spamassassin to check for that. Also postfix doesn't check spf automatically, that is something else you have to enable like postfix-policyd-spf-perl in ubuntu for example. Then you have to configure postfix to use that to check.