You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "John T. Yocum" <jt...@publicmx.com> on 2005/07/24 23:42:09 UTC
ALL_TRUSTED appearing on spam
Hello,
I've recently noticed that a lot of spam is getting through SpamAssassin,
and it's getting the ALL_TRUSTED test listed on it. The issue with that
is, I only have one IP trusted, and that's my own mail server.
<snip from local.cf>
# Trusted Networks
trusted_networks 69.25.118.171
</snip>
As you can see in the below set of headers the message came from
218.222.75.209. Yet, it's trusted.
Return-Path: <jk...@guadalupano.com>
Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
[218.222.75.209])
by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331
for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
From: "Fortifies T. Noon" <jk...@guadalupano.com>
To: Fawyland <RE...@publicmx.com>
Subject: Petite 18yo Teen Stripping
Date: Mon, 25 Jul 2005 11:38:57 -0700
Message-ID: <01...@guadalupano.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE:
6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp)
X-Spam-Status: No, score=0.0 required=3.0 tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT,
HOT_NASTY autolearn=disabled version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
kangaroo.publicmx.com
I have tried sending a test message from another host to the mail server,
and everything seems fine. As headers show below.
Return-Path: <RE...@fluidhosting.com>
Received: from mail1.fluidhosting.com (mail1.fluidhosting.com [204.14.90.61])
by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710
for <RE...@publicmx.com>; Sun, 24 Jul 2005 14:35:28 -0700
Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 -0000
Received: from localhost (HELO ?192.168.102.220?)
(REMOVED@fluidhosting.com@127.0.0.1)
by localhost with SMTP; 24 Jul 2005 21:35:24 -0000
Message-ID: <42...@fluidhosting.com>
Date: Sun, 24 Jul 2005 14:35:21 -0700
From: "John T. Yocum" <REMOVEDfluidhosting.com>
User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: REMOVED@publicmx.com
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS
autolearn=disabled version=3.0.4
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
kangaroo.publicmx.com
My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using
SpamAssasin-Milter 0.3.
Any ideas why other hosts getting trusted, would be greatly appreciated.
Thanks,
John
Re: ALL_TRUSTED appearing on spam
Posted by "John T. Yocum" <jt...@publicmx.com>.
Fixed the problem. Looks like the howto I followed for setting up
spamass-milter was wrong. After redoing my sendmail config for it, all is
well.
Thanks for all the help everyone.
--John
> I decided to run spamd in debug mode, and log what it was seeing. This is
> what I found for a direct delivered message..
>
> debug: received-header: unknown format: from fluidhostingc.com (unknown)
> by kangaroo.publicmx.com;
>
> Searched around on Google, and saw a reference that atleast in
> spamass-milter 0.2, the milter fakes the received header to appease SA.
> However, that method doesn't work so well.
>
> --John
>
>> Thanks for the info.
>>
>> I fixed that Received line, by removing the line wrap, and it was no
>> longer ALL_TRUSTED.
>>
>> Now that I know what the issue is, I just need to figure out why the
>> header is getting munged.
>>
>> Thanks,
>> John
>>
>>> John T. Yocum wrote:
>>>> Thanks. I tried adding the /32 to the end, but that didn't have an
>>>> effect.
>>>> I did run the headers through spamassassin -D and got the following.
>>>>
>>>> debug: received-header: unknown format: from U075209.ppp.dion.ne.jp
>>>> (U075209.ppp.dion.ne.jp
>>>> debug: metadata: X-Spam-Relays-Trusted:
>>>> debug: metadata: X-Spam-Relays-Untrusted:
>>>>
>>>> Thus, it was tagged as ALL_TRUSTED.
>>>>
>>>> What is really odd, is this only happens to direct delivered mail, any
>>>> message relayed via another host, doesn't get the ALL_TRUSTED flag.
>>>>
>>>
>>> Well, that much makes sense. SA can't parse the Received: headers your
>>> server
>>> generates, but it can parse ones generated by outside servers. Thus,
>>> outside
>>> mail with another relay will show up as having been through an
>>> untrusted
>>> host.
>>>
>>>
>>> The problem you need to track down is why can't SA parse your Received:
>>> headers.
>>>
>>> Based on the debug output you got it could be an issue with line-wrap
>>> formating.
>>>
>>> At casual glance, the headers you quoted look correct, but it's
>>> impossible
>>> to
>>> tell if they're really correct because they've been copy-pasted into an
>>> email
>>> message which adds line wraps.
>>>
>>>
>>> To check that, you need to look at a set of pristine message headers,
>>> not
>>> a
>>> copy-paste of them, in a hex editor. (The process of copy-pasting can
>>> change
>>> linewrap formats, replace tabs with spaces, and other sundry things
>>> that
>>> would
>>> matter here).
>>>
>>> One thing I can tell you is that there MUST NOT be a linewrap between
>>> the
>>> end of
>>> the RDNS hostname and the [ for the IP address.
>>>
>>> This quotation should be only 3 lines long:
>>>
>>> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
>>> [218.222.75.209])
>>> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id
>>> j6OKabJS014331
>>> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>>>
>>>
>>> But I'm assuming the extra linewrap after .jp was added by your mail
>>> client.
>>>
>>
>>
>
>
Re: ALL_TRUSTED appearing on spam
Posted by "John T. Yocum" <jt...@publicmx.com>.
I decided to run spamd in debug mode, and log what it was seeing. This is
what I found for a direct delivered message..
debug: received-header: unknown format: from fluidhostingc.com (unknown)
by kangaroo.publicmx.com;
Searched around on Google, and saw a reference that atleast in
spamass-milter 0.2, the milter fakes the received header to appease SA.
However, that method doesn't work so well.
--John
> Thanks for the info.
>
> I fixed that Received line, by removing the line wrap, and it was no
> longer ALL_TRUSTED.
>
> Now that I know what the issue is, I just need to figure out why the
> header is getting munged.
>
> Thanks,
> John
>
>> John T. Yocum wrote:
>>> Thanks. I tried adding the /32 to the end, but that didn't have an
>>> effect.
>>> I did run the headers through spamassassin -D and got the following.
>>>
>>> debug: received-header: unknown format: from U075209.ppp.dion.ne.jp
>>> (U075209.ppp.dion.ne.jp
>>> debug: metadata: X-Spam-Relays-Trusted:
>>> debug: metadata: X-Spam-Relays-Untrusted:
>>>
>>> Thus, it was tagged as ALL_TRUSTED.
>>>
>>> What is really odd, is this only happens to direct delivered mail, any
>>> message relayed via another host, doesn't get the ALL_TRUSTED flag.
>>>
>>
>> Well, that much makes sense. SA can't parse the Received: headers your
>> server
>> generates, but it can parse ones generated by outside servers. Thus,
>> outside
>> mail with another relay will show up as having been through an untrusted
>> host.
>>
>>
>> The problem you need to track down is why can't SA parse your Received:
>> headers.
>>
>> Based on the debug output you got it could be an issue with line-wrap
>> formating.
>>
>> At casual glance, the headers you quoted look correct, but it's
>> impossible
>> to
>> tell if they're really correct because they've been copy-pasted into an
>> email
>> message which adds line wraps.
>>
>>
>> To check that, you need to look at a set of pristine message headers,
>> not
>> a
>> copy-paste of them, in a hex editor. (The process of copy-pasting can
>> change
>> linewrap formats, replace tabs with spaces, and other sundry things that
>> would
>> matter here).
>>
>> One thing I can tell you is that there MUST NOT be a linewrap between
>> the
>> end of
>> the RDNS hostname and the [ for the IP address.
>>
>> This quotation should be only 3 lines long:
>>
>> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
>> [218.222.75.209])
>> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id
>> j6OKabJS014331
>> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>>
>>
>> But I'm assuming the extra linewrap after .jp was added by your mail
>> client.
>>
>
>
Re: ALL_TRUSTED appearing on spam
Posted by "John T. Yocum" <jt...@publicmx.com>.
Thanks for the info.
I fixed that Received line, by removing the line wrap, and it was no
longer ALL_TRUSTED.
Now that I know what the issue is, I just need to figure out why the
header is getting munged.
Thanks,
John
> John T. Yocum wrote:
>> Thanks. I tried adding the /32 to the end, but that didn't have an
>> effect.
>> I did run the headers through spamassassin -D and got the following.
>>
>> debug: received-header: unknown format: from U075209.ppp.dion.ne.jp
>> (U075209.ppp.dion.ne.jp
>> debug: metadata: X-Spam-Relays-Trusted:
>> debug: metadata: X-Spam-Relays-Untrusted:
>>
>> Thus, it was tagged as ALL_TRUSTED.
>>
>> What is really odd, is this only happens to direct delivered mail, any
>> message relayed via another host, doesn't get the ALL_TRUSTED flag.
>>
>
> Well, that much makes sense. SA can't parse the Received: headers your
> server
> generates, but it can parse ones generated by outside servers. Thus,
> outside
> mail with another relay will show up as having been through an untrusted
> host.
>
>
> The problem you need to track down is why can't SA parse your Received:
> headers.
>
> Based on the debug output you got it could be an issue with line-wrap
> formating.
>
> At casual glance, the headers you quoted look correct, but it's impossible
> to
> tell if they're really correct because they've been copy-pasted into an
> email
> message which adds line wraps.
>
>
> To check that, you need to look at a set of pristine message headers, not
> a
> copy-paste of them, in a hex editor. (The process of copy-pasting can
> change
> linewrap formats, replace tabs with spaces, and other sundry things that
> would
> matter here).
>
> One thing I can tell you is that there MUST NOT be a linewrap between the
> end of
> the RDNS hostname and the [ for the IP address.
>
> This quotation should be only 3 lines long:
>
> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
> [218.222.75.209])
> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331
> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>
>
> But I'm assuming the extra linewrap after .jp was added by your mail
> client.
>
Re: ALL_TRUSTED appearing on spam
Posted by Matt Kettler <mk...@evi-inc.com>.
John T. Yocum wrote:
> Thanks. I tried adding the /32 to the end, but that didn't have an effect.
> I did run the headers through spamassassin -D and got the following.
>
> debug: received-header: unknown format: from U075209.ppp.dion.ne.jp
> (U075209.ppp.dion.ne.jp
> debug: metadata: X-Spam-Relays-Trusted:
> debug: metadata: X-Spam-Relays-Untrusted:
>
> Thus, it was tagged as ALL_TRUSTED.
>
> What is really odd, is this only happens to direct delivered mail, any
> message relayed via another host, doesn't get the ALL_TRUSTED flag.
>
Well, that much makes sense. SA can't parse the Received: headers your server
generates, but it can parse ones generated by outside servers. Thus, outside
mail with another relay will show up as having been through an untrusted host.
The problem you need to track down is why can't SA parse your Received: headers.
Based on the debug output you got it could be an issue with line-wrap formating.
At casual glance, the headers you quoted look correct, but it's impossible to
tell if they're really correct because they've been copy-pasted into an email
message which adds line wraps.
To check that, you need to look at a set of pristine message headers, not a
copy-paste of them, in a hex editor. (The process of copy-pasting can change
linewrap formats, replace tabs with spaces, and other sundry things that would
matter here).
One thing I can tell you is that there MUST NOT be a linewrap between the end of
the RDNS hostname and the [ for the IP address.
This quotation should be only 3 lines long:
Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
[218.222.75.209])
by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331
for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
But I'm assuming the extra linewrap after .jp was added by your mail client.
Re: ALL_TRUSTED appearing on spam
Posted by "John T. Yocum" <jt...@publicmx.com>.
Thanks. I tried adding the /32 to the end, but that didn't have an effect.
I did run the headers through spamassassin -D and got the following.
debug: received-header: unknown format: from U075209.ppp.dion.ne.jp
(U075209.ppp.dion.ne.jp
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted:
Thus, it was tagged as ALL_TRUSTED.
What is really odd, is this only happens to direct delivered mail, any
message relayed via another host, doesn't get the ALL_TRUSTED flag.
Thanks,
John
> mouss wrote:
>> John T. Yocum wrote:
>>
>>> Hello,
>>>
>>> I've recently noticed that a lot of spam is getting through
>>> SpamAssassin,
>>> and it's getting the ALL_TRUSTED test listed on it. The issue with that
>>> is, I only have one IP trusted, and that's my own mail server.
>>>
>>> <snip from local.cf>
>>> # Trusted Networks
>>> trusted_networks 69.25.118.171
>>> </snip>
>>>
>>> As you can see in the below set of headers the message came from
>>> 218.222.75.209. Yet, it's trusted.
>>>
>>> Return-Path: <jk...@guadalupano.com>
>>> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
>>> [218.222.75.209])
>>> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id
>>> j6OKabJS014331
>>> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>>
>>
>> My understanding (but I may be wrong) is that ALL_TRUSTED means all
>> received headers are trusted, which seems the case. It doesn't mean the
>> origin client is trusted.
>>
>
> You are incorrect mouss. It does in fact mean that all hosts involved are
> trusted hosts. Well, it actually means there are no untrusted hosts, but
> unless
> there's an unparseable header it's the same thing.
>
> Suggestions:
>
> 1) add a /32 to the end of your trusted networks statement. The docs SAY
> it will
> work without a netmask, but my experience with 2.6x is that it did not
> work, so
> I always specify a mask.
>
> 2) the other causes when SA fails to be able to parse the Received:
> headers.
> That header looks normal to me, but try running the message through
> spamassassin
> -D and see what SA has to say about the Received: path in it's debug
> output.
>
Re: ALL_TRUSTED appearing on spam
Posted by Matt Kettler <mk...@evi-inc.com>.
mouss wrote:
> John T. Yocum wrote:
>
>> Hello,
>>
>> I've recently noticed that a lot of spam is getting through SpamAssassin,
>> and it's getting the ALL_TRUSTED test listed on it. The issue with that
>> is, I only have one IP trusted, and that's my own mail server.
>>
>> <snip from local.cf>
>> # Trusted Networks
>> trusted_networks 69.25.118.171
>> </snip>
>>
>> As you can see in the below set of headers the message came from
>> 218.222.75.209. Yet, it's trusted.
>>
>> Return-Path: <jk...@guadalupano.com>
>> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
>> [218.222.75.209])
>> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id
>> j6OKabJS014331
>> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>
>
> My understanding (but I may be wrong) is that ALL_TRUSTED means all
> received headers are trusted, which seems the case. It doesn't mean the
> origin client is trusted.
>
You are incorrect mouss. It does in fact mean that all hosts involved are
trusted hosts. Well, it actually means there are no untrusted hosts, but unless
there's an unparseable header it's the same thing.
Suggestions:
1) add a /32 to the end of your trusted networks statement. The docs SAY it will
work without a netmask, but my experience with 2.6x is that it did not work, so
I always specify a mask.
2) the other causes when SA fails to be able to parse the Received: headers.
That header looks normal to me, but try running the message through spamassassin
-D and see what SA has to say about the Received: path in it's debug output.
Re: ALL_TRUSTED appearing on spam
Posted by mouss <us...@free.fr>.
John T. Yocum wrote:
> Hello,
>
> I've recently noticed that a lot of spam is getting through SpamAssassin,
> and it's getting the ALL_TRUSTED test listed on it. The issue with that
> is, I only have one IP trusted, and that's my own mail server.
>
> <snip from local.cf>
> # Trusted Networks
> trusted_networks 69.25.118.171
> </snip>
>
> As you can see in the below set of headers the message came from
> 218.222.75.209. Yet, it's trusted.
>
> Return-Path: <jk...@guadalupano.com>
> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
> [218.222.75.209])
> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331
> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
My understanding (but I may be wrong) is that ALL_TRUSTED means all
received headers are trusted, which seems the case. It doesn't mean the
origin client is trusted.
Re: ALL_TRUSTED appearing on spam
Posted by "John T. Yocum" <jt...@publicmx.com>.
OK. I added the internal_networks setting listing my only MX (It's not
trusted, as it's used by many other users, and isn't under my control.)
<snip>
# Trusted Networks
trusted_networks 69.25.118.171
# Internal Networks
internal_networks 207.234.226.49
</snip>
OK. So the trusted_networks line, specifies my mail server IP.(Machine
running SA.) And, internal_networks has my third-party operated MX.
Now, regardless of what I set trusted_networks to, SA sets ALL_TRUSTED to
direct delivered spam, or mail.
I think this is part of it's design though. My mail host is a webmail box,
thus nobody relays through it, except itself. Thus, it shouldn't trust any
hosts other than itself.
Now, it doesn't set ALL_TRUSTED from spam, or any e-mail which is relayed
via another host. It's only for direct delivered mail.
Thanks,
John
> On 7/24/05, John T. Yocum <jt...@publicmx.com> wrote:
>> Hello,
>>
>> I've recently noticed that a lot of spam is getting through
>> SpamAssassin,
>> and it's getting the ALL_TRUSTED test listed on it. The issue with that
>> is, I only have one IP trusted, and that's my own mail server.
>>
>> <snip from local.cf>
>> # Trusted Networks
>> trusted_networks 69.25.118.171
>> </snip>
>>
>> As you can see in the below set of headers the message came from
>> 218.222.75.209. Yet, it's trusted.
>>
>> Return-Path: <jk...@guadalupano.com>
>> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
>> [218.222.75.209])
>> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id
>> j6OKabJS014331
>> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
>> From: "Fortifies T. Noon" <jk...@guadalupano.com>
>> To: Fawyland <RE...@publicmx.com>
>> Subject: Petite 18yo Teen Stripping
>> Date: Mon, 25 Jul 2005 11:38:57 -0700
>> Message-ID: <01...@guadalupano.com>
>> MIME-Version: 1.0
>> Content-Type: text/plain
>> Content-Transfer-Encoding: 7bit
>> X-Priority: 3 (Normal)
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook, Build 10.0.4024
>> Importance: Normal
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
>> X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE:
>> 6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp)
>> X-Spam-Status: No, score=0.0 required=3.0
>> tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT,
>> HOT_NASTY autolearn=disabled version=3.0.4
>> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
>> kangaroo.publicmx.com
>>
>>
>> I have tried sending a test message from another host to the mail
>> server,
>> and everything seems fine. As headers show below.
>>
>>
>> Return-Path: <RE...@fluidhosting.com>
>> Received: from mail1.fluidhosting.com (mail1.fluidhosting.com
>> [204.14.90.61])
>> by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710
>> for <RE...@publicmx.com>; Sun, 24 Jul 2005 14:35:28 -0700
>> Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 -0000
>> Received: from localhost (HELO ?192.168.102.220?)
>> (REMOVED@fluidhosting.com@127.0.0.1)
>> by localhost with SMTP; 24 Jul 2005 21:35:24 -0000
>> Message-ID: <42...@fluidhosting.com>
>> Date: Sun, 24 Jul 2005 14:35:21 -0700
>> From: "John T. Yocum" <REMOVEDfluidhosting.com>
>> User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721)
>> X-Accept-Language: en-us, en
>> MIME-Version: 1.0
>> To: REMOVED@publicmx.com
>> Subject: test
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>> Content-Transfer-Encoding: 7bit
>> X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS
>> autolearn=disabled version=3.0.4
>> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
>> kangaroo.publicmx.com
>>
>>
>> My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using
>> SpamAssasin-Milter 0.3.
>>
>> Any ideas why other hosts getting trusted, would be greatly appreciated.
>>
>> Thanks,
>> John
>>
>
> John, there's another setting, called "internal networks", that you're
> suppose to put in the local.cf file as well.
>
> See this:
> http://wiki.apache.org/spamassassin/TrustPath?highlight=%28all_trusted%29
>
> -RoNNY
>
>
Re: ALL_TRUSTED appearing on spam
Posted by Ronny Nussbaum <ro...@gmail.com>.
On 7/24/05, John T. Yocum <jt...@publicmx.com> wrote:
> Hello,
>
> I've recently noticed that a lot of spam is getting through SpamAssassin,
> and it's getting the ALL_TRUSTED test listed on it. The issue with that
> is, I only have one IP trusted, and that's my own mail server.
>
> <snip from local.cf>
> # Trusted Networks
> trusted_networks 69.25.118.171
> </snip>
>
> As you can see in the below set of headers the message came from
> 218.222.75.209. Yet, it's trusted.
>
> Return-Path: <jk...@guadalupano.com>
> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp
> [218.222.75.209])
> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331
> for <fa...@publicmx.com>; Sun, 24 Jul 2005 13:36:40 -0700
> From: "Fortifies T. Noon" <jk...@guadalupano.com>
> To: Fawyland <RE...@publicmx.com>
> Subject: Petite 18yo Teen Stripping
> Date: Mon, 25 Jul 2005 11:38:57 -0700
> Message-ID: <01...@guadalupano.com>
> MIME-Version: 1.0
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook, Build 10.0.4024
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE:
> 6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp)
> X-Spam-Status: No, score=0.0 required=3.0 tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT,
> HOT_NASTY autolearn=disabled version=3.0.4
> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
> kangaroo.publicmx.com
>
>
> I have tried sending a test message from another host to the mail server,
> and everything seems fine. As headers show below.
>
>
> Return-Path: <RE...@fluidhosting.com>
> Received: from mail1.fluidhosting.com (mail1.fluidhosting.com [204.14.90.61])
> by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710
> for <RE...@publicmx.com>; Sun, 24 Jul 2005 14:35:28 -0700
> Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 -0000
> Received: from localhost (HELO ?192.168.102.220?)
> (REMOVED@fluidhosting.com@127.0.0.1)
> by localhost with SMTP; 24 Jul 2005 21:35:24 -0000
> Message-ID: <42...@fluidhosting.com>
> Date: Sun, 24 Jul 2005 14:35:21 -0700
> From: "John T. Yocum" <REMOVEDfluidhosting.com>
> User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721)
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: REMOVED@publicmx.com
> Subject: test
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
> X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS
> autolearn=disabled version=3.0.4
> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
> kangaroo.publicmx.com
>
>
> My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using
> SpamAssasin-Milter 0.3.
>
> Any ideas why other hosts getting trusted, would be greatly appreciated.
>
> Thanks,
> John
>
John, there's another setting, called "internal networks", that you're
suppose to put in the local.cf file as well.
See this:
http://wiki.apache.org/spamassassin/TrustPath?highlight=%28all_trusted%29
-RoNNY