You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by 杨枭 <m3...@gmail.com> on 2013/11/29 03:48:42 UTC

External IP is list inTrusted

Hi all:
       I'm using SA-3.2.3 to test a spam, the following is the dbg message:
*Nov 29 09:51:19.982 [23076] dbg: received-header: authentication method
esmtpa*
*Nov 29 09:51:19.982 [23076] dbg: received-header: relay 124.73.143.235
trusted? yes internal? yes msa? no*
*Nov 29 09:51:19.982 [23076] dbg: metadata: X-Spam-Relays-Trusted: [
ip=10.20.15.23 rdns=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> helo=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> by=bosmailout15.eigbox.net
<http://bosmailout15.eigbox.net> ident= envfrom= intl=1 id=1VKjrF-0002pQ-IX
auth= msa=0 ] [ ip=10.20.55.4 rdns=bosimpout04.eigbox.net
<http://bosimpout04.eigbox.net> helo=bosimpout04.eigbox.net
<http://bosimpout04.eigbox.net> by=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> ident= envfrom= intl=1
id=1VKjrF-0003zs-AB auth= msa=0 ] [ ip=10.20.18.16 rdns=
helo=bosauthsmtp16.eigbox.net <http://bosauthsmtp16.eigbox.net>
by=bosimpout04.eigbox.net <http://bosimpout04.eigbox.net> ident= envfrom=
intl=1 id=Qv1V1m00A0LoEWa01v1V7z auth= msa=0 ] [ ip=124.73.143.235 rdns=
helo=BGm.hjvx by=bosauthsmtp16.eigbox.net <http://bosauthsmtp16.eigbox.net>
ident= envfrom= intl=1 id=1VKjrC-00078a-UZ auth=esmtpa msa=0 ]*
*Nov 29 09:51:19.982 [23076] dbg: metadata: X-Spam-Relays-Untrusted: *
*Nov 29 09:51:19.982 [23076] dbg: metadata: X-Spam-Relays-Internal: [
ip=10.20.15.23 rdns=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> helo=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> by=bosmailout15.eigbox.net
<http://bosmailout15.eigbox.net> ident= envfrom= intl=1 id=1VKjrF-0002pQ-IX
auth= msa=0 ] [ ip=10.20.55.4 rdns=bosimpout04.eigbox.net
<http://bosimpout04.eigbox.net> helo=bosimpout04.eigbox.net
<http://bosimpout04.eigbox.net> by=bosmailscan23.eigbox.net
<http://bosmailscan23.eigbox.net> ident= envfrom= intl=1
id=1VKjrF-0003zs-AB auth= msa=0 ] [ ip=10.20.18.16 rdns=
helo=bosauthsmtp16.eigbox.net <http://bosauthsmtp16.eigbox.net>
by=bosimpout04.eigbox.net <http://bosimpout04.eigbox.net> ident= envfrom=
intl=1 id=Qv1V1m00A0LoEWa01v1V7z auth= msa=0 ] [ ip=124.73.143.235 rdns=
helo=BGm.hjvx by=bosauthsmtp16.eigbox.net <http://bosauthsmtp16.eigbox.net>
ident= envfrom= intl=1 id=1VKjrC-00078a-UZ auth=esmtpa msa=0 ]*
*Nov 29 09:51:19.982 [23076] dbg: metadata: X-Spam-Relays-External: *

but I did not set any ip in the trusted_networks, why SA take the
124.73.143.235 as a trusted ip?

Re: External IP is list inTrusted

Posted by Benny Pedersen <me...@junc.eu>.

Henrik K skrev den 2013-11-29 08:28:

> http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html
> 
> internal_networks ip.add.re.ss[/mask] ... (default: none)

except that 127.0.0.0/8 is hardcoded

Re: External IP is list inTrusted

Posted by Benny Pedersen <me...@junc.eu>.

杨枭 skrev den 2013-11-29 08:40:

> Thank you all the way.

nope that ip is not hardcoded in a perl module, see your *.cf files

Re: External IP is list inTrusted

Posted by 杨枭 <m3...@gmail.com>.

I have known the reason why SA take the ip as a trusted ip.
When a mail whose authentication method is esmtp included the
received-header,
SA will take the ip as a  trusted ip.
See the SpamAssassin/Message/Metadata/Received.pm:
       # if we find authentication tokens in the received header we can
extend
         # the trust boundary to that host
         if ($relay->{auth}) {
           dbg("received-header: authentication method ".$relay->{auth});
           $inferred_as_trusted = 1;
       }
Thank you all the way.


2013/11/29 Henrik K <he...@hege.li>

> On Fri, Nov 29, 2013 at 10:48:42AM +0800, ???? wrote:
> >
> > but I did not set any ip in the trusted_networks, why SA take the
> > 124.73.143.235 as a trusted ip?
>
> In what case not "trusting" internal ip would make sense? What is it that
> you are really trying to achieve?
>
> http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html
>
> internal_networks ip.add.re.ss[/mask] ... (default: none)
>
> "Every entry in internal_networks must appear in trusted_networks; in other
> words, internal_networks is always a subset of the trusted set."
>
>

Re: External IP is list inTrusted

Posted by Henrik K <he...@hege.li>.

On Fri, Nov 29, 2013 at 10:48:42AM +0800, ???? wrote:
> 
> but I did not set any ip in the trusted_networks, why SA take the
> 124.73.143.235 as a trusted ip?

In what case not "trusting" internal ip would make sense? What is it that
you are really trying to achieve?

http://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html

internal_networks ip.add.re.ss[/mask] ... (default: none)

"Every entry in internal_networks must appear in trusted_networks; in other
words, internal_networks is always a subset of the trusted set."