You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2015/06/20 08:11:55 UTC
[Bug 7214] New: ALL_TRUSTED false positive
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
Bug ID: 7214
Summary: ALL_TRUSTED false positive
Product: Spamassassin
Version: 3.4.1
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: dev+sa@pgnd.us
I run a frontend mailserver instance
postfix 3.0.1
amavisd-new-2.10.1 (20141025)
SpamAssassin version 3.4.1
SA is called from amavisd via a postfix postqueue content_filter. Valid mail
is relayed to a second, backend postfix instance.
SA config includes
...
clear_trusted_networks
clear_internal_networks
internal_networks 127.0.0.0/8 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
trusted_networks 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
...
clear_headers
rewrite_header Subject *SPAM* _STARS(*)_
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
autolearn=_AUTOLEARN_ version=_VERSION_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on
_HOSTNAME_
add_header all Relay-Country _RELAYCOUNTRY_
add_header all Relays-Untrusted _RELAYSUNTRUSTED_
...
score ALL_TRUSTED 0.001
...
X.X.X.X/29 is my ISP-provided static range; it is NOT in Google's IP space.
With the trust path set as above, all messages received from external sources
NOT in the trust path still fire 'ALL_TRUSTED'.
Incorrectly, no relays are identified as external/untrusted.
Here are the received mail headers for a test mail sent from a gmail.com
account (NOT in the trust path) to my Postfix server
------------------------------------------------------
Return-Path: MY_GUSER@gmail.com
Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com)
(10.2.2.13) by mail-backend.DDDD.com with LMTP; Fri, 19 Jun 2015
21:13:57 -0700 (PDT)
Received: from relay-vpn.mail.DDDD.com (internal.mail.DDDD.com [10.1.1.16])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "relay-vpn.mail.DDDD.com", Issuer "DDDD_CA" (verified OK))
by mail-backend.DDDD.com (Postfix) with ESMTPS id 64EBC10277E
for <te...@DDDD.com>; Fri, 19 Jun 2015 21:13:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mailhost.DDDD.com (Postfix) with ESMTP id D30EB66791
for <te...@DDDD.com>; Fri, 19 Jun 2015 21:13:56 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
mail.DDDD.com
X-Spam-Flag: NO
X-Spam-Score: 0.606
X-Spam-Level:
X-Spam-Status: No, score=0.606 tagged_above=-9999 required=5
tests=[ALL_TRUSTED=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.001,
DKIM_VALID=0.001, DKIM_VALID_AU=0.001, DKIM_VERIFIED=0.001,
PYZOR_CHECK=2.5, SPF_PASS=0.001] autolearn=no autolearn_force=no
X-Spam-Relay-Country:
X-Spam-Relays-Untrusted:
X-Spam-ShortCircuit: shortcircuit=no status=no trigger_rule=none
Received: from amavis-feed.mail.DDDD.com ([10.1.1.16])
by localhost (mail.DDDD.com [127.0.0.1]) (amavisd-new, port 20002)
with ESMTP id 0iLhWtHd6QuA for <te...@DDDD.com>;
Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mailhost.DDDD.com (Postfix) with ESMTP id 9B2DD66782
for <te...@DDDD.com>; Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mail.DDDD.com
Authentication-Results: mail.DDDD.com (amavisd-new);
dkim=pass (2048-bit key) header.d=gmail.com
Received: from mailhost.DDDD.com ([127.0.0.1])
by localhost (mail.DDDD.com [127.0.0.1]) (amavisd-new, port 20001)
with ESMTP id iM1tCl38jXIQ for <te...@DDDD.com>;
Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=209.85.220.179; helo=mail-qk0-f179.google.com;
envelope-from=MY_GUSER@gmail.com; receiver=test@DDDD.com
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com
[209.85.220.179])
by mailhost.DDDD.com (Postfix) with ESMTPS
for <te...@DDDD.com>; Fri, 19 Jun 2015 21:13:50 -0700 (PDT)
Received: by qkeo142 with SMTP id o142so54552683qke.1
for <te...@DDDD.com>; Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=g3z...Gs=;
b=BEc...w==
MIME-Version: 1.0
X-Received: by 10.140.235.195 with SMTP id g186mr27561030qhc.64.1434778428294;
Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
Received: by 10.140.40.102 with HTTP; Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
Date: Fri, 19 Jun 2015 21:13:48 -0700
Message-ID: <CA...@mail.gmail.com>
Subject: test
From: my_guser <MY...@gmail.com>
To: test@DDDD.com
Content-Type: text/plain; charset=UTF-8
test
------------------------------------------------------
The relay
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com
[209.85.220.179])
is obviously not in the trust path. ALL_TRUSTED should not fire.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
--- Comment #4 from frederik@frehi.be ---
It is me who defined this entry, not the Debian maintainers.
Disabling the chroot does not change anything by the way: still external mails
hit ALL_TRUSTED.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
CC| |kmcgrail@apache.org
--- Comment #6 from Kevin A. McGrail <km...@apache.org> ---
Closing per GB
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
--- Comment #2 from frederik@frehi.be ---
If you mean lmtp_send_xforward_command=yes, then I have this set:
smtp-amavis unix - - y - 8 lmtp
-o lmtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o lmtp_send_xforward_command=yes
-o lmtp_tls_note_starttls_offer=no
Yet I'm also suffering the problem of all mails hitting ALL_TRUSTED. I think
this started after I upgraded from Debian Wheezy to Debian Jessie.
Not defining trusted_networks at all in the configuration, prevents the
problem.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
--- Comment #3 from Benny Pedersen <me...@junc.eu> ---
remove the CHROOT !
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
debian maintainers is plain stuppid !
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovanni@paclan.it
--- Comment #5 from Giovanni Bechis <gi...@paclan.it> ---
It seems like a local configuration problem to me other than a bug.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #1 from Benny Pedersen <me...@junc.eu> ---
https://www.ijs.si/software/amavisd/README.postfix.html
read about xforward
when Mark have time he will mark this problem here invalid since its not a
spamassassin problem :=)
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7214] ALL_TRUSTED false positive
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214
frederik@frehi.be changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |frederik@frehi.be
--
You are receiving this mail because:
You are the assignee for the bug.