Re: ALL_TRUSTED problems

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Kevin Sullivan writes:
> I've set the trusted networks manually:
> 
> clear_trusted_networks
> trusted_networks 127/8
> trusted_networks 205.201.9.33/32
> trusted_networks 10.30/16
> clear_internal_networks
> internal_networks 127/8 205.201.9.33/32 10.30/16
> 
> But I still get *lots* of mail incorrectly triggering ALL_TRUSTED.  I'm 
> running spamassassin from a milter.  It looks like the milter runs before 
> sendmail adds its own Received: line, so much mail comes in with no 
> Received lines.  And it looks like mail with no Received lines is 
> automatically tagged as "trusted".
> 
> So, does this seem plausable?  And can it be fixed?
> 
> It seems like there have been many problems with the ALL_TRUSTED system 
> with 3.0.  Is there a way to disable the whole thing?  I know that I can 
> set ALL_TRUSTED to 0 points; will that also stop the side effects of 
> ALL_TRUSTED?

first off, you've got to get the milter to at least *fake* a Received
header; you're missing a load of spam signatures without that.

setting ALL_TRUSTED to 0 will indeed disable that rule.  but there
is a large number of tests that also require the relay add a Received
before the message is scanned (DNSBL tests, HELO string tests, rDNS
tests, etc. etc.)   You *really* want that Received line.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBpMnHMJF5cimLx9ARAnzQAKCbovMRC1oOjEjyoZbptUZHLmLxmwCggqz6
FZwP3mTRNWsQ3muUEQnZGAg=
=GioS
-----END PGP SIGNATURE-----

Re: ALL_TRUSTED problems

[David B Funk <db...@engineering.uiowa.edu>]

On Wed, 24 Nov 2004, Justin Mason wrote:

> Kevin Sullivan writes:
[snip.]
> > But I still get *lots* of mail incorrectly triggering ALL_TRUSTED.  I'm
> > running spamassassin from a milter.  It looks like the milter runs before
> > sendmail adds its own Received: line, so much mail comes in with no
> > Received lines.  And it looks like mail with no Received lines is
> > automatically tagged as "trusted".
> >
> > So, does this seem plausable?  And can it be fixed?
> >
> > It seems like there have been many problems with the ALL_TRUSTED system
> > with 3.0.  Is there a way to disable the whole thing?  I know that I can
> > set ALL_TRUSTED to 0 points; will that also stop the side effects of
> > ALL_TRUSTED?
>
> first off, you've got to get the milter to at least *fake* a Received
> header; you're missing a load of spam signatures without that.
>
> setting ALL_TRUSTED to 0 will indeed disable that rule.  but there
> is a large number of tests that also require the relay add a Received
> before the message is scanned (DNSBL tests, HELO string tests, rDNS
> tests, etc. etc.)   You *really* want that Received line.
>
> - --j.

Not to mention that "whitelist_from_rcvd" needs it.

Many milters that I've looked at do synthesize a "Received:" header
precisely because of this issue (miltrassassin, milter-spamc).
What milter are you using?
There may be an update for it.


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{