You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Thomas S. Crum" <ts...@aaawebsolution.com> on 2007/01/01 23:00:40 UTC
localhost bypass?
How do I stop sa from processing mail relayed/originated from localhost,
127.0.0.1?
I tried:
trusted_networks 127.0.0.1
internal_networks 127.0.0.1
But, it is still processing mail from localhost and adding this header:
X-Spam-Status: No, score=0.6 required=5.0
tests=ALL_TRUSTED,AWL,HTML_10_20,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HEADER_CTYPE_ONLY,
MIME_HTML_ONLY,NO_REAL_NAME autolearn=no version=3.1.7
-Thank you
Re: localhost bypass?
Posted by Matt Kettler <mk...@verizon.net>.
Jason Faulkner wrote:
>
>>> trusted_networks 127.0.0.1
>>> internal_networks 127.0.0.1
>>>
>> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one. EVER.
>>
>
> I'm confused as to what you mean by this. I'm using these in my
> environment, and they do a good job of making sure that mail relayed
> through my internal networks don't get marked as spam.
Well, they don't do that.. yes, ALL_TRUSTED will match, which will
reduce the score some, but this is no real form of whitelisting.
As I suggested to Thomas, read the docs:
http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
http://wiki.apache.org/spamassassin/TrustedRelays
http://wiki.apache.org/spamassassin/TrustPath
Re: localhost bypass?
Posted by Matt Kettler <mk...@verizon.net>.
Sander Holthaus wrote:
> Jason Faulkner wrote:
> >>> trusted_networks 127.0.0.1
> >>> internal_networks 127.0.0.1
> >>>
> >> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one.
> EVER.
> >>
> > I'm confused as to what you mean by this. I'm using these in my
> > environment, and they do a good job of making sure that mail relayed
> > through my internal networks don't get marked as spam.
>
> I'm not sure about that either, but I would say that in many
> environments, 127.0.0.1 belongs to both the trusted and internal
> networks. In fact, it is hard to imagine an environment where
> 127.0.0.1 is neither trusted or internal, as it is the host running
> spamassassin or it refers to an external trusted host.
I'm not saying 127.0.0.1 doesn't belong in internal/trusted networks.
I'm saying that don't expect to whitelist a host by adding it to either.
trusted_networks is NOT a whitelist.
internal_networks is NOT a whitelist.
Now, properly used they can have a significant impact on how your SA
scores mail, but too few hosts here is just as bad as too many.
Therefore, DO NOT try to use these settings as a whitelist. Configure
them to match your network topology, not your whitelist desires.
One spam offer definitely not worth it..
Posted by Nigel Kendrick <su...@petdoctors.co.uk>.
"Invoice #: 33021 - TOTAL: $15.00 We Email Advertise Your Web Site to
0,000,000 People"
Wow! Only $15 for..er..nothing!
Happy New Year etc. to all - and my eternal thanks for everyone involved in
the discussion, support and development of SpamAssassin and associated tools
- my life would be hell without you all!
Nigel Kendrick
Re: localhost bypass?
Posted by Sander Holthaus <in...@orangexl.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jason Faulkner wrote:
>
>>> trusted_networks 127.0.0.1
>>> internal_networks 127.0.0.1
>>>
>> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one. EVER.
>>
>
> I'm confused as to what you mean by this. I'm using these in my
> environment, and they do a good job of making sure that mail relayed
> through my internal networks don't get marked as spam.
I'm not sure about that either, but I would say that in many
environments, 127.0.0.1 belongs to both the trusted and internal
networks. In fact, it is hard to imagine an environment where
127.0.0.1 is neither trusted or internal, as it is the host running
spamassassin or it refers to an external trusted host.
Kind Regards,
Sander Holthaus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFFmjyTVf373DysOTURAs0zAKCsEg94xA6xSFsdXmLgpGOckoHe3wCbBtI5
H4fz32eweu9F2lMr78D9M1Q=
=ZnHh
-----END PGP SIGNATURE-----
Re: localhost bypass?
Posted by Jason Faulkner <jf...@broadwick.com>.
>> trusted_networks 127.0.0.1
>> internal_networks 127.0.0.1
>>
> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one. EVER.
>
I'm confused as to what you mean by this. I'm using these in my
environment, and they do a good job of making sure that mail relayed
through my internal networks don't get marked as spam.
--
Jason Faulkner
Systems Manager
Broadwick Corporation
(919) 459-2509
jfaulkne@broadwick.com
Re: localhost bypass? (spamass-milter) SUCCESS
Posted by "Thomas S. Crum" <ts...@aaawebsolution.com>.
Matt, thank you for pointing me away from sa and into the tools.
It turns out spamass-milter is where I needed to fix it... here is what
I did for my system... FreeBSD 5.3
I added the following to /etc/rc.conf
spamass_milter_flags="-f -p ${spamass_milter_socket} -i 127.0.0.1"
Then I restarted spamass-milter with:
/usr/local/etc/rc.d/spamass-milter.sh restart
Now mail from localhost no longer goes through sa. Hooray.
On Mon, 2007-01-01 at 19:18 -0500, Matt Kettler wrote:
> Thomas S. Crum wrote:
> > On Mon, 2007-01-01 at 17:17 -0500, Matt Kettler wrote:
> >
> >> To do that, you have to configure your tools to not call SA at all for
> >> such messages.
> >>
> >
> > I see.
> >
> >
> >> What kind of setup are you using to call SA?
> >>
> >
> > I am new to sa. Does spamd sound correct? Maybe spamass-milter? I
> > followed a howto and ended up with those in my rc.conf.
> >
> That is the tool that's calling SA, thus that's the tool that would have
> to bypass SA.. Unfortunately, I know very little about this tool myself.
>
> Hopefully someone else can jump in and help here.
>
>
Re: localhost bypass? (spamass-milter)
Posted by Matt Kettler <mk...@verizon.net>.
Thomas S. Crum wrote:
> On Mon, 2007-01-01 at 17:17 -0500, Matt Kettler wrote:
>
>> To do that, you have to configure your tools to not call SA at all for
>> such messages.
>>
>
> I see.
>
>
>> What kind of setup are you using to call SA?
>>
>
> I am new to sa. Does spamd sound correct? Maybe spamass-milter? I
> followed a howto and ended up with those in my rc.conf.
>
That is the tool that's calling SA, thus that's the tool that would have
to bypass SA.. Unfortunately, I know very little about this tool myself.
Hopefully someone else can jump in and help here.
Re: localhost bypass?
Posted by "Thomas S. Crum" <ts...@aaawebsolution.com>.
On Mon, 2007-01-01 at 17:17 -0500, Matt Kettler wrote:
> To do that, you have to configure your tools to not call SA at all for
> such messages.
I see.
>
> What kind of setup are you using to call SA?
I am new to sa. Does spamd sound correct? Maybe spamass-milter? I
followed a howto and ended up with those in my rc.conf.
> trusted_networks is *NOT* a whitelist. Do NOT try to use it as one.
EVER.
Gotcha. I will remove it.
Could anyone explain how to *not* send mail to sa? I am using sendmail
w/ the above mentioned.
Thank you.
Re: localhost bypass?
Posted by Matt Kettler <mk...@verizon.net>.
Thomas S. Crum wrote:
> How do I stop sa from processing mail relayed/originated from localhost,
> 127.0.0.1?
>
To do that, you have to configure your tools to not call SA at all for
such messages.
What kind of setup are you using to call SA?
> trusted_networks 127.0.0.1
> internal_networks 127.0.0.1
trusted_networks is *NOT* a whitelist. Do NOT try to use it as one. EVER.
These two settings alter the behavior of how SA applies RBL and
whitelist rules, as well as SPF checks. Please read the manual closely
before using these options. (that said, if your outer-most mailserver
(ie: your MX) is behind a NAT, you WILL need to use these settings.)
Re: localhost bypass?
Posted by Magnus Holmgren <ho...@lysator.liu.se>.
On Monday 01 January 2007 23:00, Thomas S. Crum wrote:
> How do I stop sa from processing mail relayed/originated from localhost,
> 127.0.0.1?
Don't give the mail to SA. SA will process everything it gets, and there is
(as of yet) no other way to prevent it.
> I tried:
> trusted_networks 127.0.0.1
> internal_networks 127.0.0.1
>
> But, it is still processing mail from localhost and adding this header:
>
> X-Spam-Status: No, score=0.6 required=5.0
> tests=ALL_TRUSTED,AWL,HTML_10_20,
> HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HEADER_CTYPE_ONLY,
> MIME_HTML_ONLY,NO_REAL_NAME autolearn=no version=3.1.7
Yes, it correctly identified that the mail only travelled through trusted
hosts. It also didn't query for those hosts (127.0.0.1 - I don't think it
would have anyway, but it doesn't matter). That's about all it means to be
trusted by SA.
--
Magnus Holmgren holmgren@lysator.liu.se
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans