Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


George Georgalis writes:
> On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
> >On Tue, 2004-11-02 at 12:50, George Georgalis wrote: 
> >> >Do you mean -0.001? Why would you want to penalise mail
> >> >coming thru a trusted path?
> >> 
> >> It really doesn't matter to me what the score is, I just want to disable
> >> the test.
> >> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
> >> 
> >> My /etc/spamassassin is the reference I replicate out to my other
> >> systems, and systems of my clients, which may or may not be on nat and
> >> certainly are on different networks.
> >> 
> >> The setup I use routes mail at the tcp level, it's basically impossible
> >> for a message to reach spam assassin if it's from a trusted network.
> >So why not set trusted_networks to 127.0.0.1. That way you can
> >be certain that the rule will never fire. You'll also get the
> >benefit of the DNS blocklists been checked for the addresses in
> >the Received headers - with your current setup, its possible 
> >that some of these will be marked as trusted, and as such you'll
> >lose the benefit of the RBL check.
> 
> There is lots of reasons not to do something. What I'm not seeing
> is a reason why I can't stop trusted_networks from using cpu/dns.
> 
> your idea sounds okay for some applications (and I'm changing from
> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
> address in headers looked up. I don't want any of them looked up.
> I hope it's okay for me to be that way.

Use -L.

> I am concerned about the IP a message is coming from, but in my setup,
> that is dealt with before SA ever sees the message.
> 
> // George

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBh8gPMJF5cimLx9ARAj3tAJsHhoing635RRoUfrBYpcfO6fUbegCbBool
mZN44dP3FUspuEVV58K9knE=
=gJ+v
-----END PGP SIGNATURE-----

Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED

[George Georgalis <ge...@galis.org>]

On Tue, Nov 02, 2004 at 09:46:55AM -0800, Justin Mason wrote:
>George Georgalis writes:
>> On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
>> >On Tue, 2004-11-02 at 12:50, George Georgalis wrote: 
>> >> >Do you mean -0.001? Why would you want to penalise mail
>> >> >coming thru a trusted path?
>> >> 
>> >> It really doesn't matter to me what the score is, I just want to disable
>> >> the test.
>> >> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>> >> 
>> >> My /etc/spamassassin is the reference I replicate out to my other
>> >> systems, and systems of my clients, which may or may not be on nat and
>> >> certainly are on different networks.
>> >> 
>> >> The setup I use routes mail at the tcp level, it's basically impossible
>> >> for a message to reach spam assassin if it's from a trusted network.
>> >So why not set trusted_networks to 127.0.0.1. That way you can
>> >be certain that the rule will never fire. You'll also get the
>> >benefit of the DNS blocklists been checked for the addresses in
>> >the Received headers - with your current setup, its possible 
>> >that some of these will be marked as trusted, and as such you'll
>> >lose the benefit of the RBL check.
>> 
>> There is lots of reasons not to do something. What I'm not seeing
>> is a reason why I can't stop trusted_networks from using cpu/dns.
>> 
>> your idea sounds okay for some applications (and I'm changing from
>> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
>> address in headers looked up. I don't want any of them looked up.
>> I hope it's okay for me to be that way.
>
>Use -L.

I had until I recently integrated SURBL, which is not compatable with -L.

// George

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org