You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/11/02 18:46:55 UTC
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
George Georgalis writes:
> On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
> >On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
> >> >Do you mean -0.001? Why would you want to penalise mail
> >> >coming thru a trusted path?
> >>
> >> It really doesn't matter to me what the score is, I just want to disable
> >> the test.
> >> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
> >>
> >> My /etc/spamassassin is the reference I replicate out to my other
> >> systems, and systems of my clients, which may or may not be on nat and
> >> certainly are on different networks.
> >>
> >> The setup I use routes mail at the tcp level, it's basically impossible
> >> for a message to reach spam assassin if it's from a trusted network.
> >So why not set trusted_networks to 127.0.0.1. That way you can
> >be certain that the rule will never fire. You'll also get the
> >benefit of the DNS blocklists been checked for the addresses in
> >the Received headers - with your current setup, its possible
> >that some of these will be marked as trusted, and as such you'll
> >lose the benefit of the RBL check.
>
> There is lots of reasons not to do something. What I'm not seeing
> is a reason why I can't stop trusted_networks from using cpu/dns.
>
> your idea sounds okay for some applications (and I'm changing from
> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
> address in headers looked up. I don't want any of them looked up.
> I hope it's okay for me to be that way.
Use -L.
> I am concerned about the IP a message is coming from, but in my setup,
> that is dealt with before SA ever sees the message.
>
> // George
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBh8gPMJF5cimLx9ARAj3tAJsHhoing635RRoUfrBYpcfO6fUbegCbBool
mZN44dP3FUspuEVV58K9knE=
=gJ+v
-----END PGP SIGNATURE-----
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Tue, Nov 02, 2004 at 09:46:55AM -0800, Justin Mason wrote:
>George Georgalis writes:
>> On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
>> >On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
>> >> >Do you mean -0.001? Why would you want to penalise mail
>> >> >coming thru a trusted path?
>> >>
>> >> It really doesn't matter to me what the score is, I just want to disable
>> >> the test.
>> >> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>> >>
>> >> My /etc/spamassassin is the reference I replicate out to my other
>> >> systems, and systems of my clients, which may or may not be on nat and
>> >> certainly are on different networks.
>> >>
>> >> The setup I use routes mail at the tcp level, it's basically impossible
>> >> for a message to reach spam assassin if it's from a trusted network.
>> >So why not set trusted_networks to 127.0.0.1. That way you can
>> >be certain that the rule will never fire. You'll also get the
>> >benefit of the DNS blocklists been checked for the addresses in
>> >the Received headers - with your current setup, its possible
>> >that some of these will be marked as trusted, and as such you'll
>> >lose the benefit of the RBL check.
>>
>> There is lots of reasons not to do something. What I'm not seeing
>> is a reason why I can't stop trusted_networks from using cpu/dns.
>>
>> your idea sounds okay for some applications (and I'm changing from
>> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
>> address in headers looked up. I don't want any of them looked up.
>> I hope it's okay for me to be that way.
>
>Use -L.
I had until I recently integrated SURBL, which is not compatable with -L.
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org