You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@evi-inc.com> on 2004/08/10 02:02:29 UTC
Re: -2.8 ALL_TRUSTED Did not pass through any
untrusted hosts????
At 07:11 PM 8/9/2004, Doug Block wrote:
>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
>
>How do I turn this off in SA-3.0.0pre4?
>I have the following in user_pref
>
>Score ALL_TRUSTED 0 (this should rescore to ZERO right)
Yes, but de-capitalize Score to score.
It will actually completely disable evaluation of the rule as well.
That said, it sounds like you need to manually set your trusted_networks
and internal_networks. In the past happened when your mailserver is behind
a NAT, which yours seems to be. I've not verified the behavior of 3.0 yet,
but it appears to have the same curse. You may also will have FP problems
with dialup RBLs until they are set up properly.
you might want to start off with:
trusted_networks 10.0.0.0/8
internal_networks <mailserver_ip>/32
(Note: the meaning of trusted_networks is a bit different in SA 3.0. 2.6x's
"trusted_networks" is pretty close to "internal_networks" in sa 3.0)
RE: -2.8 ALL_TRUSTED Did not pass through any untrusted hosts????
Posted by Doug Block <li...@efastfunding.com>.
-> -----Original Message-----
-> From: Jay Levitt [mailto:jay-spama@shopwatch.org]
-> Sent: Monday, August 09, 2004 9:05 PM
-> To: spamassassin-users@incubator.apache.org
-> Subject: Re: -2.8 ALL_TRUSTED Did not pass through any
-> untrusted hosts????
->
->
-> Matt Kettler wrote:
->
-> > That said, it sounds like you need to manually set your
-> > trusted_networks and internal_networks. In the past
-> happened when your
-> > mailserver is behind a NAT, which yours seems to be. I've
-> not verified
-> > the behavior of 3.0 yet, but it appears to have the same
-> curse. You
-> > may also will have FP problems with dialup RBLs until they
-> are set up
-> > properly.
->
-> Actually, as I posted a few days ago, it looks like the concept of
-> "trusted" is pretty horribly broken for the purposes of ALL_TRUSTED,
-> even when SA properly determines your network. Direct-to-MX
-> spam, or
-> spam including relay hops that can't determine an IP
-> address, is still
-> considered "trusted".
->
-> Jay
->
->
It appears that I need to manual add the trusted network to my config and as
extra I also added the internal net which my only servers are on in my
network.
So far everything is working fine when I check the debug. I have not seen a
spam that has not-trust in it or anything like that but I am back out to
95%+ upon checking my spamtrap accounts so it working because when I
upgraded to SA3.0.0pre4 I was down to 50% at best due to the trust problem.
THANKS I will know more in about 24hrs
Re: -2.8 ALL_TRUSTED Did not pass through any untrusted
hosts????
Posted by Jay Levitt <ja...@shopwatch.org>.
Matt Kettler wrote:
> That said, it sounds like you need to manually set your
> trusted_networks and internal_networks. In the past happened when your
> mailserver is behind a NAT, which yours seems to be. I've not verified
> the behavior of 3.0 yet, but it appears to have the same curse. You
> may also will have FP problems with dialup RBLs until they are set up
> properly.
Actually, as I posted a few days ago, it looks like the concept of
"trusted" is pretty horribly broken for the purposes of ALL_TRUSTED,
even when SA properly determines your network. Direct-to-MX spam, or
spam including relay hops that can't determine an IP address, is still
considered "trusted".
Jay