You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by peter pilsl <pi...@goldfisch.at> on 2008/03/28 14:26:10 UTC

ALL_TRUSTED - problem (yes I set trusted_networks already)


Our mailserver is behind a NAT-firewall (port 25 is passed through to  
the internal mailserver) and I ran into the ALL_TRUSTED-problem. I  
looked up the FAQ and set

trusted_networks 127.0.0.1  (which actually gives me a warning that  
127.0.0.1 is already part of trusted_networks)

Nevertheless spamassassin ALL_TRUSTED kicks in.

example below.

The exact setup here is:

The firewall/router has a public IP to the outside and the mailserver  
is with a private ip in the inside.  Only port 25 is forwarded from  
the firewall directely to the mailserver, which also greets with the  
name of the public IP. I guess this is why trusted-networks kicks in  
somehow? or is it the the line Received from phoenix.local by  
phoenix.local via LMTPA ??


thnx for any advice,
peter


example:

Return-Path: <ro...@server.local>
Received: from phoenix.local (localhost [127.0.0.1])
          by phoenix.local (Cyrus v2.3.11) with LMTPA;
          Fri, 28 Mar 2008 14:06:03 +0100
X-Sieve: CMU Sieve 2.3
Received: from goldfisch.at (goldfisch.at [62.99.149.138])      by
  mail.mydomain.at (8.14.2/8.12.1) with ESMTP id m2SD5u09014687
  (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)   for
  <pe...@mydomain.at.at>; Fri, 28 Mar 2008 14:05:57 +0100
Received: from goldfisch.at (localhost.localdomain [127.0.0.1]) by
  goldfisch.at (8.12.10/8.12.1) with ESMTP id m2SD5oXZ016410
  (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)   for
  <pe...@mydomain.at.at>; Fri, 28 Mar 2008 14:05:50 +0100
Received: (from httpd139@localhost)     by goldfisch.at
  (8.12.10/8.12.1/Submit) id m2SD5orN016407      for peter.pilsl@mydomain.at;
  Fri, 28 Mar 2008 14:05:50 +0100
X-Authentication-Warning: goldfisch.at: httpd139 set sender to
  pilsl@goldfisch.at using -f
Received: from mail.mydomain.at (mail.mydomain.at [83.64.203.74])
  by www.goldfisch.at (Horde Framework) with HTTP; Fri, 28 Mar 2008 14:05:50
  +0100
Message-ID: <20...@www.goldfisch.at>
Date: Fri, 28 Mar 2008 14:05:50 +0100
From: peter pilsl <pi...@goldfisch.at>
To: "peter.pilsl   peter.pilsl" <pe...@mydomain.at>
Subject: maid
MIME-Version: 1.0
Content-Type: text/plain;       charset=ISO-8859-1;     DelSp="Yes";    
  format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.2-RC1)
X-Spam-Goldfisch-Score: -1.44
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on phoenix.local
X-Spam-Status: No, score=-1.4 required=3.5 tests=ALL_TRUSTED autolearn=ham
         version=3.2.3
X-Spam-Report: * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP

Re: ALL_TRUSTED - problem (yes I set trusted_networks already)

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 28.03.08 14:26, peter pilsl wrote:
> Our mailserver is behind a NAT-firewall (port 25 is passed through to  
> the internal mailserver) and I ran into the ALL_TRUSTED-problem. I  
> looked up the FAQ and set
> 
> trusted_networks 127.0.0.1  (which actually gives me a warning that  
> 127.0.0.1 is already part of trusted_networks)
> Nevertheless spamassassin ALL_TRUSTED kicks in.

are you sure it's the only trusted_networks setting on your server?
try clear_trusted_networks and check both personal and site-wide configs.

(127/8 is always in trusted_networks, so you don't need to ses it up)

do you have internal_networks and msa_networks set?

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Re: ALL_TRUSTED - problem (yes I set trusted_networks already)

Posted by mouss <mo...@netoyen.net>.

peter pilsl wrote:
>
>
> Our mailserver is behind a NAT-firewall (port 25 is passed through to 
> the internal mailserver) and I ran into the ALL_TRUSTED-problem. I 
> looked up the FAQ and set
>
> trusted_networks 127.0.0.1  (which actually gives me a warning that 
> 127.0.0.1 is already part of trusted_networks)

Unless you have a martian setup, 127.0.0.1 does not receive mail from 
outside. The IP you receive mail on should be added to tusted_networks:

trusted_networks 62.99.149.138


>
> Nevertheless spamassassin ALL_TRUSTED kicks in.
>
> example below.
>
> The exact setup here is:
>
> The firewall/router has a public IP to the outside and the mailserver 
> is with a private ip in the inside.  Only port 25 is forwarded from 
> the firewall directely to the mailserver, which also greets with the 
> name of the public IP. I guess this is why trusted-networks kicks in 
> somehow? or is it the the line Received from phoenix.local by 
> phoenix.local via LMTPA ??
>

do you run SA from cyrus? if not, that header is not present when SA 
scans the message.

>
> thnx for any advice,
> peter
>
>
> example:
>
> Return-Path: <ro...@server.local>
> Received: from phoenix.local (localhost [127.0.0.1])
>          by phoenix.local (Cyrus v2.3.11) with LMTPA;
>          Fri, 28 Mar 2008 14:06:03 +0100
> X-Sieve: CMU Sieve 2.3
> Received: from goldfisch.at (goldfisch.at [62.99.149.138])      by
>  mail.mydomain.at (8.14.2/8.12.1) with ESMTP id m2SD5u09014687
>  (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 
> verify=NO)   for
>  <pe...@mydomain.at.at>; Fri, 28 Mar 2008 14:05:57 +0100
> Received: from goldfisch.at (localhost.localdomain [127.0.0.1]) by
>  goldfisch.at (8.12.10/8.12.1) with ESMTP id m2SD5oXZ016410
>  (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 
> verify=NO)   for
>  <pe...@mydomain.at.at>; Fri, 28 Mar 2008 14:05:50 +0100
> Received: (from httpd139@localhost)     by goldfisch.at
>  (8.12.10/8.12.1/Submit) id m2SD5orN016407      for 
> peter.pilsl@mydomain.at;
>  Fri, 28 Mar 2008 14:05:50 +0100
> X-Authentication-Warning: goldfisch.at: httpd139 set sender to
>  pilsl@goldfisch.at using -f
> Received: from mail.mydomain.at (mail.mydomain.at [83.64.203.74])
>  by www.goldfisch.at (Horde Framework) with HTTP; Fri, 28 Mar 2008 
> 14:05:50
>  +0100
> Message-ID: <20...@www.goldfisch.at>
> Date: Fri, 28 Mar 2008 14:05:50 +0100
> From: peter pilsl <pi...@goldfisch.at>
> To: "peter.pilsl   peter.pilsl" <pe...@mydomain.at>
> Subject: maid
> MIME-Version: 1.0
> Content-Type: text/plain;       charset=ISO-8859-1;     DelSp="Yes";   
>  format="flowed"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
> User-Agent: Internet Messaging Program (IMP) H3 (4.2-RC1)
> X-Spam-Goldfisch-Score: -1.44
> X-Spam-Flag: NO
> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on phoenix.local
> X-Spam-Status: No, score=-1.4 required=3.5 tests=ALL_TRUSTED 
> autolearn=ham
>         version=3.2.3
> X-Spam-Report: * -1.4 ALL_TRUSTED Passed through trusted hosts only 
> via SMTP
>
>
>