You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Mathias Homann <ad...@eregion.de> on 2006/12/13 10:50:30 UTC
I need a little help with ALL_TRUSTED
Hi,
I'm having a bit of trouble with ALL_TRUSTED hits on spam, can someone gve me a hand here?
the situation is like this:
box A has an address in a 10.x.y/24 subnet, and is (sort of) connected to the internet by
destination nat'ing on our firewall, and is our external mail relay, running postfix 2.0.16.
All mails to valid adresses are forwarded to box B which sits on a different 10.a.0.0/16
subnet, and is our internal mail router running postfix 2.2.10, spamassassin 3.1.7 and
kasperski antivirus, and then forwarding most of the mail to our notes server, some of the
mails to an apple xserv, some to our otrs ticket server, and some are delivered into local
mailboxes.
now, whenever a spam mail is directly fed to box A from the spam source, instead of going
through some open relays on the internet first, it gets hit by ALL_TRUSTED, because the very
first Received: header that contains an ip adress then has a private rfc address.
What do i put into trusted_relays and/or internal_networks to get around that?
bye,
MH
--
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I
BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der
übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
Re: I need a little help with ALL_TRUSTED
Posted by Matt Kettler <mk...@verizon.net>.
Mathias Homann wrote:
> Hi,
>
>
> I'm having a bit of trouble with ALL_TRUSTED hits on spam, can someone gve me a hand here?
>
> the situation is like this:
>
> box A has an address in a 10.x.y/24 subnet, and is (sort of) connected to the internet by
> destination nat'ing on our firewall, and is our external mail relay, running postfix 2.0.16.
> All mails to valid adresses are forwarded to box B which sits on a different 10.a.0.0/16
> subnet, and is our internal mail router running postfix 2.2.10, spamassassin 3.1.7 and
> kasperski antivirus, and then forwarding most of the mail to our notes server, some of the
> mails to an apple xserv, some to our otrs ticket server, and some are delivered into local
> mailboxes.
>
> now, whenever a spam mail is directly fed to box A from the spam source, instead of going
> through some open relays on the internet first, it gets hit by ALL_TRUSTED, because the very
> first Received: header that contains an ip adress then has a private rfc address.
>
> What do i put into trusted_relays and/or internal_networks to get around that?
>
Put your IPs into trusted_networks, no more, no less.
Basically what's happening is SA by default assumes that if it sees a
non-routable IP, the first routable IP must also be a part of your
network, and any non-routable that can talk to that IP must also be a
part of your network.
However, if you're doing destination nat or static nat on your
mailserver, the first external is actually an Internet host, which
breaks the auto-guesser. Thus, you need to manually declare trusted
networks.
See also:
http://wiki.apache.org/spamassassin/TrustPath