You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by George Georgalis <ge...@galis.org> on 2004/11/01 20:11:21 UTC
AWL and ABL Re: trusted_networks and ALL_TRUSTED
On Mon, Nov 01, 2004 at 02:03:36PM -0500, George Georgalis wrote:
>In any event, how is it disabled? I'm getting false negatives...
>
>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
>
>In my setup SA doesn't get _any_ trusted network connections, those
>connections are routed beforehand, so my quick fix is to "score
>ALL_TRUSTED 0"
those false negatives are also growing an AWL, which I also don't want.
-1.4 AWL AWL: From: address is in the auto white-list
how do I disable and purge any AWL and ABL generation, too?
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Tue, Nov 02, 2004 at 09:46:55AM -0800, Justin Mason wrote:
>George Georgalis writes:
>> On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
>> >On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
>> >> >Do you mean -0.001? Why would you want to penalise mail
>> >> >coming thru a trusted path?
>> >>
>> >> It really doesn't matter to me what the score is, I just want to disable
>> >> the test.
>> >> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>> >>
>> >> My /etc/spamassassin is the reference I replicate out to my other
>> >> systems, and systems of my clients, which may or may not be on nat and
>> >> certainly are on different networks.
>> >>
>> >> The setup I use routes mail at the tcp level, it's basically impossible
>> >> for a message to reach spam assassin if it's from a trusted network.
>> >So why not set trusted_networks to 127.0.0.1. That way you can
>> >be certain that the rule will never fire. You'll also get the
>> >benefit of the DNS blocklists been checked for the addresses in
>> >the Received headers - with your current setup, its possible
>> >that some of these will be marked as trusted, and as such you'll
>> >lose the benefit of the RBL check.
>>
>> There is lots of reasons not to do something. What I'm not seeing
>> is a reason why I can't stop trusted_networks from using cpu/dns.
>>
>> your idea sounds okay for some applications (and I'm changing from
>> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
>> address in headers looked up. I don't want any of them looked up.
>> I hope it's okay for me to be that way.
>
>Use -L.
I had until I recently integrated SURBL, which is not compatable with -L.
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Tue, Nov 02, 2004 at 03:40:02PM +0000, Sean Doherty wrote:
>On Tue, 2004-11-02 at 15:16, George Georgalis wrote:
>
>> >> The setup I use routes mail at the tcp level, it's basically impossible
>> >> for a message to reach spam assassin if it's from a trusted network.
>
>> >So why not set trusted_networks to 127.0.0.1. That way you can
>> >be certain that the rule will never fire. You'll also get the
>> >benefit of the DNS blocklists been checked for the addresses in
>> >the Received headers - with your current setup, its possible
>> >that some of these will be marked as trusted, and as such you'll
>> >lose the benefit of the RBL check.
>>
>> There is lots of reasons not to do something. What I'm not seeing
>> is a reason why I can't stop trusted_networks from using cpu/dns.
>
>> your idea sounds okay for some applications (and I'm changing from
>> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
>> address in headers looked up. I don't want any of them looked up.
>> I hope it's okay for me to be that way.
>>
>> I am concerned about the IP a message is coming from, but in my setup,
>> that is dealt with before SA ever sees the message.
>
>You can stop dns lookups by setting "dns_available no" which
>results in the following if trusted_networks is unset.
>
>debug: received-header: cannot use DNS, do not trust any hosts from here
>on
>
>However, this also disables SURBLs - which you probably still want!
>I don't think its possible to disable DNS lookups for trusted networks
>without also disabling it for the SURBLs.
Thanks, indeed I do use SURBLs. and am quite pleased with those!
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by Sean Doherty <se...@copperfasten.com>.
On Tue, 2004-11-02 at 15:16, George Georgalis wrote:
> >> The setup I use routes mail at the tcp level, it's basically impossible
> >> for a message to reach spam assassin if it's from a trusted network.
> >So why not set trusted_networks to 127.0.0.1. That way you can
> >be certain that the rule will never fire. You'll also get the
> >benefit of the DNS blocklists been checked for the addresses in
> >the Received headers - with your current setup, its possible
> >that some of these will be marked as trusted, and as such you'll
> >lose the benefit of the RBL check.
>
> There is lots of reasons not to do something. What I'm not seeing
> is a reason why I can't stop trusted_networks from using cpu/dns.
> your idea sounds okay for some applications (and I'm changing from
> 192.168 to 127.0.0.1 as a matter of course), but I don't want every
> address in headers looked up. I don't want any of them looked up.
> I hope it's okay for me to be that way.
>
> I am concerned about the IP a message is coming from, but in my setup,
> that is dealt with before SA ever sees the message.
You can stop dns lookups by setting "dns_available no" which
results in the following if trusted_networks is unset.
debug: received-header: cannot use DNS, do not trust any hosts from here
on
However, this also disables SURBLs - which you probably still want!
I don't think its possible to disable DNS lookups for trusted networks
without also disabling it for the SURBLs.
- Sean
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Tue, Nov 02, 2004 at 01:03:02PM +0000, Sean Doherty wrote:
>On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
>> >Do you mean -0.001? Why would you want to penalise mail
>> >coming thru a trusted path?
>>
>> It really doesn't matter to me what the score is, I just want to disable
>> the test.
>> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>>
>> My /etc/spamassassin is the reference I replicate out to my other
>> systems, and systems of my clients, which may or may not be on nat and
>> certainly are on different networks.
>>
>> The setup I use routes mail at the tcp level, it's basically impossible
>> for a message to reach spam assassin if it's from a trusted network.
>So why not set trusted_networks to 127.0.0.1. That way you can
>be certain that the rule will never fire. You'll also get the
>benefit of the DNS blocklists been checked for the addresses in
>the Received headers - with your current setup, its possible
>that some of these will be marked as trusted, and as such you'll
>lose the benefit of the RBL check.
There is lots of reasons not to do something. What I'm not seeing
is a reason why I can't stop trusted_networks from using cpu/dns.
your idea sounds okay for some applications (and I'm changing from
192.168 to 127.0.0.1 as a matter of course), but I don't want every
address in headers looked up. I don't want any of them looked up.
I hope it's okay for me to be that way.
I am concerned about the IP a message is coming from, but in my setup,
that is dealt with before SA ever sees the message.
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by Sean Doherty <se...@copperfasten.com>.
On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
> >Do you mean -0.001? Why would you want to penalise mail
> >coming thru a trusted path?
>
> It really doesn't matter to me what the score is, I just want to disable
> the test.
> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>
> My /etc/spamassassin is the reference I replicate out to my other
> systems, and systems of my clients, which may or may not be on nat and
> certainly are on different networks.
>
> The setup I use routes mail at the tcp level, it's basically impossible
> for a message to reach spam assassin if it's from a trusted network.
So why not set trusted_networks to 127.0.0.1. That way you can
be certain that the rule will never fire. You'll also get the
benefit of the DNS blocklists been checked for the addresses in
the Received headers - with your current setup, its possible
that some of these will be marked as trusted, and as such you'll
lose the benefit of the RBL check.
> I had scored ALL_TRUSTED to 0 but then decided I needed to know in
> test reports what was happening. I don't know how much cpu this test
> uses, but I'd like it to go away completely, or at have the option of
> disabling it.
>
> // George
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Tue, Nov 02, 2004 at 10:24:57AM +0000, Sean Doherty wrote:
>On Mon, 2004-11-01 at 20:37, George Georgalis wrote:
>
>> skip_rbl_checks 1
>> use_bayes 0
>>
>> noautolearn 1
>> use_auto_whitelist 0
>> score AWL 0.001
>>
>> trusted_networks 192.168.
>> score ALL_TRUSTED 0.001
>
>Do you mean -0.001? Why would you want to penalise mail
>coming thru a trusted path?
It really doesn't matter to me what the score is, I just want to disable
the test.
http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
My /etc/spamassassin is the reference I replicate out to my other
systems, and systems of my clients, which may or may not be on nat and
certainly are on different networks.
The setup I use routes mail at the tcp level, it's basically impossible
for a message to reach spam assassin if it's from a trusted network.
I had scored ALL_TRUSTED to 0 but then decided I needed to know in
test reports what was happening. I don't know how much cpu this test
uses, but I'd like it to go away completely, or at have the option of
disabling it.
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by Sean Doherty <se...@copperfasten.com>.
On Mon, 2004-11-01 at 20:37, George Georgalis wrote:
> skip_rbl_checks 1
> use_bayes 0
>
> noautolearn 1
> use_auto_whitelist 0
> score AWL 0.001
>
> trusted_networks 192.168.
> score ALL_TRUSTED 0.001
Do you mean -0.001? Why would you want to penalise mail
coming thru a trusted path?
- Sean
Re: AWL and ABL (use of score AWL statements)
Posted by Matt Kettler <mk...@evi-inc.com>.
At 03:37 PM 11/1/2004, George Georgalis wrote:
>Thanks, I've added that:
>
>skip_rbl_checks 1
>use_bayes 0
>
>noautolearn 1
>use_auto_whitelist 0
>score AWL 0.001
I've seen lots of people using the score statement on AWL. However, I
myself have serious doubts about the validity of doing that. The AWL
doesn't normally have a score statement, because it's a no-rule system
implemented entirely in the code.
Any devs who might know for sure care to comment?
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by George Georgalis <ge...@galis.org>.
On Mon, Nov 01, 2004 at 03:13:50PM -0500, Matt Kettler wrote:
>At 02:11 PM 11/1/2004, George Georgalis wrote:
>>those false negatives are also growing an AWL, which I also don't want.
>>
>>-1.4 AWL AWL: From: address is in the auto white-list
>>
>>how do I disable and purge any AWL and ABL generation, too?
>
>Well, there is no "ABL" just one system called AWL which works as both
>white and black.
>
>Disable it with:
> use_auto_whitelist 0
>
>You can purge it by removing the database files with rm -f. They should be
>in ~/.spamassassin/. Be sure SA isn't running when you delete them.
Thanks, I've added that:
skip_rbl_checks 1
use_bayes 0
noautolearn 1
use_auto_whitelist 0
score AWL 0.001
trusted_networks 192.168.
score ALL_TRUSTED 0.001
// George
--
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Re: AWL and ABL Re: trusted_networks and ALL_TRUSTED
Posted by Matt Kettler <mk...@evi-inc.com>.
At 02:11 PM 11/1/2004, George Georgalis wrote:
>those false negatives are also growing an AWL, which I also don't want.
>
>-1.4 AWL AWL: From: address is in the auto white-list
>
>how do I disable and purge any AWL and ABL generation, too?
Well, there is no "ABL" just one system called AWL which works as both
white and black.
Disable it with:
use_auto_whitelist 0
You can purge it by removing the database files with rm -f. They should be
in ~/.spamassassin/. Be sure SA isn't running when you delete them.