You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/01/21 04:49:52 UTC

Re: ALL_TRUSTED alteration 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jason Philbrook writes:
> On the same topic... The SpamAssassin documentation doesn't describe
> this possibility, so this is why I ask the list for some clarification. 
> I have a mix of private and public addresses on my network which can
> send email. I have the public addresses listed in trusted_networks like
> this:
> 
> trusted_networks        69.39.96.0/20
> trusted_networks        12.149.230.0/24
> trusted_networks        12.25.52.0/23
> 
> I'd like to add the private addresses we use too, but I'm not sure if
> that would open up to more spam. If I added 10.0.0.0/8 as a trusted
> network, I'm afraid it could let it spam sent from other organizations'
> private networks that relay through their normal public network mail
> servers or firewalls. Sort of like setting 192.168.0.0 might let in
> every infected computer's email behind simple home nat boxes. Which
> networks does trusted_networks apply to, as an internet path is really a 
> whole bunch of networks?

trust extends "outwards" from the receiver, so once a message passes
through a single untrusted relay, all relays *before* that point
are also considered untrusted.  so this is safe.

- --j.

> TIA,
> Jason
> 
> On Thu, Jan 20, 2005 at 09:42:44AM -0500, Bowie Bailey wrote:
> > From: Martin Hepworth [mailto:martinh@solid-state-logic.com]
> > > 
> > > Craig Zeigler wrote:
> > > 
> > > > I am getting very obvious spam through my SA filters. The only
> > > > thing I think is that the value for ALL_TRUSTED is pushing it
> > > > below the threshold. Where do I go to alter this test's effect on
> > > > the spam count?  I have searched through all of the .cf files in
> > > > /usr/share/spamassassin and /etc/mail/spamassasin and can't figure
> > > > it out.
>  > > 
> > > > using SA version 3.0.1
> > > 
> > > add the following line to /etc/mail/spamassassin/local.cf
> > > 
> > > score ALL_TRUSTED 0.0
> > > 
> > > This will turn off that rule completely.
> > 
> > True, but a better idea is to configure SA so that the trust path
> > works properly.
> > 
> > Add some lines like the following to /etc/mail/spamassassin/local.cf
> > to specify the networks and mailservers you control.
> > 
> > trusted_networks 192.168.1.10
> > trusted_networks 172.16.
> > 
> > You can add either networks, or single hosts.  I prefer to add
> > networks so that I don't have to reconfigure if I add or move a
> > mailserver.
> > 
> > These settings specify to SA which mailservers should be trusted.  If
> > you don't specify, it has to guess, and it doesn't work well with
> > NATed networks.
> > 
> > For more info:
> > 
> > $ man Mail::SpamAssassin::Conf
> > 
> > Bowie
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFB8HvgMJF5cimLx9ARAsfnAJ9bXdCJylDXTG/KCOyiOZIZsa/H+wCgkPhb
i9zpSh3jPA1RnJBBf1BSdI8=
=QA0F
-----END PGP SIGNATURE-----