You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Marcel Veldhuizen <ma...@subbot.net> on 2005/05/15 23:53:50 UTC

Problem with ALL_TRUSTED

Hi,

I've been having problems with a specific spammer lately. He's sending me 
about 300 mails a day and they're all passing right through my filtering. 
Part of the problem is this:

* -2.8 ALL_TRUSTED Did not pass through any untrusted hosts

SpamAssassin thinks the mail comes directly from my host's mailserver, but 
it's overlooking a Received header. I think it's because of the 
X-Virus-Scan header in between. However I have no control over than 
particular header.

Is the order of headers a RFC violation in some way, or is this a SA 
problem? A full example email is attached.

Re: Problem with ALL_TRUSTED

Posted by Loren Wilton <lw...@earthlink.net>.

> * -2.8 ALL_TRUSTED Did not pass through any untrusted hosts
>
> SpamAssassin thinks the mail comes directly from my host's mailserver, but
> it's overlooking a Received header. I think it's because of the
> X-Virus-Scan header in between. However I have no control over than
> particular header.

Yea, that appears to be doing it.  From the setup you have, it looked like
the remote host was actually your mail gateway, so SA trusted it.

You need to set the trusted hosts correctly for your installation.  I'm not
conversant with how to do that, but there has been much mention of it on the
list in the last month or so, and I'm sure there are some wiki pages.  The
actual manual pages for SA describe the necessary config lines retty well.

        Loren

Re: Problem with ALL_TRUSTED

Posted by Bob Proulx <bo...@proulx.com>.

Marcel Veldhuizen wrote:
> * -2.8 ALL_TRUSTED Did not pass through any untrusted hosts
> 
> SpamAssassin thinks the mail comes directly from my host's mailserver, but 
> it's overlooking a Received header. I think it's because of the 
> X-Virus-Scan header in between. However I have no control over than 
> particular header.
> 
> Is the order of headers a RFC violation in some way, or is this a SA 
> problem? A full example email is attached.

Thanks for posting the headers.  It makes it much easier to see what
is going on.

Try setting the trusted_networks to include your mail gateway and your
mail scanner using localhost.

  trusted_networks 127.0.0.1
  trusted_networks 63.209.158.6

That will include the scanner address in the path

> Return-path: <su...@eminence-crew.de> 
> Envelope-to: marcel@hellfire.egelantier.subbot.net 
> Delivery-date: Sun, 15 May 2005 23:10:18 +0200 
> Received: from localhost ([127.0.0.1] ident=root) 
> 	by hellfire.egelantier.subbot.net with esmtp (Exim 4.50) 
> 	id 1DXQNO-0005rW-55 
> 	for marcel@hellfire.egelantier.subbot.net; Sun, 15 May 2005 23:10:18 +0200 

You scanner address of 127.0.0.1.

> Delivered-To: subbot.net-subspace@subbot.net 
> Received: from 63.209.158.6 [63.209.158.6] 
> 	by localhost with POP3 (fetchmail-6.2.5) 
> 	for marcel@hellfire.egelantier.subbot.net (single-drop); Sun, 15 May 2005 23:10:18 +0200 (CEST) 

Your mail gateway address of 63.209.158.6.  At least I assume this is
your gateway because it was the next address after the scanner.  But
it confused me that there were no addresses after this.

Bob