You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bowie Bailey <Bo...@BUC.com> on 2005/10/07 22:04:45 UTC

RE: ALL_TRUSTED (was: Spam increase after "upgrade" to 3.03 on De bian Stable)

From: Bill Moseley [mailto:moseley@hank.org]
> 
> On Fri, Oct 07, 2005 at 12:57:10PM -0400, Bowie Bailey wrote:
> > If you don't specify trusted_networks or internal_networks, SA
> > tries to guess at your network.  It assumes that the first
> > non-private IP that it sees is your external mail relay.  If your
> > frontline mailserver has a private IP, then the server that is
> > sending to you is assumed to be your external relay and is
> > trusted.  The result is that all mail that doesn't pass through
> > more than one mail relay before getting to you will be marked
> > ALL_TRUSTED.
> 
> Not sure I'm following.  You mean the defaults don't work on a mail
> server with a public IP and an internal 192.168 net?

The defaults will not work properly if your front-line mailserver has
a private (192.168) IP address.  In that case, you must manually
configure trusted_networks.  (Manual configuration is a good idea
anyway)

> 
> I just got this:
> 
>     Return-path: noelle.moran55@state.mn.us
>     Envelope-to: dotster@hank.org
>     Delivery-date: Fri, 07 Oct 2005 12:10:40 -0700
>     Received: from [71.114.166.156] (helo=mailbox.hu)
>             by mardy.hank.org with smtp (Exim 4.50)
>             id 1ENxc8-0006mB-2h
>             for dotster@hank.org; Fri, 07 Oct 2005 12:10:40 -0700
>     Received: from 251.150.107.4 by smtp.state.mn.us;
>             Fri, 07 Oct 2005 19:03:58 +0000
>     Message-ID: <cb...@mailbox.hu>
>     From: Noelle Moran <no...@state.mn.us>
>     [...]
> 
> 
>     -2.8 ALL_TRUSTED    Did not pass through any untrusted hosts

Ok...

251.150.107.4  -->  smtp.state.mn.us
71.114.166.156 -->  mardy.hank.org

What results do you get on your SA box from these two commands?
    dig smtp.state.mn.us
    dig mardy.hank.org

This is what "man Mail::SpamAssassin::Conf has to say about the
automatic trust algorithm:

    *   if the 'from' IP address is on the same /16 network as the top
        Received line's 'by' host, it's trusted

    *   if the address of the 'from' host is in a private network
        range, then it's trusted

    *   if any addresses of the 'by' host is in a private network
        range, then it's trusted

Of course, if you manually set trusted_networks, then that logic will
be replace by a simple check to see if the 'by' host is in your
trusted_networks list.  (Although this may not be quite right as the
manpage doesn't specify exactly what is checked.)

Either way, once you come to an untrusted received line, all lines
below that are also considered untrusted.

Bowie