You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by John Rudd <jr...@ucsc.edu> on 2005/08/25 01:46:48 UTC

Feature Request: dynamic trusted_networks

That sounds odd, doesn't it?  "dynamic trusted_networks".  The whole 
point of a trusted network is that it's a specific network.  However, 
if a message came from a client who gave SMTP-AUTH, it ought to be 
"trusted" (and not subjected to the blacklist checks).  And that's what 
my feature request boils down to:

If the message was authenticated on the most immediate relay, then give 
a configuration option which says "trust this message as though it was 
from a trusted_network".  This could be as simple as allowing an 
argument to "trusted_networks" which is a word such as "authenticated", 
instead of being a network address.

Now, how to figure out whether or not the message was authenticated ... 
I'm not sure what that fingerprint looks like, or if there is one such 
fingerprint for all MTAs.

Re: Feature Request: dynamic trusted_networks

Posted by Thomas Hochstein <ml...@ancalagon.inka.de>.

"jdow" schrieb:

>> However, 
>> if a message came from a client who gave SMTP-AUTH, it ought to be 
>> "trusted" (and not subjected to the blacklist checks). 
>
> Would you care to expound on your theory here. What makes you think
> a valid SPF is a sign of a good guy? 

SMTP authentification has nothing - really nothing - to do with SPF.

-thh

Re: Feature Request: dynamic trusted_networks

Posted by John Rudd <jr...@ucsc.edu>.

On Aug 24, 2005, at 8:04 PM, jdow wrote:

> From: "John Rudd" <jr...@ucsc.edu>
>> That sounds odd, doesn't it?  "dynamic trusted_networks".  The whole 
>> point of a trusted network is that it's a specific network.  However, 
>> if a message came from a client who gave SMTP-AUTH, it ought to be 
>> "trusted" (and not subjected to the blacklist checks).  And that's 
>> what my feature request boils down to:
>
> Would you care to expound on your theory here. What makes you think
> a valid SPF is a sign of a good guy?


What makes you think SPF was in any way related to my message?

Perhaps some RTFMing is needed on your part.

Re: Feature Request: dynamic trusted_networks

Posted by jdow <jd...@earthlink.net>.

From: "John Rudd" <jr...@ucsc.edu>
> 
> That sounds odd, doesn't it?  "dynamic trusted_networks".  The whole 
> point of a trusted network is that it's a specific network.  However, 
> if a message came from a client who gave SMTP-AUTH, it ought to be 
> "trusted" (and not subjected to the blacklist checks).  And that's what 
> my feature request boils down to:

Would you care to expound on your theory here. What makes you think
a valid SPF is a sign of a good guy? Spammers can SPF their own
messages. All it does is cut down on bot spam, a very little. I do
have SPF running here. I give it a small scoring range for the
various possible SPF results. SPF present and violated gets a modest
plus score. SPF present and honored gives a very slight negative.
It does not turn up in my top tens of anything, ham or spam. It might
be in the top ten of "tests that never hit anything." But I doubt it
even qualifies for that award.

> If the message was authenticated on the most immediate relay, then give 
> a configuration option which says "trust this message as though it was 
> from a trusted_network".  This could be as simple as allowing an 
> argument to "trusted_networks" which is a word such as "authenticated", 
> instead of being a network address.
> 
> Now, how to figure out whether or not the message was authenticated ... 
> I'm not sure what that fingerprint looks like, or if there is one such 
> fingerprint for all MTAs.

Me paranoid old bitch. Me not trust anybody. Since I have to trust
somebody I do, nominally. (Then I run LOTS of SARE rules as well.)

{^_^}   As I say, "Me paranoid old bitch." I don't give spammers an
        micron in the "trust" gamble.