From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> From the beginning of the thread, I noted that I was running 2.6x,
> but that may have gotten missed.
It was probably just overlooked as it is easy to forget which options
were supported on which versions. I just didn't take into account
that the opt
Bowie Bailey wrote:
> Good catch Alan, I hadn't noticed that. I think you're right about
the ALL_TRUSTED rule -- and, based on the debug output, right about
the internal_networks rule as well.
My comments have been based on settings for 3.04. I'm not sure if
your version wasn't mentioned bef
From: alan premselaar [mailto:[EMAIL PROTECTED]
>
> NFN Smith wrote:
> > Thanks for the ongoing feedback
> >
> > Bowie Bailey wrote:
> >>
> >> Also, you may want to save your email into a file and manually
> >> run it through SA to see what happens. Just add '-t -D' to the
> >> option list
>
NFN Smith wrote:
Thanks for the ongoing feedback
Bowie Bailey wrote:
Now that you've made those changes, post the headers from another
example email so we can see if anything changed.
See below.
Also, you may want to save your email into a file and manually run it
through SA to see
Thanks for the ongoing feedback
Bowie Bailey wrote:
Now that you've made those changes, post the headers from another
example email so we can see if anything changed.
See below.
Also, you may want to save your email into a file and manually run it
through SA to see what happens. Just
Alan Premselaar wrote:
NFN Smith wrote:
Following up on my own post. I'm still thrashing, and not getting any
difference in results.
...snip...
Sorry, I just have to ask. Since you're using MIMEDefang... you are
remembering to restart (or reload) mimedefang after making your changes,
r
NFN Smith wrote:
Following up on my own post. I'm still thrashing, and not getting any
difference in results.
...snip...
Sorry, I just have to ask. Since you're using MIMEDefang... you are
remembering to restart (or reload) mimedefang after making your changes,
right? and you're making c
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Following up on my own post. I'm still thrashing, and not
> getting any
> difference in results.
>
> NFN Smith wrote:
> >
> > OK, I've expanded my settings, but I'm still not making any
> > progress.
> >
> >
> >> trusted_networks64.65.1
Following up on my own post. I'm still thrashing, and not getting any
difference in results.
NFN Smith wrote:
You really do HAVE to trust all your own mail relays. Anything else is
just broken.
Agreed.
OK, I've expanded my settings, but I'm still not making any progress.
trusted_
Bowie Bailey wrote:
>
> My only question there was whether SA will implicitly trust the
> machine it is running on. After all, if you can't trust yourself, who
> can you trust? :)
If you explicitly set trusted_networks, then no, it won't SA will only trust the
hosts you tell it.
If you don't ha
Matt Kettler wrote:
Bowie Bailey wrote:
Ok, so here is what I see as far as the mail path:
- Sent from 24.249.175.230 ... untrusted
- Received by 68.99.120.79 ... trusted
- Received by pulsar.lfa.com ... untrusted (unless SA defaults the
local machine)
If pulsar.lfa.com is untrusted, a
From: Matt Kettler [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
>
> > Ok, so here is what I see as far as the mail path:
> >
> > - Sent from 24.249.175.230 ... untrusted
> > - Received by 68.99.120.79 ... trusted
> > - Received by pulsar.lfa.com ... untrusted (unless SA defaults the
> > l
Bowie Bailey wrote:
> Ok, so here is what I see as far as the mail path:
>
> - Sent from 24.249.175.230 ... untrusted
> - Received by 68.99.120.79 ... trusted
> - Received by pulsar.lfa.com ... untrusted (unless SA defaults the
> local machine)
>
If pulsar.lfa.com is untrusted, all headers w
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> From there, I've done more tinkering, but still not getting the
> results I want. Another try on raw data.
>
> Starting with settings in sa-mimedefang.cf:
>
> > # IP addresses of trusted hosts -- use these instead of whitelisting our
domains
> > tru
NFN Smith wrote:
Thus, in the results that I'm getting, I don't have something quite
right in the combination of definitions between trusted_networks and
whitelist_from_rcvd. From what I've figured out so far, I seem to be
close, but I'm missing something small.
Did you remember to restart y
Bowie Bailey wrote:
whitelist_from_rcvd
You can use this instead of whitelist_from. It requires a bit
more setup, but it is immune to the forgery problems of
whitelist_from. Use this to list each valid domainname/mailserver
combination. Note that this requires a correct interna
Bowie Bailey wrote:
It's definitely coming from an external network.
Yes, I understand that your servers are separated in different IP
blocks and in different facilities, but that is irrelevant. When I
say that the email is coming from an external network, what I mean is
that it is origin
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
>
>
> >>
> >>>X-Spam-Score: 6.87 (**) (required=4)
> >>>tests=CLICK_BELOW,EXCUSE_3,FREE_CONSULTATION,MAILTO_TO_REMOVE,
> >>>NO_OBLIGATION,ONE_TIME_MAILING,REMOVE_IN_QUOTES,REMOVE_SUBJ,RISK_FREE
> >
> > I don't see ALL_TRUSTED
NFN Smith wrote:
> The problem that we do have is that when we list our domains via
> whitelist_from, then incoming mail with forged From: lines that shows
> one of those domains (typically, the same domain as the addressee) is
> given a free pass.
Please don't use whitelist_from. Ever. For anyth
Bowie Bailey wrote:
X-Spam-Score: 6.87 (**) (required=4)
tests=CLICK_BELOW,EXCUSE_3,FREE_CONSULTATION,MAILTO_TO_REMOVE,
NO_OBLIGATION,ONE_TIME_MAILING,REMOVE_IN_QUOTES,REMOVE_SUBJ,RISK_FREE
I don't see ALL_TRUSTED, so apparently this email originated outside
of your network. Otherwise
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
>
> >>Is there any way of tracing the behavior, to see what's expected and
> >>how things aren't matching when a message actually comes through?
> >
> >
> > It sounds to me like your setup is working as expected. Mails
> > comin
Bowie Bailey wrote:
Is there any way of tracing the behavior, to see what's expected and
how things aren't matching when a message actually comes through?
It sounds to me like your setup is working as expected. Mails coming
from servers in your trusted_networks list will still be scanned for
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
> >>
> >>Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get
> >>a message from server aa.bb.cc.dd, I want both servers to trust
> >>each other, because I control both servers, and there's no
> >>intermediate relay be
Matt Kettler wrote:
NFN Smith wrote:
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then
NFN Smith wrote:
> Bowie Bailey wrote:
>
>
>>>
>>> Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
>>> message from server aa.bb.cc.dd, I want both servers to trust each
>>> other, because I control both servers, and there's no intermediate
>>> relay between the two.
>>
>>
>>
Bowie Bailey wrote:
Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
message from server aa.bb.cc.dd, I want both servers to trust each
other, because I control both servers, and there's no intermediate
relay between the two.
Then you just need to add one line to the con
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
> >
> > Trusted_networks has nothing to do with whether or not a message
> > is scanned for spam. Trusted_networks is simply a list of the
> > servers and networks that you trust not to forge header
> > information.
>
> OK. On t
Bowie Bailey wrote:
From: NFN Smith [mailto:[EMAIL PROTECTED]
Trusted_networks has nothing to do with whether or not a message is
scanned for spam. Trusted_networks is simply a list of the servers
and networks that you trust not to forge header information.
OK. On this particular situatio
From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> This might be one of those small "duh" things, but there's something
> I'm missing here.
>
> I'm running SpamAssassin 2.6, being launched from MIMEDefang as a
> sendmail milter.
>
> I have several servers and domains in a number of different IP
> blo
NFN Smith wrote:
> Since our users all send from known IP addresses, I prefer to trust by
> known server IP address, rather than named domain.
>
> I've found the trusted_networks setting, but when I apply a block of
> IP addresses (and restart MIMEDefang), and then send a spammy test
> message fro
My understanding is that trusted_networks only tells SA where the email
entered your control, and has nothing to do with categorizing email as
spam/ham. Wasn't there an email to this effect a couple of days ago? I
don't remember what that thread was about, however.
>>> NFN Smith <[EMAIL PROTECTED]
31 matches
Mail list logo
