[copied off list message back to list]
Russ Ringer wrote:
On Fri, 09 Dec 2005 18:02:58 -0500, you wrote:
On 09/12/2005 5:52 PM, Justin Mason wrote:
Matt Kettler writes:
Really I think the use of notfirsthop in DUL testing is just plain broken. SA
should only be checking the host that drops
Daryl C. W. O'Shea wrote:
> On 09/12/2005 6:30 PM, Matt Kettler wrote:
>
>>
>> Russ, Actually it looks like in SA 3.0.x and SA 3.1.0 the
>> trusted_networks
>> setting doesn't matter that much.
>
>
> Just so it's clear for anyone following along, Matt is referring to
> trusted_networks' affect o
On 09/12/2005 6:30 PM, Matt Kettler wrote:
Russ, Actually it looks like in SA 3.0.x and SA 3.1.0 the trusted_networks
setting doesn't matter that much.
Just so it's clear for anyone following along, Matt is referring to
trusted_networks' affect on DUL rules. Regardless of how it affects DUL
Russ Ringer wrote:
> On Thu, 8 Dec 2005 23:16:13 -0800, you wrote:
>
>
>>>Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>>
>>triggered. I don't see how this is correct, when the IP address that
>>triggered it was not the last hop. This rule should only be triggered
>>when "sent di
On 09/12/2005 6:13 PM, Russ Ringer wrote:
This does look kind of fishy. I think I see why the rule was tripped.
209.30.176.199 is listed in SORBS DUL
Looks like they are running proxy+ on a PPoX pool
computer and relaying through it, so I guess it makes sense to trip
the rule, or does it?
As I
On Thu, 8 Dec 2005 23:16:13 -0800, you wrote:
>> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>triggered. I don't see how this is correct, when the IP address that
>triggered it was not the last hop. This rule should only be triggered
>when "sent directly from dynamic IP address"
On 09/12/2005 5:52 PM, Justin Mason wrote:
Matt Kettler writes:
Really I think the use of notfirsthop in DUL testing is just plain broken. SA
should only be checking the host that drops off to your MX against the DULs. It
shouldn't be backtracking further.
To be honest, I'm inclined to agre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
> Daryl C. W. O'Shea wrote:
>
> > Mail to internal users (from roaming users) isn't the problem though.
> > It's mail to external sites that see that my smart host is the second
> > "public IP hop" and look it up in DUL. Since m
On 09/12/2005 5:30 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
Mail to internal users (from roaming users) isn't the problem though.
It's mail to external sites that see that my smart host is the second
"public IP hop" and look it up in DUL. Since my telco continues to
refuse to change m
Daryl C. W. O'Shea a écrit :
On 09/12/2005 5:17 PM, mouss wrote:
should I consider their "pop" server as an MX (I query it via
fetchmail) or is SA aware of fetchmail?
It's between their MX and you, so include it (along with their actual
MX, and any other hosts in between).
thanks a lo
Daryl C. W. O'Shea wrote:
> Mail to internal users (from roaming users) isn't the problem though.
> It's mail to external sites that see that my smart host is the second
> "public IP hop" and look it up in DUL. Since my telco continues to
> refuse to change my generic rDNS, my static IP has been
On 09/12/2005 5:17 PM, mouss wrote:
should I consider their "pop" server as an MX (I query it via fetchmail)
or is SA aware of fetchmail?
It's between their MX and you, so include it (along with their actual
MX, and any other hosts in between).
Daryl C. W. O'Shea a écrit :
This seems to be the case. one question here (or two?):
- some mail is relayed by an MSP. should I add his IP to the
trusted_networks so that SA "gets deeper" or should I just let SA do
its usual work?
Include the IPs for any host that receive mail on your behalf
On 09/12/2005 4:55 PM, mouss wrote:
Matt Kettler a écrit :
This seems to be the case. one question here (or two?):
- some mail is relayed by an MSP. should I add his IP to the
trusted_networks so that SA "gets deeper" or should I just let SA do its
usual work?
Include the IPs for any host
Matt Kettler a écrit :
I don't think it should. It should however trust your INBOUND header stating
that the mail was delivered from the apache.org listserv.
I'm not trying to make it trust your outbound headers, I'm actually trying to
make sure it DOES NOT trust them. In fact, I'm trying to ma
On 09/12/2005 4:42 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
The situation still sucks though. I can't have remote users use ESMTPSA
to send mail through our servers (without stripping received headers
before sending the message) since they'll have a public IP.
Sure you can. At lea
Daryl C. W. O'Shea wrote:
>
> The situation still sucks though. I can't have remote users use ESMTPSA
> to send mail through our servers (without stripping received headers
> before sending the message) since they'll have a public IP.
Sure you can. At least, if you're using SA 3.1.0 it will aut
On 09/12/2005 12:03 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
I suspect that the lack of affected mail in the scoring corpus is the
reason why it's gone unnoticed. I'd been meaning to run tests to
compare the hits between:
-- notfirsthop and firstuntrusted
I'd love to see that.
J
mouss wrote:
> Matt Kettler a écrit :
>
>>
>> That's kinda weird. Let's get a trusted_networks setup done properly and if
>> that
>> doesn't fix it, we'll revisit this.
>
>
> as Joan, said, it is because my mail is sent to the ML, then is received by
> my server. I don't think my SA should "tr
Matt Kettler a écrit :
That's kinda weird. Let's get a trusted_networks setup done properly and if that
doesn't fix it, we'll revisit this.
as Joan, said, it is because my mail is sent to the ML, then is received
by my server. I don't think my SA should "trust" my headers.
trusted_networ
Daryl C. W. O'Shea wrote:
> I suspect that the lack of affected mail in the scoring corpus is the
> reason why it's gone unnoticed. I'd been meaning to run tests to
> compare the hits between:
>
> -- notfirsthop and firstuntrusted
I'd love to see that.
> -- notfirsthop and "not private and
> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
triggered. I don't see how this is correct, when the IP address that
triggered it was not the last hop. This rule should only be triggered
when "sent directly from dynamic IP address"
If someone hasn't suggested it already, post your
OK, thanks for the clarification. I'm not sure if I trust myself, but
my mailserver now trusts itself :)
->Russ
On 08/12/2005 4:53 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
On 08/12/2005 3:52 PM, Matt Kettler wrote:
Technically, the "notfirsthop" is a misnomer, and a carry over from
really old
3.x reverted to the old way. Try it out.
I see you are correct. But why on earth did the deve
Daryl C. W. O'Shea wrote:
> On 08/12/2005 3:52 PM, Matt Kettler wrote:
>> Technically, the "notfirsthop" is a misnomer, and a carry over from
>> really old
>
> 3.x reverted to the old way. Try it out.
>
I see you are correct. But why on earth did the devels take a giant step
backwards and do t
From: Russ Ringer [mailto:[EMAIL PROTECTED]
>
> On Thu, 08 Dec 2005 15:24:29 -0500, you wrote:
>
> >On 08/12/2005 12:01 AM, Russ Ringer wrote:
> >
> >> and
> >> score ALL_TRUSTED 0
> >
> >What prompted you to zero the score for ALL_TRUSTED? If you are
> >seeing external mail with this rule hitti
Russ Ringer wrote:
> I think I did this a long time ago when I got scores lowered from
> ALL_TRUSTED. Nothing is trusted, it only gets mail from outside.
Bad admin, no biscuit..
"Nothing is trusted" is impossible in SA.
You *MUST* trust at least one host (your own server). In fact, it's impossib
On Thu, 08 Dec 2005 15:24:29 -0500, you wrote:
>On 08/12/2005 12:01 AM, Russ Ringer wrote:
>> I have:
>> internal_networks 10.0.0
>
>As long as your trusted_networks are the same (or blank as
>internal_networks will be copied if I remember correctly), that setting
>is fine as long as, on the ma
On 08/12/2005 3:24 PM, Daryl C. W. O'Shea wrote:
On 08/12/2005 12:01 AM, Russ Ringer wrote:
I have:
internal_networks 10.0.0
As long as your trusted_networks are the same (or blank as
internal_networks will be copied if I remember correctly), that setting
is fine as long as, on the machin
Russ Ringer wrote:
>>Is your trusted_networks set correctly? Note: if you have a NATed mailserver
>>you
>>MUST set this manually, otherwise SA will mis-detect external mailservers as
>>being a part of your network and this rule will misfire.
>>
>>Other common signs of incorrect trusted_networks ar
On 08/12/2005 3:52 PM, Matt Kettler wrote:
Daryl C. W. O'Shea wrote:
That's not what the rule is looking for (the last hop).
The rule will lookup any hop that is NOT the FIRST hop. Since the mail
first passes through a proxy (the hop we don't check as long as there
are other external hops) and
Daryl C. W. O'Shea wrote:
> On 08/12/2005 12:10 PM, Russ Ringer wrote:
>
>> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>> triggered. I don't see how this is correct, when the IP address that
>> triggered it was not the last hop. This rule should only be triggered
>> when "sent d
On 08/12/2005 12:10 PM, Russ Ringer wrote:
Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
triggered. I don't see how this is correct, when the IP address that
triggered it was not the last hop. This rule should only be triggered
when "sent directly from dynamic IP address"
That's
On 08/12/2005 12:01 AM, Russ Ringer wrote:
I have:
internal_networks 10.0.0
As long as your trusted_networks are the same (or blank as
internal_networks will be copied if I remember correctly), that setting
is fine as long as, on the machine running SpamAssassin,
mail.avtcorp.com resolves t
On Thu, 8 Dec 2005 03:34:44 -0800, you wrote:
>score ALL_TRUSTED 0
>
>This is simply masking the problem, not setting trusted_networks correctly.
>And it is only masking the obvious problem - there are inobvious problems
>that will still score incorrectly.
>
>If you remove that line and start seei
score ALL_TRUSTED 0
This is simply masking the problem, not setting trusted_networks correctly.
And it is only masking the obvious problem - there are inobvious problems
that will still score incorrectly.
If you remove that line and start seeing ALL_TRUSTED hits where you don't
think they should
On Donnerstag, 8. Dezember 2005 04:33 Kai Schaetzl wrote:
> Or one uses the safer aggregation list which doesn't
> contain spam.dnsbl.sorbs.net.
save.dnsbl.sorbs.net seems to be good (for me at least).
mfg zmi
--
// Michael Monnerie, Ing.BSc --- it-management Michael Monnerie
// http://zmi.at
>Is your trusted_networks set correctly? Note: if you have a NATed mailserver
>you
>MUST set this manually, otherwise SA will mis-detect external mailservers as
>being a part of your network and this rule will misfire.
>
>Other common signs of incorrect trusted_networks are ALL_TRUSTED matching s
On Thu, 08 Dec 2005 03:31:21 +0100, you wrote:
>2. next check if that IP delivered directly to you (= your mail server) or
>not.
>If yes, then this hit is legitimate. It's not your IP and it delivered
>directly to you. That's exactly the kind of IP you want to check if it is
>on a blacklist.
From: "Kai Schaetzl" <[EMAIL PROTECTED]>
Jdow wrote on Wed, 7 Dec 2005 19:18:31 -0800:
And it seems SORBS in whatever wisdom they have has Mouss'
free.fr smtp host tagged.
Well, if you would just go and check you'd know why it is on their list:
http://www.dnsstuff.com/tools/ip4r.ch?ip=212.27
Jdow wrote on Wed, 7 Dec 2005 19:18:31 -0800:
> And it seems SORBS in whatever wisdom they have has Mouss'
> free.fr smtp host tagged.
Well, if you would just go and check you'd know why it is on their list:
http://www.dnsstuff.com/tools/ip4r.ch?ip=212.27.42.29
As you see it's on their "spam re
From: "Matt Kettler" <[EMAIL PROTECTED]>
mouss wrote:
Matt Kettler a écrit :
Russ Ringer wrote:
Why did this message trigger these rules?
The email was not sent directly from a dial-up IP.
Is your trusted_networks set correctly? Note: if you have a NATed
mailserver you
MUST set this man
Mouss wrote on Thu, 08 Dec 2005 01:35:32 +0100:
> my own messages to this list get a RCVD_IN_SORBS on my own SA. my first
> reaction is to remove all sorbs tests (because I don't believe in
> sorbs), but I still wanna understand why this happens.
You have to make a distinction between an IP bei
mouss wrote:
> Matt Kettler a écrit :
>
>> Russ Ringer wrote:
>>
>>> Why did this message trigger these rules?
>>> The email was not sent directly from a dial-up IP.
>>
>>
>>
>> Is your trusted_networks set correctly? Note: if you have a NATed
>> mailserver you
>> MUST set this manually, otherwise
Matt Kettler a écrit :
Russ Ringer wrote:
Why did this message trigger these rules?
The email was not sent directly from a dial-up IP.
Is your trusted_networks set correctly? Note: if you have a NATed mailserver you
MUST set this manually, otherwise SA will mis-detect external mailservers as
Russ Ringer wrote:
> Why did this message trigger these rules?
> The email was not sent directly from a dial-up IP.
Is your trusted_networks set correctly? Note: if you have a NATed mailserver you
MUST set this manually, otherwise SA will mis-detect external mailservers as
being a part of your net
Why did this message trigger these rules?
The email was not sent directly from a dial-up IP.
RCVD_IN_NJABL_DUL
RBL: NJABL: dialup sender did non-local SMTP
[209.30.176.199 listed in combined.njabl.org]
RCVD_IN_SORBS_DUL
RBL: SORBS: sent directly from dynamic IP address
47 matches
Mail list logo
