trusted_networks and ALL_TRUSTED

1 Nov 2004 12:57:27 -0000 

Hi,

I'm looking for some clarification on trusted_networks, the 
ALL_TRUSTED rule, and in particular how trusted_networks are 
inferred if not specified in local.cf.

Since upgrading to 3.0.1 I have seen an increase in false
negatives, which would have otherwise been caught if not for
the ALL_TRUSTED rule firing.

I don't have trusted_networks set in local.cf, so SpamAssassin
will use the inference algorithm as specified in the docs:

- if the 'from' IP address is on the same /16 network as the top
  Received line's 'by' host, it's trusted 
- if the address of the 'from' host is in a reserved network range, 
  then it's trusted 
- if any addresses of the 'by' host is in a reserved network range, 
  then it's trusted

My postfix mail server, that runs SpamAssasin is in a reserved
network range (10.0.0.53) and processes only incoming mail. The
following msg snippet (Received headers) results in the ALL_TRUSTED 
rule firing:

Received: from 206.81.84.119 (unknown [206.81.84.119]) by
marvin.copperfasten.com (Postfix) with SMTP id 127ACEBC7F for
<[EMAIL PROTECTED]>; Mon,  1 Nov 2004 11:09:24 +0000 (GMT)
Received: from 206.81.84.119 by mail003.datapropo.com; Mon, 01 Nov 2004
16:02:51 +0500

With trusted_networks unset I get the following with I debug
the msg with Spamassassin:

debug: looking up PTR record for '206.81.84.119'
debug: PTR for '206.81.84.119': '206-81-84-119.info-goals.com'
debug: received-header: parsed as [ ip=206.81.84.119
rdns=206-81-84-119.info-goals.com helo=206.81.84.119
by=marvin.copperfasten.com ident= envfrom= intl=0 id=127ACEBC7F ]
debug: looking up A records for 'marvin.copperfasten.com'
debug: A records for 'marvin.copperfasten.com': 10.0.0.53
debug: looking up A records for 'marvin.copperfasten.com'
debug: A records for 'marvin.copperfasten.com': 10.0.0.53
debug: received-header: 'by' marvin.copperfasten.com has reserved IP
10.0.0.53
debug: received-header: 'by' marvin.copperfasten.com has no public IPs
debug: received-header: relay 206.81.84.119 trusted? yes internal? no

I'm assuming that 206.81.84.119 is trusted since the following
condition of the inference algorithm fires:

- if any addresses of the 'by' host is in a reserved network range, 
  then it's trusted

However, I would have thought that this would imply that the 10.0.0.53
host is trusted and not any servers connecting to it. 

Can someone please clarify this for me? Also should I be specifying
10.0.0.53 in trusted_networks in local.cf?

Regards,
                - Sean

Reply via email to