On Fri, Mar 04, 2005 at 11:57:37AM -0500, Daryl C. W. O'Shea wrote: > Matt Kettler wrote: > >At 10:23 AM 3/4/2005, Matthew Newton wrote: > > > >>Just had a spam arrive that was given a -3.3 score for "ALL_TRUSTED". > >>Funny thing is that my local.cf contains the following: > >> > >> # we trust our local network > >> # removed: sa never used for internal originating spam. > >> clear_trusted_networks > >> #trusted_networks 143.210. > >> #internal_networks 143.210. > >> > >If no networks are declared trusted, SA will attempt to auto-detect. > > > >You can't, and don't want, to have no trusted hosts at all. That > >condition would break lots of things, including whitelist_from_rcvd. > > Just to clarify on what Matt said, you need and want (really, you do) to > trust the actual mail server itself. SA sees the message after the > local server's header is added, so you need to add the IP of that > machine (that appears in the header). > > Whatever you do, don't 'fix' it by setting ALL_TRUSTED to 0. > ALL_TRUSTED isn't the only thing that relies on a properly configured > trust path. DNSBLs won't work correctly (both to and against your > advantage) either.
OK, thanks. I still have problems exactly understanding the difference between trusted_networks and internal_networks is, though. My understanding is that trusted_networks is our entire ip address range, all hosts (143.210.0.0/16), and internal_networks is mail servers that we run? There are lots of mail servers, some of which I don't know about, and all machines can potentially send mail by connecting to our servers, so should I set this to 143.210. as well? (still remembering, of course, that SA is not scoring internal messages or those on the way out). Thanks -- Matthew Newton <[EMAIL PROTECTED]> UNIX and e-mail Systems Administrator, Network Support Section, Computer Centre, University of Leicester, Leicester LE1 7RH, United Kingdom
