----- Original Message ----- From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> To: "Matt Kettler" <[EMAIL PROTECTED]> Cc: "Matthew Newton" <[EMAIL PROTECTED]>; <users@spamassassin.apache.org> Sent: Friday, March 04, 2005 10:57 AM Subject: Re: ALL_TRUSTED rule hit, but haven't set any trusted networks
> Matt Kettler wrote: > > At 10:23 AM 3/4/2005, Matthew Newton wrote: > > > >> Just had a spam arrive that was given a -3.3 score for "ALL_TRUSTED". > >> Funny thing is that my local.cf contains the following: > >> > >> # we trust our local network > >> # removed: sa never used for internal originating spam. > >> clear_trusted_networks > >> #trusted_networks 143.210. > >> #internal_networks 143.210. > >> > >> because I commented the lines out a couple of months or more ago. SA is > >> only run (using exiscan) for messages coming in to our network from > >> external hosts, so it should never fire on this rule as far as I can > >> see. > > > > > > If no networks are declared trusted, SA will attempt to auto-detect. > > > > You can't, and don't want, to have no trusted hosts at all. That > > condition would break lots of things, including whitelist_from_rcvd. > > Just to clarify on what Matt said, you need and want (really, you do) to > trust the actual mail server itself. SA sees the message after the > local server's header is added, so you need to add the IP of that > machine (that appears in the header). > > Whatever you do, don't 'fix' it by setting ALL_TRUSTED to 0. > ALL_TRUSTED isn't the only thing that relies on a properly configured > trust path. DNSBLs won't work correctly (both to and against your > advantage) either. > > > Daryl > This looks like another "reserved IP" issue, as discussed in this thread: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/62078 If you look at the original received header, it shows an IP address of 71.8.202.198, which spamassassin sees as a reserved, and thus trusted, IP. The above-referenced thread includes a fix for this issue. Sandy
