At 10:45 -0800 03/20/2005, Jeff Chan wrote: >The trust path needs to be set correctly for things to >work properly.
If the "trust path" is not "set correctly" by default, then the rule should not be enabled by default. That's just wrong. It's nice to know it's not just me getting bitten by this http://readlist.com/lists/incubator.apache.org/spamassassin-users/1/9592.html Subject: disabling ALL_TRUSTED Group: Spamassassin-users From: Arvinn Løkkebakken Date: 07 Feb 2005 How do I disable the ALL_TRUSTED test? It's hitting spam more and more often by misinterpreting Received: headers, i.e. claiming the mail passed through trusted hosts when it didn't. That makes it a very dangerous setting since it may trigger auto-learning spam as ham. It allready has several times on my server. http://bugzilla.spamassassin.org/show_bug.cgi?id=3636 ALL_TRUSTED rule is being triggered on E-Mail that is from a mail server outside of my network. Trusted networks are not specified in my config. * marked WONTFIX http://www.paulstimesink.com/ pwestbro | 16 March, 2005 14:43 I have started seeing spam messages getting though my filter. It looks like it is being caused because the spammers are sending mail from computers that have not been listed as untrusted relays. So as spammers are taking over more and more zombie PCs, the ALL_TRUSTED rule is being triggered. http://www.mailarchives.org/list/spam-assassin/msg/2004/12778 From: Matt Kettler [mailto:mkettler_sa@<protected>] Sent: Thu 11/4/2004 7:55 AM To: Jason Haar; SpamAssassin Users Subject: Re: Should ALL_TRUSTED be doing this? At 04:20 PM 11/4/2004 +1300, Jason Haar wrote: I've been getting a fair amount of missed spam with SA-3.01 that looks like it would have been caught if it wasn't for ALL_TRUSTED. No, it should not. You have one of two problems: 1) SA is confused about trust. This typically happens if your outer-most mailserver is address translated and has a reserved non-routable IP address assigned. SA generally assumes the first non-reserved IP is your outside MX, but this isn't true for a lot of networks that NAT their mailservers. To fix: set trusted_networks manually in your local.cf. Include just your mailservers in this. ie if I had two servers, one external MX numbered 192.168.1.8 and a SA scanning box at 192.168.20.8 I could do this: trusted_networks 192.168.1.8/32 trusted_networks 192.168.20.8/32 2) The other case is SA can't parse your Received: headers. If you run a message through spamassassin -D you'll see debug lines complaining about it: debug: received-header: unknown format: To fix: short term, force the score of ALL_TRUSTED to 0. score ALL_TRUSTED_0 If it's a received line starting with by, then it's this bug: http://bugzilla.spamassassin.org/show_bug.cgi?id=3600 Otherwise, create a new bug in the bugzilla, and attach a sample. -- Vicki Brown ZZZ Journeyman Sourceror: zz |\ _,,,---,,_ Code, Docs, Process, Scripts & Philtres zz /,`.-'`' -. ;-;;,_ Perl, WWW, Mac OS X http://cfcl.com/vlb |,4- ) )-,_. ,\ ( `'-' SF Bay Area, CA USA _______________________ '---''(_/--' `-'\_) ___________________________
