Vicki
the 'solution' is to set the trusted_networks and/or internal_networks options properly. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options for more details.
This really needs to be documented is big flashing lights, pref will something that shouts in the logs as well, and has a big brother that knocks on your door, phones you etc etc until you set the thing. :-)
Either that or behaves properly in th first place, which will happen in 3.1 I believe.
-- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300
Vicki Brown wrote:
At 10:45 -0800 03/20/2005, Jeff Chan wrote:
The trust path needs to be set correctly for things to work properly.
If the "trust path" is not "set correctly" by default, then the rule should not be enabled by default. That's just wrong.
It's nice to know it's not just me getting bitten by this
http://readlist.com/lists/incubator.apache.org/spamassassin-users/1/9592.html Subject: disabling ALL_TRUSTED Group: Spamassassin-users From: Arvinn Løkkebakken Date: 07 Feb 2005
How do I disable the ALL_TRUSTED test?
It's hitting spam more and more often by misinterpreting Received: headers, i.e. claiming the mail passed through trusted hosts when it didn't. That makes it a very dangerous setting since it may trigger auto-learning spam as ham. It allready has several times on my server.
http://bugzilla.spamassassin.org/show_bug.cgi?id=3636 ALL_TRUSTED rule is being triggered on E-Mail that is from a mail server outside of my network. Trusted networks are not specified in my config. * marked WONTFIX
http://www.paulstimesink.com/ pwestbro | 16 March, 2005 14:43
I have started seeing spam messages getting though my filter. It looks like it is being caused because the spammers are sending mail from computers that have not been listed as untrusted relays. So as spammers are taking over more and more zombie PCs, the ALL_TRUSTED rule is being triggered.
http://www.mailarchives.org/list/spam-assassin/msg/2004/12778 From: Matt Kettler [mailto:mkettler_sa@<protected>] Sent: Thu 11/4/2004 7:55 AM To: Jason Haar; SpamAssassin Users Subject: Re: Should ALL_TRUSTED be doing this?
At 04:20 PM 11/4/2004 +1300, Jason Haar wrote:
I've been getting a fair amount of missed spam with SA-3.01 that looks like it would have been caught if it wasn't for ALL_TRUSTED.
No, it should not.
You have one of two problems:
1) SA is confused about trust. This typically happens if your outer-most mailserver is address translated and has a reserved non-routable IP address assigned. SA generally assumes the first non-reserved IP is your outside MX, but this isn't true for a lot of networks that NAT their mailservers.
To fix: set trusted_networks manually in your local.cf. Include just your mailservers in this. ie if I had two servers, one external MX numbered 192.168.1.8 and a SA scanning box at 192.168.20.8 I could do this: trusted_networks 192.168.1.8/32 trusted_networks 192.168.20.8/32
2) The other case is SA can't parse your Received: headers. If you run a message through spamassassin -D you'll see debug lines complaining about it: debug: received-header: unknown format:
To fix: short term, force the score of ALL_TRUSTED to 0. score ALL_TRUSTED_0
If it's a received line starting with by, then it's this bug: http://bugzilla.spamassassin.org/show_bug.cgi?id=3600 Otherwise, create a new bug in the bugzilla, and attach a sample.
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager.
This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean.
**********************************************************************
