On 2023-06-23 at 22:12:50 UTC-0400 (Sat, 24 Jun 2023 02:12:50 +0000
(UTC))
Denny Jones via users <lhweb...@aol.com>
is rumored to have said:
Hello,
Spamassassin Version: 3.4.2Amavisd-new Vrsion: 2.7.1
ALL_TRUSTED is always in every header:Here's an example header:
[snip]
I have both internal_networks and trusted_networks set correctly.
I have a sneaking suspicion that this is not actually true. Unless you
consider Adobe's servers trusted, which you absolutely should not. It is
not unknown to have a typo cause this sort of problem.
If I run those headers with a dummy body thru SA4, I do not get
ALL_TRUSTED and I do get MSPIKE and DNSWL hits indicating the
192.28.155.24 address of Adobe's machine as the relevant (i.e. last
external) relay.
I don't know where to look to stop this from happening.
Review your configuration files. Make sure that Amavis is not using some
alternative configuration with insane *_network settings.
I've tried adding clear_internal_networks and clear_trusted_networks
You probably noticed I bumped up the ALL_TRUSTED score but even if use
the default value (-1) it still fires on every message.
It will fire unless the score is zero.
But don't do that. If SA cannot properly determine external relays, it
is crippled.
Any clues as to where to start sleuthing this?
Start with a command-line check using the "spamassassin" script. If it
doesn't show the same hits as the run via Amavis, find the evil Amavis
config file.
If spamassassin has the same problem, you can run with the debug option
(-D) and a suitable set of channels. The output from "-D all" is
voluminous, but it will show you what config files were loaded, how the
Received headers were parsed, and all (or nearly all) of the many things
SA does internally. See
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/DebugChannels
for details.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
