From: NFN Smith [mailto:[EMAIL PROTECTED] > > Bowie Bailey wrote: > > >>Is there any way of tracing the behavior, to see what's expected and > >>how things aren't matching when a message actually comes through? > > > > > > It sounds to me like your setup is working as expected. Mails > > coming from servers in your trusted_networks list will still be > > scanned for spam as normal. The only difference is that they may > > get the ALL_TRUSTED rule depending on exactly where the mail > > originated. > > > > Show us the X-Spam headers from one of your test emails so we can > > see exactly which rules are hitting. > > Thanks for the feedback. Here's what I have. > > > > > X-Spam-Score: 6.87 (******) (required=4) > > tests=CLICK_BELOW,EXCUSE_3,FREE_CONSULTATION,MAILTO_TO_REMOVE, > > NO_OBLIGATION,ONE_TIME_MAILING,REMOVE_IN_QUOTES,REMOVE_SUBJ,RISK_FREE
I don't see ALL_TRUSTED, so apparently this email originated outside of your network. Otherwise, there are no tests listed here that would be affected by your trusted_networks settings. > > Top received header shows: > > > Received: from foobar.com (foobar.com [1.2.3.4]) > > by alpha.example.com (8.13.1/8.13.1) with ESMTP id j8MKvFC4019879 > > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) > > for <[EMAIL PROTECTED]>; Thu, 22 Sep 2005 13:57:19 -0700 That looks like a faked header. Is your server really called "alpha.example.com"? You need to show the real headers if you want any meaningful feedback. Show the full list of received headers. You can mask the email addresses if you want, but leave the server names and IP addresses alone. And if you do change something, please say so or use ##### to make it obvious what was changed or masked. > Relevant sendmail log entries: These aren't particularly useful. What you need to show is this: 1. Your trusted_networks settings 2. ALL of the (unmunged) received headers from an email 3. All of the X-Spam headers from the same email 4. What is different from what you expected to see? As I said above, this looks like a normal email coming from outside of your network. If it really originated inside your network, then you need to fix your trusted_networks. Beyond that, everything looks normal as far as I can tell from the information provided. Bowie
