Re: trusted_networks

Sat, 10 Dec 2005 04:12:58 -0800 

M. Lewis a écrit :
The only time I really notice this is when I recieve a spam that isn't marked as such. In the case below, had it not been for the trusted_networks, this spam would have clearly been marked as such. 


In the first example, I'm using fetchmail to drag down messages from a 
remote mailbox on another server. It appears to me that fetchmail is 
causing this to appear as it is coming from localhost 
(localhost.localdomain) and that is why _I think_ it is hitting the 
ALL_TRUSTED.



Mail that comes directly into my network (not via fetchmail) I do not 
believe ever has the ALL_TRUSTED as shown in the second example.



My trusted nework configs:

# Trusted
clear_trusted_networks
trusted_networks 192.168.1/24

# Internal
clear_internal_networks
internal_networks 192.168.1/24

Headers from a message where ALL_TRUSTED hit:

Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost.localdomain [127.0.0.1])
    by av.cajuninc.com (Postfix) with ESMTP id 5DBEE24F59E
    for <[EMAIL PROTECTED]>; Fri,  9 Dec 2005 18:40:25 -0500 (EST)
Received: from amavis.cajuninc.com ([127.0.0.1])
 by localhost (moe.cajuninc.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 24014-04 for <[EMAIL PROTECTED]>;
 Fri,  9 Dec 2005 18:40:06 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
    by dhcppc1.cajuninc.com (Postfix) with ESMTP
    for <[EMAIL PROTECTED]>; Fri,  9 Dec 2005 18:40:06 -0500 (EST)
Delivered-To: [EMAIL PROTECTED]
Received: from mail.lizardhill.com [64.125.72.2]
    by localhost with POP3 (fetchmail-6.2.5)

    for [EMAIL PROTECTED] (single-drop); Fri, 09 Dec 2005 18:40:06 -0500 
(EST)


running SA with -D shows the following line:
[4785] dbg: received-header: found fetchmail marker, restarting parse


so it really seems that SA is fetchmail-aware. It seems that the list of 
untrusted relays is reinitialized here. This is understandable since you 
"trust" your pop3 server.



Received: (qmail 845 invoked by uid 1279); 9 Dec 2005 23:37:07 -0000
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 832 invoked by uid 0); 9 Dec 2005 23:37:06 -0000
Received: from unknown (HELO 207.96.139.179) (unknown)
  by unknown with SMTP; 9 Dec 2005 23:37:06 -0000



but there is no info in this line for SA. so SA assumes the message was 
sent by your pop server (mail.lizardhill.com), and since you fetchmail 
it from localhost, it is trusted as well.



so may be SA should not set ALL_TRUSTED if fecthmail is used and such 
buggy line is found?





















					Reply via email to