Matt, Thank you for your reply. To everybody else who got on this topic and helped Robert :-)))
Does the score score ALL_TRUSTED -1.360 work only with trusted_networks <IP_addresses> ? As I mentioned I had the problem with AWL and turned it off. I now tend to enable it, but am afraid it has old scores in it. - Is there any way to display what it has? - Do you think I should zero out everything in AWL and start from scratch? How do I do that? Thank you for the help. I appreciate it very much. Irina ====================== ----- Original Message ----- From: "Matt Kettler" <[EMAIL PROTECTED]> To: "Irina" <[EMAIL PROTECTED]> Cc: <users@spamassassin.apache.org> Sent: Thursday, January 12, 2006 11:35 AM Subject: Re: AWL and trusted_networks > Irina wrote: > > Hello all, > > > > We getting much more spam lately than used to. I am looking at SA and > > seeing few things that either don't work properly or have not been set up > > (my fault I have to admit). I will start from a simple question. > > > > At some point we had a problem with AWL giving a positive score to our users > > forcing messages to be marked as spam. I disabled it. Later on I enabled > > trusted_networks which works ok (it give a minus score when I am sending a > > message). > > > > Here is my question. If trusted_networks are set right, will it ever > > give/add a positive score to AWL? > > Yes, it will give positive scores sometimes. But those scores shouldn't be > significant. > > Please read: > http://wiki.apache.org/spamassassin/AwlWrongWay > > > Basically, adding positive scores to nonspam and negative scores to spam is > normal for the AWL. It's only a problem when things get pushed too far one way > or another.(as you saw) > > A poorly defined trusted_networks can cause the AWL to not be able to tell the > difference between someone actually sending mail and someone else spoofing them. > That can cause errant AWL learning of spoofed spam/viruses/etc as being sent by > the real person. > > I suspect that you might have had this happen at your site, and setting > trusted_networks correctly should prevent that from re-occurring. >