Re: ALL_TRUSTED creating a problem

Mon, 16 Oct 2006 22:58:38 -0700 

Matt Kettler wrote:

Jo Rhett wrote:

You're still babbling about NAT.  I could care less about NAT.  All
trusted breaks for EVERYONE, and EVERYONE ends up hardcoding
trusted_networks because auto detection is completely and utterly broken. 

Fine.. We'll ignore NAT. It's not your problem, I get it.

YOUR network is broken because YOUR network doesn't add Received:
headers before calling SA.. That's not EVERYONE, that's YOU.

Get your tools to add a local Received: header before you call SA, the
auto-detection code will start working.

After all, if you haven't Received: the message yet, how'd it get to SA?
Do your really expect SA to work on a message that doesn't even appear
to have been delivered to your domain yet?



As mentioned in my previous message, I have dozens of messages here that 
have as many as 12 received headers.  So perhaps I didn't get the 
Received header that will be added by this host.  What kind of logic 
says that it should trust a remote IP from a very random source that 
isn't authenticated by a local header?


Here's one from last week, before I disabled auto detection.

Received:       from elasmtp-spurfowl.atl.sa.earthlink.net
(elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by
triceratops.lizardarts.com (8.13.8/8.13.8) with ESMTP id k972fkHF066354
for <[EMAIL PROTECTED]>; Fri, 6 Oct 2006 19:41:46 -0700 (PDT)
(envelope-from [EMAIL PROTECTED])
Received:       from [66.32.20.12] (helo=[66.32.20.12]) by
elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34) id
1GW28H-0003Bs-QM for [EMAIL PROTECTED]; Fri, 06 Oct 2006 22:41:45 -0400
X-Spam-Status:  No, score=2.741 tagged_above=-1.99 required=4.01
tests=[ALL_TRUSTED=-1.44, DNS_FROM_RFC_ABUSE=0.479, HTML_MESSAGE=0.001,
RCVD_IN_NJABL_DUL=1.713, RCVD_IN_SORBS_DUL=1.988]


Now, in this case it's from my mother and valid, but it shows the 
problem.  Why is an earthlink host trusted?



Even if this problem with not having amavisd-milter insert a forged 
Received header into the message for SA to read, then it means that the 
only Received header to read would be


Received:       from [66.32.20.12] (helo=[66.32.20.12]) by
elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34) id
1GW28H-0003Bs-QM for [EMAIL PROTECTED]; Fri, 06 Oct 2006 22:41:45 -0400

So... why are we trusting 66.32.20.12 ?  Really?

--
Jo Rhett
Network/Software Engineer
Net Consonance






















					Reply via email to