Jo Rhett wrote:
RIGHT. So why are they Trusted?
On Oct 17, 2006, at 5:59 PM, Matt Kettler wrote:
Because there *HAS* to be a local. If there isn't, then the message
isn't at your server.
This is the whole point. If the message hasn't been Received: by a
local
server, it is by definition not in your network.
By feeding messages to SA without a local Received: header, you are
explicitly telling SA that the message is still in some other network,
not yours. So what's SA supposed to do?
Um... subtract points from the score as a backup approach? :-(
Seriously, if it is confused then 0 points. But *NEVER* trust
something because it was confused.
Does your bank give out cash from your bank account when confused?
If so, let me know where you bank...
Is SA supposed to know that the message magically appeared in your
mail
systems despite never being recorded as Received by them?
What should SA do if a message is being direct-delivered and has no
existing Recived: headers in it? Where should it decide the message
came
from?
Look, here's a message that got here from nowhere. It wasn't even
sent
by the localhost, it just spontaneously appeared in the mail system.
Nobody sent it, nobody Received it, it just appeared here.
This whole scenario is ridiculous.. OF COURSE spamassassin will break
when you feed it this.
But why does it break by subtracting points from the score? There's
no logic in that.
It can't possibly even TRY to make sense of it because required
records
are missing. How could SA behave properly in this case? What should
it do?
Nothing. Nothing or "0" is a good response. "-4.5" as I've seen on
some messages is *NEVER* an appropriate response to confusion.
Should SA inherently assume that some magic exists where messages can
magically poof from one mail queue to the next without ever being
transmitted over a mail transport protocol?
Should it assume hackers have taken over your server and are directly
inserting messages into your system without going through your MTA
(ie:
writing queue files directly?)
Or should it just misbehave so hopefully the admin realizes he
needs to
FIX a BROKEN SERVER.
Fine. Misbehave. Reject the message. But don't subtract points
from the score.
YES IT DOES! Sa makes basic assumptions about REALITY. Messages get
transmitted over the internet between mailservers. Durring this
process,
Received: headers are added as per RFC requirements for SMTP. SA
depends
on Received: those records generated by your own network. When your
network is broken, SA becomes broken, but why would you ever not add a
Received: header?
Ah, but the message has not yet been received. So adding a Received:
header is lying to SA. We're waiting for SA to pass judgement on the
mail before we accept it. Read the Milter spec.
The problem isn't SA breaking, it's the fact that a RFC required
piece
of information is missing from the message.
You really are off your rocker without a clue. Sorry, I thought I
was chatting with someone who grokked reality.
It's complete insanity to try to expect SA to behave properly
without a
local Received: header.
I never said that I expect SA to "behave properly". I said I wanted
it to not let more spam through. Failing gracefully is the right
response, and failing gracefully in this context is by not altering
the spam score.
--
Jo Rhett
Senior Network Engineer
Network Consonance
