On 3/29/2010 11:40 AM, Kaleb Hosie wrote: > I'm having a problem with the trusted_networks option. Right now I have it > set to: > > trusted_networks 10.0.1/24 > > In postfix, I need to have spamassassin listed under > "smtpd_recipient_restrictions" so that it will only scan incoming emails > however it would be handy to get this option working if at all possible so it > won't scan outgoing emails. > > When I try to use this option; I login through telnet port 25, and send the > test spam string (from the 10.0.1.0 subnet) it still gets caught in spam. Am > I doing something wrong or is there another option I need to choose? > > Thanks! > Kaleb > >
Trusted in this case means "trusted to not forge headers, and while unlikely to originate spam, this host might relay it." For example, your front-end MX would be trusted if your SA runs on an internal server the MX relays to. It will definitely forward whatever spam it gets, because it forwards all mail. trusted_networks is not a whitelisting mechanism. You can check if your trust is working by seeing if messages that are only handled by trusted hosts match the ALL_TRUSTED rule. This rule carries a small negative score, but cannot outweigh the GTUBE sample. In fact, even our whitelist mechanisms won't outweigh a GTUBE. GTUBE is meant to *ALWAYS* be marked as spam if SA scans it, regardless of whitelist settings.
