Bill Cole wrote: > On 11 Apr 2016, at 10:55, Helmut Schneider wrote: > > > Hi, > > > > for more than 6 months I'm trying to fix ALL_TRUSTED=-1 without > > success. > > Did it just start showing up 6 months ago on a previously-working > SpamAssassin installation, of was SA just set up 6 months ago and has > been broken the whole time?
I don't recall that it ever worked. > > Received: from XXX (XXX [172.20.12.10]) > > (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) > > (No client certificate requested) > > by XXX (Postfix) with ESMTPS > > for <XXX>; Mon, 11 Apr 2016 15:01:32 +0200 (CEST) > > Pipe that message into "spamassassin -t -D > dns,received-header,metadata" *running as the same user that runs > your Amavisd* and examine the first ~20 line of the debug output, > which will show you how SA is parsing those Received headers as well > as what version of Net::DNS you're using. Good point! Running spamassassin from command line works fine and does not trigger ALL_TRUSTED: Apr 12 09:49:27.475 [13767] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=193.109.254.103 rdns=mail6.bemta14.messagelabs.com helo=mail6.bemta14.messagelabs.com by=XX ident= envfrom= intl=0 id=0423F30E auth= msa=0 ] [ ip=85.158.140.195 rdns= helo= by=server-10.bemta-14.messagelabs.com ident= envfrom= intl=0 id=04/85-02972-8943C075 auth= msa=0 ] [ ip=104.47.100.68 rdns=mail-ma1ind01on0068.outbound.protection.outlook.com helo=IND01-MA1-obe.outbound.protection.outlook.com by=server-9.tower-193.messagelabs.com ident= envfrom= intl=0 id= auth= msa=0 ] [ ip=115.114.122.40 rdns=115.114.122.40 helo=115.114.122.40 by=BM1PR01MB0596.INDPRD01.PROD.OUTLOOK.COM ident= envfrom= intl=0 id=15.1.453.26 auth= msa=0 ] [ ip=115.114.122.40 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ] Amavisd runs chrooted, how can I debug SA while running from amavisd?
