On Fri, 15 Apr 2016 12:35:24 +0100 RW wrote: > On Fri, 15 Apr 2016 10:10:13 +0000 (UTC) > Helmut Schneider wrote: > > > Hi, > > > > when further investigating my issue that ALL_TRUSTED is always true > > I came along the following lines when debugging SA: > > > > ... > > Apr 15 11:44:43.213 mail /usr/sbin/amavisd-new[9991]: (09991-02) SA > > dbg: received-header: originating, 195.245.231.135 and remaining > > relays will be considered trusted, but no longer internal > > ... > > > > So SA correctly identifies an relay as external but still trusts the > > whole path. Why? > > It looks like it's being seen as mail submission. Do you have > msa_networks set?
I had a look at the code, and it looks like that particular message with "but no longer internal" can only be be reached when a flag is set that asserts that the message was submitted. This causes the point at which trust would otherwise be broken to be treated as a submission server. That flag is never set in any SpamAssassin code; it will have been passed in from amavisd.
