trusted networks?

Matt Kettler mkettler at EVI-INC.COM
Mon Apr 12 23:25:15 IST 2004


At 04:17 PM 4/12/2004, Ugo Bellavance wrote:
> > I am trying to find the proper way of not running spam-check (and
> > eventually blocking or tagging) locally generated mail.  I have tried
> > using the trusted_networks feature in spam.assassin.prefs.conf and so
> > far I on occasion have some messages that are generated
> > locally and are
> > dropped as spam.  It is not clear that it is spamassassin
> > that is doing
> > the dropping, and I have started logging the spam in the system logs.
> >
> > Is there something other than trusted_networks XXX.YYY.ZZZ/24 I should
> > be using?
> >
>
>I think it is better to use the
>
>Spam Checks =


I agree wholeheartedly... People often fail to understand what
"trusted_networks" really does, and it's purpose is NOT as a whitelisting
system.

Don't focus so much on the concept of "trust" here in terms of spam.. Think
of it in terms of relay headers. What servers do you trust to insert
Received: headers which are never forged, and are never from dialup users.

If you manually set trusted_networks, ONLY include the IP addresses of
properly functioning relay mailservers under your control (ie: those that
add Received: headers that SA will need to make sense of).

Never put clients, or non-header adding mailservers (ie: many varieties of
outlook) into the list. You'll break whitelist_from_rcvd if you do.

Never put ISP mailservers into the list, you'll break DYNABLOCK if you do.



More information about the MailScanner mailing list