MailScanner setting score ALL_TRUSTED 0???!!!!

Matt Kettler mkettler at EVI-INC.COM
Wed Mar 9 00:17:41 GMT 2005 

At 12:45 PM 1/14/2005, Julian Field wrote:
>- Added zero score for ALL_TRUSTED rule in SpamAssassin as it is known to
>   cause problems.

Ok, I know I'm responding very late to a version update, but I just now got
around to look at performing an upgrade. In doing so I read the changelogs
and my jaw hit the floor.

All I have to ask is:

Are you completely out of your mind Julian? Setting ALL_TRUSTED to zero
doesn't fix the problem, it covers up one of the early warning signs that
your system is misconfigured! This is like taking painkillers for a case of
gangrene, the pain is your warning sign to get help before the infection
kills you.


The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
being confused by one of two things:

         1) non RFC compliant Received: headers by the local MTA. All MTAs
supported by MailScanner default to using RFC compliant formats, but some
people modify them to be invalid.

         2) A network with a NATed gateway MX.

Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2)
needs to be fixed by setting a correct trusted_netwoks value in your local.cf.

Setting the score to zero prevents the "ALL_TRUSTED" problem from showing
up, but you're actually inhibiting the warning signs of a much more severe
problem that needs critical attention!

If SA's trust path is incorrectly configured you can have MANY other
problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust
path will cause FPs in the bonded sender tests in messages with forged
headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL. Just to
name a few of the problems that crop up from this.

The implications of a broken trust path are very severe. This is not a
problem that should be covered up one symptom at a time. It needs to be
fixed at the cause, or it's only going to get worse as SA makes more and
more use of the trust path code.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list