MailScanner setting score ALL_TRUSTED 0???!!!!
Julian Field
MailScanner at ecs.soton.ac.uk
Wed Mar 9 08:32:45 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Matt Kettler wrote:
> At 12:45 PM 1/14/2005, Julian Field wrote:
>
>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is
>> known to
>> cause problems.
>
>
> Ok, I know I'm responding very late to a version update, but I just
> now got
> around to look at performing an upgrade. In doing so I read the
> changelogs
> and my jaw hit the floor.
>
> All I have to ask is:
>
> Are you completely out of your mind Julian?
Someone remind me to add that to the list of "ways of getting Jules to
ignore your email"
:-)
I added it in response to a conversation on the SA list some time ago.
You know *far* more than I do about SpamAssassin, so I will remove the
rule again.
Thanks for the message.
> Setting ALL_TRUSTED to zero
> doesn't fix the problem, it covers up one of the early warning signs that
> your system is misconfigured! This is like taking painkillers for a
> case of
> gangrene, the pain is your warning sign to get help before the infection
> kills you.
>
>
> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
> being confused by one of two things:
>
> 1) non RFC compliant Received: headers by the local MTA. All MTAs
> supported by MailScanner default to using RFC compliant formats, but some
> people modify them to be invalid.
>
> 2) A network with a NATed gateway MX.
>
> Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2)
> needs to be fixed by setting a correct trusted_netwoks value in your
> local.cf.
>
> Setting the score to zero prevents the "ALL_TRUSTED" problem from showing
> up, but you're actually inhibiting the warning signs of a much more
> severe
> problem that needs critical attention!
>
> If SA's trust path is incorrectly configured you can have MANY other
> problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust
> path will cause FPs in the bonded sender tests in messages with forged
> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL.
> Just to
> name a few of the problems that crop up from this.
>
> The implications of a broken trust path are very severe. This is not a
> problem that should be covered up one symptom at a time. It needs to be
> fixed at the cause, or it's only going to get worse as SA makes more and
> more use of the trust path code.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list