MailScanner setting score ALL_TRUSTED 0???!!!!

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 9 08:32:45 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:

> At 12:45 PM 1/14/2005, Julian Field wrote:
>
>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is
>> known to
>>   cause problems.
>
>
> Ok, I know I'm responding very late to a version update, but I just
> now got
> around to look at performing an upgrade. In doing so I read the
> changelogs
> and my jaw hit the floor.
>
> All I have to ask is:
>
> Are you completely out of your mind Julian?

Someone remind me to add that to the list of "ways of getting Jules to
ignore your email"
:-)

I added it in response to a conversation on the SA list some time ago.
You know *far* more than I do about SpamAssassin, so  I will remove the
rule again.

Thanks for the message.

> Setting ALL_TRUSTED to zero
> doesn't fix the problem, it covers up one of the early warning signs that
> your system is misconfigured! This is like taking painkillers for a
> case of
> gangrene, the pain is your warning sign to get help before the infection
> kills you.
>
>
> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
> being confused by one of two things:
>
>         1) non RFC compliant Received: headers by the local MTA. All MTAs
> supported by MailScanner default to using RFC compliant formats, but some
> people modify them to be invalid.
>
>         2) A network with a NATed gateway MX.
>
> Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2)
> needs to be fixed by setting a correct trusted_netwoks value in your
> local.cf.
>
> Setting the score to zero prevents the "ALL_TRUSTED" problem from showing
> up, but you're actually inhibiting the warning signs of a much more
> severe
> problem that needs critical attention!
>
> If SA's trust path is incorrectly configured you can have MANY other
> problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust
> path will cause FPs in the bonded sender tests in messages with forged
> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL.
> Just to
> name a few of the problems that crop up from this.
>
> The implications of a broken trust path are very severe. This is not a
> problem that should be covered up one symptom at a time. It needs to be
> fixed at the cause, or it's only going to get worse as SA makes more and
> more use of the trust path code.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list