MailScanner setting score ALL_TRUSTED 0???!!!!

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Wed Mar 9 09:23:54 GMT 2005 

Julian

maybe a big comment in the spam.assassin.prefs.conf and updates to the
doccy about this would be helpful.



--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


Julian Field wrote:
> Matt Kettler wrote:
>
>> At 12:45 PM 1/14/2005, Julian Field wrote:
>>
>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is
>>> known to
>>>   cause problems.
>>
>>
>>
>> Ok, I know I'm responding very late to a version update, but I just
>> now got
>> around to look at performing an upgrade. In doing so I read the
>> changelogs
>> and my jaw hit the floor.
>>
>> All I have to ask is:
>>
>> Are you completely out of your mind Julian?
>
>
> Someone remind me to add that to the list of "ways of getting Jules to
> ignore your email"
> :-)
>
> I added it in response to a conversation on the SA list some time ago.
> You know *far* more than I do about SpamAssassin, so  I will remove the
> rule again.
>
> Thanks for the message.
>
>> Setting ALL_TRUSTED to zero
>> doesn't fix the problem, it covers up one of the early warning signs that
>> your system is misconfigured! This is like taking painkillers for a
>> case of
>> gangrene, the pain is your warning sign to get help before the infection
>> kills you.
>>
>>
>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
>> being confused by one of two things:
>>
>>         1) non RFC compliant Received: headers by the local MTA. All MTAs
>> supported by MailScanner default to using RFC compliant formats, but some
>> people modify them to be invalid.
>>
>>         2) A network with a NATed gateway MX.
>>
>> Case 1) needs to be fixed by un-breaking your MTA configuration. Case 2)
>> needs to be fixed by setting a correct trusted_netwoks value in your
>> local.cf.
>>
>> Setting the score to zero prevents the "ALL_TRUSTED" problem from showing
>> up, but you're actually inhibiting the warning signs of a much more
>> severe
>> problem that needs critical attention!
>>
>> If SA's trust path is incorrectly configured you can have MANY other
>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken trust
>> path will cause FPs in the bonded sender tests in messages with forged
>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL.
>> Just to
>> name a few of the problems that crop up from this.
>>
>> The implications of a broken trust path are very severe. This is not a
>> problem that should be covered up one symptom at a time. It needs to be
>> fixed at the cause, or it's only going to get worse as SA makes more and
>> more use of the trust path code.
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list