MailScanner setting score ALL_TRUSTED 0???!!!!

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 9 09:44:41 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

As someone who understands the trusted path system in SpamAssassin
better than I do, any chance you could give me some wording for the
comments?

Martin Hepworth wrote:

> Julian
>
> maybe a big comment in the spam.assassin.prefs.conf and updates to the
> doccy about this would be helpful.
>
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Julian Field wrote:
>
>> Matt Kettler wrote:
>>
>>> At 12:45 PM 1/14/2005, Julian Field wrote:
>>>
>>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is
>>>> known to
>>>>   cause problems.
>>>
>>>
>>>
>>>
>>> Ok, I know I'm responding very late to a version update, but I just
>>> now got
>>> around to look at performing an upgrade. In doing so I read the
>>> changelogs
>>> and my jaw hit the floor.
>>>
>>> All I have to ask is:
>>>
>>> Are you completely out of your mind Julian?
>>
>>
>>
>> Someone remind me to add that to the list of "ways of getting Jules to
>> ignore your email"
>> :-)
>>
>> I added it in response to a conversation on the SA list some time ago.
>> You know *far* more than I do about SpamAssassin, so  I will remove the
>> rule again.
>>
>> Thanks for the message.
>>
>>> Setting ALL_TRUSTED to zero
>>> doesn't fix the problem, it covers up one of the early warning signs
>>> that
>>> your system is misconfigured! This is like taking painkillers for a
>>> case of
>>> gangrene, the pain is your warning sign to get help before the
>>> infection
>>> kills you.
>>>
>>>
>>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
>>> being confused by one of two things:
>>>
>>>         1) non RFC compliant Received: headers by the local MTA. All
>>> MTAs
>>> supported by MailScanner default to using RFC compliant formats, but
>>> some
>>> people modify them to be invalid.
>>>
>>>         2) A network with a NATed gateway MX.
>>>
>>> Case 1) needs to be fixed by un-breaking your MTA configuration.
>>> Case 2)
>>> needs to be fixed by setting a correct trusted_netwoks value in your
>>> local.cf.
>>>
>>> Setting the score to zero prevents the "ALL_TRUSTED" problem from
>>> showing
>>> up, but you're actually inhibiting the warning signs of a much more
>>> severe
>>> problem that needs critical attention!
>>>
>>> If SA's trust path is incorrectly configured you can have MANY other
>>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken
>>> trust
>>> path will cause FPs in the bonded sender tests in messages with forged
>>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL.
>>> Just to
>>> name a few of the problems that crop up from this.
>>>
>>> The implications of a broken trust path are very severe. This is not a
>>> problem that should be covered up one symptom at a time. It needs to be
>>> fixed at the cause, or it's only going to get worse as SA makes more
>>> and
>>> more use of the trust path code.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> --
>> Julian Field
>> www.MailScanner.info
>> MailScanner thanks transtec Computers for their support
>> Buy the MailScanner book at www.MailScanner.info/store
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list