MailScanner setting score ALL_TRUSTED 0???!!!!
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Wed Mar 9 10:04:00 GMT 2005
Julian
Matt's probably they guy for this (given his comments on the SA list),
but something like in the SA docs...bit of mouthful, but covers it nicely.
internal_networks ip.add.re.ss[/mask] ... (default: none)
What networks or hosts are 'internal' in your setup. Internal means
that relay hosts on these networks are considered to be MXes for your
domain(s), or internal relays. This uses the same format as
trusted_networks, above.
This value is used when checking 'dial-up' or dynamic IP address
blocklists, in order to detect direct-to-MX spamming. Trusted relays
that accept mail directly from dial-up connections should not be listed
in internal_networks. List them only in trusted_networks.
If trusted_networks is set and internal_networks is not, the value
of trusted_networks will be used for this parameter.
If neither trusted_networks or internal_networks is set, no
addresses will be considered local; in other words, any relays past the
machine where SpamAssassin is running will be considered external.
and point them at..
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Julian Field wrote:
> As someone who understands the trusted path system in SpamAssassin
> better than I do, any chance you could give me some wording for the
> comments?
>
> Martin Hepworth wrote:
>
>> Julian
>>
>> maybe a big comment in the spam.assassin.prefs.conf and updates to the
>> doccy about this would be helpful.
>>
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Julian Field wrote:
>>
>>> Matt Kettler wrote:
>>>
>>>> At 12:45 PM 1/14/2005, Julian Field wrote:
>>>>
>>>>> - Added zero score for ALL_TRUSTED rule in SpamAssassin as it is
>>>>> known to
>>>>> cause problems.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Ok, I know I'm responding very late to a version update, but I just
>>>> now got
>>>> around to look at performing an upgrade. In doing so I read the
>>>> changelogs
>>>> and my jaw hit the floor.
>>>>
>>>> All I have to ask is:
>>>>
>>>> Are you completely out of your mind Julian?
>>>
>>>
>>>
>>>
>>> Someone remind me to add that to the list of "ways of getting Jules to
>>> ignore your email"
>>> :-)
>>>
>>> I added it in response to a conversation on the SA list some time ago.
>>> You know *far* more than I do about SpamAssassin, so I will remove the
>>> rule again.
>>>
>>> Thanks for the message.
>>>
>>>> Setting ALL_TRUSTED to zero
>>>> doesn't fix the problem, it covers up one of the early warning signs
>>>> that
>>>> your system is misconfigured! This is like taking painkillers for a
>>>> case of
>>>> gangrene, the pain is your warning sign to get help before the
>>>> infection
>>>> kills you.
>>>>
>>>>
>>>> The fundamental cause of ALL_TRUSTED misfiring is SA's trust path code
>>>> being confused by one of two things:
>>>>
>>>> 1) non RFC compliant Received: headers by the local MTA. All
>>>> MTAs
>>>> supported by MailScanner default to using RFC compliant formats, but
>>>> some
>>>> people modify them to be invalid.
>>>>
>>>> 2) A network with a NATed gateway MX.
>>>>
>>>> Case 1) needs to be fixed by un-breaking your MTA configuration.
>>>> Case 2)
>>>> needs to be fixed by setting a correct trusted_netwoks value in your
>>>> local.cf.
>>>>
>>>> Setting the score to zero prevents the "ALL_TRUSTED" problem from
>>>> showing
>>>> up, but you're actually inhibiting the warning signs of a much more
>>>> severe
>>>> problem that needs critical attention!
>>>>
>>>> If SA's trust path is incorrectly configured you can have MANY other
>>>> problems, ALL_TRUSTED mis-firing is just the first sign. The broken
>>>> trust
>>>> path will cause FPs in the bonded sender tests in messages with forged
>>>> headers, FNs AND FPs in whitelist_from_rcvd, FPs in any dialup RBL.
>>>> Just to
>>>> name a few of the problems that crop up from this.
>>>>
>>>> The implications of a broken trust path are very severe. This is not a
>>>> problem that should be covered up one symptom at a time. It needs to be
>>>> fixed at the cause, or it's only going to get worse as SA makes more
>>>> and
>>>> more use of the trust path code.
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>
>>> --
>>> Julian Field
>>> www.MailScanner.info
>>> MailScanner thanks transtec Computers for their support
>>> Buy the MailScanner book at www.MailScanner.info/store
>>>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list