MailScanner setting score ALL_TRUSTED 0???!!!!

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 9 17:44:55 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Kettler wrote:

> At 03:32 AM 3/9/2005, Julian Field wrote:
>
>> > Are you completely out of your mind Julian?
>>
>> Someone remind me to add that to the list of "ways of getting Jules to
>> ignore your email"
>> :-)
>
>
> Sorry Julian.. I just saw it and my jaw hit the floor. I know you're a
> smart guy

You're too kind :)

> so I assumed you must have been overcome by temporary insanity... :)

Wibble.... what's my name again? Where am I?

> Martin wrote:
>
>> Matt's probably they guy for this (given his comments on the SA list),
>> but something like in the SA docs...bit of mouthful, but covers it
>> nicely.
>
>
>
> Martin... the bit you suggested is about internal_networks, and not
> trusted_networks.. While SA defaults to considering nothing but localhost
> to be internal, it DOES default to trying to guess at trusted_networks.
> That's the crux of the problem... It guesses poorly in some cases.
>
> "If you're running with DNS checks enabled, SpamAssassin includes code to
> infer your trusted networks on the fly, so this may not be necessary.
> (Thanks to Scott Banister and Andrew Flury for the inspiration for this
> algorithm.) This inference works as follows: "
>
> And the inference algorithm works poorly if you have a NATed mailserver.
> SA's algorithm winds up trusting all reserved IP's (ie: any NATed host),
> plus the one non-reserved IP that delivered to a reserved IP. This works
> great for NAT networks with a normally addressed MX. It works poorly
> for a
> network where everything is NATed. Unfortunately, no algorithm can tell
> which of the two cases is going on, and trusting too few hosts is just as
> bad as trusting too many, so there's not much that can be done better
> on an
> automatic basis.
>
> Julian: Might I suggest this comment:
>
> If you have problems where ALL_TRUSTED is matching external email,
> including spam, then SpamAssassin has become confused about which
> hosts are
> a part of your trusted_networks. The most common cause of this is
> having a
> gateway mail exchanger that has a reserved IP and gets NATed by your
> firewall. Fortunately the problem is easy to fix by manually declaring a
> trusted_networks setting. See man Mail::SpamAssassin::Conf for details.
> Once manually set, SA won't try to guess.
>
> If that does not fix your problem, the other possibility is you have
> an MTA
> that generates malformed Received: headers. If you've modified your
> Received: header format, please put it back to the standard format.
> SpamAssassin is quite tolerant of deviations from the RFC 2822 format,
> but
> there are some combinations it can't handle. If the malformed headers are
> being made by some form of network appliance that you can't fix, report a
> bug to your vendor, and as a short-term fix set the score of
> ALL_TRUSTED to
> 0. However, realize that other problems may occur as a result of the
> mis-parsed headers and the root cause does need fixing.

That text sounds very good. I'll get it into the file I distribute.

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list