MailScanner setting score ALL_TRUSTED 0???!!!!

Matt Kettler mkettler at EVI-INC.COM
Wed Mar 9 21:34:26 GMT 2005


At 04:24 PM 3/9/2005, Jeff A. Earickson wrote:
>Wait a minute here...  Once this thread started up, I said "Ok,
>this is bad, I'll comment it out in my spam.assassin.prefs.conf".  I
>searched my syslogs and didn't find any previous reference to ALL_TRUSTED,
>so I figured this was ok.  Later I grep again, and find spam getting
>its score lowered because of this change:
>
>Mar  9 15:32:44 basalt <22>MailScanner[23467]: Message j29KWXqK021827 from
>72.9.241.18 (aw-confimer at ebay.com) to colby.edu is spam, SpamAssassin
>(score=7.07, required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, DCC_CHECK 2.17, ...
>
>This IP sure isn't anything I trust.  Referring to Matt Kettler's message
>about the two reasons for bogus trust, I wondered what my issue is.
>I run sendmail 8.13.3, so it should be RFC compliant.  I don't know
>what the network guy has done with NATing on our edge routers.  But our
>domain (137.146.0.0/16) only has one (real) MX and one machine I
>trust -- our mail server at 137.146.210.56.  I wouldn't expect NATing
>with a resolvable IP number, right?

That depends.. how does the machine running SA resolve basalt.colby.edu?
Just because it's resolvable as a public IP in one palace doesn't mean it's
a public IP everywhere.

For example,  you would resolve xanadu.evi-inc.com as 208.39.141.94... But
if xanadu or any internal host here at EVI resolves it, they get a
192.168.* IP address.. How? split dns. Xanadu is actualy a NATed
mailserver, and the DNS records published by the outside DNS server list
the public IP, while the inside DNS server lists the reserved IP.

Thus, I myself fall into a case where I need to define a trusted_networks
manually, although that may not be obvious to the outside observer.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list