ALL_TRUSTED problems

Matt Kettler mkettler at evi-inc.com
Wed Feb 1 22:27:35 GMT 2006


dnsadmin 1bigthink.com wrote:

> 
> I read the whole thread dated 03/08- 03/10/2005. I still don't see the
> resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP
> to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why
> this was all of a sudden a factor on my server, when I can't say that it
> has been in the past. Could I have missed it?
> 
> It is possible, since I have Dynamic DNS customers on a Verizon network,
> and the IP neighborhood was close on this nasty spam, that SA was making
> an educated guess?

No. SA doesn't use that kind of smarts.

SA more-or-less does the following things when guessing trust path, Starting
with the most recent Received: header.
----
If the relay in the "by" clause resolves to a RFC 1918 reserved IP address,
trust the node and check the next.

If it's not private, trust the host and all others are untrusted.
----

Thus, SA should, by default, trust all servers with private IPs, and the first
one with a non-trusted IP.

Unless of course there is a trusted_networks declared, in which case SA trusts that.


Did you ever get your parsing problem resolved?? This thread is so huge I can't
even keep track of it.

If not, you need to find out why that isn't working first.

The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files
are NOT being parsed by spamassassin.

That is a a truly major problem with your system if it's still oging on. That's
horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you
can't get SA to honor your configuration.



More information about the MailScanner mailing list