ALL_TRUSTED problems
Matt Kettler
mkettler at evi-inc.com
Wed Feb 1 22:27:35 GMT 2006
dnsadmin 1bigthink.com wrote:
>
> I read the whole thread dated 03/08- 03/10/2005. I still don't see the
> resolution. I am not NAt'd. I am not gatewayed. I am cleared by my ISP
> to answer direct DNS PTR. I love Sprint, by the way! Nor do I see why
> this was all of a sudden a factor on my server, when I can't say that it
> has been in the past. Could I have missed it?
>
> It is possible, since I have Dynamic DNS customers on a Verizon network,
> and the IP neighborhood was close on this nasty spam, that SA was making
> an educated guess?
No. SA doesn't use that kind of smarts.
SA more-or-less does the following things when guessing trust path, Starting
with the most recent Received: header.
----
If the relay in the "by" clause resolves to a RFC 1918 reserved IP address,
trust the node and check the next.
If it's not private, trust the host and all others are untrusted.
----
Thus, SA should, by default, trust all servers with private IPs, and the first
one with a non-trusted IP.
Unless of course there is a trusted_networks declared, in which case SA trusts that.
Did you ever get your parsing problem resolved?? This thread is so huge I can't
even keep track of it.
If not, you need to find out why that isn't working first.
The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files
are NOT being parsed by spamassassin.
That is a a truly major problem with your system if it's still oging on. That's
horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you
can't get SA to honor your configuration.
More information about the MailScanner
mailing list