ALL_TRUSTED problems

Glenn Steen glenn.steen at
Wed Feb 1 23:03:51 GMT 2006

On 01/02/06, Matt Kettler <mkettler at> wrote:
> > It is possible, since I have Dynamic DNS customers on a Verizon network,
> > and the IP neighborhood was close on this nasty spam, that SA was making
> > an educated guess?
> No. SA doesn't use that kind of smarts.
> SA more-or-less does the following things when guessing trust path, Starting
> with the most recent Received: header.
> ----
> If the relay in the "by" clause resolves to a RFC 1918 reserved IP address,
> trust the node and check the next.
> If it's not private, trust the host and all others are untrusted.
> ----
> Thus, SA should, by default, trust all servers with private IPs, and the first
> one with a non-trusted IP.
> Unless of course there is a trusted_networks declared, in which case SA trusts that.

And while I was typing (*slowly*), Matt did shed some more light.
Thanks Matt, think I got it now.

> Did you ever get your parsing problem resolved?? This thread is so huge I can't
> even keep track of it.
> If not, you need to find out why that isn't working first.
> The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files
> are NOT being parsed by spamassassin.
> That is a a truly major problem with your system if it's still oging on. That's
> horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you
> can't get SA to honor your configuration.
Matt, there's two persons having slightly similar ALL_TRUSTED problems
in this thread, Richard Edge (who has the funky config you refer to)
and Glenn Parsons (who you replied to).
According to an earlier --lint quote from Richard,
actually does get read. ... <me getting real confused>:-/

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list