ALL_TRUSTED problems

[Glenn Steen]

On 01/02/06, Matt Kettler <mkettler at evi-inc.com> wrote:
(snip)
> > It is possible, since I have Dynamic DNS customers on a Verizon network,
> > and the IP neighborhood was close on this nasty spam, that SA was making
> > an educated guess?
>
> No. SA doesn't use that kind of smarts.
>
> SA more-or-less does the following things when guessing trust path, Starting
> with the most recent Received: header.
> ----
> If the relay in the "by" clause resolves to a RFC 1918 reserved IP address,
> trust the node and check the next.
>
> If it's not private, trust the host and all others are untrusted.
> ----
>
> Thus, SA should, by default, trust all servers with private IPs, and the first
> one with a non-trusted IP.
>
> Unless of course there is a trusted_networks declared, in which case SA trusts that.
>

And while I was typing (*slowly*), Matt did shed some more light.
Thanks Matt, think I got it now.

>
> Did you ever get your parsing problem resolved?? This thread is so huge I can't
> even keep track of it.
>
> If not, you need to find out why that isn't working first.
>
> The fact that "score ALL_TRUSTED 0" doesn't work implies that your config files
> are NOT being parsed by spamassassin.
>
> That is a a truly major problem with your system if it's still oging on. That's
> horribly bad. Stop worrying about how ALL_TRUSTED works, and worry about why you
> can't get SA to honor your configuration.
>
Matt, there's two persons having slightly similar ALL_TRUSTED problems
in this thread, Richard Edge (who has the funky config you refer to)
and Glenn Parsons (who you replied to).
According to an earlier --lint quote from Richard, mailscanner.cf
actually does get read. ... <me getting real confused>:-/

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se