ALL_TRUSTED RULE due to sendmail to Mailscanner relay
Matt Kettler
mkettler at evi-inc.com
Thu Mar 27 14:57:21 GMT 2008
Brett Carruthers wrote:
> Hi,
>
> I was hoping someone could nudge me in the correct direction.
>
> My configuration has led me to have all of my mail to be listed as
> trusted due to sendmail sending the mail to mailscanner. Can I stop this
> extra header being written into the mail so my spam scores are not being
> lowered? The ALL_TRUSTED_RULE is giving each message a -1.80 score.
>
> I use sendmail and Mailscanner with FProt antivirus before mail reaches
> our mail server Scalix.
If your mailscanner server resolves "mailserv.iii.net.au " as a reserved IP (ie:
10.* or 192.168.*, 172... etc) then you need to set your trusted_networks manually.
SpamAssassin uses a trust-path guessing algorithm, but that algorithm assumes
the first public IP is your MX. However, that assumption breaks when your MX is
NAT mapped.
The fix is to declare trusted_networks manually, to give SA explicit
instructions about what hosts are trusted. It won't try to auto guess then.
(and no, there's no reliable sure-fire way for SA to figure out what your
network topology is based on the headers.. it makes its best guess)..
See also:
http://wiki.apache.org/spamassassin/TrustPath
More information about the MailScanner
mailing list