-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Hatfield wrote: > I've seen a few uncaught spams lately with ALL_TRUSTED scored. > > I see that this is determined by a function called check_all_trusted(), > but my Perl isn't good enough to work out how this flag is determined. > > Mails are delivered direct via SMTP, not relayed from anywhere, so I > don't see that there should be any trusted relays in the chain.
Jim, This is a question more appropriate for the spamassassin list, as it is definitely in reference to the internals of SpamAssassin. Howerver; here's a basic breakdown of that ALL_TRUSTED means. the ALL_TRUSTED rule is evaluated based on the trust path. the trust path is determined automatically if it's not explicitly setup using the trusted_networks and internal_networks configuration directives. if your mail server is behind NAT, the trust path auto-determination routines will likely get confused, so you should define them manually. the trust path refers to MTAs that you explicitly trust NOT TO FORGE RECIEVED HEADERS. that's it. it's not a whitelist, it's not hosts you trust not to send spam. in most cases this should be your local mail host, its outward facing network address and any other MX hosts you have explicit control over. the trust path can affect other network related tests, so it's important to set it properly. You should check the SpamAssassin wiki for more details on the ALL_TRUSTED rule and setting the trust paths. HTH Alan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEi4u3E2gsBSKjZHQRAr6hAJ0VQn1+epCMWl94uONBbDPIzZi7bgCfSnGD ncmJlF4VpBADHrT/uEEbW8w= =+HDu -----END PGP SIGNATURE----- _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
