Matt Kettler wrote:
>Try forcing a trusted_networks statement that contains _only_ your mailserver.
Doesn't help. (BTW, this interface is not NATed.)
Here's some debug output, with only names changed and bayes lines removed.
Note that trusted = yes:
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: Final PATH set to:
/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/pierre/bin
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: bayes: 3910 tie-ing to DB file R/O /usr/mail/spamassassin/bayes_toks
debug: bayes: 3910 tie-ing to DB file R/O /usr/mail/spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: Score set 3 chosen.
debug: Initialising learner
debug: received-header: parsed as [ ip=192.168.1.10
rdns=wcr_nt_server25.community.int helo=wcr_nt_server25.community.int
by=mail1.rifton.com ident= ]
debug: received-header: relay 192.168.1.10 trusted? yes
debug: is Net::DNS::Resolver available? yes
debug: trying (3) leo.org...
debug: looking up MX for 'leo.org'
debug: MX for 'leo.org' exists? 1
debug: MX lookup of leo.org succeeded => Dns available (set dns_available to
hardcode)
debug: is DNS available? 1
debug: all '*From' addrs: [EMAIL PROTECTED]
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: bayes corpus size: nspam = 8408, nham = 4223
debug: uri tests: Done uriRE
debug: running raw-body-text per-line regexp tests; score so far=0
debug: running uri tests; score so far=0
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=0
debug: DCCifd is not available: no r/w dccifd socket found.
debug: Current PATH is: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
debug: executable for dccproc was found at /usr/local/bin/dccproc
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-WEiAPG-Metrics: mail1.rifton.com 1072; Body=4
Fuz1=4
debug: leaving helper-app run mode
debug: all '*To' addrs: [EMAIL PROTECTED]
debug: RBL: success for 1 of 1 queries
debug: running meta tests; score so far=0
debug: auto-learn? ham=0.1, spam=10, body-hits=0, head-hits=0
debug: auto-learn: currently using scoreset 3. recomputing score based on
scoreset 1.
debug: Score set 1 chosen.
debug: auto-learn: original score: 0, recomputed score: 0
debug: Score set 3 chosen.
debug: auto-learn? yes, ham (0 < 0.1)
debug: Learning Ham
debug: uri tests: Done uriRE
debug: lock: 3910 created
/usr/mail/spamassassin/bayes.lock.mail1.rifton.com.3910
debug: lock: 3910 trying to get lock on /usr/mail/spamassassin/bayes with 0
retries
debug: lock: 3910 link to /usr/mail/spamassassin/bayes.lock: link ok
debug: bayes: 3910 tie-ing to DB file R/W /usr/mail/spamassassin/bayes_toks
debug: bayes: 3910 tie-ing to DB file R/W /usr/mail/spamassassin/bayes_seen
debug: bayes: found bayes db version 2
debug: [EMAIL PROTECTED]: already learnt correctly, not learning twice
debug: bayes: 3910 untie-ing
debug: bayes: 3910 untie-ing db_toks
debug: bayes: 3910 untie-ing db_seen
debug: bayes: files locked, now unlocking lock
debug: unlock: 3910 unlink /usr/mail/spamassassin/bayes.lock
debug: bayes: 3910 untie-ing
debug: is spam? score=-4.9 required=5 tests=BAYES_00
Received: from wcr_nt_server25.community.int (wcr_nt_server25.community.int
[192.168.1.10])
by mail1.rifton.com (8.11.6/8.11.6) with ESMTP id i2QDRCb03657
for <[EMAIL PROTECTED]>; Fri, 26 Mar 2004 08:27:12 -0500
content-class: urn:content-classes:calendarmessage
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C41336.04D1CF3B"
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
Subject: mumbo jumbo
Date: Fri, 26 Mar 2004 08:27:00 -0500
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <[EMAIL PROTECTED]>
From: "Tom Sender" <[EMAIL PROTECTED]>
To: "User, Joe" <[EMAIL PROTECTED]>
X-Mail-Format-Warning: Bad RFC2822 header formatting in .
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail1.rifton.com
X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00
autolearn=no version=2.63
Again, no whitelist. What's going on? It worked fine in 2.55.
Pierre Thomson
BIC
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 5:00 PM
To: Pierre Thomson; [EMAIL PROTECTED]
Subject: Re: whitelist_from_rcvd - again
At 04:38 PM 3/25/2004, Pierre Thomson wrote:
>I'm having a heck of a time getting whitelist_from_rcvd to work AT ALL
>since upgrading to 2.63 . I have read the threads about trusted networks,
>etc., but nothing seems to work. (To be honest, I don't see the logic
>behind it only working on trusted networks... it may foil some spoofs but
>it makes administration a nightmare.)
>
>That said... I can't even get outgoing mail from our very own
>192.168.1.XXX network to trigger a whitelist_from_rcvd rule, even when I
>explicitly declare that network trusted. I have had to resort to local
>meta rulesets that check the From and Received lines for the desired
>combination of strings
That right there is your problem most likely... If you are using a NATed
mailserver you MUST manualy declare trusted_networks. Otherwise SA
mis-understands the mail headers and decides your SMTP gateway is a server
outside your network.
Try forcing a trusted_networks statement that contains _only_ your
mailserver. Do not include your hosts. Do not include any outside ISPs.
Just include your servers.
