-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Sean Doherty writes: > I'm looking for some clarification on trusted_networks, the > ALL_TRUSTED rule, and in particular how trusted_networks are > inferred if not specified in local.cf. > > Since upgrading to 3.0.1 I have seen an increase in false > negatives, which would have otherwise been caught if not for > the ALL_TRUSTED rule firing. > > I don't have trusted_networks set in local.cf, so SpamAssassin > will use the inference algorithm as specified in the docs: > > - if the 'from' IP address is on the same /16 network as the top > Received line's 'by' host, it's trusted > - if the address of the 'from' host is in a reserved network range, > then it's trusted > - if any addresses of the 'by' host is in a reserved network range, > then it's trusted > > My postfix mail server, that runs SpamAssasin is in a reserved > network range (10.0.0.53) and processes only incoming mail. The > following msg snippet (Received headers) results in the ALL_TRUSTED > rule firing: > > Received: from 206.81.84.119 (unknown [206.81.84.119]) by > marvin.copperfasten.com (Postfix) with SMTP id 127ACEBC7F for > <[EMAIL PROTECTED]>; Mon, 1 Nov 2004 11:09:24 +0000 (GMT) > Received: from 206.81.84.119 by mail003.datapropo.com; Mon, 01 Nov 2004 > 16:02:51 +0500 > > With trusted_networks unset I get the following with I debug > the msg with Spamassassin: > > debug: looking up PTR record for '206.81.84.119' > debug: PTR for '206.81.84.119': '206-81-84-119.info-goals.com' > debug: received-header: parsed as [ ip=206.81.84.119 > rdns=206-81-84-119.info-goals.com helo=206.81.84.119 > by=marvin.copperfasten.com ident= envfrom= intl=0 id=127ACEBC7F ] > debug: looking up A records for 'marvin.copperfasten.com' > debug: A records for 'marvin.copperfasten.com': 10.0.0.53 > debug: looking up A records for 'marvin.copperfasten.com' > debug: A records for 'marvin.copperfasten.com': 10.0.0.53 > debug: received-header: 'by' marvin.copperfasten.com has reserved IP > 10.0.0.53 > debug: received-header: 'by' marvin.copperfasten.com has no public IPs > debug: received-header: relay 206.81.84.119 trusted? yes internal? no > > I'm assuming that 206.81.84.119 is trusted since the following > condition of the inference algorithm fires: > > - if any addresses of the 'by' host is in a reserved network range, > then it's trusted > > However, I would have thought that this would imply that the 10.0.0.53 > host is trusted and not any servers connecting to it. The problem is that 10.x is a private net, therefore SpamAssassin infers it cannot possibly be the external MX sitting out there on the internet. (for a host to be sitting on the public internet accepting SMTP connections, it'd obviously need a public IP addr.) so the *next* step must be the external MX. > Can someone please clarify this for me? Also should I be specifying > 10.0.0.53 in trusted_networks in local.cf? Yep, that's right -- and trusted_networks will fix it. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBhnfiMJF5cimLx9ARAtXlAJ9oN9SVWC4dC8FE2dKP/IEIORdDUgCeJ/GY DjAorX+fCBwLoq0HMcgYr4g= =WyEy -----END PGP SIGNATURE-----
