I will look into that, I didn't set it as I want no network to be trusted. I'll reread what I can find on that.On Wed, 2004-11-03 at 21:40, Dave Goodrich wrote:
Good afternoon,
I just finished testing an upgrade of SA to 3.01 and my scores fell through the floor. Read the docs, tried to use the Wiki, followed everyone else's upgrade on the list. Not sure just what went wrong.
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on avhost.tls.net X-Spam-Status: No, score=0.6 required=5.0 tests=ALL_TRUSTED,DRUGS_ERECTILE, FROM_NO_LOWER,INVALID_DATE,MISSING_SUBJECT,RM_hm_EmtyMsgid autolearn=disabled version=3.0.1
You need to specify trusted_networks in local.cf, otherwise you're going to continue to hit the ALL_TRUSTED rule which can *decrease* your score by up to -3.3. If you don't specify
trusted_networks then SpamAssassin infers what your trusted networks are - and the inference algorithm may not always get the correct result. For instance if your mail relay/server is on a private network and NATed thru a firewall, then the algorithm may infer incorrectly that the connecting mail server is trusted. i.e. the algorithm assumes that since you're a private address, then the next hop server must belong to you since your MX must be public. However it does not take NAT into account. Setting trusted_networks appropriately will solve this issue (I don't think SA 2.64 has the ALL_TRUSTED rule - or at least it scores low).
Since you hit ALL_TRUSTED certain other DNS based tests are not run.
Eh? Where do I find this out?
I marked DNS unavailable as I don't want the DNS check, I do want DNS tests run, but only SURBL. Rereading it I think it was too late in the evening, I need to set "dns_available yes" to stop the dns testing, but still allow dns tests to run.
Also is dns unavailable (dns_available no)? This may explain
why you're not getting SURBL hits (which you should if dns
is fully operational).
My choice for leaving trusted_networks blank was this;
" If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter.
If you're running with DNS checks enabled, SpamAssassin includes code to infer your trusted networks on the fly, so this may not be necessary."
I don't want any networks trusted, infered or otherwise. So I left trusted_networks and internal_networks both blank.
> Also skip_rbl_checks will do just that.
Umm I don't follow you there, are you saying skip_rbl_checks will skip SURBL? Because if it does, I'll need to go back to 2.64.
"By default, SpamAssassin will run RBL checks. If your ISP already does this for you, set this to 1."
Thanks,
DAve
-- Systems Administrator http://www.tls.net Get rid of Unwanted Emails...get TLS Spam Blocker!
