I know there's been a lot of talk on the ALL_TRUSTED rule, but I don't remember seeing this issue and couldn't find it in a search of the list archives.
We've gotten several spams recently that made it through because they hit the ALL_TRUSTED rule. We have a standard setup and haven't had trouble with this rule before, so I ran one of the messages through spamassassin -D. The debug output showed: debug: received-header: parsed as [ ip=71.8.49.195 rdns=cable-71-8-49-195.jsp.al.charter.com helo=cable-71-8-49-195.jsp.al.charter.com by=merlin.boreal.org ident=gahnndiw envfrom= intl=0 id=j0C8ZqMM022122 auth= ] debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: trying (3) linux.org... debug: looking up NS for 'linux.org' debug: NS lookup of linux.org succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: looking up A records for 'merlin.boreal.org' debug: A records for 'merlin.boreal.org': 216.70.16.15 debug: received-header: 'from' 71.8.49.195 has reserved IP debug: looking up A records for 'merlin.boreal.org' debug: A records for 'merlin.boreal.org': 216.70.16.15 debug: received-header: 'by' merlin.boreal.org has public IP 216.70.16.15 debug: received-header: relay 71.8.49.195 trusted? yes internal? no debug: metadata: X-Spam-Relays-Trusted: [ ip=71.8.49.195 rdns=cable-71-8-49-195. jsp.al.charter.com helo=cable-71-8-49-195.jsp.al.charter.com by=merlin.boreal.org ident=gahnndiw envfrom= intl=0 id=j0C8ZqMM022122 auth= ] Notice that the IP the spams came from is marked as a "reserved IP" and apparently because of this it's being flagged as trusted. What is a reserved IP and how can I tell spamassassin that this IP isn't one? Thanks as always for any light you can shed on this! Sandy
