From: Bill Moseley [mailto:[EMAIL PROTECTED] > > I had a server running Debian Woody which was running, IIRC[1], 2.6x. > After upgrading to Sarge now running 3.0.3-2 and exim 4.50-8 the users > are complaining of a lot more spam getting through. I'm now seeing it > also -- looking at a few of my spam mailboxes on that machine I can > see a change on the day I did the update to Sarge. > > I thought I saw a post here about this a few weeks (months?) back but > I'm not having luck finding it in my pre-coffee haze looking though > the last 2000 or so messages. That's why I'm posting, as I'm thinking > I saw a discussion about this. > > I've also looked over my old backed-up configs compared to the current > ones and I'm not seeing any major differences. > > Can anyone recommend where I should look for changes that might have > resulted in a change in the scoring?
The most likely cause is a misconfigured trust path. 3.0.x introduced the ALL_TRUSTED rule. This rule is supposed to fire with a negative score if the message has not passed through any "untrusted" servers. A common problem is that you have not configured your trust path properly, so ALL_TRUSTED is firing on spam and lowering the score. It's tempting to just score ALL_TRUSTED as 0 to disable it, but don't do that. The trust path settings are used on quite a few other things behind the scenes to determine how to interpret the headers. You need to set the trusted_networks setting to list all of the networks and servers that you control. There is also an internal_networks setting that you may or may not need. If you only set one of the two, the other one will default to using the same values. Take a look at the Mail::SpamAssassin::Conf manpage for more info. There have also been a few lengthy discussions on the list regarding this, so you may want to check the archives. Bowie
