peter pilsl wrote: > sorry for posting again a question regarding the same topic, but I think > I found out more in the meantime and can ask a "better" question. > > I've a user [EMAIL PROTECTED] with the following entries in my > autowhitelist: > > > 20.0 (40.0/2) -- [EMAIL PROTECTED]|ip=222.253 > 24.2 (72.7/3) -- [EMAIL PROTECTED]|ip=85.140 > -2.5 (-171.5/69) -- [EMAIL PROTECTED]|ip=85.126 > 26.9 (26.9/1) -- [EMAIL PROTECTED]|ip=212.33 > > Then a mail from this emailadress from an IP=85.126.x.x gets an > AWL-scoring of +11 !!! This does not make sense to me at all. How is > this AWL-scoring calculated? It seems almost broken to me. > > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on goldfisch.at > X-Spam-Level: ****** > X-Spam-Status: Yes, score=6.8 required=2.5 tests=ALL_TRUSTED,AWL,BAYES_00 > autolearn=no version=3.2.2 > X-Spam-Report: > * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP > * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > * [score: 0.0000] > * 11 AWL AWL: From: address is in the auto white-list > > Received: from mail.vhs-archiv.at (mail.vhs-archiv.at [85.126.129.42]) > by goldfisch.at (8.12.10/8.12.1) with ESMTP id lBCD1FmU005410 > (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) > for <[EMAIL PROTECTED]>; Wed, 12 Dec 2007 14:01:16 +0100 > Received: from [192.168.0.199] ([192.168.0.199]) > by mail.vhs-archiv.at (Merak 8.2.4) with ESMTP id IZF38973 > for <[EMAIL PROTECTED]>; Wed, 12 Dec 2007 14:00:52 +0100 > > > Any help appretiated. I need to turn off AWL by now. > The first thing that jumps out at me is that ALL_TRUSTED fired off. Is that really correct?
As far as SA is concerned, this message is not from 85.126.129.42, as it considers that IP to be a part of your network. (otherwise ALL_TRUSTED wouldn't have fired off). SA probably considers this message to be from 192.168.0.199, unless there are other Received: headers further back that you left out. You probably need to manually declare a trusted_networks setting due to NAT. (ie: if your SA box resolves goldfisch.at to a reserved IP address, you'll have a problem with broken trust path). See also: http://wiki.apache.org/spamassassin/TrustPath