On 7/20/2010 9:07 AM, Bowie Bailey wrote:
> On 7/19/2010 8:23 PM, Matt Kettler wrote:
>
>> On 7/16/2010 2:31 PM, Cliff Hayes wrote:
>>
>>> Hello,
>>>
>>> Our webmail server is on the same server as sendmail and spamassassin.
>>>
>>> I would like to filter outbound webmail but can't because the most recent
>>> versions of spamassassin have 127.0.0.1 trusted by default.
>>>
>>> How can I override this? Or is that a bad idea for other reasons?
>>>
>>>
>> As Benny suggested, you can reduce, or zero, the rule scores.
>>
>> However, that is covering up the symptoms, and you should consider
>> fixing the underlying problem.
>>
>> If you're seeing NO_RELAYS fire, there's a problem with your mail setup.
>> Period.
>>
>> It *should* be "impossible" for mail to get to SA without having any
>> Received: headers in it. Even if it is local delivery, it should have a
>> Received: header somewhere. Mail doesn't just appear out of nowhere,
>> without ever being touched by your server, and end up in SpamAssassin.
>>
>>
>> I'm concerned that either:
>> 1) your MTA isn't adding a Received: header before SA gets called
>> (sometimes a problem with hackish MTA layer integrations)
>> 2) Your MTA is adding a Received: header, but it is garbage and
>> unparsable (check for UNPARSABLE_RELAY hits)
>>
> He's asking about filtering mail from a webmail interface on the same
> server as SA. In this case, there WILL be a received header, but the IP
> will be 127.0.0.1 since the message originated with the local webmail
> instance.
>
> I don't see an easy way to do this. Webmail is trusted for the same
> reason as authenticated SMTP. It is assumed that anyone sending mail
> via these services has logged in and should therefore be trusted.
>
>
Fair enough... I was keying off Benny's suggestion to lower the score of
both ALL_TRUSTED and NO_RELAYS, the latter of which is never a good sign.
