On 7/23/2010 10:05 AM, Benny Pedersen wrote: > On fre 23 jul 2010 04:49:40 CEST, Matt Kettler wrote >> Fair enough... I was keying off Benny's suggestion to lower the score of >> both ALL_TRUSTED and NO_RELAYS, the latter of which is never a good >> sign. > > as all in life it depends :=) > > grep NO_RELAYS /var/log/messages to see if all is accepted ham
I get no hits at all, as it should be in a working mail system. We digress a bit from the original thread, but let me clarify: You should never have *ANY* hits for this rule. No ham, no spam, no mail at all. Ever. Period. If the above grep returns any hits your server is in likely need of configuration repair. Even local mail should not match NO_RELAYS. Because even local mail should have a Received: header indicating mail from 127.0.0.1 was received by 127.0.0.1. If it does match either: 1) your local MTA isn't adding a Received: header before the mail gets to SpamAssassin 2) SpamAssassin can't parse the header it is parsing. 3) you have a really strange mail system where local clients don't use the MTA at all. (rare, and highly unusual) Either 1 or 2 is bad news and will likely cause serious accuracy problems. > > from mta logs, here i do auth even for 127.0.0.1 clients, that way i > know who is the bastard :=) Yes, I'm not saying 127.0.0.1 mail should be perfectly trusted in all cases. However, 127.0.0.1 should exist. NO_RELAYS means SA interpreted the mail as having no origin at all, not even localhost, and that implies a serious lack of information being passed to SA. > > no auth no problem >
