[Mimedefang] [possibly off-topic] ALL TRUSTED SA Problem
alan premselaar
alien at 12inch.com
Wed May 18 11:08:30 EDT 2005
Kevin A. McGrail wrote:
> I am trying to assist with a problem where emails coming through an
> anti-spam gateway are getting scored with ALL_TRUSTED. I don't see a reason
> why they should be. I've looked at the SA Source code but still at a loss
> and I'm worried it's something in the mimedefang filter.
>
> Here's the headers from an email received by a user on an outlook client and
> I've obscured the data to protect the innocent. Any thoughts?
>
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from fees.acompany.com ([192.168.216.48]) by
> vaexchange.acompany.com with Microsoft SMTPSVC(6.0.3790.0);
> Wed, 18 May 2005 05:29:48 -0400
> Received: from spam.acompany.com ([192.168.216.222]) by fees.acompany.com
> with Microsoft SMTPSVC(6.0.3790.211);
> Wed, 18 May 2005 05:29:47 -0400
> Received: from sndr132.beta-ca.mxsvrbsminc.net
> (sndr132.beta-ca.mxsvrbsminc.net [72.5.1.132])
> by spam.acompany.com (8.12.11/8.12.11) with ESMTP id
> j4I9VSCr009059
> for <avaliduser at acompany.com>; Wed, 18 May 2005 05:31:29 -0400
> Received: by sndr132.beta-ca.mxsvrbsminc.net id hhc3p806574u for
> <avaliduser at acompany.com>; Wed, 18 May 2005 02:14:52 -0700 (envelope-from
> <Control-1041-72236008-Fre at absmfive.com>)
> Received: from localhost by BSMgateway.2558621
> (ver.3.3.100)
> with ESMTP id mid72236008.msg
> for <avaliduser at acompany.com>; Wed, 18 May 2005 02:14:52 -0700
...snip...
Kevin,
This is definitely an issue with SpamAssassin. You should set your
trusted_network and internal_network settings for SpamAssassin
appropriately. SA will do its best to try to figure this out on its
own, however, especially in the case where your mail gateway server is
on a private space IP address, it's not always able to do this.
It's been cautioned numerous times that correcting these settings is the
most appropriate way to solve the problem, as other tests may be
partially dependant on the trust path to function properly.
If you have your trusted_networks and internal_networks set properly,
then just set the score to ALL_TRUSTED to 0 for now.
There are some known bugs related to the ALL_TRUSTED rules and code, you
should scan SA's bugzilla for them to determine if you're seeing
symptoms of a bug or not.
Hope this helps.
Alan
More information about the MIMEDefang
mailing list