[Mimedefang] [possibly off-topic] ALL TRUSTED SA Problem

alan premselaar alien at 12inch.com
Wed May 18 11:08:30 EDT 2005


Kevin A. McGrail wrote:
> I am trying to assist with a problem where emails coming through an
> anti-spam gateway are getting scored with ALL_TRUSTED.  I don't see a reason
> why they should be.  I've looked at the SA Source code but still at a loss
> and I'm worried it's something in the mimedefang filter.
> 
> Here's the headers from an email received by a user on an outlook client and
> I've obscured the data to protect the innocent.  Any thoughts?
> 
> 
> Microsoft Mail Internet Headers Version 2.0
> Received: from fees.acompany.com ([192.168.216.48]) by
> vaexchange.acompany.com with Microsoft SMTPSVC(6.0.3790.0);
>              Wed, 18 May 2005 05:29:48 -0400
> Received: from spam.acompany.com ([192.168.216.222]) by fees.acompany.com
> with Microsoft SMTPSVC(6.0.3790.211);
>              Wed, 18 May 2005 05:29:47 -0400
> Received: from sndr132.beta-ca.mxsvrbsminc.net
> (sndr132.beta-ca.mxsvrbsminc.net [72.5.1.132])
>             by spam.acompany.com (8.12.11/8.12.11) with ESMTP id
> j4I9VSCr009059
>             for <avaliduser at acompany.com>; Wed, 18 May 2005 05:31:29 -0400
> Received: by sndr132.beta-ca.mxsvrbsminc.net id hhc3p806574u for
> <avaliduser at acompany.com>; Wed, 18 May 2005 02:14:52 -0700 (envelope-from
> <Control-1041-72236008-Fre at absmfive.com>)
> Received: from localhost by BSMgateway.2558621
>             (ver.3.3.100)
>             with ESMTP id mid72236008.msg
>             for <avaliduser at acompany.com>; Wed, 18 May 2005 02:14:52 -0700
...snip...


Kevin,

  This is definitely an issue with SpamAssassin. You should set your 
trusted_network and internal_network settings for SpamAssassin 
appropriately.  SA will do its best to try to figure this out on its 
own, however, especially in the case where your mail gateway server is 
on a private space IP address, it's not always able to do this.

It's been cautioned numerous times that correcting these settings is the 
most appropriate way to solve the problem, as other tests may be 
partially dependant on the trust path to function properly.

If you have your trusted_networks and internal_networks set properly, 
then just set the score to ALL_TRUSTED to 0 for now.

There are some known bugs related to the ALL_TRUSTED rules and code, you 
should scan SA's bugzilla  for them to determine if you're seeing 
symptoms of a bug or not.

Hope this helps.

Alan



More information about the MIMEDefang mailing list