[Mimedefang] [possibly off-topic] ALL TRUSTED SA Problem

Kelson kelson at speed.net
Wed May 18 12:36:27 EDT 2005


Joseph Brennan wrote:
> It's a Spamassassin thing.  We changed its score to 0 after seeing
> repeated examples of spam coming in with this marker.

Not a good idea.  If ALL_TRUSTED is firing when it shouldn't, there are 
two possibilities:

1. The trust path is not set correctly.
2. There is a bug in SpamAssassin.

In the vast majority of cases, it's #1, which means that a lot more than 
ALL_TRUSTED is going to be broken until that trust path is set.  SA will 
use the wrong Received: headers for RBL lookups, whitelist_from_rcvd 
rules won't necessarily work right, etc.

This most frequently happens when the local system is behind NAT and 
running on a reserved IP range like 192.168.x.x, because under those 
circumstances SA cannot automatically determine which servers can be 
trusted.  I see from the original poster's message that this is the 
case.  Setting trusted_networks as described in the next link should 
solve the problem.

http://wiki.apache.org/spamassassin/TrustPath

There are bugs in SA that cause ALL_TRUSTED to fire incorrectly for some 
people, but your best bet is to set trusted_networks first, and only 
disable ALL_TRUSTED if that isn't enough.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>



More information about the MIMEDefang mailing list