[Mimedefang] What determines ALL_TRUSTED?

alan premselaar alien at 12inch.com
Sat Jun 10 23:19:19 EDT 2006

Hash: SHA1

Jim Hatfield wrote:
> I've seen a few uncaught spams lately with ALL_TRUSTED scored.
> I see that this is determined by a function called check_all_trusted(),
> but my Perl isn't good enough to work out how this flag is determined.
> Mails are delivered direct via SMTP, not relayed from anywhere, so I
> don't see that there should be any trusted relays in the chain.


  This is a question more appropriate for the spamassassin list, as it
is definitely in reference to the internals of SpamAssassin.  Howerver;
here's a basic breakdown of that ALL_TRUSTED means.

the ALL_TRUSTED rule is evaluated based on the trust path.  the trust
path is determined automatically if it's not explicitly setup using the
trusted_networks and internal_networks configuration directives.

if your mail server is behind NAT, the trust path auto-determination
routines will likely get confused, so you should define them manually.

the trust path refers to MTAs that you explicitly trust NOT TO FORGE
RECIEVED HEADERS.  that's it. it's not a whitelist, it's not hosts you
trust not to send spam.  in most cases this should be your local mail
host, its outward facing network address and any other MX hosts you have
explicit control over.

the trust path can affect other network related tests, so it's important
to set it properly.  You should check the SpamAssassin wiki for more
details on the ALL_TRUSTED rule and setting the trust paths.


Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the MIMEDefang mailing list