Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sun, 11 Nov 2018, John Hardin wrote: On Sat, 10 Nov 2018, listsb wrote: what am i misunderstanding? Is there some possibility that you're stripping external Received headers? (grasping at straws here) Heh. Ignore that. I have *got* to learn to catch up *before* replying to stuff... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Britain used to be the most powerful empire in the world. Now they're terrified of pocketknives. How the mighty have fallen. -- Matt Walsh --- Today: Veterans Day
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sat, 10 Nov 2018, listsb wrote: On Nov 10, 2018, at 21.01, John Hardin wrote: On Sat, 10 Nov 2018, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? thanks! internal_networks != trusted_networks. i'm not sure i understand. from the documentation here: https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html it says: "If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter" Ah, apologies - I wasn't aware of that behavior. I presume you are not explicitly setting any trusted networks, so while it's conceptually correct, I withdraw my comment as unhelpful in this case... additionally, how would absence of either setting result in ALL_TRUSTED getting matched? I *think* there's some defaults included (perhaps the local network?) - I've never focused on that detail before, I've always just set it up for my environment. what am i misunderstanding? Is there some possibility that you're stripping external Received headers? (grasping at straws here) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Britain used to be the most powerful empire in the world. Now they're terrified of pocketknives. How the mighty have fallen. -- Matt Walsh --- Today: Veterans Day
Re: ALL_TRUSTED always shown in X-Spam-Status header
listsb skrev den 2018-11-11 19:20: thanks, agreed. is continuation of this discussion ok here? or should i take to the amavis list? its important that networks ip ranges is equal in all software used its not done automatic ALL_TRUSTED is not a amavis problem to solve so keep it here, until solved
Re: ALL_TRUSTED always shown in X-Spam-Status header
>On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: >>i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: >> >>>grep -riF 'internal_networks' /etc/spamassassin/* >>/etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 >>/etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 >> >>here is a set of sample headers, slightly sanitized: >> >>http://dpaste.com/33J7SF5 >> >>how can i troubleshoot why this is happening? On 11.11.18 19:23, Henrik K wrote: >Are you perhaps using amavisd-new 2.11.x ? It has originating bug that >makes it always hit ALL_TRUSTED. > >https://gitlab.com/amavis/amavis/issues/6 On Sun, Nov 11, 2018 at 06:43:27PM +0100, Matus UHLAR - fantomas wrote: is it the right issue? This one mentions DKIM not signing. Can it be the patch that causes everything hitting ALL_TRUSTED? You have also commented you need to investigate the patch, have you already? On 11.11.18 20:00, Henrik K wrote: Yes https://lists.amavis.org/pipermail/amavis-users/2018-November/005539.html https://lists.amavis.org/pipermail/amavis-users/2018-November/005540.html It's trivial to see from logs. Incoming external mail is always marked AcceptedInternal / LOCAL. current problem is not mentioned there, only here in this list (which is not even amavis list). Passed CLEAN {AcceptedInternal,Quarantined}, LOCAL Amavisd-new passes originating flag to SpamAssassin internally with some suppl_attr magic.. that's why it's even harder to diagnose, if you don't know that it happens in the background.. I believe this only applies when originating flag is set. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Nov 11, 2018, at 13.18, Matus UHLAR - fantomas wrote: > >>> On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: > grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? > >>> On Nov 11, 2018, at 12.23, Henrik K wrote: >>> Are you perhaps using amavisd-new 2.11.x ? It has originating bug that >>> makes it always hit ALL_TRUSTED. >>> >>> https://gitlab.com/amavis/amavis/issues/6 > > On 11.11.18 13:08, listsb wrote: >> i'm currently using 2.9.0. > > in such case, according to previous message, it's important to check amavis > settings. thanks, agreed. is continuation of this discussion ok here? or should i take to the amavis list?
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? On Nov 11, 2018, at 12.23, Henrik K wrote: Are you perhaps using amavisd-new 2.11.x ? It has originating bug that makes it always hit ALL_TRUSTED. https://gitlab.com/amavis/amavis/issues/6 On 11.11.18 13:08, listsb wrote: i'm currently using 2.9.0. in such case, according to previous message, it's important to check amavis settings. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them
Re: ALL_TRUSTED always shown in X-Spam-Status header
> On Nov 11, 2018, at 12.23, Henrik K wrote: > > On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: >> hi- >> >> i've just noticed that every mail received seems to be hitting the >> ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come >> from. i have the following: >> >>> grep -riF 'internal_networks' /etc/spamassassin/* >> /etc/spamassassin/99_local-config.cf:internal_networks >> 198.19.20.50/32 >> /etc/spamassassin/99_local-config.cf:internal_networks >> 198.19.20.212/32 >> >> here is a set of sample headers, slightly sanitized: >> >> http://dpaste.com/33J7SF5 >> >> how can i troubleshoot why this is happening? > > Are you perhaps using amavisd-new 2.11.x ? It has originating bug that > makes it always hit ALL_TRUSTED. > > https://gitlab.com/amavis/amavis/issues/6 i'm currently using 2.9.0.
Re: ALL_TRUSTED always shown in X-Spam-Status header
> On Nov 11, 2018, at 12.05, RW wrote: > > On Sun, 11 Nov 2018 10:35:18 -0500 > listsb wrote: > >>> On Nov 11, 2018, at 09.01, Matus UHLAR - fantomas >>> wrote: >>> >>> On 10.11.18 20:04, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message > >>> show us an example of such mail. With complete headers. >> >> sure - http://dpaste.com/3MHN5HD.txt > > When I ran it through SA with your internal network I didn't get > ALL_TRUSTED. I suspect that there's some other config being used, maybe > in amavisd-new. thanks, that's helpful. you're right, i don't get ALL_TRUSTED either when running through just spamassassin directly - i am indeed using amavis.
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sun, Nov 11, 2018 at 06:43:27PM +0100, Matus UHLAR - fantomas wrote: > >On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: > >>i've just noticed that every mail received seems to be hitting the > >>ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come > >>from. i have the following: > >> > >>>grep -riF 'internal_networks' /etc/spamassassin/* > >>/etc/spamassassin/99_local-config.cf:internal_networks > >>198.19.20.50/32 > >>/etc/spamassassin/99_local-config.cf:internal_networks > >>198.19.20.212/32 > >> > >>here is a set of sample headers, slightly sanitized: > >> > >>http://dpaste.com/33J7SF5 > >> > >>how can i troubleshoot why this is happening? > > On 11.11.18 19:23, Henrik K wrote: > >Are you perhaps using amavisd-new 2.11.x ? It has originating bug that > >makes it always hit ALL_TRUSTED. > > > >https://gitlab.com/amavis/amavis/issues/6 > > is it the right issue? This one mentions DKIM not signing. > > Can it be the patch that causes everything hitting ALL_TRUSTED? > > You have also commented you need to investigate the patch, have you already? Yes https://lists.amavis.org/pipermail/amavis-users/2018-November/005539.html https://lists.amavis.org/pipermail/amavis-users/2018-November/005540.html It's trivial to see from logs. Incoming external mail is always marked AcceptedInternal / LOCAL. Passed CLEAN {AcceptedInternal,Quarantined}, LOCAL Amavisd-new passes originating flag to SpamAssassin internally with some suppl_attr magic.. that's why it's even harder to diagnose, if you don't know that it happens in the background..
Re: ALL_TRUSTED always shown in X-Spam-Status header
Amavisd does not use spamassassin *networks settings Orignation bug is not spamassassin problem Benny On 11. november 2018 18.24.05 Henrik K wrote: On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: hi- i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: >grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? Are you perhaps using amavisd-new 2.11.x ? It has originating bug that makes it always hit ALL_TRUSTED. https://gitlab.com/amavis/amavis/issues/6
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: >grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? On 11.11.18 19:23, Henrik K wrote: Are you perhaps using amavisd-new 2.11.x ? It has originating bug that makes it always hit ALL_TRUSTED. https://gitlab.com/amavis/amavis/issues/6 is it the right issue? This one mentions DKIM not signing. Can it be the patch that causes everything hitting ALL_TRUSTED? You have also commented you need to investigate the patch, have you already? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sat, Nov 10, 2018 at 08:04:42PM -0500, listsb wrote: > hi- > > i've just noticed that every mail received seems to be hitting the > ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come > from. i have the following: > > >grep -riF 'internal_networks' /etc/spamassassin/* > /etc/spamassassin/99_local-config.cf:internal_networks > 198.19.20.50/32 > /etc/spamassassin/99_local-config.cf:internal_networks > 198.19.20.212/32 > > here is a set of sample headers, slightly sanitized: > > http://dpaste.com/33J7SF5 > > how can i troubleshoot why this is happening? Are you perhaps using amavisd-new 2.11.x ? It has originating bug that makes it always hit ALL_TRUSTED. https://gitlab.com/amavis/amavis/issues/6
Re: ALL_TRUSTED always shown in X-Spam-Status header
On Sun, 11 Nov 2018 10:35:18 -0500 listsb wrote: > > On Nov 11, 2018, at 09.01, Matus UHLAR - fantomas > > wrote: > > > > On 10.11.18 20:04, listsb wrote: > >> i've just noticed that every mail received seems to be hitting the > >> ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message > > show us an example of such mail. With complete headers. > > sure - http://dpaste.com/3MHN5HD.txt When I ran it through SA with your internal network I didn't get ALL_TRUSTED. I suspect that there's some other config being used, maybe in amavisd-new.
Re: ALL_TRUSTED always shown in X-Spam-Status header
> On Nov 11, 2018, at 09.01, Matus UHLAR - fantomas wrote: > > On 10.11.18 20:04, listsb wrote: >> i've just noticed that every mail received seems to be hitting the >> ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come >> from. i have the following: >> >>> grep -riF 'internal_networks' /etc/spamassassin/* >> /etc/spamassassin/99_local-config.cf:internal_networks >> 198.19.20.50/32 >> /etc/spamassassin/99_local-config.cf:internal_networks >> 198.19.20.212/32 >> >> here is a set of sample headers, slightly sanitized: >> >> http://dpaste.com/33J7SF5 >> >> how can i troubleshoot why this is happening? > > show us an example of such mail. With complete headers. sure - http://dpaste.com/3MHN5HD.txt
Re: ALL_TRUSTED always shown in X-Spam-Status header
On 10.11.18 20:04, listsb wrote: i've just noticed that every mail received seems to be hitting the ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come from. i have the following: grep -riF 'internal_networks' /etc/spamassassin/* /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.50/32 /etc/spamassassin/99_local-config.cf:internal_networks 198.19.20.212/32 here is a set of sample headers, slightly sanitized: http://dpaste.com/33J7SF5 how can i troubleshoot why this is happening? show us an example of such mail. With complete headers. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease