* Dominik Ruf <[EMAIL PROTECTED]> [2003-10-10 04:59]: > Just before upgrading to the new 2.60 Release, I read through > to documentation to see what has changed. But some things are > not clear to me. Maybe someone's able to bring some light to me?
As noone answered this yet, I've now taken some hours searching the source code to find my answers. I'm posting them here and hopefully they're usefull for someone else, too. Additionally, I'd propose to update the documentation about these things a little bit, but more about this later at the end. [Documentation about trusted_networks] > | If you're running with DNS checks enabled, SpamAssassin includes code to > | infer your trusted networks on the fly, so this may not be necessary. > | (Thanks to Scott Banister and Andrew Flury for the inspiration for this > | algorithm.) This inference works as follows: > | > | * if the 'from' IP address is on the same /16 network as the top > | Received line's 'by' host, it's trusted > > Does this mean that if my MX has address 217.160.190.191 the > whole 217.160.0.0/16 network is automatically "trusted" and > therefor no DNSBL checks will be run for it? Yes, with the exception that if one sets the trusted_network option, there'll be no "auto-inference" of trusted networks at all. After reading Dns.pm and EvalTests.pm I found the answer in Received.pm: my $trusted = $self->{conf}->{trusted_networks}; [...] my $did_user_specify_trust = ($trusted->get_num_nets() > 0); Then, the whole code about auto-inference is surrounded by this if-statement: if ($in_trusted && !$did_user_specify_trust) { ... > This is really not what I want: This network contains other > dedicated servers operated by other customers of my ISP and > even if they've an working abuse-department there will be > open proxies/relays in it from time to time. > Is it possible to turn this "feature" of auto-inference of > the trusted_networks off? And if so, how could it be done? > Would the clear_trusted_networks option work to get rid of it? I think, clear_trusted_networks doesn't prevent from auto-inference, but as stated above auto-inference is ONLY done if the trusted_networks option is not set or doesn't eval to at least one IP or network address. > | * if the address of the 'from' host is in a reserved network > | range, then it's trusted > | * if any addresses of the 'by' host is in a reserved network > | range, then it's trusted > > How's "reserved" defined in this context? The reserved > netblocks from RFC 1918? Or anything else? Yes, the blocks from RFC 1918 but also many more somewhat "reserved" networks. The detailed answer could be found in Dns.pm, where $IP_IN_RESERVED_RANGE is defined. There are quite nice comments and references to RFCs etc. which explain why these networks are "reserved" - especially RFC 3330. Back to changing the documentation about trusted_networks, I'd propose the following little change: Old: If you're running with DNS checks enabled, SpamAssassin includes code to infer your trusted networks on the fly, [...] New: If you're running with DNS checks enabled and haven't set the trusted_networks option, SpamAssassin includes code to infer your trusted networks on the fly, [...] I'd also prepare a diff, but I'm not familiar about the procedures within the SA project yet, e.g. I don't know if it should be agains the stable version or the cvs version etc. (But I've read http://eu.spamassassin.org/hacking.html now :-) Dominik ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk