Do you have to add private IP addresses to the trusted_networks list? I only added the public IP Addresses that are set up for our mail server but it does have a private IP and is being NAT'd. --Mike
________________________________ From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thu 11/4/2004 7:55 AM To: Jason Haar; SpamAssassin Users Subject: Re: Should ALL_TRUSTED be doing this? At 04:20 PM 11/4/2004 +1300, Jason Haar wrote: >I've been getting a fair amount of missed spam with SA-3.01 that looks like >it would have been caught if it wasn't for ALL_TRUSTED. No, it should not. You have one of two problems: 1) SA is confused about trust. This typically happens if your outer-most mailserver is address translated and has a reserved non-routable IP address assigned. SA generally assumes the first non-reserved IP is your outside MX, but this isn't true for a lot of networks that NAT their mailservers. To fix: set trusted_networks manualy in your local.cf. Include just your mailservers in this. ie if I had two servers, one external MX numbered 192.168.1.8 and a SA scanning box at 192.168.20.8 I could do this: trusted_networks 192.168.1.8/32 trusted_networks 192.168.20.8/32 2) The other case is SA can't parse your Received: headers. If you run a message through spamassassin -D you'll see debug lines complaining about it: debug: received-header: unknown format: To fix: short term, force the score of ALL_TRUSTED to 0. score ALL_TRUSTED_0 If it's a received line starting with by, then it's this bug: http://bugzilla.spamassassin.org/show_bug.cgi?id=3600 Otherwise, create a new bug in the bugzilla, and attach a sample.
