RE: Help analyzing the determination of spam

21 Jan 2005 16:23:11 -0000 

From: Jason Gauthier [mailto:[EMAIL PROTECTED]
> 
> I attached a message to this email that got an incredibly low spam
> score.  When I run the message through spamassassin -t it gets a
> spam score as I would expect.
> 
> I know I don't have much more details, but can anyone give me ideas
> why?
> 
> 
> Content analysis details:   (2.7 points, 5.0 required)
> 
>  pts rule name              description
> ---- ---------------------- -----------------------------------------
> -2.8 ALL_TRUSTED            Did not pass through any untrusted hosts

This looks like your problem.  You have not given SA enough
information about your network for it to determine which mailservers
are yours and which are on the Internet.  You need to add
trusted_networks entries to your local.cf to fix this problem.

>From the Mail::SpamAssassin::Conf man page:

trusted_networks ip.add.re.ss[/mask] ...   (default: none)
   What networks or hosts are 'trusted' in your setup.  Trusted in
   this case means that relay hosts on these networks are considered
   to not be potentially operated by spammers, open relays, or open
   proxies.  A trusted host could conceivably relay spam, but will not
   originate it, and will not forge header data. DNS blacklist checks
   will never query for hosts on these networks.

   MXes for your domain(s) and internal relays should also be speci-
   fied using the "internal_networks" setting. When there are
   'trusted' hosts that are not MXes or internal relays for your
   domain(s) they should only be specified in "trusted_networks".

   If a "/mask" is specified, it's considered a CIDR-style 'netmask',
   specified in bits.  If it is not specified, but less than 4 octets
   are specified with a trailing dot, that's considered a mask to
   allow all addresses in the remaining octets.  If a mask is not
   specified, and there is not trailing dot, then just the single IP
   address specified is used, as if the mask was "/32".

   Examples:

       trusted_networks 192.168/16 127/8           # all in 192.168.*.* and
127.*.*.*
       trusted_networks 212.17.35.15               # just that host
       trusted_networks 127.                       # all in 127.*.*.*

   This operates additively, so a "trusted_networks" line after
   another one will result in all those networks becoming trusted.  To
   clear out the existing entries, use "clear_trusted_networks".


So just add a trusted_networks entry for your network, or one for each of
your mailservers and the ALL_TRUSTED rule should start firing properly
again.

Bowie

Reply via email to