From: Arvinn Løkkebakken [mailto:[EMAIL PROTECTED] > > Bowie Bailey wrote: > > >From: Arvinn Løkkebakken [mailto:[EMAIL PROTECTED] > > > >>jdow wrote: > >> > >>>Do not disable it. Fix the cause. > >>> > >>>It's time to hit the wiki and learn how. > >>>{^_^} > >> > >>I hit the wiki and found this patch: > >> > >>http://bugzilla.spamassassin.org/attachment.cgi?id=2508 > >> > >>Is it the fix you were thinking about? > > > >I doubt that was what he was referring to. You just need to > >configure your trust path so that ALL_TRUSTED will know what to > >trust. Add a trusted_networks entry in your local.cf for each of > >your mailservers (or one for each of your networks) and that should > >fix your problem. > > > >For details see the manpage for Mail::SpamAssassin::Conf. > >http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.h tml > > No, that's not correct. Trusted_networks is not a mandatory > setting. ALL_TRUSTED shall not be triggered by messages with > Received headers with hosts that doesn't exist in > trusted_networks and friends. It's the other way around. > ALL_TRUSTED only kicks in when all Received headers only contains > hosts that are_defined in trusted_networks and/or friends.
Right, but if trusted_networks is not defined, Courier assumes that most recent mailserver with a public address is your gateway mailserver. If your actual gateway server has a NAT address, Courier will start trusting every mailserver that sends you mail. It's not a mandatory setting, but as many times as I've seen this question on the list, it probably should be mandatory. > You probably didn't read what I posted carefully enough. The > problem is that ALL_TRUSTED some times get triggered when it > shouldn't, i.e. it gets triggered even when one or more of the > Received headers contains a foreign host that is not in > trusted_networks, internal_networks or in a network "near by", > because it failed to parse the actual header. The wiki article > (bug 3949) I found describes this situation exactly as it appears > to me. It seems to me that this bug made it to 3.0.2 even though > the wiki article is dated early in November. You're right. I lost track of your original post and assumed you were having the same problem most everyone else seems to have with the ALL_TRUSTED rule. Sorry about the confusion. Bowie
