From: NFN Smith [mailto:[EMAIL PROTECTED]
>
> Bowie Bailey wrote:
> >
> > Trusted_networks has nothing to do with whether or not a message
> > is scanned for spam. Trusted_networks is simply a list of the
> > servers and networks that you trust not to forge header
> > information.
>
> OK. On this particular situation, what I'm trying to do is
> designate several other server/network/IP addresses as trusted.
> Because the servers reside in several different co-lo facilities,
> the IP addresses are from unrelated external networks, not on a
> local subnet.
>
> Thus, if I'm running SpamAssassin on server xx.yy.zz.ww, and I get a
> message from server aa.bb.cc.dd, I want both servers to trust each
> other, because I control both servers, and there's no intermediate
> relay between the two.
Then you just need to add one line to the config on each server.
On server "xx.yy.zz.ww":
trusted_networks aa.bb.cc.dd
On server "aa.bb.cc.dd"
trusted_networks xx.yy.zz.ww
With these settings, they will each see the other as trusted. Take a
look at the trusted_networks description on the
Mail::SpamAssassin::Conf man page for more details.
> > If all of the servers a message passes through are in your
> > trusted_networks list, then the ALL_TRUSTED rule will fire and
> > lower the score. Otherwise, it has no direct effect on the spam
> > score. It does, however, take a large role in much of the header
> > processing that SA does, so it is in your best interest to keep it
> > accurate.
>
> I'll take a look that the ALL_TRUSTED rule, and see how that behaves.
There's really nothing to look at. It just checks the headers against
your trusted_networks and if all of the headers match, the rule fires.
> If that doesn't get me where I need to go, I'll see about what I can
> do about bypassing SpamAssassin checks for known trusted servers in
> MIMEDefang, as suggested by another poster in this thread.
That's another possibility if you really trust those servers not to
relay any spam. The trusted_networks setting does not give quite that
level of trust.
This is what the man page says about the use of trusted_networks:
Trusted in this case means that relay hosts on these networks are
considered to not be potentially operated by spammers, open
relays, or open proxies. A trusted host could conceivably relay
spam, but will not originate it, and will not forge header data.
DNS blacklist checks will never query for hosts on these networks.
MXes for your domain(s) and internal relays should also be
specified using the "internal_networks" setting. When there are
'trusted' hosts that are not MXes or internal relays for your
domain(s) they should only be specified in "trusted_networks".
Bowie
