I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5. I have worked my problem down to a simple configuration, which does not seem to work as expected.
I have a single host listed in trusted_neworks, and using spamassassin from the command line on some spam and ham samples, I cannot get it to show that host as trusted. Here's my simple reduced config for trusted and internal: clear_internal_networks clear_trusted_networks trusted_networks 209.104.63.242 Yet when I run a spam sample through spamassassin -D, the output indicates the host 209.104.63.242 is not trusted. It does show it reading the same local.cf file that I have made changes to. [16962] dbg: received-header: parsed as [ ip=172.28.55.99 rdns=rly3.sys.sun1.clisys.tmcs helo=sun1rly3.tmcs.net by=pasmail.office. tmcs ident= envfrom= intl=0 id=TGK34TXG auth= ] [16962] dbg: received-header: relay 172.28.55.99 trusted? no internal? no [16962] dbg: received-header: parsed as [ ip=209.104.63.242 rdns=lax1msa3.tmcs.net helo=lax1msa3.tmcs.net by=sun1rly3.tmcs.net ide nt= envfrom= intl=0 id=jA49j09g017091 auth= ] [16962] dbg: received-header: relay 209.104.63.242 trusted? no internal? no <<--- right here [16962] dbg: received-header: parsed as [ ip=85.132.15.106 rdns=globalgifts.com helo=globalgifts.com by=lax1msa3.tmcs.net ident= e nvfrom= intl=0 id=jA49iwvr003270 auth= ] [16962] dbg: received-header: relay 85.132.15.106 trusted? no internal? no [16962] dbg: metadata: X-Spam-Relays-Trusted: [16962] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=172.28.55.99 rdns=rly3.sys.sun1.clisys.tmcs helo=sun1rly3.tmcs.net by=pasmail .office.tmcs ident= envfrom= intl=0 id=TGK34TXG auth= ] [ ip=209.104.63.242 rdns=lax1msa3.tmcs.net helo=lax1msa3.tmcs.net by=sun1rly3.tmcs.net ident= envfrom= intl=0 id=jA49j09g017091 auth= ] [ ip=85.132.15.106 rdns=globalgifts.com helo=globalgifts.com by=lax1msa3.tmcs.net ident= envfrom= intl=0 id=jA49iwvr003270 auth= ] If I leave out any trusted or internal declarations, and allow SA to figure it out, all the private RFC1918 addresses are considered trusted, just as documented in the man page. So I know it can set trusted_networks and use it on its own, but why are my attempts to do so unsuccessful? I actually have a /19 and a /21 and some smaller /24 and /29 networks to specify for trusted_networks, and a much smaller set of hosts and networks within those trusted_networks to set for internal_networks (our mail hubs, MXs and Exchange hosts). Setting internal_networks works like it's supposed to. But I can't trusted_networks to accept my settings even with just a single IP. What is wrong here?