Bowie Bailey wrote:
From: Mike Batchelor [mailto:[EMAIL PROTECTED]
I have SA 3.1.0 running from MD 2.38 in a relay situation on RHEL3.5.
I have worked my problem down to a simple configuration, which does
not seem to work as expected.
I have a single host listed in trusted_neworks, and using spamassassin
from the command line on some spam and ham samples, I cannot get it to
show that host as trusted.
Here's my simple reduced config for trusted and internal:
clear_internal_networks
clear_trusted_networks
trusted_networks 209.104.63.242
Yet when I run a spam sample through spamassassin -D, the output
indicates the host 209.104.63.242 is not trusted. It does show it
reading the same local.cf file that I have made changes to.
[16962] dbg: received-header: parsed as [ ip=172.28.55.99
rdns=rly3.sys.sun1.clisys.tmcs helo=sun1rly3.tmcs.net
by=pasmail.office.
tmcs ident= envfrom= intl=0 id=TGK34TXG auth= ]
[16962] dbg: received-header: relay 172.28.55.99 trusted? no
internal? no
[16962] dbg: received-header: parsed as [ ip=209.104.63.242
rdns=lax1msa3.tmcs.net helo=lax1msa3.tmcs.net by=sun1rly3.tmcs.net ide
nt= envfrom= intl=0 id=jA49j09g017091 auth= ]
[16962] dbg: received-header: relay 209.104.63.242 trusted? no
internal? no <<--- right here
It looks like the email is passing through an untrusted system.
209.104.63.242 --> 172.28.55.99 --> SA server
Trust only extends back as far as an unbroken chain of trusted
servers. Once you find one untrusted server, nothing beyond that can
be trusted.
Bowie
Bowie's got it. You've got to add your RFC1918 numbered host to
trusted/internal networks too.
Also, for your entire network configuration, make sure you don't add
your MSA to internal_networks if all of your clients aren't also listed
in trusted_networks.
Daryl
