J,
Outstanding explanation :) Thank you..
I don't have the all_trusted setting; just the trusted_networks and the
internal_networks .. I've made some adjustment to the other IP address with
too much weight since this is a static IP and I can place the full address
as a trusted network. This is my home static IP. the server is owned by me,
runs publicly. is a qmail, apache, etc server.. so I can control it as
necessary ..
Thanks again for all of your help
Regards ..
Leonard
----- Original Message -----
From: "jdow" <[EMAIL PROTECTED]>
To: <users@spamassassin.apache.org>
Sent: Tuesday, November 22, 2005 9:41 PM
Subject: Re: New Spammer?
The key to understanding "trusted" is that these are mail transfer agents
that you can trust not to forge headers. If you fetch from an ISP then it
is, perforce, the ISP's pop3 or imap client through which you fetch mail
with the fetchmail utility or equivalent. Such is my case. If you run an
smtp server yourself and receive from the world then that server, by all
its known addresses, is the extent of your trusted network. These are NOT
collections of addresses you "trust not to spam you." They ARE a very few
addresses that can be trusted not to forge headers and nothing more.
That is why the bl tests throw up their hands and fail if trusted_networks
is set wrong. It has to find at least ONE header, starting from the
bottom,
that it trusts. From the last address working upwards in the Received
headers it can't trust so it performs the lookup.
If I remember correctly you were hitting ALL_TRUSTED. That is an
indication
that you have this setup messed up. Misunderstanding the use of the
trusted_network concept is usually the problem. If you CAN change the
local.cf then with a little work Bob's your uncle. (I remember my
fortunately brief struggle with this. At the moment mine looks much like
this:
trusted_networks 127/8 207.217.121/24
internal_networks 192.168/16
The 207 address space I accept is where Earthlink.net's pop3 servers live.
I use fetchmail from them.
I hope this helps.
{^_^}
----- Original Message -----
From: "Leonard SA" <[EMAIL PROTECTED]>
J,
sorry about that offline email .. :(
Thanks for the answer also. I will definitely make some changes to adjust
a more secure setup ..
Regards ..
Leonard
----- Original Message -----
From: "jdow" <[EMAIL PROTECTED]>
That is the general format. I do not have your original message to know
if the data is correct. It almost looks like you are trusting WAY too
much at the 70.119. part. Trust only the mail server(s) from which you
expect to never forge emails itself. In my case I trust the set of
mail servers earthlink lumps as pop3.earthlink.net outside of the local
network.
{^_^}
----- Original Message -----
From: "Leonard SA" <[EMAIL PROTECTED]>
J,
Is the trusted_network your speaking of in the local.cf file as I have
below?
trusted_networks 192.168.2. 127.0.0.1 70.119.
I also use badmailfrom which will block mail at the SMTP level .. is SA
able to stop spam with some sort of BL / WL rules?
Regards ..
Leonard
----- Original Message -----
From: "jdow" <[EMAIL PROTECTED]>
To: <users@spamassassin.apache.org>
Sent: Tuesday, November 22, 2005 6:23 PM
Subject: Re: New Spammer?
Nowhere if he has no trusted network setup. That's his problem in a
nutshell. He cannot usefully run network tests.
{^_^}
----- Original Message -----
From: "Leonard SA" <[EMAIL PROTECTED]>
Where are BLs setup at?
Thanks in advance..
Regards ..
Leonard Bernstein
-------------------------------------
| Email [EMAIL PROTECTED]
| Mobile (917) 807-3883
| BlackBerry PIN 40082120
| Technology Consultant
-------------------------------------
----- Original Message -----
From: "jdow" <[EMAIL PROTECTED]>
To: <users@spamassassin.apache.org>
Sent: Tuesday, November 22, 2005 5:37 PM
Subject: Re: New Spammer?
From: "Matt Kettler" <[EMAIL PROTECTED]>
At 09:56 AM 11/22/2005, Casey King wrote:
This morning we have been getting drilled by spam/virus emails.
Are they spam, or viruses? Not the same thing.
40 so far.
I should be so lucky to see as few as 40/hour during any kind of
outbreak
Been getting a lot of phone calls from across the company about
these emails. At least my mailscanner boxes are stripping the
files, and tagging it as spam, but what worries me, is the low
scores these messages are receiving.
SpamAssassin is a spam scanner. It's official policy is to
EXPLICITLY not care about virus emails. No effort is made to try to
catch them, because doing so would dilute the scores of the spam
ruleset. No effort is made to try to avoid tagging them either.
They're just removed from the corpus and handled by the developers
as if they don't exist.
Heh, I use the ClamAV plugin for SA and give it a hefty score. That
way
I get the best of both worlds. Creative use of BLs also helps.
{^_^}
