mouss wrote:
M. Lewis a écrit :
The only time I really notice this is when I recieve a spam that isn't
marked as such. In the case below, had it not been for the
trusted_networks, this spam would have clearly been marked as such.
In the first example, I'm using fetchmail to drag down messages from a
remote mailbox on another server. It appears to me that fetchmail is
causing this to appear as it is coming from localhost
(localhost.localdomain) and that is why _I think_ it is hitting the
ALL_TRUSTED.
Mail that comes directly into my network (not via fetchmail) I do not
believe ever has the ALL_TRUSTED as shown in the second example.
My trusted nework configs:
# Trusted
clear_trusted_networks
trusted_networks 192.168.1/24
# Internal
clear_internal_networks
internal_networks 192.168.1/24
Headers from a message where ALL_TRUSTED hit:
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost.localdomain [127.0.0.1])
by av.cajuninc.com (Postfix) with ESMTP id 5DBEE24F59E
for <[EMAIL PROTECTED]>; Fri, 9 Dec 2005 18:40:25 -0500 (EST)
Received: from amavis.cajuninc.com ([127.0.0.1])
by localhost (moe.cajuninc.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 24014-04 for <[EMAIL PROTECTED]>;
Fri, 9 Dec 2005 18:40:06 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by dhcppc1.cajuninc.com (Postfix) with ESMTP
for <[EMAIL PROTECTED]>; Fri, 9 Dec 2005 18:40:06 -0500 (EST)
Delivered-To: [EMAIL PROTECTED]
Received: from mail.lizardhill.com [64.125.72.2]
by localhost with POP3 (fetchmail-6.2.5)
for [EMAIL PROTECTED] (single-drop); Fri, 09 Dec 2005 18:40:06 -0500
(EST)
running SA with -D shows the following line:
[4785] dbg: received-header: found fetchmail marker, restarting parse
so it really seems that SA is fetchmail-aware. It seems that the list of
untrusted relays is reinitialized here. This is understandable since you
"trust" your pop3 server.
Received: (qmail 845 invoked by uid 1279); 9 Dec 2005 23:37:07 -0000
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 832 invoked by uid 0); 9 Dec 2005 23:37:06 -0000
Received: from unknown (HELO 207.96.139.179) (unknown)
by unknown with SMTP; 9 Dec 2005 23:37:06 -0000
but there is no info in this line for SA. so SA assumes the message was
sent by your pop server (mail.lizardhill.com), and since you fetchmail
it from localhost, it is trusted as well.
so may be SA should not set ALL_TRUSTED if fecthmail is used and such
buggy line is found?
Maybe we should qualify that a little bit more Mouss, "maybe SA should
not set ALL_TRUSTED if fetchmail is used and the upstream server is
using qmail".
Either way, I have not been able (yet) to find a setting whereby
mail.lizardhill.com is not trusted.
--
IBM: Insolent Bickering Mal-der-mer
01:45:02 up 3 days, 1:45, 4 users, load average: 1.65, 0.65, 0.36
Linux Registered User #241685 http://counter.li.org
