Jo Rhett wrote:
On Apr 1, 2008, at 3:14 PM, Justin Mason wrote:
Sorry, I don't the original messages any more. (I looked) But it
wouldn't surprise me if the /16 matched. The mail I send myself is
usually from Wifi or my phone carrier's GSM network, but accepted via
SMTP AUTH on the local machine. So which address are you using?
hmm, I'm not sure. It depends on your trusted_networks setting.
try running "spamassassin -D" and see what it logs...
I'm sorry -- feeling dense, how is this supposed to help? From the
headers quoted below you know what spamassassin is seeing. There's
nothing in trusted networks, I don't trust anything...
Jo, that's impossible in spamassasin. You cannot have an empty trust, it
doesn't make any logical sense, and would cause spamassassin to fail
miserably.
If you don't declare a trusted_networks, SA will auto-guess for you.
(And the auto-guesser is notorious for failing if your MX is NAT mapped)
And please, understand that "trust" here means "trusted to never forge a
received header" not "trusted to never relay any spam".
In spamassassin, under trusting is BAD. It is just as bad as
over-trusting. SA needs at least one trustworthy received header to work
with.
Also, to work properly, SA needs to be able to determine what is a part
of your network, and what isn't. Unless you declare internal_networks
separately, it bases internal vs external on the trust.
This is why trust is important, and it's important to get it right.
"trust no-one" is NOT a valid option, and would actually result in the
problem you're suffering from. After all, if no headers are trusted, all
email comes from no server, so SA would never be able to tell the
difference between an email you really sent, vs a forgery from the outside.
If your trust path is working properly, SA knows the difference. If it's
not working, you get a broken AWL, broken RBLs, broken ALL_TRUSTED, and
dozens of other broken things.
See also:
http://wiki.apache.org/spamassassin/TrustPath