Results 1 to 7 of 7

Thread: SPAM enters with "ALL_TRUSTED" bonus

  1. #1
    Join Date
    Apr 2006
    Posts
    84
    Rep Power
    9

    Default SPAM enters with "ALL_TRUSTED" bonus

    Hi all !

    I've read the thread about "improving spam filtering" with great interest.
    I looked into the SPAM I was receiving that was not marked as such, and I realized that almost all of them had a bonification from the ALL_TRUSTED rule.

    I've search SpamAssassin's documentation, and basically it states that my Trusted Networks are badly configured (my server is behind a NAT router, and the doc clearly says that this can be a problem).

    I searched for a place to tweak this seting, but I don't know chat exactly I have to change :

    in /opt/zimbra/conf/spamassassin/local.cf, the rule is commented out (so no TrustedNetworks ?)
    in /opt/zimbra/conf/salocal.cf, I just have a commented line saying "#trusted_networks"; and nothing beneath it.
    in /opt/zimbra/conf/salocal.cf.in, there is a line "%%uncomment VAR:zimbraMtaMyNetworks%%trusted_networks %%zimbraMtaMyNetworks%%", but I believe it is inopperant since I see nothing in my salocal.cf file, right ?

    So I don't understand where I should look to correct this ?

    Thanks for helping.

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    You should be able to set zimbraMtaMyNetworks with zmprov and it will add this to the right place for you.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    Join Date
    Apr 2006
    Posts
    84
    Rep Power
    9

    Default

    Thanks Kevin.
    I tried :

    zmprov mcf zimbraMtaMyNetworks "127.0.0.0/8 192.168.1.0/24 192.168.2.0/24"

    But still no go...
    Here is a message
    I just received (tagged, but still the dreaded ALL_TRUSTED bonification):

    Code:
    X-Spam-Status: Yes, score=11.727 tagged_above=-10 required=6
    	tests=[ALL_TRUSTED=-1.8, BAYES_50=0.001, DNS_FROM_RFC_POST=1.708,
    	DSPAM_SPAM=0.5, URIBL_AB_SURBL=3.812, URIBL_OB_SURBL=3.008,
    	URIBL_SC_SURBL=4.498]
    Received: from serveurmail01.codata.be ([127.0.0.1])
    	by localhost (serveurmail01.codata.be [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id PltySnKrpGsg; Tue,  5 Dec 2006 16:54:23 +0100 (CET)
    Received: from [62.135.99.179] (unknown [62.135.99.179])
    	by serveurmail01.codata.be (Postfix) with SMTP id C680618387CA
    	for <support@codata.be>; Tue,  5 Dec 2006 16:54:22 +0100 (CET)
    As you can see, 62.135.99.179 is certainly not in my trusted network !
    Does the problem come from :

    Received: from serveurmail01.codata.be ([127.0.0.1])
    by localhost (serveurmail01.codata.be [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id PltySnKrpGsg; Tue, 5 Dec 2006 16:54:23 +0100 (CET)

    If it does, I find it quite strange that SpamAssassin gives a bonus for mail going through relays trusted not to forge headers, even when it originates from a non-trusted host !

  4. #4
    Join Date
    Apr 2006
    Posts
    84
    Rep Power
    9

    Default

    Please disregard my previous post.

    I checked salocal.cf and realized that I had still no trustednetworks parameter, so I stopped my server and started it again (I was sure I'd done it before, but it seems I was mistaken).

    Now the rule is in salocal.cf, so I'll just have to check my mail headers tomorrow morning !

    Sorry for trashing the thread.

  5. #5
    Join Date
    Mar 2006
    Posts
    80
    Rep Power
    9

    Default

    I think I might be having this problem too. Can you post back with the results of your changes? Thanks!

  6. #6
    Join Date
    Apr 2006
    Posts
    84
    Rep Power
    9

    Default

    Quote Originally Posted by moniker View Post
    I think I might be having this problem too. Can you post back with the results of your changes? Thanks!
    It works like a charm !
    No more "ALL_TRUSTED" bonus on spam messages !
    So basically, all you have to do is setting zimbraMtaMyNetworks according to your network configuration, stop and restart zimbra, and your done !

    Now I'll give a try to the tips from this thread : Improving spam filtering

  7. #7
    Join Date
    Mar 2006
    Posts
    80
    Rep Power
    9

    Default

    That's great news. Thanks!

Similar Threads

  1. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  2. Spam Training: How to properly train DSPAM?
    By Tenshi in forum Installation
    Replies: 14
    Last Post: 05-23-2007, 05:08 AM
  3. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 01:07 PM
  4. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM
  5. Spam questions 3.11
    By cdyer in forum Administrators
    Replies: 10
    Last Post: 05-22-2006, 11:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •