List Info

Thread: ALL_TRUSTED getting triggered on spam emails
ALL_TRUSTED getting triggered on spam emails
user name
 2006-10-27 01:15:03 
Jason Hollenberg wrote:
> Postfix and Maia are running on the same machine which
has port 25 forwarded
> to it from my firewall. There is no upstream MTA. 

By "upstream MTA" I mean Postfix on port 25. 
"Upstream" is relative to
amavisd-maia, as in:

  -> Upstream MTA -> amavisd-maia -> Downstream MTA
->

Postfix (on port 25) is your upstream MTA, and Postfix
(typically on
port 10025) is your downstream MTA, with amavisd-maia
sandwiched in the
middle (typically on port 10024).  The upstream MTA instance
should be
inserting its own 'Received:' header, as should
amavisd-maia, but
apparently they're not.

In fact, I see no evidence from the headers that you're even
submitting
the mail to amavisd-maia, so your problem may be more
fundamental.


> Received: from mta132.sdm3.com (mta132.sdm3.com
[66.179.69.132])
> 	by mail.mydomain.com (Postfix) with ESMTP id
6E56C2787F
> 	for <usermydomain.com>; Thu, 26 Oct 2006
17:46:58 -0500
> (CDT)

If this is the only 'Received:' header in the e-mail, it
only points to
one host--mail.mydomain.com, which presumably is in your
trusted
networks list.  The remote peer (66.179.69.132) doesn't
count because
it's not necessarily an MTA--it could be the mail client
host that
submitted the mail.  A 'Received:' line has the form:

  Received: from X by Y

and only the 'Y' gets tested against the trusted_networks or
internal_networks, because only 'Y' is claiming to be an
MTA.  That's
where the 'Received:' line from your own upstream MTA
becomes vital--it
adds one more bit of data:

  Received: from Z by X

and now we know that 'X' is a mail relay rather than an
arbitrary sender
host, so we can finally subject 'X' to the trust tests.

In short, you've got to fix the way you route mail from
Postfix to
amavisd-maia, to make sure that extra 'Received:' line gets
added,
otherwise SpamAssassin won't have the evidence it needs to
make proper
trust decisions.

-- 
Robert LeBlanc <rjlrenaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamail
guard.com/>

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )