[Gllug] Newly installed SpamAssassin less effective than an old installation (same version)

Nix nix at esperi.org.uk
Sun Jan 15 21:53:14 UTC 2006


On Sat, 14 Jan 2006, John Winters murmured woefully:
> On Sat, 2006-01-14 at 10:58 +0000, Nix wrote:
>> Do you have trusted_networks set?
>> 
>> (If not, please set it properly ;) )
> 
> I have just a default Sarge installation of SA.

OK, so your received header parsing will therefore be broken, which
will ram some scores really quite a long way down :(

>                                                  Can you give me some
> pointers on where to find out what "trusted_networks" means?

There is an excellent description in the `Mail::SpamAssassin::Conf'
manpage.

FWIW, my /etc/mail/spamassassin/local.cf reads:

# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.

ok_languages en
ok_locales en
required_score	5.0
lock_method flock
pyzor_path /usr/bin/pyzor
dcc_path /usr/bin/dccproc
dns_available yes
bayes_ignore_header Gnus-Warning
bayes_ignore_header X-Gnus-Mail-Source
trusted_networks 192.168.14/24
trusted_networks 194.217.242/24
trusted_networks 194.247.47/24
internal_networks 192.168.14/24
envelope_sender_header X-Envelope-Sender


(the bayes_ignore_header and envelope_sender_header lines are *really*
specific to my site; the trusted_networks and internal_networks things
are not quite so much so.)

The internal_networks line means `Received: headers coming from these
IPs should be disregarded when searching for a network boundary'; the
trusted_networks lines mean `these hosts are trusted to not forge their
Received: headers when they send me email'. With both of those set,
SA can isolate the correct hosts to query realtime blacklists and such
things: without them, it tries to guess where your network boundary
is, but if you have a NATted mailserver it will guess wrong :(

>> What sort of rules get hit? Could you post an example of something that
>> SA misses which you'd guess it shouldn't?
> 
> Tricky, since if I forward such a message to this list it will probably
> get binned by all your spam filters.  However, I'll give it a go.  Spam
> message closely follows this one.

I don't spamfilter mailing lists unless they're overwhelmed with spam,
and I never *discard* spam in any case.

-- 
`Logic and human nature don't seem to mix very well,
 unfortunately.' --- Velvet Wood
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list