[Gllug] Newly installed SpamAssassin less effective than an old installation (same version)
Nix
nix at esperi.org.uk
Sun Jan 15 21:53:14 UTC 2006
On Sat, 14 Jan 2006, John Winters murmured woefully:
> On Sat, 2006-01-14 at 10:58 +0000, Nix wrote:
>> Do you have trusted_networks set?
>>
>> (If not, please set it properly ;) )
>
> I have just a default Sarge installation of SA.
OK, so your received header parsing will therefore be broken, which
will ram some scores really quite a long way down :(
> Can you give me some
> pointers on where to find out what "trusted_networks" means?
There is an excellent description in the `Mail::SpamAssassin::Conf'
manpage.
FWIW, my /etc/mail/spamassassin/local.cf reads:
# Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
ok_languages en
ok_locales en
required_score 5.0
lock_method flock
pyzor_path /usr/bin/pyzor
dcc_path /usr/bin/dccproc
dns_available yes
bayes_ignore_header Gnus-Warning
bayes_ignore_header X-Gnus-Mail-Source
trusted_networks 192.168.14/24
trusted_networks 194.217.242/24
trusted_networks 194.247.47/24
internal_networks 192.168.14/24
envelope_sender_header X-Envelope-Sender
(the bayes_ignore_header and envelope_sender_header lines are *really*
specific to my site; the trusted_networks and internal_networks things
are not quite so much so.)
The internal_networks line means `Received: headers coming from these
IPs should be disregarded when searching for a network boundary'; the
trusted_networks lines mean `these hosts are trusted to not forge their
Received: headers when they send me email'. With both of those set,
SA can isolate the correct hosts to query realtime blacklists and such
things: without them, it tries to guess where your network boundary
is, but if you have a NATted mailserver it will guess wrong :(
>> What sort of rules get hit? Could you post an example of something that
>> SA misses which you'd guess it shouldn't?
>
> Tricky, since if I forward such a message to this list it will probably
> get binned by all your spam filters. However, I'll give it a go. Spam
> message closely follows this one.
I don't spamfilter mailing lists unless they're overwhelmed with spam,
and I never *discard* spam in any case.
--
`Logic and human nature don't seem to mix very well,
unfortunately.' --- Velvet Wood
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list