This is a discussion on Re: can we make AWL ignore mail from self to self? - SpamAssassin ; Matt Kettler wrote: >> There's >> nothing in trusted networks, I don't trust anything... > Jo, that's impossible in spamassasin. You cannot have an empty trust, it > doesn't make any logical sense, and would cause spamassassin to fail > ...
Matt Kettler wrote:
>> nothing in trusted networks, I don't trust anything...
> Jo, that's impossible in spamassasin. You cannot have an empty trust, it
> doesn't make any logical sense, and would cause spamassassin to fail
I should rather have said trust is only localhost.
> If you don't declare a trusted_networks, SA will auto-guess for you.
> (And the auto-guesser is notorious for failing if your MX is NAT mapped)
> And please, understand that "trust" here means "trusted to never forge a
> received header" not "trusted to never relay any spam".
I know this.
> In spamassassin, under trusting is BAD. It is just as bad as
> over-trusting. SA needs at least one trustworthy received header to work
How and why? Are you saying I *must* have a 2nd-level MX host for SA to
work? That's not my experience, and 2-layer relays are backscatter
sources. Milter from the local MTA works just fine.
> Also, to work properly, SA needs to be able to determine what is a part
> of your network, and what isn't. Unless you declare internal_networks
> separately, it bases internal vs external on the trust.
There is no network. There is only a single host. I don't control any
other host on the subnet.
> "trust no-one" is NOT a valid option, and would actually result in the
> problem you're suffering from. After all, if no headers are trusted, all
> email comes from no server, so SA would never be able to tell the
> difference between an email you really sent, vs a forgery from the outside.
This statement parses as nonsense. SA can't parse an e-mail because it
doesn't trust the source? Isn't that all e-mail?
> If your trust path is working properly, SA knows the difference. If it's
> not working, you get a broken AWL, broken RBLs, broken ALL_TRUSTED, and
> dozens of other broken things.
Okay, seriously I think you're both underestimating my understanding of
this and further confusing the matter by making all sorts of unclear
claims that don't reflect in reality.
I get trust paths. This issue I reported is not related to trust paths.
It's not a broken trust path problem. The e-mail came from an
untrusted source, but was given a negative AWL score based on the sender
name. That has nothing to do with trust.