Micah Anderson wrote:
> mouss writes:
>
>> Francis Russell wrote:
>>> >> Even with the default DKIM scores, I finding I am getting spam that are
>>> >> DKIM_VERIFIED causing the score to dip below zero and let the message
>>> >> through, for example:
>>> >>
>>> >> http://micah.riseup.net/1
>>> >
>>> > that's spam relayed by a debian list. definitely a different beast...
>>>
>>> I interpret those headers as spam being sent to a Debian e-mail
>>> address, then forwarded to a personal address.

>
> That is a correct interpretation. I get most of my spam this way.
>
>> That's what I meant. Maybe I use the term "relay" too "liberally"?
>> anyway, such spam is harder to stop unless you add the list relays to
>> your trusted_networks.

>
> This is something in SA that I have the hardest time understanding, the
> trusted_networks and internal_networks settings. I've read all the posts
> that try to clarify it and I still can't keep it straight
>
> How would adding a list relay to my trusted_networks actually make
> stopping spam easier? Doesn't that make it a network that I should spend
> less time doing SA processing, because I 'trust' it?
>


trusted means that it does not originate spam, and in particular, that
you can trust the Received headers added by the said relay.

for example, your own relay will relay spam (if not, then you don't need
a filter!), but you trust it not to originate that spam (otherwise, you
need to fix the problem, because you will probably hit ALL_TRUSTED) and
doesn't forge Received headers.

this may look paradoxal, but you can view it as: "the more friends you
trust, the more you can focus on ennemies".

but there's no need to go that far. in this particular case, spam is
coming via a debian server which is listed in DNSWL, so it gets few
negative points. but if you add the debian server to your
trusted_networks, then the corresponding relay is skipped and you won't
get the DNSWL hit.

note that I am not recommending that you add the debian server to your
trusted_networks, nor I am recommending against.

maybe there's a need for a "safe_networks" (or "white_networks") setting?