spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Verification that Network Mass-Checks use co

Verification that Network Mass-Checks use correct trusted_networks ?

From: <Darxus_at_nospam>
Date: Mon Oct 18 2010 - 01:38:43 GMT

Could it be verified that the corpora being submitted for the weekly
Network Mass-Checks are coming from systems with correctly configured
trusted_networks and internal_networks? It's important for some of the
rules, and verifying it works seems inconvenient enough that it might have
been skipped, and I could see mail server setups changing over time making
old values invalid.

Verification that it's working isn't very straightforward, as far as I can
tell. You can add to your configuration:

 add_header all RelaysUntrusted _RELAYSUNTRUSTED_

And then make sure that in the resulting X-Spam-RelaysUntrusted headers
the first IP listed *is* the sending IP, and not an internal relay or
proxy or something.

For example:

X-Spam-RelaysUntrusted: [ ip= ident= envfrom= intl=0
        id= auth= msa=0 ]
Received: from ( [])
        by (Postfix) with ESMTP
        for <>; Sun, 17 Oct 2010 16:47:52 -0400 (EDT)

The IP from the X-Spam-RelaysUntrusted header matches the
Received header from the last untrusted relay.

-- "Let's just say that if complete and utter chaos was lightning, then he'd be the sort to stand on a hilltop in a thunderstorm wearing wet copper armour and shouting 'All gods are bastards'." - The Color of Magic