SPAM enters with "ALL_TRUSTED" bonus

[Bingo]

Hi all !

I've read the thread about "improving spam filtering" with great interest.
I looked into the SPAM I was receiving that was not marked as such, and I realized that almost all of them had a bonification from the ALL_TRUSTED rule.

I've search SpamAssassin's documentation, and basically it states that my Trusted Networks are badly configured (my server is behind a NAT router, and the doc clearly says that this can be a problem).

I searched for a place to tweak this seting, but I don't know chat exactly I have to change :

in /opt/zimbra/conf/spamassassin/local.cf, the rule is commented out (so no TrustedNetworks ?)
in /opt/zimbra/conf/salocal.cf, I just have a commented line saying "#trusted_networks"; and nothing beneath it.
in /opt/zimbra/conf/salocal.cf.in, there is a line "%%uncomment VAR:zimbraMtaMyNetworks%%trusted_networks %%zimbraMtaMyNetworks%%", but I believe it is inopperant since I see nothing in my salocal.cf file, right ?

So I don't understand where I should look to correct this ?

Thanks for helping.

[KevinH]

You should be able to set zimbraMtaMyNetworks with zmprov and it will add this to the right place for you.

[Bingo]

Thanks Kevin.
I tried :

zmprov mcf zimbraMtaMyNetworks "127.0.0.0/8 192.168.1.0/24 192.168.2.0/24"

But still no go...
Here is a message
I just received (tagged, but still the dreaded ALL_TRUSTED bonification):

Code:

X-Spam-Status: Yes, score=11.727 tagged_above=-10 required=6
	tests=[ALL_TRUSTED=-1.8, BAYES_50=0.001, DNS_FROM_RFC_POST=1.708,
	DSPAM_SPAM=0.5, URIBL_AB_SURBL=3.812, URIBL_OB_SURBL=3.008,
	URIBL_SC_SURBL=4.498]
Received: from serveurmail01.codata.be ([127.0.0.1])
	by localhost (serveurmail01.codata.be [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id PltySnKrpGsg; Tue,  5 Dec 2006 16:54:23 +0100 (CET)
Received: from [62.135.99.179] (unknown [62.135.99.179])
	by serveurmail01.codata.be (Postfix) with SMTP id C680618387CA
	for <support@codata.be>; Tue,  5 Dec 2006 16:54:22 +0100 (CET)

As you can see, 62.135.99.179 is certainly not in my trusted network !
Does the problem come from :

Received: from serveurmail01.codata.be ([127.0.0.1])
by localhost (serveurmail01.codata.be [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PltySnKrpGsg; Tue, 5 Dec 2006 16:54:23 +0100 (CET)

If it does, I find it quite strange that SpamAssassin gives a bonus for mail going through relays trusted not to forge headers, even when it originates from a non-trusted host !

[Bingo]

Please disregard my previous post.

I checked salocal.cf and realized that I had still no trustednetworks parameter, so I stopped my server and started it again (I was sure I'd done it before, but it seems I was mistaken).

Now the rule is in salocal.cf, so I'll just have to check my mail headers tomorrow morning !

Sorry for trashing the thread.

[moniker]

I think I might be having this problem too. Can you post back with the results of your changes? Thanks!

[Bingo]

Quote:

Originally Posted by moniker

I think I might be having this problem too. Can you post back with the results of your changes? Thanks!

It works like a charm !
No more "ALL_TRUSTED" bonus on spam messages !
So basically, all you have to do is setting zimbraMtaMyNetworks according to your network configuration, stop and restart zimbra, and your done !

Now I'll give a try to the tips from this thread : Improving spam filtering

[moniker]

That's great news. Thanks!