Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Everything gets tagged as ALL_TRUSTED

  1. #1
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default Everything gets tagged as ALL_TRUSTED

    For some reason, the spamassassin setup on my system (Zimbra 8.0.5 on CentOS 6.4) is getting tagged with the ALL_TRUSTED item. My ZimbraMtaMyNetworks settings (both for the server and the global setting) are as follows:

    # zmprov gacf zimbraMtaMyNetworks
    zimbraMtaMyNetworks: 127.0.0.0/8 10.236.158.246/32

    # zmprov gs zimbra.XXXX.com zimbraMtaMyNetworks
    # name zimbra.XXXX.com
    zimbraMtaMyNetworks: 127.0.0.0/8 10.236.158.246/32


    where 10.236.... is my internal IP for the Zimbra host. However, every piece of mail still gets the ALL_TRUSTED item, regardless of what systems appear in the headers. Here's a typical header:


    Return-Path: ........
    Received: from zimbr.XXXX.com (LHLO zimbra.XXXX.com) (10.236.158.246) by
    zimbra.XXXX.com with LMTP; Tue, 8 Oct 2013 19:22:01 -0700 (PDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by zimbra.XXXX.com (Postfix) with ESMTP id 49F1440117FC
    for <XXXXY@XXXX.com>; Tue, 8 Oct 2013 19:22:01 -0700 (PDT)
    X-DSPAM-Class: Spam
    X-DSPAM-Confidence: 0.89
    X-DSPAM-Probability: 1.0000
    X-Spam-Flag: NO
    X-Spam-Score: -1.999
    X-Spam-Level:
    X-Spam-Status: No, score=-1.999 tagged_above=-10 required=5
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1,
    DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001,
    DSPAM.Spam=1.000] autolearn=ham
    X-DSPAM-Result: Spam
    Authentication-Results: zimbra.XXXX.com (amavisd-new);
    dkim=pass (2048-bit key) header.d=gmail.com
    Received: from zimbra.XXXX.com ([127.0.0.1])
    by localhost (zimbra.XXXX.com [127.0.0.1]) (amavisd-new, port 10032)
    with ESMTP id mGx7EWPTEi5E for <XXXXY@XXXX.com>;
    Tue, 8 Oct 2013 19:22:00 -0700 (PDT)
    Received: from zimbra.XXXX.com (localhost.localdomain [127.0.0.1])
    by zimbra.XXXX.com (Postfix) with ESMTP id C40E740117FD
    for <XXXXY@XXXX.com>; Tue, 8 Oct 2013 19:22:00 -0700 (PDT)
    Received: from newsmtp.XXXX.com (newsmtp.XXXX.com [10.96.79.23])
    by zimbra.XXXX.com (Postfix) with ESMTP id B6C9240117FC
    for <XXXXY@zimbra.XXXX.com>; Tue, 8 Oct 2013 19:22:00 -0700 (PDT)
    Received: from mail-ie0-f170.google.com (mail-ie0-f170.google.com [209.85.223.170])
    by newsmtp.XXXX.com (8.14.3/8.14.3) with ESMTP id r992M0xN010325
    for <XXXXY@XXXX.com>; Tue, 8 Oct 2013 19:22:00 -0700
    Received: by mail-ie0-f170.google.com with SMTP id x13so420187ief.29
    for <XXXXY@XXXX.com>; Tue, 08 Oct 2013 19:22:00 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=20120113;
    h=from:content-type:content-transfer-encoding:subject:message-id:date
    :to:mime-version;
    bh=3008AgFuZkJZZ8rCdzBjg8JOvxd4aLm2p9MBRBtKW7g=;
    b=PvBRN86ptqPadZ2sLYtJk1122xci/zdaKLr5IwtnJtf1k7s54l4/PGocABcjlK+ACu
    glNrTw6pAfBg2zU1KC4hvcAtytOlYcl7s2TcRDq4IHjOVSum2p hE+BFbhw4pU7zan8S0
    6r2IvQDwV26uHI21n3pAcb0pEPoQ/twa2PyNM/BOJ9RtkZNnv5ADTRjIp0ikqtfivg9l
    BIjjgfYMEJDAY0OORPIXf/pItYyCQkwxtTF+aaJdsSvxmcoOkZpvY9fToRBnEk1TjMtZ
    /BXkKTkejhh35lzunk/SLTZUvUldpARKcrz1QmEbuBdbvADKnfVaoPRhnG6xID+L9RK1
    nUCg==
    X-Received: by 10.42.128.207 with SMTP id n15mr3123583ics.7.1381285320293;
    Tue, 08 Oct 2013 19:22:00 -0700 (PDT)
    Received: from [10.0.1.5] (c-24-21-113-53.hsd1.or.comcast.net. [24.21.113.53])
    by mx.google.com with ESMTPSA id cl4sm5567181igc.1.1969.12.31.16.00.00
    (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
    Tue, 08 Oct 2013 19:21:59 -0700 (PDT)
    From: Pete Hanson <XXXXX@gmail.com>
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    Subject: tett
    Message-Id: <9CE3F9CB-306A-4F70-B2F8-1ABAFA6E6BFB@gmail.com>
    Date: Tue, 8 Oct 2013 19:21:57 -0700
    To: Pete Hanson <XXXXY@XXXX.com>
    Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
    X-Mailer: Apple Mail (2.1510)


    I've been through just about every post here and elsewhere that talks about the trusted networks, but nothing seems to be very helpful.

    Advice? TIA.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    Here's some further information and debugging steps.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    Here's some further information and debugging steps.
    Thanks, Bill. Unfortunately, I've already been all over those pages and the links thereon. I simply don't see where I am going wrong - I have the 127.0.0.1 address, and the 10.*.*.* address where my server is running, and that's it. I don't see what else I can add or delete that is going to fix this issue.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,568
    Rep Power
    57

    Default

    What do the Trustpath headers show when you modify the spamassassin config, anything useful?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default

    I tried adding that add_header option to the spamassassin config in my sa/sauser.cf file (as well as trying to modify the salocal.cf.in file), but the headers never showed up in any of my test mails, even after restarting the server. Everything else that I add to sauser.cf works as expected, except the add_header option and anything to do with the trusted networks. It's almost like something else is stepping in and overriding my sauser.cf settings in this area.

  6. #6
    nico_ is offline Starter Member
    Join Date
    Oct 2013
    Posts
    2
    Rep Power
    1

    Default

    Hi,

    I have exactly the same problem, including the ignored add_header option in sauser.cf... it would be very great if someone could have a look at this.

    Thanks in advance

    Best Regards
    Nico

  7. #7
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default

    Thanks for chiming in, Nico. It's nice to know that I'm not the only one having a problem with this.

    Here's something I discovered in the midst of my investigation:

    $ /opt/zimbra/zimbramon/bin/spamassassin -V
    SpamAssassin version 3.4.0-pre3-r1435395
    running on Perl version 5.10.1

    Zimbra, for whatever reason, is running a pre-release version of SpamAssassin. I'm sure there's a good reason behind that, but it makes me nervous to know that we're using pre-release software in a a production email environment. In fact, SpamAssassin 3.4.0 still hasn't been released.

    Anyway, it looks like the headers generated by the add_header command are "pseudo headers" - they are put in the zimbra.log, not in the email itself.

    Currently, I have my trusted networks set as follows:

    127.0.0.0/8 10.96.79.23/32 10.236.158.246/32 50.xx.xx.xx/32 107.xx.xx.xx/32

    (10.96.* and 107.* are my MX server addresses while 10.236.* and 50.* are my Zimbra server addresses - screwy IPs compliments of AWS). Using these settings and setting $sa_debug = 1 in amavisd.conf.in, I get the following debug output (just a clip of one email message being processed - I will attach the full debug listing of a few minutes running with $sa_debug = 1).


    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: config: time limit 300.0 s
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: message: main message type: multipart/mixed
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: pms new, time limit in 299.996 s
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: adding caller rule hits, 0 rules
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: config: internal_networks not configured, using trusted_networks configuration for internal_networks; if you really want internal_networks to only contain the required 127/8 add 'internal_networks !0/0' to your configuration
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost.localdomain helo=zimbra.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=0 id=040F141ED650 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: netset: trusted_networks lookup on 127.0.0.1, 6 networks, result: 1, 0.883 ms
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: netset: trusted_networks cached lookup on 127.0.0.1, 6 networks, result: 1
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes msa? no
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: parsed as [ ip=10.96.79.23 rdns=newsmtp.mydomain.com helo=newsmtp.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=0 id=F1D7C41ED64F auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: netset: trusted_networks lookup on 10.96.79.23, 6 networks, result: 1, 0.191 ms
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: netset: trusted_networks cached lookup on 10.96.79.23, 6 networks, result: 1
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: relay 10.96.79.23 trusted? yes internal? yes msa? no
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: parsed as [ ip=64.68.122.185 rdns=sjmda05.webex.com helo=sjmda05.webex.com by=newsmtp.mydomain.com ident= envfrom= intl=0 id=r9FJq7iU011940 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: netset: trusted_networks lookup on 64.68.122.185, 6 networks, result: 0, 0.252 ms
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: originating, 64.68.122.185 and remaining relays will be considered trusted, but no longer internal
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: relay 64.68.122.185 trusted? yes internal? no msa? no
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: parsed as [ ip=64.68.121.238 rdns=sjc02-wxp00-lbace03-core-vl120-np10b-3.webex.com helo=rsj2rmd005.webex.com by=sjmda05.webex.com ident= envfrom= intl=0 id=r9FJpb0d031164 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: relay 64.68.121.238 trusted? yes internal? no msa? no
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost helo=rsj2rmd005.webex.com by=rsj2rmd005.webex.com ident= envfrom= intl=0 id=CC4D6A0059 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: relay 127.0.0.1 trusted? yes internal? no msa? no
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=localhost.localdomain helo=zimbra.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=040F141ED650 auth= msa=0 ] [ ip=10.96.79.23 rdns=newsmtp.mydomain.com helo=newsmtp.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=F1D7C41ED64F auth= msa=0 ] [ ip=64.68.122.185 rdns=sjmda05.webex.com helo=sjmda05.webex.com by=newsmtp.mydomain.com ident= envfrom= intl=0 id=r9FJq7iU011940 auth= msa=0 ] [ ip=64.68.121.238 rdns=sjc02-wxp00-lbace03-core-vl120-np10b-3.webex.com helo=rsj2rmd005.webex.com by=sjmda05.webex.com ident= envfrom= intl=0 id=r9FJpb0d031164 auth= msa=0 ] [ ip=127.0.0.1 rdns=localhost helo=rsj2rmd005.webex.com by=rsj2rmd005.webex.com ident= envfrom= intl=0 id=CC4D6A0059 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: metadata: X-Spam-Relays-Untrusted:
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: metadata: X-Spam-Relays-Internal: [ ip=127.0.0.1 rdns=localhost.localdomain helo=zimbra.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=040F141ED650 auth= msa=0 ] [ ip=10.96.79.23 rdns=newsmtp.mydomain.com helo=newsmtp.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=F1D7C41ED64F auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: metadata: X-Spam-Relays-External: [ ip=64.68.122.185 rdns=sjmda05.webex.com helo=sjmda05.webex.com by=newsmtp.mydomain.com ident= envfrom= intl=0 id=r9FJq7iU011940 auth= msa=0 ] [ ip=64.68.121.238 rdns=sjc02-wxp00-lbace03-core-vl120-np10b-3.webex.com helo=rsj2rmd005.webex.com by=sjmda05.webex.com ident= envfrom= intl=0 id=r9FJpb0d031164 auth= msa=0 ] [ ip=127.0.0.1 rdns=localhost helo=rsj2rmd005.webex.com by=rsj2rmd005.webex.com ident= envfrom= intl=0 id=CC4D6A0059 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSTRUSTEDREVIP is now ready, value: ARY:[185.122.68.64,238.121.68.64]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSEXTERNALREVIP is now ready, value: ARY:[185.122.68.64,238.121.68.64]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - action 0 blocking on tags DKIMDOMAIN
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSTRUSTED is now ready, value: [ ip=127.0.0.1 rdns=localhost.localdomain helo=zimbra.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=040F141ED650 auth= msa=0 ] [ ip=10.96.79.23 rdns=newsmtp.mydomain.com helo=newsmtp.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=F1D7C41ED64F auth= msa=0 ] [ ip=64.68.122.185 rdns=sjmda05.webex.com helo=sjmda05.webex.com by=newsmtp.mydomain.com ident= envfrom= intl=0 id=r9FJq7iU011940 auth= msa=0 ] [ ip=64.68.121.238 rdns=sjc02-wxp00-lbace03-core-vl120-np10b-3.webex.com helo=rsj2rmd005.webex.com by=sjmda05.webex.com ident= envfrom= intl=0 id=r9FJpb0d031164 auth= msa=0 ] [ ip=127.0.0.1 rdns=localhost helo=rsj2rmd005.webex.com by=rsj2rmd005.webex.com ident= envfrom= intl=0 id=CC4D6A0059 auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSUNTRUSTED is now ready, value:
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSINTERNAL is now ready, value: [ ip=127.0.0.1 rdns=localhost.localdomain helo=zimbra.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=040F141ED650 auth= msa=0 ] [ ip=10.96.79.23 rdns=newsmtp.mydomain.com helo=newsmtp.mydomain.com by=zimbra.mydomain.com ident= envfrom= intl=1 id=F1D7C41ED64F auth= msa=0 ]
    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: check: tagrun - tag RELAYSEXTERNAL is now ready, value: [ ip=64.68.122.185 rdns=sjmda05.webex.com helo=sjmda05.webex.com by=newsmtp.mydomain.com ident= envfrom= intl=0 id=r9FJq7iU011940 auth= msa=0 ] [ ip=64.68.121.238 rdns=sjc02-wxp00-lbace03-core-vl120-np10b-3.webex.com helo=rsj2rmd005.webex.com by=sjmda05.webex.com ident= envfrom= intl=0 id=r9FJpb0d031164 auth= msa=0 ] [ ip=127.0.0.1 rdns=localhost helo=rsj2rmd005.webex.com by=rsj2rmd005.webex.com ident= envfrom= intl=0 id=CC4D6A0059 auth= msa=0 ]


    Note that both 127.0.0.1 and 10.96.* are treated as trusted and internal, as they should be. However, when we get to the first hop after 10.96.*, ip=64.68.* is also treated as trusted but not interal. Note also the message:


    Oct 15 12:52:08 zimbra amavis[24366]: (24366-01) SA dbg: received-header: originating, 64.68.122.185 and remaining relays will be considered trusted, but no longer internal


    No matter what addresses I use for the trusted networks, the first non-trusted relay always generates this message, no matter what it is, and it is this that seems to lead to the ALL_TRUSTED test being hit.

    I have been over and over and over the trusted networks stuff on the SpamAssassin site (as well as following every link on the page that Phoenix linked to), and I cannot see what I am doing wrong.
    Attached Files Attached Files

  8. #8
    nico_ is offline Starter Member
    Join Date
    Oct 2013
    Posts
    2
    Rep Power
    1

    Default

    Hi Wolfy,

    I tried exactly the same things and got exactly the same result. After the last trusted/internal hop I get the message "...and remaining relays will be considered trusted, but no longer internal". I didn't find the time to write things down, so thank you for doing this

    I already searched for general SpamAssassin advices, Zimbra bugs, Zimbra community etc. as well...

    Best Regards,
    Nico

  9. #9
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default

    Anybody? This is driving me nuts. No matter how I set things up, everything - absolutely every IP in the world - is trusted. I've even gone so far as to put the following in sauser.cf:

    clear_trusted_networks
    clear_internal_networks
    trusted_networks 127.0.0.1
    internal_networks 127.0.0.1

    and the only difference I see is that my MX gets marked as non-internal.

  10. #10
    WolfyPDX is offline Intermediate Member
    Join Date
    Aug 2009
    Posts
    24
    Rep Power
    5

    Default

    Running spamassassin directly, the trusted_networks work properly. Here are the headers of a message as processed by Zimbra:

    Code:
    Received: from zimbra.mydom.com (LHLO zimbra.mydom.com) (10.236.158.246) by
     zimbra.mydom.com with LMTP; Thu, 17 Oct 2013 22:20:31 -0700 (PDT)
    Received: from localhost (localhost.localdomain [127.0.0.1])
            by zimbra.mydom.com (Postfix) with ESMTP id 708344011680
            for <elle@mydom.com>; Thu, 17 Oct 2013 22:20:31 -0700 (PDT)
    X-DSPAM-Class: Spam
    X-DSPAM-Confidence: 0.99
    X-DSPAM-Probability: 1.0000
    X-Spam-Flag: NO
    X-Spam-Score: -1.9
    X-Spam-Level:
    X-Spam-Status: No, score=-1.9 tagged_above=-10 required=5
            tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DSPAM.Spam=1.000] autolearn=ham
    X-DSPAM-Result: Spam
    Received: from zimbra.mydom.com ([127.0.0.1])
            by localhost (zimbra.mydom.com [127.0.0.1]) (amavisd-new, port 10032)
            with ESMTP id cNY8ETqGVIC5 for <elle@mydom.com>;
            Thu, 17 Oct 2013 22:20:29 -0700 (PDT)
    Received: from zimbra.mydom.com (localhost.localdomain [127.0.0.1])
            by zimbra.mydom.com (Postfix) with ESMTP id 4F9C24011681
            for <elle@mydom.com>; Thu, 17 Oct 2013 22:20:29 -0700 (PDT)
    Received: from newsmtp.mydom.com (newsmtp.mydom.com [10.96.79.23])
            by zimbra.mydom.com (Postfix) with ESMTP id E35A84011680
            for <elle@zimbra.mydom.com>; Thu, 17 Oct 2013 22:20:28 -0700 (PDT)
    Received: from anise.other.com (anise.other.com [115.xxx.xxx.xxx])
            by newsmtp.mydom.com (8.14.3/8.14.3) with ESMTP id r9I5KRlo026332
            for <elle@mydom.com>; Thu, 17 Oct 2013 22:20:28 -0700
    Date: Fri, 18 Oct 2013 14:00:00 +0900 (JST)
    Subject: =?iso-2022-jp?B?WxskQjd8JF4kMBsoQl0gGyRCRXZBKjZiM1shWiMyIzFLfDFfIVsheUJnP001JCU5JW0lQyVIJTIhPCVgJEcjNyM3IzckckI3JCgkaCQmISobKEI=?=
    From: =?iso-2022-jp?B?GyRCN3wkXiQwISobKEI=?= <kensho@present.sender.com>
    Reply-To: wsenderautoreply@sender.com
    Content-Type: text/plain;charset=iso-2022-jp
    Content-Transfer-Encoding: 7bit
    Mime-Version: 1.0
    Precedence: bulk
    X-Message-ID: <present.20131018@otsubone.sender.com>
    X-senderId: W000000501
    X-Url: http://present.sender.com/
    X-MagType: official
    Message-ID: <25130677.57214807.1382073251483.tdm@mallow.other.com>
    To: elle@mydom.com
    And here are the same headers after passing the same message through SA directly, using:

    spamassassin -t -C conf/spamassassin --siteconfigpath conf/sa < msg

    Code:
    Return-Path: officialmag-W000000501@return.sender.com
    X-Spam-Status: No, score=1.6 required=5.0 tests=RCVD_IN_BRBL_LASTEXT,
            RCVD_IN_DNSWL_NONE autolearn=no version=3.4.0-pre3-r1435395
    X-Spam-Level: *
    X-Spam-Checker-Version: SpamAssassin 3.4.0-pre3-r1435395 (2013-01-18) on
            zimbra.mydom.com
    X-Spam-RelaysUntrusted: [ ip=115.xxx.xxx.xxx rdns=anise.other.com
            helo=anise.other.com by=newsmtp.mydom.com ident= envfrom= intl=0
            id=r9I5KRlo026332 auth= msa=0 ]
    X-Spam-RelaysTrusted: [ ip=127.0.0.1 rdns= helo=zimbra.mydom.com by=localhost
            ident= envfrom= intl=1 id=cNY8ETqGVIC5 auth= msa=0 ] [ ip=127.0.0.1
            rdns=localhost.localdomain helo=zimbra.mydom.com by=zimbra.mydom.com ident=
            envfrom= intl=1 id=4F9C24011681 auth= msa=0 ] [ ip=10.96.79.23
            rdns=newsmtp.mydom.com helo=newsmtp.mydom.com by=zimbra.mydom.com ident=
            envfrom= intl=1 id=E35A84011680 auth= msa=0 ]
    X-Spam-RelaysInternal: [ ip=127.0.0.1 rdns= helo=zimbra.mydom.com by=localhost
            ident= envfrom= intl=1 id=cNY8ETqGVIC5 auth= msa=0 ] [ ip=127.0.0.1
            rdns=localhost.localdomain helo=zimbra.mydom.com by=zimbra.mydom.com ident=
            envfrom= intl=1 id=4F9C24011681 auth= msa=0 ] [ ip=10.96.79.23
            rdns=newsmtp.mydom.com helo=newsmtp.mydom.com by=zimbra.mydom.com ident=
            envfrom= intl=1 id=E35A84011680 auth= msa=0 ]
    X-Spam-RelaysExternal: [ ip=115.xxx.xxx.xxx rdns=anise.other.com
            helo=anise.other.com by=newsmtp.mydom.com ident= envfrom= intl=0
            id=r9I5KRlo026332 auth= msa=0 ]
    Received: from zimbra.mydom.com ([127.0.0.1])
            by localhost (zimbra.mydom.com [127.0.0.1]) (amavisd-new, port 10032)
            with ESMTP id cNY8ETqGVIC5 for <elle@mydom.com>;
            Thu, 17 Oct 2013 22:20:29 -0700 (PDT)
    Received: from zimbra.mydom.com (localhost.localdomain [127.0.0.1])
            by zimbra.mydom.com (Postfix) with ESMTP id 4F9C24011681
            for <elle@mydom.com>; Thu, 17 Oct 2013 22:20:29 -0700 (PDT)
    Received: from newsmtp.mydom.com (newsmtp.mydom.com [10.96.79.23])
            by zimbra.mydom.com (Postfix) with ESMTP id E35A84011680
            for <elle@zimbra.mydom.com>; Thu, 17 Oct 2013 22:20:28 -0700 (PDT)
    Received: from anise.other.com (anise.other.com [115.xxx.xxx.xxx])
            by newsmtp.mydom.com (8.14.3/8.14.3) with ESMTP id r9I5KRlo026332
            for <elle@mydom.com>; Thu, 17 Oct 2013 22:20:28 -0700
    Date: Fri, 18 Oct 2013 14:00:00 +0900 (JST)
    Subject: =?iso-2022-jp?B?WxskQjd8JF4kMBsoQl0gGyRCRXZBKjZiM1shWiMyIzFLfDFfIVsheUJnP001JCU5JW0lQyVIJTIhPCVgJEcjNyM3IzckckI3JCgkaCQmISobKEI=?=
    From: =?iso-2022-jp?B?GyRCN3wkXiQwISobKEI=?= <kensho@present.sender.com>
    Reply-To: wsenderautoreply@sender.com
    Content-Type: text/plain;charset=iso-2022-jp
    Content-Transfer-Encoding: 7bit
    Mime-Version: 1.0
    Precedence: bulk
    X-Message-ID: <present.20131018@otsubone.sender.com>
    X-senderId: W000000501
    X-Url: http://present.sender.com/
    X-MagType: official
    Message-ID: <25130677.57214807.1382073251483.tdm@mallow.other.com>
    To: elle@mydom.com
    
    Spam detection software, running on the system "zimbra.mydom.com",
    has NOT identified this incoming email as spam.  The original
    message has been attached to this so you can view it or label
    similar future email.  If you have any questions, see
    @@CONTACT_ADDRESS@@ for details.
    
    Content preview:  [...] 
    
    Content analysis details:   (1.6 points, 5.0 required)
    
     pts rule name              description
    ---- ---------------------- --------------------------------------------------
    -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at dnswl.org - Protect against false positives, no
                                trust
                                [115.xxx.xxx.xxx listed in list.dnswl.org]
     1.6 RCVD_IN_BRBL_LASTEXT   RBL: No description available.
                               [115.xxx.xxx.xxx listed in bb.barracudacentral.org]

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZD: tagged a date in CALENDAR and then...
    By IamArarat in forum Installation
    Replies: 0
    Last Post: 05-27-2011, 12:14 PM
  2. ALL_TRUSTED not flagging
    By bjquinn in forum Administrators
    Replies: 2
    Last Post: 06-21-2010, 03:44 PM
  3. Why is this getting tagged as spam?
    By jurness in forum Administrators
    Replies: 1
    Last Post: 02-01-2010, 04:32 PM
  4. [SOLVED] tagged
    By wooby in forum Administrators
    Replies: 3
    Last Post: 01-18-2010, 04:32 AM
  5. SPAM enters with "ALL_TRUSTED" bonus
    By Bingo in forum Administrators
    Replies: 6
    Last Post: 12-06-2006, 01:35 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •