'[Bug 7214] New: ALL_TRUSTED false positive'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-devel
Subject:    [Bug 7214] New: ALL_TRUSTED false positive
From:       bugzilla-daemon () bugzilla ! spamassassin ! org
Date:       2015-06-20 6:11:55
Message-ID: bug-7214-26 () https ! bz ! apache ! org/SpamAssassin/
[Download RAW message or body]

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7214

            Bug ID: 7214
           Summary: ALL_TRUSTED false positive
           Product: Spamassassin
           Version: 3.4.1
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: dev+sa@pgnd.us

I run a frontend mailserver instance

    postfix 3.0.1
    amavisd-new-2.10.1 (20141025)
    SpamAssassin version 3.4.1

SA is called from amavisd via a postfix postqueue content_filter.  Valid mail
is relayed to a second, backend postfix instance.

SA config includes

    ...
    clear_trusted_networks
    clear_internal_networks
    internal_networks  127.0.0.0/8 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
    trusted_networks               10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
    ...
    clear_headers
    rewrite_header Subject *SPAM* _STARS(*)_
    add_header spam Flag _YESNOCAPS_
    add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_
autolearn=_AUTOLEARN_ version=_VERSION_
    add_header all Level _STARS(*)_
    add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on
_HOSTNAME_
    add_header all Relay-Country _RELAYCOUNTRY_
    add_header all Relays-Untrusted _RELAYSUNTRUSTED_
    ...
    score ALL_TRUSTED 0.001
    ...

X.X.X.X/29 is my ISP-provided static range; it is NOT in Google's IP space.

With the trust path set as above, all messages received from external sources
NOT in the trust path still fire 'ALL_TRUSTED'.

Incorrectly, no relays are identified as external/untrusted.

Here are the received mail headers for a test mail sent from a gmail.com
account (NOT in the trust path) to my Postfix server

------------------------------------------------------
Return-Path: MY_GUSER@gmail.com
Received: from mail-backend.DDDD.com (LHLO mail-backend.DDDD.com)
 (10.2.2.13) by mail-backend.DDDD.com with LMTP; Fri, 19 Jun 2015
 21:13:57 -0700 (PDT)
Received: from relay-vpn.mail.DDDD.com (internal.mail.DDDD.com [10.1.1.16])
    (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    (Client CN "relay-vpn.mail.DDDD.com", Issuer "DDDD_CA" (verified OK))
    by mail-backend.DDDD.com (Postfix) with ESMTPS id 64EBC10277E
    for <test@DDDD.com>; Fri, 19 Jun 2015 21:13:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
    by mailhost.DDDD.com (Postfix) with ESMTP id D30EB66791
    for <test@DDDD.com>; Fri, 19 Jun 2015 21:13:56 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
    mail.DDDD.com
X-Spam-Flag: NO
X-Spam-Score: 0.606
X-Spam-Level:
X-Spam-Status: No, score=0.606 tagged_above=-9999 required=5
    tests=[ALL_TRUSTED=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.001,
    DKIM_VALID=0.001, DKIM_VALID_AU=0.001, DKIM_VERIFIED=0.001,
    PYZOR_CHECK=2.5, SPF_PASS=0.001] autolearn=no autolearn_force=no
X-Spam-Relay-Country: 
X-Spam-Relays-Untrusted: 
X-Spam-ShortCircuit: shortcircuit=no status=no trigger_rule=none
Received: from amavis-feed.mail.DDDD.com ([10.1.1.16])
    by localhost (mail.DDDD.com [127.0.0.1]) (amavisd-new, port 20002)
    with ESMTP id 0iLhWtHd6QuA for <test@DDDD.com>;
    Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
    by mailhost.DDDD.com (Postfix) with ESMTP id 9B2DD66782
    for <test@DDDD.com>; Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at mail.DDDD.com
Authentication-Results: mail.DDDD.com (amavisd-new);
    dkim=pass (2048-bit key) header.d=gmail.com
Received: from mailhost.DDDD.com ([127.0.0.1])
    by localhost (mail.DDDD.com [127.0.0.1]) (amavisd-new, port 20001)
    with ESMTP id iM1tCl38jXIQ for <test@DDDD.com>;
    Fri, 19 Jun 2015 21:13:51 -0700 (PDT)
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
client-ip=209.85.220.179; helo=mail-qk0-f179.google.com;
envelope-from=MY_GUSER@gmail.com; receiver=test@DDDD.com 
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com
[209.85.220.179])
    by mailhost.DDDD.com (Postfix) with ESMTPS
    for <test@DDDD.com>; Fri, 19 Jun 2015 21:13:50 -0700 (PDT)
Received: by qkeo142 with SMTP id o142so54552683qke.1
        for <test@DDDD.com>; Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=g3z...Gs=;
        b=BEc...w==
MIME-Version: 1.0
X-Received: by 10.140.235.195 with SMTP id g186mr27561030qhc.64.1434778428294;
 Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
Received: by 10.140.40.102 with HTTP; Fri, 19 Jun 2015 21:13:48 -0700 (PDT)
Date: Fri, 19 Jun 2015 21:13:48 -0700
Message-ID: <CAH...PhA@mail.gmail.com>
Subject: test
From: my_guser <MY_GUSER@gmail.com>
To: test@DDDD.com
Content-Type: text/plain; charset=UTF-8

test
------------------------------------------------------

The relay

    Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com
[209.85.220.179])

is obviously not in the trust path.  ALL_TRUSTED should not fire.

-- 
You are receiving this mail because:
You are the assignee for the bug.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic