Spamassassin parameter "trusted_networks" does not work

Questions and answers about how to do stuff
Post Reply
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Spamassassin parameter "trusted_networks" does not work

Post by ManFarang »

I'm running my own mailserver (Lotus Domino) behind a dynamic IP. DDNS works perfectly.
efa project server is up and running and normally checks/delivers mail properly.
MailWatch Version: 1.2.14
Operating System Version: CentOS Linux 7 (Core)
Postfix Version: 3.3.0
MailScanner Version: 5.1.4
ClamAV Version: 0.101.5
SpamAssassin Version: 3.4.2
PHP Version: 7.2.26
MySQL Version: 10.1.41-MariaDB

efa is used for incoming mail only, outbound mail is handled by Domino and has no problems.

Unfortunately my ISP (3bb in Thailand) interferes in handling port 25. So I have the following scenario:

mail from internet (port 25) -> 3bb internal SMTP checker -> efa project -> Domino server -> user mail

From time to time the ISP assigns a new external IP. And here the problem comes into play.

Very many of the dynamic IPs of 3bb are listed bei Spamhouse. And that kills the process of accepting mails by efa:

<** 554 5.7.1 Service unavailable; Client host [14.207.140.204] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/14.207.140.204

When this IP is checked at the Blocklist Removal Center
https://www.spamhaus.org/lookup/
most of the time the IP is listed in the PBL.
Removing the IP from this list is an easy process and takes about 30 minutes to be effective.

The problem is that all mails are rejected during the period from changing the IP and removing the IP from the PBL.

I tried to solve that problem with the following entry in /etc/mail/spamassassin/local.cf:

trusted_networks 14.207. 182.88.

(dynamic IPs are are assigned from IP-ranges like that)

But that has no effect. Spamhouse listed IPs still kill the reception of mail.

Any idea what I can do? Any errors in the logic/notation?

Help is very appreciated.

Thank you.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spamassassin parameter "trusted_networks" does not work

Post by shawniverson »

Did you uncomment the shortcircuit plugin block in local.cf?
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Re: Spamassassin parameter "trusted_networks" does not work

Post by ManFarang »

no :whistle:

did that now, rebooted the machine and will see what happens

thanks for your advice :text-goodpost:

will report on that matter...
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Re: Spamassassin parameter "trusted_networks" does not work

Post by ManFarang »

promised to report on that matter...

this night the IP changed (I didn't force the change during the last days to see what would happen).

The newly assigned one (14.207.139.61) is from the range 14.207. that I defined as a trusted_network in local.cf:

# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# changes made for 3bb intermediate hosts
#
trusted_networks 14.207. 183.88.

...

# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
shortcircuit ALL_TRUSTED on



Unfortunately that doesn't have the expected effect. Mails coming in from this IP are still considered bad by Spamhaus:

<** 554 5.7.1 Service unavailable; Client host [14.207.139.61] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/14.207.139.61
-> QUIT


Any ideas what to do?
Thanks for any help...

PS: this IP was in the PBL list of spamhaus (as most of the blacklisted ones) and was easily removed.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spamassassin parameter "trusted_networks" does not work

Post by shawniverson »

Checked MailScanner and postfix for a spamhaus entry? SA might not be doing the work here...
ManFarang
Posts: 16
Joined: 06 Jan 2020 10:22

Re: Spamassassin parameter "trusted_networks" does not work

Post by ManFarang »

thanks for the hint.

But I'm a newbie on efa project and its inner workings with all the tools.

So if anybody can direct me where exactly to search...

any help is very appreciated
Post Reply