>With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers.
>*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <leandro.cas...@insetec.com.ar> An: "For Users of ASSP" <assp-user@lists.sourceforge.net> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles ,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance.
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
