Re: [Assp-test] Still not catching falsified sender domain
Have you tried the mail analyzer provided by ASSP, it might give you a clue as to why it is accepting it? On Fri, 30 Mar 2012 09:30:53 -0400, Michelle Dupuis wrote: I'm still trying to get settings right (and I think I'm close), but ASSP is failing to catch really obviously faked domains! I put the header below, and you can see that 168-226-66-116.speedy.com.ar is pretending to be usps.com. I run my mail through netdorm (and have setup netdorm correctly per previous advice). Why is ASSP not throwing out this message based on the obviously faked sender domain/ip ? (I even have usps.com in the strictSPF file but no difference). Thanks! Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.com (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri, 30 Mar 2012 09:15:01 -0400 Received: from smtp2.netdorm.com ([67.214.161.138] helo=smtp2.netdorm.com) by spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar 2012 09:15:00 -0400 Received: from usps.com (168-226-66-116.speedy.com.ar [168.226.66.116] (may be forged)) by smtp2.netdorm.com (8.13.8/8.13.8) with ESMTP id q2UDExvD014961; Fri, 30 Mar 2012 09:15:05 -0400 Received: from [66.46.31.241] (account usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com HELO uxrxqlfpoztpdtk.vejgrirrwzx.info) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 274623071 for us...@mydomain.commailto:us...@mydomain.com; Fri, 30 Mar 2012 10:14:56 -0300 From: Rudy Gould usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com To: us...@mydomain.commailto:us...@mydomain.com, us...@mydomain.commailto:us...@mydomain.com Subject: USPS postage labels order confirmation. Date: Fri, 30 Mar 2012 10:14:56 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_ryqoj_39_54_73 X-Priority: 3 X-Mailer: wynuuy_29 Message-ID: 6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.orgmailto:6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org X-Assp-Version: 2.1.1(11364) on spamfilter.mydomain.com X-Assp-Re-SPFstrict: @usps.com X-Assp-Received-SPF: softfail (cache) ip=67.214.161.138 mailfrom=usps_shipping_servi...@usps.commailto:mailfrom=usps_shipping_servi...@usps.com helo=smtp2.netdorm.com X-Assp-Message/IP-Score: 10 (SPF softfail) X-Assp-Message/IP-Score: 17 (DNSBL: neutral, 168.226.66.116 listed in l2.apews.org) X-Assp-DNSBL: neutral, 168.226.66.116 listed in (l2.apews.org-127.0.0.2; ) X-Assp-Spam-Prob: 0.49675 X-Assp-ID: spamfilter.mydomain.com m1-13300-75165 X-Assp-Detected-RIP: 66.46.31.241, 168.226.66.116 X-Assp-Source-IP: 66.46.31.241 X-Assp-Envelope-From: usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com X-Assp-Intended-For: us...@mydomain.commailto:us...@mydomain.com Return-Path: usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Still not catching falsified sender domain
Set SPFsoftfail to ON -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Still not catching falsified sender domain
ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: (I even have usps.com in the strictSPF file but no difference). Put it in blockstrictSPFRe -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Still not catching falsified sender domain
I already had spfsoftfail set to on, but have added the domain to blockstricgSPFRE now. I think my confusion is - shouldn't ASSP be catching the obviously forged source domain not matching usps.com ? And since I already had spfsoftfail on, shouldn't assp have prepended the fail warning to the subject? (Im in test mode) From: Fritz Borgstedt [f...@iworld.de] Sent: Friday, March 30, 2012 11:03 AM To: ASSP development mailing list Subject: Re: [Assp-test] Still not catching falsified sender domain ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: (I even have usps.com in the strictSPF file but no difference). Put it in blockstrictSPFRe -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Still not catching falsified sender domain
Hi, Add ^usps\.com$ to invalidhelo.txt Michael Thomas Mathbox 978-687-3300 Toll Free: 1-877-MATHBOX (1-877-628-4269) On 3/30/2012 9:30 AM, Michelle Dupuis wrote: I'm still trying to get settings right (and I think I'm close), but ASSP is failing to catch really obviously faked domains! I put the header below, and you can see that 168-226-66-116.speedy.com.ar is pretending to be usps.com. I run my mail through netdorm (and have setup netdorm correctly per previous advice). Why is ASSP not throwing out this message based on the obviously faked sender domain/ip ? (I even have usps.com in the strictSPF file but no difference). Thanks! Received: from smtp2.netdorm.com (172.31.254.35) by mail.mydomain.com (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Fri, 30 Mar 2012 09:15:01 -0400 Received: from smtp2.netdorm.com ([67.214.161.138] helo=smtp2.netdorm.com) by spamfilter.mydomain.com with ESMTP (2.1.1); 30 Mar 2012 09:15:00 -0400 Received: from usps.com (168-226-66-116.speedy.com.ar [168.226.66.116] (may be forged)) by smtp2.netdorm.com (8.13.8/8.13.8) with ESMTP id q2UDExvD014961; Fri, 30 Mar 2012 09:15:05 -0400 Received: from [66.46.31.241] (account usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com HELO uxrxqlfpoztpdtk.vejgrirrwzx.info) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 274623071 for us...@mydomain.commailto:us...@mydomain.com; Fri, 30 Mar 2012 10:14:56 -0300 From: Rudy Gouldusps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com To:us...@mydomain.commailto:us...@mydomain.com,us...@mydomain.commailto:us...@mydomain.com Subject: USPS postage labels order confirmation. Date: Fri, 30 Mar 2012 10:14:56 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_ryqoj_39_54_73 X-Priority: 3 X-Mailer: wynuuy_29 Message-ID:6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.orgmailto:6979509404.jvx74cpq755...@tcidqwlmahhk.zettatccivjbe.org X-Assp-Version: 2.1.1(11364) on spamfilter.mydomain.com X-Assp-Re-SPFstrict: @usps.com X-Assp-Received-SPF: softfail (cache) ip=67.214.161.138 mailfrom=usps_shipping_servi...@usps.commailto:mailfrom=usps_shipping_servi...@usps.com helo=smtp2.netdorm.com X-Assp-Message/IP-Score: 10 (SPF softfail) X-Assp-Message/IP-Score: 17 (DNSBL: neutral, 168.226.66.116 listed in l2.apews.org) X-Assp-DNSBL: neutral, 168.226.66.116 listed in (l2.apews.org-127.0.0.2; ) X-Assp-Spam-Prob: 0.49675 X-Assp-ID: spamfilter.mydomain.com m1-13300-75165 X-Assp-Detected-RIP: 66.46.31.241, 168.226.66.116 X-Assp-Source-IP: 66.46.31.241 X-Assp-Envelope-From: usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com X-Assp-Intended-For: us...@mydomain.commailto:us...@mydomain.com Return-Path: usps_shipping_servi...@usps.commailto:usps_shipping_servi...@usps.com -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
