general - the idea is not so good, because assp uses its own received
lines in several code parts (rebuild / blockreport ....)
this code
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/*Suspicious-Sender*/o;
}
will do the replacement with '*Suspicious-Sender*' in all outgoing mails
if you want to try the code, change it to
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/Suspicious-Sender/o if !
$this->{relayok};
$this->{rcvd}=~s/=host/$helo2/o if $this->{relayok};
}
the part 'Suspicious-Sender' should be a valid hostname in terms of RFC !
If the missing PTR is really important, set the PTR-check to block
(DoReversed) and switch on 'AddSpamReasonHeader' - assp will include the
X-Assp-Spam-Reason: PTR missing
header l,ine.
Thomas
Von: K Post <[email protected]>
An: ASSP development mailing list <[email protected]>,
Datum: 27.03.2014 03:53
Betreff: [Assp-test] No PTR for sending IP, say so in Received From
line?
Looking at this code:
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/$helo2/o;
}
$helo2 is simply the helo that was sent by the mailer
If a sending machine doesn't have a reverse IP, I know we score
appropriately, but for the layperson, I think it would be nice to
*indicate
this in the received line*.
If an end users is smart enough to investigate a suspicious email by
looking at headers, he might still be fooled by something like this:
Received: from mail.somebank.com ([1.2.3.4] helo=mail.somebank.com) by....
I what if instead, we modify the above code to be something like this:
if ($ptr) {
$this->{rcvd}=~s/=host/$ptr/o;
} else {
$this->{rcvd}=~s/=host/*Suspicious-Sender*/o;
}
that'll produce
Received: from Suspicious-Sender ([1.2.3.4] helo=mail.somebank.com) by....
That way we still preserve the helo for heuristics but help the layperson
realize that it's a questionable line.
I suppose there's potential that ASSP would be receiving mail from an IP
that doesn't have a reverse, but I can't think of any reason that would
happen.
Thoughts?
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
