>would that that cause ASSP problems down the line? possibly yes
I'll not change the assp's received lines, as long there is no BUG or a changed RFC that requires code changes. If you think you need to - you can change the code to your needs or you can create a level 0 Plugin to manipulate the received line. How ever, this may result in an unexpected behavior of other features or Plugins. Thomas Von: K Post <[email protected]> An: ASSP development mailing list <[email protected]>, Datum: 27.03.2014 22:24 Betreff: Re: [Assp-test] No PTR for sending IP, say so in Received >From line? Hmm, I hadn't considered that ASSP is re-analyzing the lines. I thought it only look to the helo=xxx bit in the received line. Is that not the case? What is we did a prepend of something like "Suspicious-Sender-" to whatever the helo is. So something like: if the helo is mail.microsoft.com, ip is 1.2.3.4, which does not reverse, Received: from Suspicious-Sender-fake.microsoft.com (1.2.3.4 helo= mail.microsoft.com) by.... would that that cause ASSP problems down the line? It's not that critical, I just don't like letting spammers put whatever they want in the helo and as long as the ip doesn't reverse, it'll show what they've typed right after the from. On Thu, Mar 27, 2014 at 2:24 AM, Thomas Eckardt <[email protected]>wrote: > general - the idea is not so good, because assp uses its own received > lines in several code parts (rebuild / blockreport ....) > this code > > if ($ptr) { > $this->{rcvd}=~s/=host/$ptr/o; > } else { > $this->{rcvd}=~s/=host/*Suspicious-Sender*/o; > } > > will do the replacement with '*Suspicious-Sender*' in all outgoing mails > if you want to try the code, change it to > > if ($ptr) { > $this->{rcvd}=~s/=host/$ptr/o; > } else { > $this->{rcvd}=~s/=host/Suspicious-Sender/o if ! > $this->{relayok}; > $this->{rcvd}=~s/=host/$helo2/o if $this->{relayok}; > } > > the part 'Suspicious-Sender' should be a valid hostname in terms of RFC ! > > If the missing PTR is really important, set the PTR-check to block > (DoReversed) and switch on 'AddSpamReasonHeader' - assp will include the > > X-Assp-Spam-Reason: PTR missing > > header l,ine. > > Thomas > > > > > Von: K Post <[email protected]> > An: ASSP development mailing list <[email protected]>, > Datum: 27.03.2014 03:53 > Betreff: [Assp-test] No PTR for sending IP, say so in Received From > line? > > > > Looking at this code: > if ($ptr) { > $this->{rcvd}=~s/=host/$ptr/o; > } else { > $this->{rcvd}=~s/=host/$helo2/o; > } > $helo2 is simply the helo that was sent by the mailer > > If a sending machine doesn't have a reverse IP, I know we score > appropriately, but for the layperson, I think it would be nice to > *indicate > this in the received line*. > > If an end users is smart enough to investigate a suspicious email by > looking at headers, he might still be fooled by something like this: > Received: from mail.somebank.com ([1.2.3.4] helo=mail.somebank.com) by.... > > I what if instead, we modify the above code to be something like this: > if ($ptr) { > $this->{rcvd}=~s/=host/$ptr/o; > } else { > $this->{rcvd}=~s/=host/*Suspicious-Sender*/o; > } > > that'll produce > Received: from Suspicious-Sender ([1.2.3.4] helo=mail.somebank.com) by.... > > That way we still preserve the helo for heuristics but help the layperson > realize that it's a questionable line. > > I suppose there's potential that ASSP would be receiving mail from an IP > that doesn't have a reverse, but I can't think of any reason that would > happen. > > Thoughts? > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
