I'm seeing this with a bunch of senders. Just noticing now, don't know how long this has been going on.
A whitelisted sender sends legit mail to the system. It goes to OKMAIL instead of notspam because it is somehow getting flagged as no processing. I don't see WHY it's no processing from the maillog. How can I figure that out? One thing that I do notice see when I did an analyze from the gui on at least one file is that the line: x-originating-ip: [76.189.xxx.xxx] is detected as being in the baracuda dns black list. It should be - it's a residential cable ISP IP address, but that's just what was used to send the mail through to their ISP legitimately. I've got enhancedOriginIPDetect on. Analyze shows detected IP's on the mail routing way: 76.189.xxx.xxx(xxxxxx.res.rr.com) •detected source IP: 76.189.xxx.xxx and DNSBL: failed, 76.189.xxx.xxx listed in bb.barracudacentral.org - message score: 50 I don't see this score of 50 in the maillog below though. Very confused about that. Should we be looking up the user's home IP address and assigning the same negative score was we would if we directly received a message from a home IP? See below for the relevant maillog Thanks May-13-15 20:46:53 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> info: found message size announcement: 46.31 kByte May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org Whitelisted sender address: sender.n...@theirdomain.com for recipient m...@ourcharity.org May-13-15 20:46:55 msg64413-11501 [Noprocessing] xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org info: found valid MSGID signature in [In-Reply-To:] - accept mail May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org Message-Score: added -40 for KnownGoodHelo, total score for this message is now -40 May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org info: found known good HELO 'exchange.theirdomain.com' - weight is -2 May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -55 May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org info: removed MSGID-signature from header May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org [Plugin] calling plugin ASSP_AFC May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org info: 6 attachments found for Level-1 May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org message proxied without processing (no bad attachments) May-13-15 20:46:58 msg64413-11501 [MessageOK] xxx.yyy.130.50 < sender.n...@theirdomain.com> to: m...@ourcharity.org message ok - (noprocessing and whitelisted - found valid Message-ID signature) - [RE MailSubject] -> messages/okmail/RE_MailSubject.txt ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
