Thank you both for that info. Turning off the force early option now.
On Fri, Oct 9, 2015 at 4:19 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > 'ForceRBLCache' is a bad option - it forces false positives by it's logic > > GUI description: > 'ForceRBLCache': ....If set, ASSP will use cached DNSBL hits to block > messages before other tests. > > Assume an IP is DNSBL/RBL listed and many domains/orgs are sending mails > via this IP. > You've configured SPF and/or Senderbase in a way that ignores DNSBL for a > such a single domain/org (dom1) - BUT. > After some time any other domain causes a RBLCache addition for this IP. > The next time dom1 sends a mail from this IP, the 'ForceRBLCache' matches > in the SMTP-handshake and will block regardless your nice SPF/Senderbase > setting. > The IP will get penalty points and if this happens often, the IP will > possibly become extreme black over the time. > > The default for 'ForceRBLCache' is OFF - if you set it to ON, you should > know what you do! > > The documentation gives you an overview about the regular check order. > > http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/assp_check_order.txt/download > > Most '..early...' and '..force..' checks are processed before the first > header line is received and the required and checked information is > available. > > IP - connect > HELO - HELO was sent > sender - MAIL FROM was sent > single recipient - RCPT To was sent > all recipients - DATA was sent > > Assume you forces an IP check and there is an option to skip this check > based on the HELO or sending domain - no luck at the 'connect' state. > > Thomas > > > ************************** > FOR ALL USERS !!! > ************************** > > NOTICE - and keep in mind: > > Most '..early...' and '..force..' checks will increase the count of false > positives after some time (except the early HELO check), because they are > not regular checks! > These options can be used to prevent system overloads in case of a > spam-attack over a short time. They should be disabled as soon as > possible, followed by a cache cleaning for this option. > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 08.10.2015 22:28 > Betreff: Re: [Assp-test] Don't to DNSBL for a from domain > > > > Thanks Greyhat. > > I'm already doing that. The domain that's listed in senderbase is in the > white sender file, preceded with a \b with the dots escaped \. > > I do have ForceRBL enabled for early DNSBL checks. Is >THAT< the problem? > ValidateRBL is set to score with 50 as a threshold (the same score that > rejects for us). I don't even see that senderbase is running for these. > > (this isn't urgent, it's just an annoyance) > > > On Thu, Oct 8, 2015 at 11:32 AM, Grayhat <gray...@gmx.net> wrote: > > > :: On Thu, 8 Oct 2015 11:23:49 -0400 > > :: <CALhpkAmtwqyPRS5HvCPkWVtjx4EOP6o==U9O8=gvg9n2vwa...@mail.gmail.com> > > :: K Post <nntp.p...@gmail.com> wrote: > > > > > and for clarification, it looks like the organization sends from > > > something like 98 different IP's that I know about - I'm sure there > > > are others - and some of them are blacklisted. > > > > > > If I could skip dnsbl either using a wildcard reverse dns match for > > > the server, say *.thesenderdomain.com or matching the domain of the > > > from line, that would allow me to easily let these through without > > > constantly updating norbl. > > > > you may use the senderbase/whois query to retrieve the IP owner and > > then whitelist it using the name (or a matching regexp) > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Assp-test mailing list > > Assp-test@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > >
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
