20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com Whitelisted sender address: upsbillingcen...@ups.com for recipient m_sa...@epiinc.com 20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com Whitelisted sender address: upsbillingcen...@ups.com for recipient m_a...@epiinc.com 20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] [Whitelisted] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com info: the messagescore is changed from '39' to '0' - removed '39' penalty points from the SMTP handshake checks - for incoming mail 20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com info: domain ups.com has published a DMARC record 20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -15 20-10-22.maillog.txt:Oct-22-20 07:13:00 m1-65179-08821 [Worker_2] [TLS-out] [MessageOK] 212.171.45.199 <comfort...@njppsappsagent1.ups.com> to: m_sa...@epiinc.com message ok [Your UPS Invoice is Ready] -> /assp/notspam/Your_UPS_Invoice_is_Ready--14717552.eml
----- Original Message ----- From: "James Moe via Assp-test" <assp-test@lists.sourceforge.net> To: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Cc: "James Moe" <ji...@sohnen-moe.com> Sent: Saturday, October 31, 2020 5:21:24 PM Subject: Re: [Assp-test] Forged UPS messages that made it through ASSP On 10/29/20 12:47 PM, t...@epiinc.com wrote: > Subject: Your UPS Invoice is Ready > Feature Matching: > While there were lots of red flags in the analysis, I did not see where any of them classified the message as spam. I did forget to ask for a log of one of the incoming messages being processed. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
