>NO - an empty header field is a fault - disable the penaltybox for the connected IP ... ... there are more possible solutions in assp ... - score a nagtive value for the from header in bombHeaderRe
Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 11.11.2020 16:41 Betreff: [Assp-test] Blank SENDER: header w/ valid from We've got an annoying insurance carrier that staff uses who sends emails with a valid reply-to and from in the header along with a completely blank, but there, SENDER header. TO: u...@charity.org FROM: membersupp...@insurancecarrier.com SENDER: SUBJECT: Claim documents This triggers invalid from and does some high scoring. There's no way the insurance carrier can get me to their IT, so I've got to live with this. I really like the high scoring for invalid from, that's usually scammers, but with this one, it's just catching their lousy claims emailing system. I've seen this happen before, as one offs, but this is dozens of messages a month like this from the insurer. Might it make sense in general to change ASSP to only evaluate header fields that contain something other than spaces after the colon? I assume that the RFC makes sender: (followed by nothing) invalid syntax, but it appears that some automated systems are doing just that that. FROM empty + SENDER empty would still be cause for scoring, but an empty header line (with only the field name: but nothing else after it), could simply be ignored. What do you think? Thanks ken _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
