and I'll add that I believe it's a good idea to start whiteSenderBase lines with ^ instead of \b
For example: \bapple\,com$ would allow bad-apple.com, whereas ^apple\.com$ won't. I suppose it should be obvious, it's just a regex, but the example file for all those years ago, threw me off. On Thu, Apr 29, 2021 at 10:20 AM K Post <nntp.p...@gmail.com> wrote: > also, fyi, the sample file files/whiteorg.txt doesn't have $ to force it > only to match the line ending, which I believe is what I used to come up > with my incorrect assumption. Putting in at least 1 example in that file > with a $ might help others not make the same mistake that I have. My > money's on well more than half of the admins using ASSP haven't made the > same mistake. > > In the sample file, everything starts with \b, clearly telling us that it > needs to be the start of a word, but no lines end with $ or even \b For > example: > > \bbank of america > > When I see that, I think "we have the \b so that some scammer can't get > senderbase to have their network as 'BADbank of america' and get through > our filters." That's logical, but I also assumed that because there isn't > a trailing \b (or actually $) that it's going to the end of the line. Why > would someone put a \b at the beginning, but not care about "bank of > americascammer network" also being a match? > > Maybe edit the sample whiteorg or put a note at the top to help others? > > On Thu, Apr 29, 2021 at 10:05 AM K Post <nntp.p...@gmail.com> wrote: > >> My assumption was wrong for as long as senderbase has been in ASSP then! >> I'll be adding the $ end of line requirement to everything in senderbase >> shortly. >> >> Is this also also true of dkimAddresses and dkimNPAddresses? >> >> On Mon, Apr 26, 2021 at 2:50 AM Thomas Eckardt < >> thomas.ecka...@thockar.com> wrote: >> >>> >I (maybe incorrectly) assumed that the *word boundary* was *automatically >>> added* on the end. >>> >>> Hmm.... what is causing this assumtion reading the description of >>> whiteSenderBase? >>> >>> *Whitelisted Organizations, Domains and Hosts in SenderBase** >>> (whiteSenderBase)* >>> If the organization, domain or hostname in the SenderBase IP description >>> matches this Perl regular expression, the message will be considered >>> non-spam. For example file:files/whiteorg.txt >>> NOTICE: If only the hostname matches an entry and DoOrgWhiting is set to >>> "whiting", the domain+organization pair will not be added to the white >>> organizations! >>> >>> >>> walmart.com.mx >>> >>> \bwalmart\.com - match >>> \bwalmart\.com\b - match >>> \bwalmart\.com$ - no match >>> >>> Thomas >>> >>> >>> >>> >>> >>> >>> Von: "K Post" <nntp.p...@gmail.com> >>> An: "ASSP development mailing list" < >>> assp-test@lists.sourceforge.net> >>> Datum: 25.04.2021 12:25 >>> Betreff: [Assp-test] Senderbase Matching Substring >>> ------------------------------ >>> >>> >>> >>> For a long time, I've had >>> \bwalmart\.com >>> in my whiteSenderBase configuration. Some of our staff shops at walmart >>> and anything from Walmart's ip space should be considered white. All good >>> there. >>> >>> However, I had a bunch of spam slip through because of this overnight. >>> When I did an alayze, I saw: >>> 129.41.173.75 SenderBase: status=white SenderBase, data=[CN=US, >>> ORG=ACOUSTIC-ATL-01, DOM=*walmart.com* <http://walmart.com/>*.mx*, >>> BLS=, HNM=Y, CIDR=23, HN=*mail9320.hayhouse.mkt9919.com* >>> <http://mail9320.hayhouse.mkt9919.com/>] >>> >>> WhiteDomain Regex: whiteSenderBaseRE '*walmart.com* >>> <http://walmart.com/>' >>> [scoring] SenderBase -- White Domain '*walmart.com* >>> <http://walmart.com/>' >>> It's matching *walmart.com* <http://walmart.com/>*.MX* >>> >>> I've never put a \b at the end of config lines in whiteSenderBase, I >>> (maybe incorrectly) assumed that the word boundary was automatically added >>> on the end. >>> >>> Is the \b on the end necessary, if I don't want to match >>> *walmart.com.mx* <http://walmart.com.mx/> and only want to match >>> *walmart.com* <http://walmart.com/>? Is there another way, coding >>> error, config mistake, etc? >>> >>> Thanks!_______________________________________________ >>> Assp-test mailing list >>> Assp-test@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/assp-test >>> >>> >>> >>> >>> DISCLAIMER: >>> ******************************************************* >>> This email and any files transmitted with it may be confidential, >>> legally privileged and protected in law and are intended solely for the use >>> of the >>> individual to whom it is addressed. >>> This email was multiple times scanned for viruses. There should be no >>> known virus in this email! >>> ******************************************************* >>> >>> _______________________________________________ >>> Assp-test mailing list >>> Assp-test@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/assp-test >>> >>
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
