My final comment to this thread. - whiteSenderBase is a reglar expression, while dkimAddresses and dkimNPAddresses are address- and domain lists - if you've added '\bwalmart\.com' to whiteSenderBase, change it to '\bwalmart\.com$' - do not change anything else in whiteSenderBase as long as you don't get a wrong (or not the expected) detection for this feature - trust ARIN, RIPE and all the other registars - they will not register suspicious company names
In terms of assp - 'assumes' and 'believes' are most times bad. The feature descriptions in the GUI and the manual should be informativ enough for IT professionals - if you think, there is anything missing, post your suggestions for changes here or in the forum - BUT RTMF! Features should always work like described. If this is not the case, post this here or in the sourceforge ticket system ( https://sourceforge.net/p/assp/tickets/) If assp will remove, add or change anything in your configuration values 'automatically', this should be stated in the GUI (if not, please report this) As long as it is not exeptional stated in the GUI, assp features should work RFC conform. Any RFC related information will not be added to the GUI - RFC's, drafts and there substitutes can be read in the IANA web. Things like 'what is SPF, SRS, DKIM ....?' will not become part of the assp manual - there are very good explanations and examples in the web. Suggestions for new features or changes are wellcome. How ever: I prever to see something like 'I saw, changed, tested and got very good results ...' - than something like 'would'nt it be nice to have....' Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 29.04.2021 22:29 Betreff: Re: [Assp-test] Senderbase Matching Substring and I'll add that I believe it's a good idea to start whiteSenderBase lines with ^ instead of \b For example: \bapple\,com$ would allow bad-apple.com, whereas ^apple\.com$ won't. I suppose it should be obvious, it's just a regex, but the example file for all those years ago, threw me off. On Thu, Apr 29, 2021 at 10:20 AM K Post <nntp.p...@gmail.com> wrote: also, fyi, the sample file files/whiteorg.txt doesn't have $ to force it only to match the line ending, which I believe is what I used to come up with my incorrect assumption. Putting in at least 1 example in that file with a $ might help others not make the same mistake that I have. My money's on well more than half of the admins using ASSP haven't made the same mistake. In the sample file, everything starts with \b, clearly telling us that it needs to be the start of a word, but no lines end with $ or even \b For example: \bbank of america When I see that, I think "we have the \b so that some scammer can't get senderbase to have their network as 'BADbank of america' and get through our filters." That's logical, but I also assumed that because there isn't a trailing \b (or actually $) that it's going to the end of the line. Why would someone put a \b at the beginning, but not care about "bank of americascammer network" also being a match? Maybe edit the sample whiteorg or put a note at the top to help others? On Thu, Apr 29, 2021 at 10:05 AM K Post <nntp.p...@gmail.com> wrote: My assumption was wrong for as long as senderbase has been in ASSP then! I'll be adding the $ end of line requirement to everything in senderbase shortly. Is this also also true of dkimAddresses and dkimNPAddresses? On Mon, Apr 26, 2021 at 2:50 AM Thomas Eckardt <thomas.ecka...@thockar.com > wrote: >I (maybe incorrectly) assumed that the word boundary was automatically added on the end. Hmm.... what is causing this assumtion reading the description of whiteSenderBase? Whitelisted Organizations, Domains and Hosts in SenderBase** (whiteSenderBase) If the organization, domain or hostname in the SenderBase IP description matches this Perl regular expression, the message will be considered non-spam. For example file:files/whiteorg.txt NOTICE: If only the hostname matches an entry and DoOrgWhiting is set to "whiting", the domain+organization pair will not be added to the white organizations! walmart.com.mx \bwalmart\.com - match \bwalmart\.com\b - match \bwalmart\.com$ - no match Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" < assp-test@lists.sourceforge.net> Datum: 25.04.2021 12:25 Betreff: [Assp-test] Senderbase Matching Substring For a long time, I've had \bwalmart\.com in my whiteSenderBase configuration. Some of our staff shops at walmart and anything from Walmart's ip space should be considered white. All good there. However, I had a bunch of spam slip through because of this overnight. When I did an alayze, I saw: 129.41.173.75 SenderBase: status=white SenderBase, data=[CN=US, ORG=ACOUSTIC-ATL-01, DOM=walmart.com.mx, BLS=, HNM=Y, CIDR=23, HN= mail9320.hayhouse.mkt9919.com] WhiteDomain Regex: whiteSenderBaseRE 'walmart.com' [scoring] SenderBase -- White Domain 'walmart.com' It's matching walmart.com.MX I've never put a \b at the end of config lines in whiteSenderBase, I (maybe incorrectly) assumed that the word boundary was automatically added on the end. Is the \b on the end necessary, if I don't want to match walmart.com.mx and only want to match walmart.com? Is there another way, coding error, config mistake, etc? Thanks!_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
