I had an inbound message rejected by ASSP, where the DKIM signature matched DKIMNP. I would have thought that if there's a DKIMNP match, that the message will just be passed and saved in discarded.
Also, Senderbase is white for the network that it came from. so that should have reduced the score by a lot. There was a bombDataRE match. seemingly twice for the same line. and also in BombData. I've got Dear Friend, in both files by mistake, that'll be fixed, but that pushed the score above 50, so it was rejected. Shouldn't DKIMNP override the rejection though? Here's the log, with my notes: msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org *DKIM-Signature found* Info: enhanced Originated IP detection ignored IP's: 102.xxx.yyy.85 (connected IP) , 10.11.74.34 msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org info: found DKIM signature identity '@ bounce.TheirDomain.com' @bounce.TheirDomain.com @bounce.TheirDomain.com,u...@ourchairty.org matches *.TheirDomain.com in DKIMNPAddresses* msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org [scoring] DKIM signature verified-OK - header-passed - identity is: @bounce.TheirDomain.com - sender policy is: neutral - author policy s: neutral - *state changed to: noprocessing* Info: weighted regex (bombDataRe) result found for 'Dear Friend,' - with 'dear friend,' - weight is 0.5 *<-- we get a lot of Dear Friend, garbage, so I have it in BombData with a 50% score* Info: weighted regex (bombDataRe) result found for 'Dear Friend,' - with 'dear friend,' - weight is 0.5 *(not sure why this line is in the log twice)* msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org spambomb Regex: bombDataRe 'PB 18: for Dear Friend,' msg11890-19574 [BombData] 102.xxx.yyy.85 < bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org [scoring] (BombData 'Dear Friend,') msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org Message-Score: added 18 for Regex: bombDataRe 'PB 18: for Dear Friend,' BombData: 'Dear Friend,', total score for this message is now 18 msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org spambomb Regex: bombRe 'PB 35: for Dear Friend' msg11890-19574 [BombData][bombRe] 102.xxx.yyy.85 < bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org [scoring] (bombRe 'Dear Friend') msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org Message-Score: added 35 for Regex: bombRe 'PB 35: for Dear Friend' bombRe: 'Dear Friend', total score for this message is now 53 msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org deleting spamming safelisted tuplet: (102.xxx.yyy.0, bounce.TheirDomain.com) age: 1s msg11890-19574 [MessageLimit] 102.xxx.yyy.85 < bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org [spam found] (*MessageScore 53, limit 50*) [Our Newsletter October 15th 2021] -> messages/discarded/Our__Newsletter_October_15th_2021--254778.txt; msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org* [SMTP Error] 554 5.7.1* [PE] rejected msg [PR] [msg11890-19574 212EA668] *<-- msg rejected, even though no processing* msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org info: PB-IP-Score for '102.xxx.yyy.0' is 53, added 53 in this session msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org finished message - received DATA size: 138.82 kByte - sent DATA size: 0 Byte msg11890-19574 102.xxx.yyy.85 <bounce_ab...@bounce.theirdomain.com> to: u...@ourchairty.org disconnected: session:212EA668 102.xxx.yyy.85 - processing time 2 seconds
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
