Hi Tim,
I'm seeing the same thing.
Running version 1.9.9.13236 since this weekend, InvalidHelo is (sometimes)
send to the user and sendAllSpam and some times is blocked.
Here some headers from mail send to the user as well:
X-Assp-Version: 1.9.9(13236) on
X-Assp-SenderBase: country:TW; organization:; domain:
X-Assp-Score: 10 (Foreign Country TW)
X-Assp-Score: 45 (invalid HELO: 'JX-1202201435')
X-Assp-Envelope-From: d945...@acttec.com.br
X-Assp-Intended-For: d945...@sss.xxx
X-Assp-ID: mail.qweso.nl id-37701-01649
X-Assp-Spam: YES
X-Spam-Flag: YES
X-Assp-Original-Subject: Get Slim in 14 Days
X-Assp-Spam-Found: Invalid HELO: 'JX-1202201435'
X-Assp-Message-Totalscore: 55
X-Assp-Score: 18 (1.174.189 in griplist (0.90))
X-Assp-Score: 11 (Low Reputation for 1.174.189.218)
I've these settings:
Validate Format of HELO (DoInvalidFormatHelo) -> Block (which uses
ihValencePB)
ihValencePB -> 45
This one is blocked and not send to the user
X-Assp-Version: 1.9.9(13236) on
X-Assp-SenderBase: country:LT; organization:II Kompiuterinis langas;
domain:rev.kli.lt
X-Assp-Score: 10 (Foreign Country LT)
X-Assp-Score: 45 (invalid HELO: 'ip')
X-Assp-Envelope-From: conflict...@dhl.nl
X-Assp-ID: mail.qweso.nl id-37700-01538
X-Assp-Spam: YES
X-Spam-Flag: YES
X-Assp-Original-Subject: DHL factuur 1811446
X-Assp-Spam-Found: Invalid HELO: 'ip'
X-Assp-Message-Totalscore: 55
X-Assp-Intended-For: xx.yy
X-Assp-Copy-Spam: yes
Had version 1.9.3.4 running before and did not have this behavior...
Regards,
Barry
-----Oorspronkelijk bericht-----
Van: Tim Evans [mailto:tev...@sparling.com]
Verzonden: maandag 19 augustus 2013 17:11
Aan: assp-user@lists.sourceforge.net
Onderwerp: [Assp-user] assp delivering spam anyway?
ASSP Version: 1.9.9(13233)
It looks like assp properly detected this message as spam, but delivered it
anyway. The log says that it was blocked, but I know that it was delivered
because the user clicked on the link and I had to clean his computer.
Aug-18-13 15:37:07 37686-43651 103.28.38.115 <anonymous@zotech.zotech>
gliveng...@sparling.com validated by ldap-cache;
Aug-18-13 15:37:08 37686-43651 [SenderBase] 103.28.38.115
<anonymous@zotech.zotech> to: xx...@sparling.com SenderBase info --
country:VN; organization:NhanHoa Software company; domain:;
Aug-18-13 15:37:08 37686-43651 103.28.38.115 <anonymous@zotech.zotech> to:
gliveng...@sparling.com Message-Score: added 10 for Foreign Country VN,
total score for this message is now 10;
Aug-18-13 15:37:08 37686-43651 103.28.38.115 <anonymous@zotech.zotech> to:
gliveng...@sparling.com [scoring:10] -- Foreign Country VN -- [USPS Problems
Notification];
Aug-18-13 15:37:08 37686-43651 103.28.38.115 <anonymous@zotech.zotech> to:
gliveng...@sparling.com Message-Score: added 40 for invalid HELO: 'zotech',
total score for this message is now 50;
Aug-18-13 15:37:08 37686-43651 [InvalidHELO] 103.28.38.115
<anonymous@zotech.zotech> to: xx...@sparling.com [spam found][blocked] --
Invalid HELO: 'zotech' -- [USPS Problems Notification] ->
c:/assp/spam/37686-43651.eml;
...Tim
----------------------------------------------------------------------------
--
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
