>and there are no information at "Connecting Ip" level
The analyzer uses the "Received:" headerline to detect the connected IP -
show the one for this mail.
> RBLWL (Whitelisted >DNSBL Validation)
What has RBLWL to do with virus detection. ClamAV or even the ASSP_AFC
plugin with UserAttach will block such mails to 100%.
>mails with this >cryptwall were continuing pass through ASSP
What was the reason for the pass through?
>do i need to restart ASSP or wait?
After all workers have reread the config, your changes will take place.
Thomas
Von: "Raynaud Alexandre" <[email protected]>
An: <[email protected]>
Datum: 25.02.2016 16:26
Betreff: [Assp-user] Missing Connecting IP / DoReversed blocking
Hi list,
Since a long time i have noticed that for some incoming mails, there is no
information on the "Connecting IP" then even if i use "block" for
DoReversed, this kind of mail pass through.
Here is an example of email that has no information about the "Connecting
IP" in the ASSP "Mail Analyzer":
General Hints:
text processing uses unicode normalization
ASSP-ID: ASSP.nospam m1-09027-06745
ASSP-Session: 7F35D1174AA0 (mail 1)
removed all local X-ASSP- header lines for analysis
sender and reply addresses:
MAIL FROM: [email protected]
recipient addresses:
RCPT TO: [email protected]
using enhanced Originated IP detection
*detected IP's on the mail routing way: 178.248.x.x(mtaxx.xx.eu)
*detected source IP: 178.248.x.x
Feature Matching:
* DKIM-check returned OK verified-OK
* URIBL check: 'OK'
* RBLCheck returned OK for 178.248.x.x:
* domain domain.fr (in Reply-To) has a valid MX record: x.l.x.com
* domainMX aspmx.l.google.com has a valid A record: 66.102.x.x
* domain news.x.fr (in Mail From: , Errors-to , From , Return-Path) has a
valid MX record: bounce.x.eu
* domainMX bounce.x.eu has a valid A record: 62.27.x.x
* PTR record via DNS: status=no PTR
* RWLcheck returned OK for : status=unknown
But in ASSP mail log first line log entry for the concerned email i can
see the connecting IP : 178.248.x.x. Strangely, in ASSP "Mail Analyzer"
this IP address is in the section : "using enhanced Originated IP
detection" and there are no information at "Connecting Ip" level.
Everytime that kind of email arrive, DoReversed is never apply.
Another issue question is (actually we are receiving an incredible amount
of cryptowall), while assp running, if i activate RBLWL (Whitelisted DNSBL
Validation), do i need to restart ASSP or wait? I ask this because i did
this but even adresses were blacklisted, mails with this cryptwall were
continuing pass through ASSP.
If anybody has any explation i would appreciate. Thank you.
Regards,
Alexandre RAYNAUD
MAIRIE DE SALLANCHES
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
