I noticed something strange with ASSP. I have configured it to forward messages to localhost:125. On port 125 there's a postfix installation without any filtering. It's just used for routing messages to the right server. So ASSP is forwarding every non-spam message to postfix and it's working as expected.
Strange thing I noticed is that every spam message coming from @globo.com is not identified as spam and ASSP says "message ok". So it should be forwarding it to postfix, right? Well, it doesn't! There's nothing in the postfix logs about those messages. We get a couple of them every day and they never show op in postfix log. As it's a spam message I don't care about it. But I wonder what's happening and if this same issue could happen wit non-spam mails too. Here's an example from maillog.txt: Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] Message-Score: added 2 for 191.252.30.0 in griplist (0.84), total score for this message is now 2 Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] [DKIM] 191.252.30.163 <[email protected]> to: [email protected] [scoring] DKIM domain mismatch - globo.com found in DKIMCache, but no DKIM-Signature found in mail header (Cache) Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] Message-Score: added 15 (dkimValencePB) for DKIM domain mismatch - globo.com found in DKIMCache, but no DKIM-Signature found in mail header, total score for this message is now 17 Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] info: remove IP-score from 191.252.30.163 - this mail passed the SPF check Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] Message-Score: added -10 (spfpValencePB) for SPF pass, total score for this message is now 7 Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] Message-Score: added 25 for Blocked IP-Country BR (LOCAWEB SERVI�OS DE INTERNET S/A), total score for this message is now 32 Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] [scoring] SenderBase -- Blocked IP-Country BR (LOCAWEB SERVI�OS DE INTERNET S/A) Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] info: check IP's on mail route for DNSBL Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] [MessageOK] 191.252.30.163 <[email protected]> to: [email protected] message ok [wowsome] Jul-16-16 01:55:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[email protected]> to: [email protected] info: PB-IP-Score for '191.252.30.0' is 0, added 15 in this session Around that time there wasn't even a connection logged in postfix log. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
