Do you have ups.com in whiteListedDomains?
The line:
Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <
rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender
Domain: @ups.com
leads me to believe that you do.
On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <a...@knuts.be> wrote:
> I do have "DoOrgWhiting" set to "Score" instead of "Whiting".
> Shouldn't it just decrease the score because ups.com is whitelisted and
> still continue with other other checks (hmm/bayes) as normal?
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:a...@knuts.be]
> To:
> assp-user@lists.sourceforge.net
> Sent: Thu, 18 Aug 2016 13:40:20
> +0100
> Subject: [Assp-user] Whitelist & spam
>
>
> > Today we have a lot of spam getting through. They are all sent from
> random
> > *@ups.com addresses using a lot of different IP's. Here's an example:
> >
> >
> > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0
> > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender
> > Domain: @ups.com
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain
> ups.com
> > has published a DMARC record
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: fail
> > ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com
> > helo=bba423262.alshamil.net.ae
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score:
> added 21
> > (spfValencePB) for SPF fail, total score for this message is now 21
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this mail
> > breakes the DKIM policies defined in the DMARC record for domain ups.com
> -
> > there is no DKIM-signature found in this mail for domain ups.com
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163
> > <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok -
> > (whiteListedDomains '@ups.com') - [Emailing Label] ->
> > /var/db/assp/notspam/Emailing_Label--37641.eml
> > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0
> > 83.110.218.163 - processing time 4 seconds
> >
> >
> > If I use the mail analyzer both HMM and Bayesian tell me they are
> confident
> > it's spam but assp is not running the bayes/hmm check for these kind of
> > emails because "ups.com" is whitelisted by ASSP's default configuration.
> >
> > Does this mean anyone can send any spam email to use for any of the
> > whitelisted domains in ASSP?
> > And how can I prevent this from happening?
> >
> > Thanks
> >
> > ------------------------------------------------------------
> ------------------
> > _______________________________________________
> > Assp-user mailing list
> > Assp-user@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
