So I have to add ups.com to blockstrictSPFRe? ----- Original Message ----- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] To: For Users of ASSP [mailto:assp-user@lists.sourceforge.net] Sent: Thu, 18 Aug 2016 18:15:18 +0100 Subject: Re: [Assp-user] Whitelist & spam
> >They are all sent from random *@ups.com addresses using a lot of > different IP's. > > SPF will catch it. > > Thomas > > > > > > Von: "Andy Knuts" <a...@knuts.be> > An: "For Users of ASSP" <assp-user@lists.sourceforge.net> > Datum: 18.08.2016 16:42 > Betreff: Re: [Assp-user] Whitelist & spam > > > > Yes. I'm using the included whiteListDomains so ASSP default configuration > is to whitelist ups.com. > Maybe I need to enable BayesWL? > > ----- Original Message ----- > From: K Post > [mailto:nntp.p...@gmail.com] > To: For Users of ASSP > [mailto:assp-user@lists.sourceforge.net] > Sent: Thu, 18 Aug 2016 16:26:19 > +0100 > Subject: Re: [Assp-user] Whitelist & spam > > > > Do you have ups.com in whiteListedDomains? > > > > The line: > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 < > > rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > > Domain: @ups.com > > leads me to believe that you do. > > > > On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <a...@knuts.be> wrote: > > > > > I do have "DoOrgWhiting" set to "Score" instead of "Whiting". > > > Shouldn't it just decrease the score because ups.com is whitelisted > and > > > still continue with other other checks (hmm/bayes) as normal? > > > > > > > > > ----- Original Message ----- > > > From: Andy Knuts [mailto:a...@knuts.be] > > > To: > > > assp-user@lists.sourceforge.net > > > Sent: Thu, 18 Aug 2016 13:40:20 > > > +0100 > > > Subject: [Assp-user] Whitelist & spam > > > > > > > > > > Today we have a lot of spam getting through. They are all sent from > > > random > > > > *@ups.com addresses using a lot of different IP's. Here's an > example: > > > > > > > > > > > > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 > > > > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted > sender > > > > Domain: @ups.com > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain > > > ups.com > > > > has published a DMARC record > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: > fail > > > > ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com > > > > helo=bba423262.alshamil.net.ae > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score: > > > added 21 > > > > (spfValencePB) for SPF fail, total score for this message is now 21 > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this > mail > > > > breakes the DKIM policies defined in the DMARC record for domain > ups.com > > > - > > > > there is no DKIM-signature found in this mail for domain ups.com > > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] > 83.110.218.163 > > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok - > > > > (whiteListedDomains '@ups.com') - [Emailing Label] -> > > > > /var/db/assp/notspam/Emailing_Label--37641.eml > > > > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 > > > > 83.110.218.163 - processing time 4 seconds > > > > > > > > > > > > If I use the mail analyzer both HMM and Bayesian tell me they are > > > confident > > > > it's spam but assp is not running the bayes/hmm check for these kind > of > > > > emails because "ups.com" is whitelisted by ASSP's default > configuration. > > > > > > > > Does this mean anyone can send any spam email to use for any of the > > > > whitelisted domains in ASSP? > > > > And how can I prevent this from happening? > > > > > > > > Thanks > > > > > > > > ------------------------------------------------------------ > > > ------------------ > > > > _______________________________________________ > > > > Assp-user mailing list > > > > Assp-user@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > > > > ------------------------------------------------------------ > > > ------------------ > > > _______________________________________________ > > > Assp-user mailing list > > > Assp-user@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
