>info: found bounced sender: <>
If there is no envelope sender provided (it's a bounce mail) - the 'from'
header check is skipped.
>[scoring] MSGID-sig check failed for bounce sender
If all your outgoing mails are msgid tagged by assp - block on this check.
At least
is listed by [CACHE] ips.backscatterer.org + MSGID-sig check failed
for bounce sender = should be blocked by the penalty box
MessageScore
Thomas
Von: Brunner Markus <markus.brun...@starrag.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Datum: 31.05.2017 17:03
Betreff: Re: [Assp-user] DoNoSpoofing4From
Hi,
'DoNoFrom' is set to score and nofromValencePB is set to 50. But it was
not added to total score.
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [isbounce] 85.128.182.51 bounce message detected
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com [scoring] SPF: none
(cache) ip=85.128.182.51 mailfrom=postmas...@alz51.rev.netart.pl
helo=alz51.rev.netart.pl
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [DNSBL] 85.128.182.51 to: leah.cr...@starrag.com [scoring]
DNSBL: neutral, 85.128.182.51 listed in l2.apews.org
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com Message-Score: added 17
for DNSBL: neutral, 85.128.182.51 listed in l2.apews.org, total score for
this message is now 17
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com [monitoring] IP:
85.128.182.51 is listed by [CACHE] ips.backscatterer.org
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com HMM-Check has given
less than 6 results - using monitoring mode only
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com HMM Check [monitoring]
- Prob: 0.00000 => ham - answer/query relation: 6% of 46
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com Bayesian Check
[scoring] - Prob: 0.00000 => ham - answer/query relation: 54% of 48
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com info: found bounced
sender: <> and recipient: <leah.cr...@starrag.com> without valid
MSGID-signature
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [MSGID-sig] 85.128.182.51 to: leah.cr...@starrag.com [scoring]
MSGID-sig check failed for bounce sender
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com Message-Score: added 25
(fbmtvValencePB) for MSGID-sig check failed for bounce sender , total
score for this message is now 42
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com [Plugin] calling plugin
ASSP_AFC
17-05-10.maillog.txt:May-10-17 21:27:55 m1-44474-10908 [Worker_1]
[TLS-out] [MessageOK] 85.128.182.51 to: leah.cr...@starrag.com message ok
[Invoice 81687624195 Crist Leah]
17-05-10.maillog.txt:May-10-17 21:27:55 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: leah.cr...@starrag.com info: PB-IP-Score for
'85.128.182.0' is 0, added 17 in this session
Why?
Markus
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Gesendet: Mittwoch, 31. Mai 2017 16:44
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Betreff: Re: [Assp-user] DoNoSpoofing4From
'DoNoFrom' will detect this from header as invalid
btw: not only assp detects this mistake (if configured)
X-Spam-Status: No, score=3.812 tagged_above=-10
tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
HELO_MISC_IP=0.001, HTML_MESSAGE=0.001,
MIME_BASE64_TEXT=0.001,
MIME_HTML_ONLY=1.105] autolearn=disabled
spamassassin also
Thomas
Von: Brunner Markus <markus.brun...@starrag.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Datum: 31.05.2017 16:22
Betreff: Re: [Assp-user] DoNoSpoofing4From
Hi,
this is the full header.
Received: from mail.starrag.com (10.152.1.40) by RO57anon.starrag.com
(10.152.1.23) with Microsoft SMTP Server id 14.3.279.2; Wed, 10 May 2017
21:27:36 +0200
Received: from alz51.rev.netart.pl (ro37.starrag.com [10.254.1.223]) by
mail.starrag.com (Postfix) with ESMTPS id 53717E00CF for
<leah.cr...@starrag.com>; Wed, 10 May 2017 21:27:54 +0200 (CEST)
X-Assp-ID: mail.starrag.com m1-44474-10908
X-Assp-Session: F283A48 (mail 1)
X-Assp-Intended-For: leah.cr...@starrag.com
X-Assp-Version: 2.5.5(16366) on mail.starrag.com
X-Assp-Server-TLS: yes
X-Assp-Delay: not delayed (gripvalue low: 0.29); 10 May 2017
21:27:54 +0200
X-Assp-Received-SPF: none (cache) ip=85.128.182.51
mailfrom=postmas...@alz51.rev.netart.pl
helo=alz51.rev.netart.pl
X-Original-Authentication-Results: mail.starrag.com; spf=none
X-Assp-Message-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
l2.apews.org)
X-Assp-IP-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
l2.apews.org)
X-Assp-DNSBL: neutral, 85.128.182.51 listed in (l2.apews.org<-127.0.0.2; )
X-Assp-Spam-Level: ****
Received: from alz51.rev.netart.pl ([85.128.182.51]
helo=alz51.rev.netart.pl)
by mail.starrag.com with SMTP (2.5.5); 10 May 2017 21:27:54
+0200
X-Virus-Scanned: by amavisd-new using ClamAV (14)
X-Spam-Flag: NO
X-Spam-Score: 3.812
X-Spam-Level: ***
X-Spam-Status: No, score=3.812 tagged_above=-10
tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
HELO_MISC_IP=0.001, HTML_MESSAGE=0.001,
MIME_BASE64_TEXT=0.001,
MIME_HTML_ONLY=1.105] autolearn=disabled
Received: from [10.0.0.38] (remote.dse-ltd.co.uk [81.133.147.22]) by
goreckizory.nazwa.pl (Postfix) with ESMTP id E2A9737FEEB for
<leah.cr...@starrag.com>; Wed, 10 May 2017 21:27:34 +0200 (CEST)
Date: Wed, 10 May 2017 20:27:30 +0000
From: =?UTF-8?B?Sm9obi5Sb2JiaW5zQHN0YXJyYWcuY29t?=
Message-ID: <62112125579.2017510192...@starrag.com>
To: <leah.cr...@starrag.com>
Subject: =?UTF-8?B?SW52b2ljZSA4MTY4NzYyNDE5NSBDcmlzdCBMZWFo?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_c10740b4-96ca-4ccf-89ab-02bf68b8d5c3_"
Return-Path: <>
X-MS-Exchange-Organization-AuthSource: RO57.starrag.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
How can mails like this be blocked?
Best Regards
Markus
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Gesendet: Mittwoch, 31. Mai 2017 13:49
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Betreff: Re: [Assp-user] DoNoSpoofing4From
this header is invalid - so there is nothing to recognize
From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?= <u...@domain.com>
would be the valid variant
a from header has to contain a valid email address - if this is provided,
it will be used by assp
Thomas
Von: Brunner Markus <markus.brun...@starrag.com>
An: "assp-user@lists.sourceforge.net" <
assp-user@lists.sourceforge.net>
Datum: 31.05.2017 13:11
Betreff: [Assp-user] DoNoSpoofing4From
Hi,
is there a way that assp recognize UTF8/b64 encoded “from” header for
spoofing?
Header looks like:
From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?=
Freundliche Grüsse / Kind regards
Markus Brunner
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
