Re: [Assp-test] Don't to DNSBL for a from domain
Thank you both for that info. Turning off the force early option now. On Fri, Oct 9, 2015 at 4:19 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > 'ForceRBLCache' is a bad option - it forces false positives by it's logic > > GUI description: > 'ForceRBLCache': If set, ASSP will use cached DNSBL hits to block > messages before other tests. > > Assume an IP is DNSBL/RBL listed and many domains/orgs are sending mails > via this IP. > You've configured SPF and/or Senderbase in a way that ignores DNSBL for a > such a single domain/org (dom1) - BUT. > After some time any other domain causes a RBLCache addition for this IP. > The next time dom1 sends a mail from this IP, the 'ForceRBLCache' matches > in the SMTP-handshake and will block regardless your nice SPF/Senderbase > setting. > The IP will get penalty points and if this happens often, the IP will > possibly become extreme black over the time. > > The default for 'ForceRBLCache' is OFF - if you set it to ON, you should > know what you do! > > The documentation gives you an overview about the regular check order. > > http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/assp_check_order.txt/download > > Most '..early...' and '..force..' checks are processed before the first > header line is received and the required and checked information is > available. > > IP - connect > HELO - HELO was sent > sender - MAIL FROM was sent > single recipient - RCPT To was sent > all recipients - DATA was sent > > Assume you forces an IP check and there is an option to skip this check > based on the HELO or sending domain - no luck at the 'connect' state. > > Thomas > > > ** > FOR ALL USERS !!! > ** > > NOTICE - and keep in mind: > > Most '..early...' and '..force..' checks will increase the count of false > positives after some time (except the early HELO check), because they are > not regular checks! > These options can be used to prevent system overloads in case of a > spam-attack over a short time. They should be disabled as soon as > possible, followed by a cache cleaning for this option. > > > > Von: K Post <nntp.p...@gmail.com> > An: ASSP development mailing list <assp-test@lists.sourceforge.net> > Datum: 08.10.2015 22:28 > Betreff:Re: [Assp-test] Don't to DNSBL for a from domain > > > > Thanks Greyhat. > > I'm already doing that. The domain that's listed in senderbase is in the > white sender file, preceded with a \b with the dots escaped \. > > I do have ForceRBL enabled for early DNSBL checks. Is >THAT< the problem? > ValidateRBL is set to score with 50 as a threshold (the same score that > rejects for us). I don't even see that senderbase is running for these. > > (this isn't urgent, it's just an annoyance) > > > On Thu, Oct 8, 2015 at 11:32 AM, Grayhat <gray...@gmx.net> wrote: > > > :: On Thu, 8 Oct 2015 11:23:49 -0400 > > ::
Re: [Assp-test] Don't to DNSBL for a from domain
'ForceRBLCache' is a bad option - it forces false positives by it's logic GUI description: 'ForceRBLCache': If set, ASSP will use cached DNSBL hits to block messages before other tests. Assume an IP is DNSBL/RBL listed and many domains/orgs are sending mails via this IP. You've configured SPF and/or Senderbase in a way that ignores DNSBL for a such a single domain/org (dom1) - BUT. After some time any other domain causes a RBLCache addition for this IP. The next time dom1 sends a mail from this IP, the 'ForceRBLCache' matches in the SMTP-handshake and will block regardless your nice SPF/Senderbase setting. The IP will get penalty points and if this happens often, the IP will possibly become extreme black over the time. The default for 'ForceRBLCache' is OFF - if you set it to ON, you should know what you do! The documentation gives you an overview about the regular check order. http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/assp_check_order.txt/download Most '..early...' and '..force..' checks are processed before the first header line is received and the required and checked information is available. IP - connect HELO - HELO was sent sender - MAIL FROM was sent single recipient - RCPT To was sent all recipients - DATA was sent Assume you forces an IP check and there is an option to skip this check based on the HELO or sending domain - no luck at the 'connect' state. Thomas ** FOR ALL USERS !!! ** NOTICE - and keep in mind: Most '..early...' and '..force..' checks will increase the count of false positives after some time (except the early HELO check), because they are not regular checks! These options can be used to prevent system overloads in case of a spam-attack over a short time. They should be disabled as soon as possible, followed by a cache cleaning for this option. Von:K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 08.10.2015 22:28 Betreff: Re: [Assp-test] Don't to DNSBL for a from domain Thanks Greyhat. I'm already doing that. The domain that's listed in senderbase is in the white sender file, preceded with a \b with the dots escaped \. I do have ForceRBL enabled for early DNSBL checks. Is >THAT< the problem? ValidateRBL is set to score with 50 as a threshold (the same score that rejects for us). I don't even see that senderbase is running for these. (this isn't urgent, it's just an annoyance) On Thu, Oct 8, 2015 at 11:32 AM, Grayhat <gray...@gmx.net> wrote: > :: On Thu, 8 Oct 2015 11:23:49 -0400 > ::
Re: [Assp-test] Don't to DNSBL for a from domain
:: On Thu, 8 Oct 2015 11:23:49 -0400 ::
[Assp-test] Don't to DNSBL for a from domain
I feel like this has to have been discussed before, but I can't find any reference to it. Is there a way to skip DNSBL checking based on the envelope from / from line? I want the message to contribute to the corpus, just not be scored based on DNSBL. -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
