Loud and clear Thomas. No need to reply unless I'm wrong or offbase here: I prefixed *everything* in whitesenderBase to start with ^ instead of just \b since \b seems to match hypens. I'm assuming that the ^ prefix instead of \b will not cause any sort of performance or other problem. I haven't seen one, but if it's not advisable, please let me know?
So my original \bwalmart\.com to ^walmart\.com$ so that fake-walmart.com doesn't match. I feel like the ^name$ syntax ensures that I'm matching complete domain or network name as listed in senderbase vs "just" a word boundary to the end of one with \bdomain$ Bad idea? Your explanation of whiteSenderBase being a RE vs dkimWLAddresses being just a list was very helpful and an important point for me to remember. While I can hack the very basics of perl, there's no way I could implement new functionality. That's why I ask the "wouldn't it be nice" questions. That sometimes gets good ideas out there, like my suggestion for the dkimWL and dkimNP which has been a game change here. Often it gets a, "no, that's a bad idea" or "that's not necessary, you could instead..." reply which is fine. I feel like that's why we have this discussion list, the free exchange of ideas, with one goal, blocking spammers and scammers. We're on the same team, even if I might make you feel like I'm an adversary sometimes with my questions. On Sun, May 2, 2021 at 7:14 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > My final comment to this thread. > > - whiteSenderBase is a reglar expression, while dkimAddresses and > dkimNPAddresses are address- and domain lists > - if you've added '\bwalmart\.com' to whiteSenderBase, change it to > '\bwalmart\.com$' > - do not change anything else in whiteSenderBase as long as you don't get > a wrong (or not the expected) detection for this feature > - trust ARIN, RIPE and all the other registars - they will not register > suspicious company names > > In terms of assp - 'assumes' and 'believes' are most times bad. The > feature descriptions in the GUI and the manual should be informativ enough > for IT professionals - if you think, there is anything missing, post your > suggestions for changes here or in the forum - BUT RTMF! > Features should always work like described. If this is not the case, post > this here or in the sourceforge ticket system ( > https://sourceforge.net/p/assp/tickets/) > If assp will remove, add or change anything in your configuration values > 'automatically', this should be stated in the GUI (if not, please report > this) > As long as it is not exeptional stated in the GUI, assp features should > work RFC conform. > Any RFC related information will not be added to the GUI - RFC's, drafts > and there substitutes can be read in the IANA web. Things like 'what is > SPF, SRS, DKIM ....?' will not become part of the assp manual - there are > very good explanations and examples in the web. > > Suggestions for new features or changes are wellcome. How ever: I prever > to see something like 'I saw, changed, tested and got very good results > ...' - than something like 'would'nt it be nice to have....' > > > Thomas > > > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 29.04.2021 22:29 > Betreff: Re: [Assp-test] Senderbase Matching Substring > ------------------------------ > > > > and I'll add that I believe it's a good idea to start whiteSenderBase > lines with ^ instead of \b > > For example: > \bapple\,com$ > would allow *bad-apple.com* <http://bad-apple.com/>, whereas > ^apple\.com$ > won't. > > I suppose it should be obvious, it's just a regex, but the example file > for all those years ago, threw me off. > > > On Thu, Apr 29, 2021 at 10:20 AM K Post <*nntp.p...@gmail.com* > <nntp.p...@gmail.com>> wrote: > also, fyi, the sample file files/whiteorg.txt doesn't have $ to force it > only to match the line ending, which I believe is what I used to come up > with my incorrect assumption. Putting in at least 1 example in that file > with a $ might help others not make the same mistake that I have. My > money's on well more than half of the admins using ASSP haven't made the > same mistake. > > In the sample file, everything starts with \b, clearly telling us that it > needs to be the start of a word, but no lines end with $ or even \b For > example: > \bbank of america > When I see that, I think "we have the \b so that some scammer can't get > senderbase to have their network as 'BADbank of america' and get through > our filters." That's logical, but I also assumed that because there isn't > a trailing \b (or actually $) that it's going to the end of the line. Why > would someone put a \b at the beginning, but not care about "bank of > americascammer network" also being a match? > > Maybe edit the sample whiteorg or put a note at the top to help others? > > On Thu, Apr 29, 2021 at 10:05 AM K Post <*nntp.p...@gmail.com* > <nntp.p...@gmail.com>> wrote: > My assumption was wrong for as long as senderbase has been in ASSP then! > I'll be adding the $ end of line requirement to everything in senderbase > shortly. > > Is this also also true of dkimAddresses and dkimNPAddresses? > > On Mon, Apr 26, 2021 at 2:50 AM Thomas Eckardt < > *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote: > >I (maybe incorrectly) assumed that the *word boundary* was *automatically > added* on the end. > > Hmm.... what is causing this assumtion reading the description of > whiteSenderBase? > > * Whitelisted Organizations, Domains and Hosts in SenderBase** > (whiteSenderBase)* > If the organization, domain or hostname in the SenderBase IP description > matches this Perl regular expression, the message will be considered > non-spam. For example file:files/whiteorg.txt > NOTICE: If only the hostname matches an entry and DoOrgWhiting is set to > "whiting", the domain+organization pair will not be added to the white > organizations! > > > *walmart.com.mx* <http://walmart.com.mx/> > > \bwalmart\.com - match > \bwalmart\.com\b - match > \bwalmart\.com$ - no match > > Thomas > > > > > > > Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>> > An: "ASSP development mailing list" < > *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>> > Datum: 25.04.2021 12:25 > Betreff: [Assp-test] Senderbase Matching Substring > ------------------------------ > > > > For a long time, I've had > \bwalmart\.com > in my whiteSenderBase configuration. Some of our staff shops at walmart > and anything from Walmart's ip space should be considered white. All good > there. > > However, I had a bunch of spam slip through because of this overnight. > When I did an alayze, I saw: > 129.41.173.75 SenderBase: status=white SenderBase, data=[CN=US, > ORG=ACOUSTIC-ATL-01, DOM=*walmart.com* <http://walmart.com/>*.mx*, BLS=, > HNM=Y, CIDR=23, HN=*mail9320.hayhouse.mkt9919.com* > <http://mail9320.hayhouse.mkt9919.com/>] > > WhiteDomain Regex: whiteSenderBaseRE '*walmart.com* <http://walmart.com/>' > > [scoring] SenderBase -- White Domain '*walmart.com* <http://walmart.com/>' > > It's matching *walmart.com* <http://walmart.com/>*.MX* > > I've never put a \b at the end of config lines in whiteSenderBase, I > (maybe incorrectly) assumed that the word boundary was automatically added > on the end. > > Is the \b on the end necessary, if I don't want to match *walmart.com.mx* > <http://walmart.com.mx/> and only want to match *walmart.com* > <http://walmart.com/>? Is there another way, coding error, config > mistake, etc? > > Thanks!_______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
