DNSstuff have a beta of a new anti-spam test tool which I ran.
Unfortunately the email got through. What settings should I use to
stop this in future? The message states that it should be caught
because it contains a forged received header, but it looks like ASSP
is not picking this up.
I've increased the rblnValencePB to the default of 35 (from 5).
Running 2.0, 4.02.
Any suggestions about the forged received header?
Thanks,
James.
Log was:
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au Originating IP/HELO: 75.125.82.251 /
gold.dnsstuff.com
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au Message-Score: added 5 for DNSBLcache: neutral,
75.125.82.251 listed in combined-HIB.dnsiplists.completewhois.com,
total score for this message is now 5
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au Message-Score: added -10 for SPF pass, total
score for this message is now -5
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au info: queued first data in sendqueue
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au Bayesian Check - Prob: 0.00000 => ham
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au convert and send data from sendqueue
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] [MessageOK] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au message ok [DNSstuff Mail Server Test Center
Anti Spam Test Message] -> /Applications/assp//okmail/
DNSstuff_Mail_Server_Test_Center_Anti_Spam_Test_Me--4964.eml
Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2
<emailavt...@dnsstuff.com
> to: m...@bordo.com.au info: no MIME/TNEF conversion done
The email that got through, including header was:
From: sa...@dnsstuff.com
Subject: DNSstuff Mail Server Test Center - Anti-Spam Test
Message
Date: 26 August 2009 9:03:14 AM
To: m...@bordo.com.au
Return-Path: <emailavt...@dnsstuff.com>
X-Original-To: m...@bordo.com.au
Delivered-To: m...@bordo.com.au
Received: from astaro1.bordo.com.au (localhost [127.0.0.1]) by
mail.bordo.com.au (Postfix) with SMTP id 9EB14566F50 for <m...@bordo.com.au
>; Wed, 26 Aug 2009 09:03:20 +1000 (EST)
Received: from astaro1.bordo.com.au ([192.168.1.2]
helo=astaro1.bordo.com.au) by ASSP-nospam; 26 Aug 2009 09:03:20 +1000
Received: from gold.dnsstuff.com ([75.125.82.251]:59117
helo=main)
by astaro1.bordo.com.au with esmtp (Exim 4.69) (envelope-from
<emailavt...@dnsstuff.com
>) id 1Mg52q-0004vU-1K for m...@bordo.com.au; Wed, 26 Aug 2009 09:03:17
+1000
Received: from forgedsnd.example.com ([127.0.0.2]) by
forgedrcv.example.com with fakesvc; Wed, 12 Aug 2009 23:24:02
X-Ctch-Refid:
str=0001.0A150203.4A946DB5.0037:SCFSTAT4073896,ss=1,fgs=0
Mime-Version: 1.0
Content-Type: text/html; charset="US-ASCII"
Content-Disposition: inline
X-Assp-Message/Ip-Score: 5 (DNSBLcache: neutral, 75.125.82.251
listed in combined-HIB.dnsiplists.completewhois.com)
X-Assp-Message/Ip-Score: -10 (SPF pass)
X-Assp-Dnsblcache: neutral, 75.125.82.251 listed in combined-
HIB.dnsiplists.completewhois.com
X-Assp-Received-Spf: pass (cache) ip=75.125.82.251
mailfrom=emailavt...@dnsstuff.com
helo=astaro1.bordo.com.au
X-Assp-Bayes-Confidence: 0.00000
X-Assp-Envelope-From: emailavt...@dnsstuff.com
X-Assp-Intended-For: m...@bordo.com.au
Message-Id: <20090825230320.9eb14566...@mail.bordo.com.au>
DNSstuff Mail Server Test Center - Anti-Spam Test
Sent by "me" at Tue Aug 25 23:03:14 2009
This is a test message that was sent to you because you or someone you
know visited the DNSstuff Mail Server Test Center and ran an anti-spam
test against this email address.
This email message contains a forged received header with with a
blacklisted IP Address.
If you received this message without a spam warning or notification,
we recommend you perform the following steps:
Contact your email administrator.
If you are the email administrator, review your current anti-spam
settings, and insure that the latest updates are applied and that your
spam filtering software is enabled.
If the issue is still not resolved or you need additional assistance,
please reply to this email and a DNSstuff sales team member will
contact you.
If you received this message in error or if you require assistance,
please reply to this email.
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
