Thanks Thomas. I've done that and it still gets through.
I think the problem is that it says it originates from example.com: Received: from forgedsnd.example.com ([127.0.0.2]) by forgedrcv.example.com with fakesvc; James. On 27/08/2009, at 2:12 AM, Thomas Eckardt/eck wrote: > James, > > setup 'myServerRe' to all names that are used by your servers! > > Thomas > > > > > James Brown <[email protected]> > 26.08.2009 01:21 > Bitte antworten an > ASSP development mailing list <[email protected]> > > > An > ASSP development mailing list <[email protected]> > Kopie > > Thema > [Assp-test] Spam getting through from DNSstuff spam test > > > > > > > DNSstuff have a beta of a new anti-spam test tool which I ran. > Unfortunately the email got through. What settings should I use to > stop this in future? The message states that it should be caught > because it contains a forged received header, but it looks like ASSP > is not picking this up. > > I've increased the rblnValencePB to the default of 35 (from 5). > > Running 2.0, 4.02. > > Any suggestions about the forged received header? > > Thanks, > > James. > > Log was: > > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] Originating IP/HELO: 75.125.82.251 / > gold.dnsstuff.com > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] Message-Score: added 5 for DNSBLcache: neutral, > 75.125.82.251 listed in combined-HIB.dnsiplists.completewhois.com, > total score for this message is now 5 > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] Message-Score: added -10 for SPF pass, total > score for this message is now -5 > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] info: queued first data in sendqueue > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] Bayesian Check - Prob: 0.00000 => ham > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] convert and send data from sendqueue > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] [MessageOK] 192.168.1.2 > <[email protected] >> to: [email protected] message ok [DNSstuff Mail Server Test Center > Anti Spam Test Message] -> /Applications/assp//okmail/ > DNSstuff_Mail_Server_Test_Center_Anti_Spam_Test_Me--4964.eml > Aug-26-09 09:03:20 id-41400-16761 [Worker_3] 192.168.1.2 > <[email protected] >> to: [email protected] info: no MIME/TNEF conversion done > > The email that got through, including header was: > > From: [email protected] > Subject: DNSstuff Mail Server Test > Center > - Anti-Spam Test Message > Date: 26 August 2009 9:03:14 AM > To: [email protected] > Return-Path: <[email protected]> > X-Original-To: [email protected] > Delivered-To: [email protected] > Received: from astaro1.bordo.com.au > (localhost [127.0.0.1]) by > mail.bordo.com.au (Postfix) with SMTP id 9EB14566F50 for <[email protected] >> ; Wed, 26 Aug 2009 09:03:20 +1000 (EST) > Received: from astaro1.bordo.com.au > ([192.168.1.2] > helo=astaro1.bordo.com.au) by ASSP-nospam; 26 Aug 2009 09:03:20 +1000 > Received: from gold.dnsstuff.com > ([75.125.82.251]:59117 helo=main) > by astaro1.bordo.com.au with esmtp (Exim 4.69) (envelope-from > <[email protected] >> ) id 1Mg52q-0004vU-1K for [email protected]; Wed, 26 Aug 2009 09:03:17 > +1000 > Received: from forgedsnd.example.com > ([127.0.0.2]) by > forgedrcv.example.com with fakesvc; Wed, 12 Aug 2009 23:24:02 > X-Ctch-Refid: > str=0001.0A150203.4A946DB5.0037:SCFSTAT4073896,ss=1,fgs=0 > Mime-Version: 1.0 > Content-Type: text/html; charset="US-ASCII" > Content-Disposition: inline > X-Assp-Message/Ip-Score: 5 (DNSBLcache: > neutral, 75.125.82.251 > listed in combined-HIB.dnsiplists.completewhois.com) > X-Assp-Message/Ip-Score: -10 (SPF pass) > X-Assp-Dnsblcache: neutral, 75.125.82.251 > listed in combined- > HIB.dnsiplists.completewhois.com > X-Assp-Received-Spf: pass (cache) > ip=75.125.82.251 [email protected] > helo=astaro1.bordo.com.au > X-Assp-Bayes-Confidence: 0.00000 > X-Assp-Envelope-From: [email protected] > X-Assp-Intended-For: [email protected] > Message-Id: > <[email protected]> > > DNSstuff Mail Server Test Center - Anti-Spam Test > > Sent by "me" at Tue Aug 25 23:03:14 2009 > > This is a test message that was sent to you because you or someone you > know visited the DNSstuff Mail Server Test Center and ran an anti-spam > test against this email address. > > This email message contains a forged received header with with a > blacklisted IP Address. > > If you received this message without a spam warning or notification, > we recommend you perform the following steps: > > Contact your email administrator. > If you are the email administrator, review your current anti-spam > settings, and insure that the latest updates are applied and that your > spam filtering software is enabled. > If the issue is still not resolved or you need additional assistance, > please reply to this email and a DNSstuff sales team member will > contact you. > If you received this message in error or if you require assistance, > please reply to this email. > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, > legally > privileged and protected in law and are intended solely for the use > of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
