[Assp-test] Antwort: Re: Antwort: Re: Incorrect addresses added to whitelist via the email interface

[Thomas Eckardt]

Looks better.

1. if you meen a "local address", assp consider it has a 'local domain' , 
which has to be defined in assp - any domain that is not defined as local 
domain (flat file or LDAP) is not considered local
2. set up 'NoAutoWhite', 'NotGreedyWhiteList' and 
'GreedyWhiteListAdditions' to your needs

The Message-ID and the magled addresses are  bugs I have to look at. This 
should be fixed in the next release.

>medwa...@thecjm.org
>380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local: added to 
whitelist
>380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local,medwa...@thecjm.org: 
added to whitelist

This does not meen that 'medwa...@thecjm.org' is added to whitelist, see 
the comma! It meens that '
380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local' is added to 
global whitelist and it is added to  'medwa...@thecjm.org's  personal 
whitelist.


Thomas




Von:    Mark Edwards <medwa...@thecjm.org>
An:     ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum:  01.10.2010 22:56
Betreff:        Re: [Assp-test] Antwort: Re: Incorrect addresses added to 
whitelist via the email interface




On Oct 1, 2010, at 1:27 PM, Thomas Eckardt wrote:

> IMHO is this not a correct MIME message:
> 
>> From: Trustwave <em...@communications.trustwave.com<
> mailto:em...@communications.trustwave.com>>
>> To: IT_AV <it...@thecjm.org<mailto:it...@thecjm.org>>
> 
> both lines are not correct
> 
>> Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local<
> mailto:380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local>>
> 
> and this also
> 
> I would block this mail because of this.

Thanks for your reply Thomas.  I didn't notice, but my original email to 
the list got all messed up and had "mailto" and "http" links added to it, 
and was therefore misleading.  Let me try to transmit the email headers 
and asspnotspam report again below.

My concerns:

em...@communications.trustwave.com
--
Assp would whitelist this address, because it is in the From header.


medwa...@thecjm.org
--
This is not only a local address, but it wasn't in the original email at 
all.  medwa...@thecjm.org was the address from which I forwarded the mail 
to asspnotspam.  That's two reasons it should not have been added to the 
whitelist.


380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local
--
This comes from the Message-ID header.  Why should this be added to the 
whitelist?


47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com
-...@communications.trustwave.com
--
These are both partial addresses from the Reply-To header.  I can see why 
a Reply-To address makes sense for the whitelist, maybe, although I find 
that somewhat questionable as Reply-To isn't considered when whitelisting 
incoming email, is it?  In any case, these addresses are mangled.


Here is the original info.  Hopefully it doesn't get messed up in 
transit...


Response from asspnotspam:

380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local: added to 
whitelist
380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local,medwa...@thecjm.org: 
added to whitelist
em...@communications.trustwave.com: added to whitelist
em...@communications.trustwave.com,medwa...@thecjm.org: added to whitelist
-...@communications.trustwave.com: added to whitelist
-...@communications.trustwave.com,medwa...@thecjm.org: added to whitelist
47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com: 
added to whitelist
47460077c7d11-879590_html-862063647-7507...@communications.trustwave.com,medwa...@thecjm.org:
 
added to whitelist



Headers of email:

Received: from mta.communications.trustwave.com (10.10.16.12) by
mail.thecjm.org (10.10.11.5) with Microsoft SMTP Server id 8.2.176.0; Tue, 
31
Aug 2010 17:47:56 -0700
Received: from mta.communications.trustwave.com ([66.231.89.232]
                 helo=mta.communications.trustwave.com) by 
cjm-assp2.thecjm.lan with ESMTP
                 (2.0.1); 31 Aug 2010 17:52:31 -0700
Received: by mta.communications.trustwave.com (PowerMTA(TM) v3.5r15) id
hfm7340ie1s9 for <it...@thecjm.org>; Tue, 31 Aug 2010 17:20:09 -0600
(envelope-from
<bounce-879590_html-862063647-14143185-7507...@bounce.communications.trustwave.com>)
From: Trustwave <em...@communications.trustwave.com>
To: IT_AV <it...@thecjm.org>
Content-Class: urn:content-classes:message
Date: Tue, 31 Aug 2010 17:48:33 -0700
Subject: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance Program
Thread-Topic: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance
Program
Thread-Index: ActJb1JL8etJMiuKR3yN/ydOPzhWdg==
Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b82...@xtinmta12.xt.local>
List-Unsubscribe:
<
mailto:leave-fca51c777c610d7d1a4c342838-fe251c767764027e731077-fe6415747460077c7d11-fef91375756307-ffc...@leave.communications.trustwave.com
>
Reply-To: Trustwave
 
<reply-fe6415747460077c7d11-879590_html-862063647-7507...@communications.trustwave.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: cjm-exch1.TheCJM.lan
X-MS-Has-Attach:
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-SCL: 9
X-MS-TNEF-Correlator:
x-assp-delay(1): not delayed (gripvalue low: 0.12); 31 Aug 2010 17:52:31 
-0700
x-assp-spam(1): YES
x-assp-spam-reason(1): MessageScore passed low limit
dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608;
d=communications.trustwave.com;
h=From:To:Subject:Date:List-Unsubscribe:MIME-Version:Reply-To:Message-ID:Content-Type:Content-Transfer-Encoding;
i=em...@communications.trustwave.com; bh=B6gxA/9SZFGUgHR1Lai21kKsmjo=;
b=wA+6A7SuzemZNTiiHQzCwY981V4rljahKmesPaLshlSrjrZ/8ZaZu6GxGFKg4qM+k2MCEAMnuudZ
 
jsaGddQnMuf4cWRAnQZ3qKNEkIRmMtJqWksOOtQDtw168VfsoRMsGLLKcAFbmUixCgKlXr9+0IEM
 PyKhUeM4kxRDUvqmLKU=
x-spam-status: yes
x-job: 75073_14143185
x-assp-envelope-from(1):
bounce-879590_html-862063647-14143185-7507...@bounce.communications.trustwave.com
Content-Type: multipart/alternative;
 boundary="_000_380dc3a458c94e10bdb1965395b820fbxtinmta12xtlocal_"
MIME-Version: 1.0
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test