>I'm always so afraid of false positives.
Ken, let's see what will be happen - I was running this feature for over
week before it was released and even without the current improvement (PBL
..10/11) I've got not a single false positive.
If you expect that PBL will match on a IP-range you know and you are still
get scared - put this range in to 'noRBL'.
But for now, I want you not to do this - because we will not know, if
there is a mistake in that feature, while such IP ranges are ignored with
'noRBL'.
Thomas
Von: K Post <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 31.07.2011 20:19
Betreff: Re: [Assp-test] Antwort: Re: fixes in 2.0.2_3.2.06
Thanks again for MAKING the time to answer....
I don't know that I agree that most ISP's don't show the IP's of their
clients in received lines. Comcast (one of the largest ISP's in the US)
definitely does for SMTP emai. Here's an example:
Received: from omta17.emeryville.ca.mail.comcast.net ([76.96.30.73]) by
qmta06.emeryville.ca.mail.comcast.net with comcast id
BQ011h0041afHeLA6QABZE; Sat, 23 Jul 2011 12:19:11 +0000
Received: from mypc.local ([69.10.100.200]) by
omta17.emeryville.ca.mail.comcast.net with comcast id
BQBc4300F585Fth8dQBcnA; Sat, 23 Jul 2011 12:18:37 +0000
with 69.10.100.200 (genericized) being the ip handed out to my home
computer. I know that time warner does this as well, I I'm pretty sure
that verizon does too. Now, of couse when a home user is using a web
interface for email like gmail or something, their local ip doesn't show,
but for those people who use smtp to send the message from home they do in
every case that I've seen.
I >>wish<< that I were an ASSP expert, I'm just not. You answered in
detail, more detail than I expected in fact, my questions - you're the
expert. I hadn't realized that zen.spamhaus.org gives a 127.0.0.10 or 11
reply for pbl matches. That's great, and I'm thrilled if I'm
understanding
correctly that ASSP takes that into consideration and does NOT negatively
score a message based on an earlier received line that is a pbl match. I
suggest that you make it clear in the gui that PBL only matches do not
negatively score so that unknowing users don't get alarmed.
I still get scared that other providers might not be as clear as to
rejection reasons and could cause a ton of mail to be erroneously
rejected. I'm always so afraid of false positives.
On Sat, Jul 30, 2011 at 5:25 AM, Thomas Eckardt
<[email protected]>wrote:
> >When you have time
> :):)
>
> >what type of IP's will be ignored by this new filter
>
> in general (for now):
>
> IPprivate
> ispip
> acceptAllMail
> whiteListedIPs
> noProcessingIPs
> noDelay
> noPB
>
> and individual the exceptions for every check
>
> denySMTPConnectionsFromAlways
> droplist
> PenaltyExtreme
> ValidateRBL
> PenaltyBox
>
> >I don't know if other
> >providers than spamhaus have separate lists for dynamic ip's
>
> If there is one - I'll implement it. I don't think that this is realy a
> problem, most of the ISPs don't write the IP's of there clients in a
> Received: line - mostly it is the user name or something like
> 'authenticated ....' or similar.
>
> >how does ASSP know the reason that an IP has been blacklisted
>
> This is something 'basic' - you should already know as an assp expert. I
> think the GUI description in the DNSBL section is lenghty.
>
> >I just don't know how assp knows with certainty that an IP is on a
> >dnsbl because it's dynamic vs one that's there because it's bad.
>
> the reply from the service provider shows us the reason - in case of
> spamhaus 127.0.0.10 and 127.0.0.11
>
> >Also, are there configuration options for this new feature?
> No - the individual check config is used - the IP's will be processed
the
> same way as they where connected to assp
>
> The feature is 'on' per default - to switch it off use the
> 'enhancedOriginIPDetect:=0' startup switch or modify the
> 'CorrectASSPcfg.pm' or modify the code
>
> enhancedOriginIPDetect is the name in 2.0.2_3.2.07 - up to 3.2.06 the
name
> is (wrong sorry) enhancedOrginIPDetect
>
> Thomas
>
>
>
>
> Von: K Post <[email protected]>
> An: ASSP development mailing list <[email protected]>
> Datum: 30.07.2011 03:34
> Betreff: Re: [Assp-test] fixes in 2.0.2_3.2.06
>
>
>
>
> When you have time, can you provide more info about what type of IP's
will
> be ignored by this new filter? This seems like a major change - I just
> want
> to understand it better before implementing it here. I don't know if
> other
> providers than spamhaus have separate lists for dynamic ip's, and if
they
> don't how does ASSP know the reason that an IP has been blacklisted.
>
> Sure, we don't want to allow mail coming directly from a dynamic ip, but
> do
> if it starts at the dynamic ip and goes to the rightful upstream smtp
> server. I just don't know how assp knows with certainty that an IP is
on
> a
> dnsbl because it's dynamic vs one that's there because it's bad.
>
> Also, are there configuration options for this new feature? Can we
> score/monitor/block like we can with so many of your other awesome
> features?
>
> Thanks
> Ken
>
> On Fri, Jul 29, 2011 at 8:20 PM, Gary Sunderland
> <[email protected]>wrote:
>
> > ditto
> >
> > -----Original Message-----
> > From: Peter W Bowey [mailto:[email protected]]
> > Sent: Friday, July 29, 2011 9:14 AM
> > To: ASSP development mailing list
> > Subject: Re: [Assp-test] fixes in 2.0.2_3.2.06
> >
> >
> > > Hi all,
> > >
> > > fixed in 2.0.2_3.2.06:
> > >
> > > - the enhanced mail routing IP-address-detection now cares about
> > > blacklisted dynamic IP-ranges (like pbl.spamhaus.org) and skips this
> > > IP's on the DNSBL check
> > > - strange output on orginating HELO detection in 2.0.2_3.2.05
> > >
> > > Thomas
> >
> > Hi Thomas,
> >
> > I am very amazed at your solid endurance and good record for regular
> > updates
> > for ASSP.
> >
> > I want you to know that this is very appreciated, if it was not for
> ASSP
> > *dev*, I would be recieving about 950 fake / spam emails per day.
> >
> > As it is, I only get about 2 per day...
> >
> > I thank you Thomas! (all those 10,000 hours)
> >
> > *ASSP has evolved into a mature program
> > of great merit!*
> >
> > Peter
> >
> >
> >
> >
>
>
----------------------------------------------------------------------------
> > --
> > Got Input? Slashdot Needs You.
> > Take our quick survey online. Come on, we don't ask for help often.
> > Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> > http://p.sf.net/sfu/slashdot-survey
> > _______________________________________________
> > Assp-test mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
>
>
------------------------------------------------------------------------------
> > Got Input? Slashdot Needs You.
> > Take our quick survey online. Come on, we don't ask for help often.
> > Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> > http://p.sf.net/sfu/slashdot-survey
> > _______________________________________________
> > Assp-test mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
>
------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
>
------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Got Input? Slashdot Needs You.
Take our quick survey online. Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
