Look in to the log, there should be an information about an detected OIP
'14.x.x.x' for this message.
Look in to the .eml file - try to find where an IP 14.x.x.x could be
detected - if there is something unclear, post the header of the .eml
file.
ASSP will never detect 14.0.0.0/8 from IP 148.112.145.8 - this is not
possible.
Thomas
Von: Daniel Riek <[email protected]>
An: "[email protected]"
<[email protected]>
Datum: 29.09.2011 17:18
Betreff: Re: [Assp-test] denySMTPConnections
Thank you for the information. I do understand that some Bogons
IPs(subnets) are blocked as listed in the denyalways.txt file. In this
case the ASSP log shows that the address block of 14.0.0.0/8(Class A
Subnet) is blocking this email. But looking at the ASSP log I read it as
the server that is sending this email is at 148.112.145.8(Class B Subnet)
which is not in the same subnet/address block as the Bogons IP(14.0.0.0/8)
and therefore should not be blocked by this restriction.
Re: [Assp-test] denySMTPConnections<
http://sourceforge.net/mailarchive/message.php?msg_id=28155167>
From: Fritz Borgstedt <fb@iw...> - 2011-09-28 16:47
ASSP development mailing list <assp-test@...> writes:
>14.0.0.0/8
For a background of this addresses see:
http://www.team-cymru.org/Services/Bogons/
Remove the enttries if you feel they are wrong.
Please correct me if I am wrong but we have been experiencing Blocked IP's
since an upgrade some time ago. At first it was blocking emails where the
version number of the SMTP server showed something similar to what is in
the denyalways.txt list. We have just found out that it may be happening
again with IP's. This is a good email and we have sent messages to this
person before.
Sep-28-11 10:20:46 m1-23246-09351 [Worker_2] [TLS-in] [TLS-out]
148.112.145.8 <beth@...> to: k@... DKIM-Signature found
Sep-28-11 10:20:46 m1-23246-09351 [Worker_2] [TLS-in] [TLS-out]
[DenyStrict] 148.112.145.8 < beth@... > to: k@... blocked by
denySMTPConnections or droplist strict: 14.0.0.0/8
Sep-28-11 10:20:46 m1-23246-09351 [Worker_2] [TLS-in] [TLS-out]
[DenyStrict] 148.112.145.8 < beth@... > to: k@... [spam found] (blocked by
denySMTPConnections strict '14.0.0.0/8') [RE C 928KM1] ->
C:/assp/spam/RE_C_928KM1--795819.eml;
Sep-28-11 10:20:46 m1-23246-09351 [Worker_2] [TLS-in] [TLS-out]
148.112.145.8 < beth@... > to: k@... [SMTP Error] 554 5.7.1 Mail appears
to be unsolicited -- send error reports to postmaster@...>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
