Re: [Assp-test] Block spoofed addresses

Thu, 13 Sep 2012 11:59:54 -0700 

On 8/21/2012 11:52 AM, Daniel L. Miller wrote:
> I haven't seen any more of the spoofed efax messages reach my printer -
> and I'm seeing SPFerrors, fails, neutrals, softfails, and
> softfail-stricts in my scoring statistics.  Has anyone else seen the
> spoofed efax messages blocked as a result of this?
Ok - garbage efax's coming through again. I thought the new SPF record 
would block this crap - but it's coming through again. Here is the 
analysis of the message:

*Feature Matching:*

*•NoProcessing Domain 
<http://bubba.amfeslan.local:55555/#noProcessingDomains>*: 'efax.com'
*•SPF-check returned OK*for65.217.137.4 
<javascript:void(0);>->mess...@inbound.efax.com <javascript:void(0);>, 
[65.217.137.4 <javascript:void(0);>]
•SPF: fail (cache) ip=65.217.137.4 
<javascript:void(0);>mailfrom=mess...@inbound.efax.com 
<javascript:void(0);>helo=[65.217.137.4 <javascript:void(0);>]
*•bombRe<http://bubba.amfeslan.local:55555/#bombRe>*: 'highest match: 
"ratee" with valence: 30 - PB value = 60'
•matching bombRe(file:files/bombre.txt[line 394] <javascript:void(0);>): 
'ratee'
*•URIBL check <http://bubba.amfeslan.local:55555/#ValidateURIBL>*: 'OK'
*•Not a Valid Format of HELO 
<http://bubba.amfeslan.local:55555/#DoValidFormatHelo>*: '[65.217.137.4 
<javascript:void(0);>]'
*•Invalid Format of HELO 
<http://bubba.amfeslan.local:55555/#invalidFormatHeloRe>*: 'highest 
match: "65.217.137" with valence: 20 - PB value = 20'
•matching invalidFormatHeloRe(file:files/invalidhelo.txt[line 4] 
<javascript:void(0);>): '\d{1,3}[-x.]\d{1,3}[-x.]\d{1,3}'
*•IP in Helo check <http://bubba.amfeslan.local:55555/#DoIPinHelo>*: 'OK'
*•RBLCheck returned OK for67.112.61.71 <javascript:void(0);>*:
*•RBLCheck returned OK for65.217.137.4 <javascript:void(0);>*: DNSBL: 
neutral,65.217.137.4 <javascript:void(0);>listed in bb.barracudacentral.org
*•65.217.137.0 <javascript:void(0);>has a Griplist value of 0.8*


-- 
Daniel

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to