I'm running assp 2.2.1(12259), and thought I have everything configured right. The message below has several problems that should have caused ASSP to block it...but it didn't! Can someone help me figure out what is wrong?
1. The sender is forging an internal from address (mdup...@mydomain.com<mailto:mdup...@mydomain.com>). However, I have DoNoSpoofing enabled and mydomain.com in localDomains, so this message should have been stopped right there! Why wasn't it? 2. The X-Assp-Envelope-From (octetteo...@buxrud.se<mailto:octetteo...@buxrud.se>) does not match the from (mdup...@mydomain.com).<mailto:mdup...@mydomain.com).> SHouldn't that cause it to fail? 3. The senders domain (buxrud.se<mailto:octetteo...@buxrud.se>) does not match the IP of the sending MTA (somehow they are using SYMANTEC's mta). Shouldn't that cause it to fail? aaaahhh.... ------------------------------ Received: from smtp1.dnsexit.com (172.31.254.39) by mail.mydomain.com (172.31.254.35) with Microsoft SMTP Server id 8.1.436.0; Sat, 6 Oct 2012 01:34:03 -0400 Received: from smtp1.dnsexit.com ([64.182.102.193] helo=smtp1.dnsexit.com) by spamfilter.mydomain.com with SMTP (2.2.1); 6 Oct 2012 01:34:02 -0400 Received: from 166.98.2.109.rev.sfr.net (166.98.2.109.rev.sfr.net [109.2.98.166]) by smtp1.dnsexit.com (8.13.8/8.13.8) with ESMTP id q965YOgJ029327; Sat, 6 Oct 2012 01:34:25 -0400 Received: from apache by ochprjpybeebaqbvaf.ritenour.k12.mo.us with local (Exim 4.67) (envelope-from <<mdup...@mydomain.com<mailto:mdup...@mydomain.com>>, <os...@mydomain.com<mailto:os...@mydomain.com>>, <upp...@mydomain.com<mailto:upp...@mydomain.com>>>) id 8XR552-VXFQ57-KR for <mdup...@mydomain.com<mailto:mdup...@mydomain.com>>, <os...@mydomain.com<mailto:os...@mydomain.com>>, <upp...@mydomain.com<mailto:upp...@mydomain.com>>; Sat, 6 Oct 2012 06:34:01 +0100 To: <mdup...@mydomain.com<mailto:mdup...@mydomain.com>>, <os...@mydomain.com<mailto:os...@mydomain.com>>, <upp...@mydomain.com<mailto:upp...@mydomain.com>> Subject: Learn how people in your profession can earn a 30% increase! X-PHP-Script: ochprjpybeebaqbvaf.eoriginal.com/sendmail.php for 109.2.98.166 From: <mdup...@mydomain.com<mailto:mdup...@mydomain.com>>, <os...@mydomain.com<mailto:os...@mydomain.com>>, <upp...@mydomain.com<mailto:upp...@mydomain.com>> X-Sender: <mdup...@mydomain.com<mailto:mdup...@mydomain.com>>, <os...@mydomain.com<mailto:os...@mydomain.com>>, <upp...@mydomain.com<mailto:upp...@mydomain.com>> X-Mailer: PHP X-Priority: 1 Content-Type: text/plain; charset="windows-1250" Message-ID: <32qahe-2ra5h9...@ochprjpybeebaqbvaf.bernina.co.il<mailto:32qahe-2ra5h9...@ochprjpybeebaqbvaf.bernina.co.il>> Date: Sat, 6 Oct 2012 06:34:01 +0100 X-Assp-Version: 2.2.1(12259) on spamfilter.mydomain.com X-Assp-Received-SPF: fail ip=166.98.2.109 mailfrom=octetteo...@buxrud.se<mailto:mailfrom=octetteo...@buxrud.se> helo=smtp1.dnsexit.com X-Assp-Message-Score: 10 (SPF fail) X-Assp-IP-Score: 10 (SPF fail) X-Assp-Message-Score: -25 (White Organization/Domain 'SYMANTEC CORPORATION') X-Assp-IP-Score: -25 (White Organization/Domain 'SYMANTEC CORPORATION') X-Assp-Message-Score: 10 (PTR missing) X-Assp-IP-Score: 10 (PTR missing) X-Assp-Whitelisted: Yes (white-senderbase: SYMANTEC CORPORATION) X-Assp-ID: spamfilter.mydomain.com m1-01643-101346 X-Assp-OIP: 166.98.2.109 X-Assp-Detected-RIP: 109.2.98.166 X-Assp-Source-IP: 109.2.98.166 X-Assp-Envelope-From: octetteo...@buxrud.se<mailto:octetteo...@buxrud.se> X-Assp-Intended-For: upp...@mydomain.com<mailto:upp...@mydomain.com> MIME-Version: 1.0 Return-Path: octetteo...@buxrud.se<mailto:octetteo...@buxrud.se> ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
