I realize that the sender's mailserver is doing bad thing and I've already pointed it out to him, but I'm not sure that he will fix it. Unfortunately, the sender is a legitimate sender and not spam. I don't want to undo the checking on validate Helo, because it does catch a lot of bad stuff. I have DoIPinHelo set to score. I don't see any setting for IP in HELO does not match IP in connection - will that always block or can it be set to score? My concern is that this message was blocked due to high message score, so I am afraid that that other message scores (regex or Bayesian) will get blocked.
...Tim -----Original Message----- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Tuesday, October 08, 2013 10:57 AM To: ASSP development mailing list Subject: [Assp-test] Antwort: Whitelisting not working? GUI->section Validate Helo_> read->read->read -> configure! any more questions -> ask the best solution is to contact the senders admin and to tell him that his mail system is doing wrong things 1. a real mail server never uses an IP in the HELO - this is not an issue in terms of RFC -> score is 39 (which is OK) 2. here - an IP is used in HELO and it does not match the connected IP , which indicates 1000% SPAM Thomas Von: Tim Evans <tev...@sparling.com> An: "assp-test@lists.sourceforge.net" <assp-test@lists.sourceforge.net>, Datum: 08.10.2013 18:49 Betreff: [Assp-test] Whitelisting not working? Hi, I'm running ASSP version 2.3.3(13276) on perl 5, version 14, subversion 2 on Windows Server 2008R2. I'm getting mail blocked from whitelisted senders. Here is the log: Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> info: found message size announcement: 14.18 kByte Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> Message-Score: added 39 (fiphValencePB) for Suspicious HELO - contains IP: 'wsip-70-168-48-17.sd.sd.cox.net', total score for this message is now 39 Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> [scoring] (Suspicious HELO - contains IP: 'wsip-70-168-48-17.sd.sd.cox.net') Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> Message-Score: added 60 (fiphmValencePB) for IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in connection '70.168.48.18' , total score for this message is now 99 Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> [scoring] (IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in connection '70.168.48.18' ) Oct-08-13 08:57:24 47844-07354 [Worker_1] [MessageLimit] 70.168.48.18 <sen...@southlandelectricinc.com> to: recipi...@sparling.com [spam found] (MessageScore 99, limit 50) [FW Southland Electric inc] -> c:/assp/spam/7354.eml; Oct-08-13 08:57:25 47844-07354 [Worker_1] 70.168.48.18 <sen...@southlandelectricinc.com> to: recipi...@sparling.com [SMTP Error] 554 5.7.1 Mail appears to be unsolicited -- send error reports to thisisnts...@sparling.com Here is the email header: From: Sender <sen...@southlandelectricinc.com> To: "recipi...@sparling.com" <recipi...@sparling.com> Date: Tue, 8 Oct 2013 08:57:15 -0700 Subject: [MessageLimit] FW: Southland Electric inc. Thread-Topic: Southland Electric inc. Thread-Index: Ac7Daqhqwuknor9fSHO+nfpu3GXcWAA1ENGA Message-ID: <F96D8FE3B006DF4997D1A433B118B35F1AB0AF2D88@SERVEREXCH.southland.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-vipre-scanned: 051BF8CA0056B0051BFA17 acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_F96D8FE3B006DF4997D1A433B118B35F1AB0AF2D88SERVEREXCHsou_" MIME-Version: 1.0 X-Assp-Version: 2.3.3(13276) on Sparling.ASSP X-Assp-ID: Sparling.ASSP 47844-07354 X-Assp-Session: 5BD67B0C (mail 1) X-Assp-Envelope-From: sen...@southlandelectricinc.com X-Assp-Message-Score: 39 (Suspicious HELO - contains IP: 'wsip-70-168-48-17.sd.sd.cox.net') X-Assp-IP-Score: 39 (Suspicious HELO - contains IP: 'wsip-70-168-48-17.sd.sd.cox.net') X-Assp-Message-Score: 60 (IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in connection '70.168.48.18' ) X-Assp-IP-Score: 60 (IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in connection '70.168.48.18' ) X-Assp-Delay: not delayed (whitelisted); 8 Oct 2013 08:57:24 -0700 X-Assp-Whitelisted: Yes (whitelistdb) X-Assp-Tag: MessageLimit X-Assp-allLoveATSpam: 2 X-Assp-Spam: YES X-ASSPSpam-Status: yes X-Assp-Spam-Reason: MessageScore 99, limit 50 X-Assp-Message-Totalscore: 99 X-Assp-Spam-Level: ******************** X-Assp-Intended-For: recipi...@sparling.com X-Assp-Copy-Spam: Yes Return-Path: sen...@southlandelectricinc.com X-MS-Exchange-Organization-AuthSource: colmbx01.corp.sparling.com X-MS-Exchange-Organization-AuthAs: Anonymous The header notes that the sender is in the whitelist, but the log makes no mention of it. How can I ensure that whitelisted senders are not blocked? ...Tim ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
