>that this message was blocked due to high message score
Yes.
>will that always block or can it be set to score
it only scores - the log shows it
So every thing could be read in the log
reduce fiphmValencePB
or exclude the IP from the helo checks
or ...
or ...
or SIMPLY READ the helo section
Thomas
Von: Tim Evans <tev...@sparling.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>,
Datum: 08.10.2013 20:34
Betreff: Re: [Assp-test] Antwort: Whitelisting not working?
I realize that the sender's mailserver is doing bad thing and I've already
pointed it out to him, but I'm not sure that he will fix it.
Unfortunately, the sender is a legitimate sender and not spam. I don't
want to undo the checking on validate Helo, because it does catch a lot of
bad stuff. I have DoIPinHelo set to score. I don't see any setting for IP
in HELO does not match IP in connection - will that always block or can it
be set to score? My concern is that this message was blocked due to high
message score, so I am afraid that that other message scores (regex or
Bayesian) will get blocked.
...Tim
-----Original Message-----
From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Sent: Tuesday, October 08, 2013 10:57 AM
To: ASSP development mailing list
Subject: [Assp-test] Antwort: Whitelisting not working?
GUI->section Validate Helo_> read->read->read -> configure!
any more questions -> ask
the best solution is to contact the senders admin and to tell him that his
mail system is doing wrong things
1. a real mail server never uses an IP in the HELO - this is not an issue
in terms of RFC -> score is 39 (which is OK)
2. here - an IP is used in HELO and it does not match the connected IP ,
which indicates 1000% SPAM
Thomas
Von: Tim Evans <tev...@sparling.com>
An: "assp-test@lists.sourceforge.net"
<assp-test@lists.sourceforge.net>,
Datum: 08.10.2013 18:49
Betreff: [Assp-test] Whitelisting not working?
Hi,
I'm running ASSP version 2.3.3(13276) on perl 5, version 14, subversion 2
on Windows Server 2008R2. I'm getting mail blocked from whitelisted
senders. Here is the log:
Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> info: found message size announcement:
14.18 kByte
Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> Message-Score: added 39 (fiphValencePB)
for Suspicious HELO - contains IP: 'wsip-70-168-48-17.sd.sd.cox.net',
total score for this message is now 39
Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> [scoring] (Suspicious HELO - contains
IP: 'wsip-70-168-48-17.sd.sd.cox.net')
Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> Message-Score: added 60 (fiphmValencePB)
for IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in
connection '70.168.48.18' , total score for this message is now 99
Oct-08-13 08:57:24 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> [scoring] (IP in HELO
'wsip-70-168-48-17.sd.sd.cox.net' does not match IP in connection
'70.168.48.18' )
Oct-08-13 08:57:24 47844-07354 [Worker_1] [MessageLimit] 70.168.48.18
<sen...@southlandelectricinc.com> to: recipi...@sparling.com [spam found]
(MessageScore 99, limit 50) [FW Southland Electric inc] ->
c:/assp/spam/7354.eml;
Oct-08-13 08:57:25 47844-07354 [Worker_1] 70.168.48.18
<sen...@southlandelectricinc.com> to: recipi...@sparling.com [SMTP Error]
554 5.7.1 Mail appears to be unsolicited -- send error reports to
thisisnts...@sparling.com
Here is the email header:
From: Sender <sen...@southlandelectricinc.com>
To: "recipi...@sparling.com" <recipi...@sparling.com>
Date: Tue, 8 Oct 2013 08:57:15 -0700
Subject: [MessageLimit] FW: Southland Electric inc.
Thread-Topic: Southland Electric inc.
Thread-Index: Ac7Daqhqwuknor9fSHO+nfpu3GXcWAA1ENGA
Message-ID:
<F96D8FE3B006DF4997D1A433B118B35F1AB0AF2D88@SERVEREXCH.southland.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-vipre-scanned: 051BF8CA0056B0051BFA17
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_F96D8FE3B006DF4997D1A433B118B35F1AB0AF2D88SERVEREXCHsou_"
MIME-Version: 1.0
X-Assp-Version: 2.3.3(13276) on Sparling.ASSP
X-Assp-ID: Sparling.ASSP 47844-07354
X-Assp-Session: 5BD67B0C (mail 1)
X-Assp-Envelope-From: sen...@southlandelectricinc.com
X-Assp-Message-Score: 39 (Suspicious HELO - contains IP:
'wsip-70-168-48-17.sd.sd.cox.net')
X-Assp-IP-Score: 39 (Suspicious HELO - contains IP:
'wsip-70-168-48-17.sd.sd.cox.net')
X-Assp-Message-Score: 60 (IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net'
does
not match IP in connection '70.168.48.18' )
X-Assp-IP-Score: 60 (IP in HELO 'wsip-70-168-48-17.sd.sd.cox.net' does not
match IP in connection '70.168.48.18' )
X-Assp-Delay: not delayed (whitelisted); 8 Oct 2013 08:57:24 -0700
X-Assp-Whitelisted: Yes (whitelistdb)
X-Assp-Tag: MessageLimit
X-Assp-allLoveATSpam: 2
X-Assp-Spam: YES
X-ASSPSpam-Status: yes
X-Assp-Spam-Reason: MessageScore 99, limit 50
X-Assp-Message-Totalscore: 99
X-Assp-Spam-Level: ********************
X-Assp-Intended-For: recipi...@sparling.com
X-Assp-Copy-Spam: Yes
Return-Path: sen...@southlandelectricinc.com
X-MS-Exchange-Organization-AuthSource: colmbx01.corp.sparling.com
X-MS-Exchange-Organization-AuthAs: Anonymous
The header notes that the sender is in the whitelist, but the log makes no
mention of it. How can I ensure that whitelisted senders are not blocked?
...Tim
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
