Fair enough. Thanks Thomas.
On Fri, Mar 28, 2014 at 8:26 AM, Thomas Eckardt <[email protected]>wrote: > >would that that cause ASSP problems down the line? > > possibly yes > > I'll not change the assp's received lines, as long there is no BUG or a > changed RFC that requires code changes. > > If you think you need to - you can change the code to your needs or you > can create a level 0 Plugin to manipulate the received line. How ever, > this may result in an unexpected behavior of other features or Plugins. > > > > Thomas > > > > > > Von: K Post <[email protected]> > An: ASSP development mailing list <[email protected]>, > Datum: 27.03.2014 22:24 > Betreff: Re: [Assp-test] No PTR for sending IP, say so in Received > >From line? > > > > Hmm, I hadn't considered that ASSP is re-analyzing the lines. I thought > it > only look to the helo=xxx bit in the received line. Is that not the case? > > What is we did a prepend of something like "Suspicious-Sender-" to > whatever > the helo is. So something like: > > if the helo is mail.microsoft.com, ip is 1.2.3.4, which does not reverse, > > Received: from Suspicious-Sender-fake.microsoft.com (1.2.3.4 helo= > mail.microsoft.com) by.... > > would that that cause ASSP problems down the line? > > It's not that critical, I just don't like letting spammers put whatever > they want in the helo and as long as the ip doesn't reverse, it'll show > what they've typed right after the from. > > > On Thu, Mar 27, 2014 at 2:24 AM, Thomas Eckardt > <[email protected]>wrote: > > > general - the idea is not so good, because assp uses its own received > > lines in several code parts (rebuild / blockreport ....) > > this code > > > > if ($ptr) { > > $this->{rcvd}=~s/=host/$ptr/o; > > } else { > > $this->{rcvd}=~s/=host/*Suspicious-Sender*/o; > > } > > > > will do the replacement with '*Suspicious-Sender*' in all outgoing mails > > if you want to try the code, change it to > > > > if ($ptr) { > > $this->{rcvd}=~s/=host/$ptr/o; > > } else { > > $this->{rcvd}=~s/=host/Suspicious-Sender/o if ! > > $this->{relayok}; > > $this->{rcvd}=~s/=host/$helo2/o if $this->{relayok}; > > } > > > > the part 'Suspicious-Sender' should be a valid hostname in terms of RFC > ! > > > > If the missing PTR is really important, set the PTR-check to block > > (DoReversed) and switch on 'AddSpamReasonHeader' - assp will include the > > > > X-Assp-Spam-Reason: PTR missing > > > > header l,ine. > > > > Thomas > > > > > > > > > > Von: K Post <[email protected]> > > An: ASSP development mailing list <[email protected]>, > > Datum: 27.03.2014 03:53 > > Betreff: [Assp-test] No PTR for sending IP, say so in Received > From > > line? > > > > > > > > Looking at this code: > > if ($ptr) { > > $this->{rcvd}=~s/=host/$ptr/o; > > } else { > > $this->{rcvd}=~s/=host/$helo2/o; > > } > > $helo2 is simply the helo that was sent by the mailer > > > > If a sending machine doesn't have a reverse IP, I know we score > > appropriately, but for the layperson, I think it would be nice to > > *indicate > > this in the received line*. > > > > If an end users is smart enough to investigate a suspicious email by > > looking at headers, he might still be fooled by something like this: > > Received: from mail.somebank.com ([1.2.3.4] helo=mail.somebank.com) > by.... > > > > I what if instead, we modify the above code to be something like this: > > if ($ptr) { > > $this->{rcvd}=~s/=host/$ptr/o; > > } else { > > $this->{rcvd}=~s/=host/*Suspicious-Sender*/o; > > } > > > > that'll produce > > Received: from Suspicious-Sender ([1.2.3.4] helo=mail.somebank.com) > by.... > > > > That way we still preserve the helo for heuristics but help the > layperson > > realize that it's a questionable line. > > > > I suppose there's potential that ASSP would be receiving mail from an IP > > that doesn't have a reverse, but I can't think of any reason that would > > happen. > > > > Thoughts? > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Assp-test mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > > > > > DISCLAIMER: > > ******************************************************* > > This email and any files transmitted with it may be confidential, > legally > > privileged and protected in law and are intended solely for the use of > the > > > > individual to whom it is addressed. > > This email was multiple times scanned for viruses. There should be no > > known virus in this email! > > ******************************************************* > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > > Assp-test mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > > ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
