On Tue, Mar 29, 2016 at 11:52 AM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
> At this time, there is no way to call a plugin from inside the resend
> function. Extracting the missing runtime data from the 'X-ASSP-' headers
> would be possible and ok for a simple regular resend. But resend requests
> may come from Admins, BlockReportAdmins , deputys .... ! This opens
> several question for the case where userbased attachment blocking is
> configured. One question is, which userbased configuration should be used?
>
> - original receipient
> - original sender
> - requester
> - defined recipient of the resend
>
> If there are multiple matches, what should be ignored?
>
IMHO, all plugins/checks dealing with attachments (AV, AFC) should run at
least once in a regular email flow.
And by "regular flow" i mean the full route of the email, from sender to
recipient inbox.
Blocked mails do not do a regular flow, but are frozen on the way.
Here we have 2 chances:
1) run ALL the checks/plugins even if the MessageLimit is reached, so if
AFC is set to replace virus/attachement parts it will be able to do its
job. In this case, if a block is triggered by a plugin, the blocking reason
should not be MessageLimit but the Plugin reason. The main reason is that
if i (the user) see in a report a message blocked by
"BadAttachment/Malware" i (the user) will be more careful with this resend.
MessageLimit is too generic, and malware/ransomware/virus can do real harm.
2) run the AFC/AV on the resend.
note: maybe i am wrong but when Send250OK is checked, i see that plugin
always run even if MessageLimit is reached. Also, Send250Ok description in
gui says "it will turn ASSP in a tarpit": shouldn't it say honeypot instead
of tarpit? Tarpitting is about delaying, but what it is really doing there
is "send me whatever shit you want, i'll never answer with a 551". I
remembered i checked the Send250Ok because, years ago, i had a problem with
blocked mails not stored. I found out that Send250Ok really mitigated the
issue, so i used it since then.
Can you clarify what Send250Ok really changes in the behaviour of assp?
about the userbase: IMHO resends triggered by admins should always release
the original message to the original recipient. user triggered resends
should release the message with filters (if virus/attachments are blocked,
resend should be blocked with a notification to the user, if
virus/attachments are set to replace, they will be replaced).
advanced configurations are possible, like the admin requesting the blocked
email to be sent to himself for analysis.
You are right, there are many cases, but maybe we should start from the
most frequently used.
regards,
aqx
--
"Madness, like small fish, runs in hosts, in vast numbers of instances."
Nessuno mi pettina bene come il vento.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
