[Assp-test] Some whitelisted sender mail going to OKmail instead of notspam

Sun, 07 Jan 2018 09:48:06 -0800 

I've been having degraded bayesian and HMM results, lots of false positives
recently, so I'm going through some mail manually in the corpus to do some
bulk retraining.  I do this periodically and find that it helps.

One thing I noticed is some mail in OkMail that comes from a whitelisted @
gmail.com address.  I can't figure out why it's in OkMail and not notspam.


Is this log line saying that the message became no processing because of a
MSGID signature?? I don't understand-
Jan-07-18 12:00:51 msg64450-01103 [Noprocessing] 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org info: found valid
MSGID signature in [References:] - accept mail


Everything else in the log, I would expect from a google SMTP server,
no penalty box, no delaying, no blocking
Jan-07-18 12:00:49 209.85.215.50 info: got STARTTLS request from
209.85.215.50
Jan-07-18 12:00:50 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> info: found message size announcement: 15.02
kByte
Jan-07-18 12:00:50 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> IP 209.85.215.50 matches noPB - with
209.85.128.0/17 FROMSPF: _netblocks.google.com
Jan-07-18 12:00:50 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> IP 209.85.215.50 matches noPBwhite - with
209.85.128.0/17 FROMSPF: _netblocks.google.com
Jan-07-18 12:00:50 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> IP 209.85.215.50 matches noDelay - with
209.85.128.0/17 FROMSPF: _netblocks.google.com
Jan-07-18 12:00:50 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> IP 209.85.215.50 matches noBlockingIPs - with
209.85.128.0/17 FROMSPF: _netblocks.google.com
Jan-07-18 12:00:51 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org Whitelisted sender
address: whitelistedgoog...@gmail.com for recipient myu...@ourcharity.org
Jan-07-18 12:00:51 msg64450-01103 [Noprocessing] 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org info: found valid
MSGID signature in [References:] - accept mail
Jan-07-18 12:00:51 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org DKIM-Signature found
Jan-07-18 12:00:51 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org IP 209.85.215.50
matches noBlockingIPs - with 209.85.128.0/17 FROMSPF: _netblocks.google.com
Jan-07-18 12:00:52 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org [Plugin] calling
plugin ASSP_AFC
Jan-07-18 12:00:52 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org message proxied
without processing (no bad attachments)
Jan-07-18 12:00:52 msg64450-01103 [MessageOK] 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org message ok -
(noprocessing and whitelisted - found valid Message-ID signature) - [re
subject] -> messages/okmail/re_subject--1134846.txt
Jan-07-18 12:00:53 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org finished message -
received DATA size: 15.18 kByte - sent DATA size: 15.85 kByte
Jan-07-18 12:00:53 msg64450-01103 209.85.215.50 <
whitelistedgoog...@gmail.com> to: myu...@ourcharity.org disconnected:
session:3F7AE040 209.85.215.50 - processing time 4 seconds



I did an analyze and don't see anything that suggests it would be no
processing:
• On Global Whitelist: 'whitelistedgoog...@gmail.com'
• DKIM-check returned OK body altered - header passed - suspicious-OK
• SPF-check returned OK for 209.85.215.50 -> whitelistedgoog...@gmail.com,
mail-lf0-f50.google.com
 • Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized
to use 'whitelistedgoog...@gmail.com' in 'mfrom' identity (mechanism
'include:_netblocks.google.com' matched)) receiver=assp.ourcharity.org;
identity=mailfrom; envelope-from="whitelistedgoog...@gmail.com"; helo=
mail-lf0-f50.google.com; client-ip=209.85.215.50
• URIBL check: 'OK'
• Known Good HELO: 'mail-lf0-f50.google.com'
• HELO Blacklist Ignore: 'mail-lf0-f50.google.com'
• Valid Format of HELO: 'mail-lf0-f50.google.com'
• IP in Helo check: 'OK'
• AUTH would be disabled
• IP 209.85.215.50 is in noPB IPs (209.85.128.0/17 FROMSPF: _
netblocks.google.com)
• RBLCheck returned OK for 209.85.215.50:
• domain gmail.com (in Mail From: , From) has a valid MX record:
gmail-smtp-in.l.google.com
• domainMX gmail-smtp-in.l.google.com has a valid A record: 173.194.175.27
• 209.85.215.50 PTR record via DNS: status=PTR OK - mail-lf0-f50.google.com
• 209.85.215.50 SenderBase: status=not classified, data=[CN=US, ORG=DOT
INTERNET, DOM=google.com, BLS=, HNM=Y, CIDR=17, HN=mail-lf0-f50]
• IP 209.85.215.50 is in noDelay (209.85.128.0/17 FROMSPF: _
netblocks.google.com)
• IP 209.85.215.50 is in noBlockingIPs (209.85.128.0/17 FROMSPF: _
netblocks.google.com)


As always, any guidance would be appreciated.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to