>our $DKIMpassAction = 7; # (0..7) if DKIM pass: bit-0 =
set rwlok to 1 (medium trust status), bit-1 = skip penaltybox-check, bit-2
= set IP-score to zero - default is 7 (all bits set)
This shows all. The mail is nearly full whiteisted (medium trust status),
the penaltybox is not checked, the IP-score is cleared.
If such a mail is blocked by assp, the question is - why?
If this question is answered, configure the blocking check to your needs.
>AND it's got a valid DKIM signature tied to the from domain, treat the
mail as whitelisted.
All DKIM checks made before the complete mail is received (eg. header part
check) have a medium trust - why? The full DKIM signature check requires
to have the full mail received. So, for most of the mails all other checks
are done before the DKIM-signature can be checked.
Your logic will not work!
>Do you think this makes sense to consider as a possible future ASSP
feature?
No.
If you want, you can write your own level-1 plugin (after header checks
are done) to puzzle out your logic using the available low trust DKIM
verification results.
>Maybe there's another way? I'm all ears.
It is possible to use an available '..bombRe' regular expression feature
(here - e.g. bombHeaderRe) to reduce or to increase the score of an email,
based on found DKIM signatures for specific domains.
~\n(?:DKIM|DomainKey)-Signature:(?:\s*(?:[a-ce-z])=[\w\-\/]+\;)*\s*d=the\.domainname\.here\;~
=> your-(negative)score.or.weight-here
or for more domains
~\n(?:DKIM|DomainKey)-Signature:(?:\s*(?:[a-ce-z])=[\w\-\/]+\;)*\s*d=(?:the\.domainname\.here|nextdomain|nextdomain|....)\;~
=> your-(negative)score.or.weight-here
Any of the next versions will possibly be able to accept executable code
in regular expressions (executed on regex match).This feature is
implemented in perl regular expressions. It will make it (for example)
possible to do the following:
~\n(?:DKIM|DomainKey)-Signature:(?:\s*(?:[a-ce-z])=[\w\-\/]+\;)*\s*d=(?:the\.domainname\.here|nextdomain|nextdomain|....)\;(?{eval('$Con{$fh}->{whitelisted}=1')})~
=> your-(negative)score.or.weight-here
or
~\n(?:DKIM|DomainKey)-Signature:(?:\s*(?:[a-ce-z])=[\w\-\/]+\;)*\s*d=(?:the\.domainname\.here|nextdomain|nextdomain|....)\;(?{eval('CorrectASSPcfg::myDKIMCheck($fh)')})~
=> your-(negative)score.or.weight-here
If a match is found, the code will be executed. In the first example, the
'whitelisted' flag is set to the highest trust level and the weight is
used. The second example calls a custom sub routine in CorrectASSPcfg.pm
on match.
In the current version, this is forbidden by assp (even perl allows it)
and per default this will be also the case in future version. But the
future version will have a switch to allow the usage of this perl
feature.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 01.03.2018 19:03
Betreff: Re: [Assp-test] [SPAM] Re: Allow DKIM signed mail through
for a domain
That's good to know, thanks. However, I'm looking for something a little
different. I don't want to apply the same rules to ALL dkim signed mail,
only to those from specific domains. Otherwise any spammer who registers
a domain and uses DKIM signing will have mail get through. Worse, that
would also have all signed mail from providers like gmail.com come through
regardless of content.
And note, I have RWLwhitelisting set to off (the default) for fear of
having good IP's lke office365's not do any other filtering.
Instead, I'm thinking about logic like this: f the from address on an
email (only the header from address) matches what I have in a config file
AND it's got a valid DKIM signature tied to the from domain, treat the
mail as whitelisted. Don't penalize these domains if it's not signed,
but if it is, just let it through and put the mail to the notspam corpus.
This way known outside domains who we know generally dkim sign their mail
will get through to us and improve bayesian / HMM. Whitelisting a domain
like redcross.org isn't an option, as spammers send from there to us all
of the time. But if we could always allow DKIM through regarles of which
user sent to us, that would help.
Do you think this makes sense to consider as a possible future ASSP
feature? Maybe there's another way? I'm all ears.
Thanks
On Wed, Feb 28, 2018 at 11:51 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
If amail apsses the DKIM check it will be processed like it would be
"RWLOK" (default).
This can be configured using the hidden variable "$DKIMpassAction".
our $DKIMpassAction = 7; # (0..7) if DKIM pass: bit-0 =
set rwlok to 1 (medium trust status), bit-1 = skip penaltybox-check, bit-2
= set IP-score to zero - default is 7 (all bits set)
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 28.02.2018 15:54
Betreff: [Assp-test] Allow DKIM signed mail through for a domain
Lots of our external contacts use Office365. Senderbase is obviously
useless for them. If a sender is whitelisted, fine, but there are often
large numbers of senders in an organization (known organizations where we
cannot whitelist the domain or else spammers from another server would get
through).
So, since many of these companies use DKIM is there a way with ASSP to
consider an email for a particular sender domain whitelisted if a the DKIM
matches? We cannot not strictly require a DKIM or penalize since these
larger organizations typically also send non-signed email from other
sources, but if the DKIM does match for a list of domains, just let it
through, regardless of content.
Is that doable? If not, is it worth considering?.
Respectfully,
Ken
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
