Thanks for the explanation, and it's refreshing to know that my original
understanding is consistent with what you just wrote.
The analysis of enhancedOriginIPDetect is very helpful, but I don't see the
point in displaying matches in the header that do not affect mail
processing. I guess my suggestion is to NOT show a noDelay ip match in the
log if the mail won't be delayed because of that match. Same goes for
Private IP's, ISP ip's, accept all mail, whitelisted, no processing, no
pb. Maybe there's a benefit that I don't understand or it's more difficult
to code than it's worth, in which case I understand.
On Tue, Mar 20, 2018 at 3:19 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> >that it found a match in data is insignificant and only causes potential
> confusion (as in my case).
>
> ip address logging is done if a match in 'allLogRe' is found or
> 'ipmatchLogging' is switched to 'ON'.
>
>
> The 'enhanced Originated IP detection' shows this noDelay match, because
> the IP is ignored for this reason.
>
> 'enhancedOriginIPDetect','Do an Enhanced Origin IP Address Detection in
> the Mail Header'
> 'If selected, ASSP will analyze the mail headers "RECEIVED:" lines for
> IP's on the mail routing way to detect spam bots, that uses open relay or
> hijacked mail servers for mail delivery.
> Local and private IP's, and IP's listed in ispip, acceptAllMail,
> whiteListedIPs, noProcessingIPs, *noDelay* and noPB will be ignored.
>
>
> Thomas
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 19.03.2018 15:43
> Betreff: Re: [Assp-test] NoDelay matching previous received lines?
> ------------------------------
>
>
>
> We regularly get emails from these people and the tuplet already exists,
> so no delay occurred (okay).
>
> I looked more closely at the log. It didn't actually say that this
> matched CAUSED a no delay, but it does say that it sees a noDelay match.
>
> Mar-16-18 07:50:21 01065-08036 1*48.B.C.D *<t...@ourvendor.com> to:
> myu...@ourcharity.org IP *207.46.163.86 matches noDelay* - with
> *207.46.163.0/24* <http://207.46.163.0/24> Valid-Office365-Range
>
> So yes, one of the IP addresses in the HEADER does match an ip in noDelay,
> but the message didn't come from that address, so why do we care? I feel
> like this line should only occur in the log if the IP that the mail is
> coming from matches noDelay. The fact that it found a match in data is
> insignificant and only causes potential confusion (as in my case).
>
>
> On Mon, Mar 19, 2018 at 3:20 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> >Summary: are IP's in noDelay checked against just the IP that's
> connecting to ASSP or does it search all of the received headers?
>
> Delaying is done after the 'DATA' command is received. There is no header
> available at this time.
>
> Thomas
>
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 19.03.2018 01:54
> Betreff: [Assp-test] NoDelay matching previous received lines?
> ------------------------------
>
>
>
>
> Summary: are IP's in noDelay checked against just the IP that's connecting
> to ASSP or does it search all of the received headers?
>
>
> I've got all of Office365's IPS addresses (which I extract from their SPF)
> set in NoDelay so that mail sent from Office365 is never delayed. That
> seems to work fine.
>
> One of our vendors uses Office365 but they then have all outbound mail go
> through their internal SMTP server and then out to the destination SMTP
> server.
>
> As I'd expect, this shows as a couple received lines in the email, from
> top to bottom:
>
> Received from their-outgoing *A.B.C.D* by my ASSP
>
> Received from their-proxy *a.b.c.F* by their-outgoing
>
> Received: from *nam02-bl2-obe.outbound.protection.outlook.com*
> <http://nam02-bl2-obe.outbound.protection.outlook.com/> (
> *mail-bl2nam02lp0086.outbound.protection.outlook.com*
> <http://mail-bl2nam02lp0086.outbound.protection.outlook.com/> [
> *207.46.163.86*]) <-- real line
>
> Received: from *BLUPR17CA0052.namprd17.prod.outlook.com*
> <http://blupr17ca0052.namprd17.prod.outlook.com/> (10.162.85.148) by
> *BN6PR17MB1380.namprd17.prod.outlook.com*
> <http://bn6pr17mb1380.namprd17.prod.outlook.com/> (10.173.165.9)
>
>
> The Office365 IP of 207.46.163.86 IS in my noDelay file, I wouldn't expect
> that to trigger noDelay since it's A.B.C.D that's connecting to us (which
> is not in NoDelay). However, the log shows not delayed because of a
> 207.46.163.86 match in noDelay. *Does this no delay check look at the
> entire header vs just the IP that it actually connecting to ASSP? *
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
