>The analysis of enhancedOriginIPDetect is very helpful, but I don't see
the point in displaying matches in the header that do not affect mail
processing.
ASSP never loggs for fun! Lines are logged because it is configured or it
is important or it may helpfull. The IP's are logged in '
enhancedOriginIPDetect' , because these IP's are ignored by this feature
for the specific (logged) reason.
How would you know why an IP is not checked? Yes, you can read the GUI (
Local and private IP's, and IP's listed in ispip, acceptAllMail,
whiteListedIPs, noProcessingIPs, noDelay and noPB will be ignored. ) and
have a look in to all the other configuartion options to find them.
More smart admin may use the IP analyzer (IP-action) and copy the IP from
the .eml file to the GUI. But most times the MaillogTail is used for
problem analyzing - and there it helps alot to have the IP available (and
the link as well).
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 21.03.2018 15:51
Betreff: Re: [Assp-test] NoDelay matching previous received lines?
Thanks for the explanation, and it's refreshing to know that my original
understanding is consistent with what you just wrote.
The analysis of enhancedOriginIPDetect is very helpful, but I don't see
the point in displaying matches in the header that do not affect mail
processing. I guess my suggestion is to NOT show a noDelay ip match in
the log if the mail won't be delayed because of that match. Same goes for
Private IP's, ISP ip's, accept all mail, whitelisted, no processing, no
pb. Maybe there's a benefit that I don't understand or it's more
difficult to code than it's worth, in which case I understand.
On Tue, Mar 20, 2018 at 3:19 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>that it found a match in data is insignificant and only causes potential
confusion (as in my case).
ip address logging is done if a match in 'allLogRe' is found or
'ipmatchLogging' is switched to 'ON'.
The 'enhanced Originated IP detection' shows this noDelay match, because
the IP is ignored for this reason.
'enhancedOriginIPDetect','Do an Enhanced Origin IP Address Detection in
the Mail Header'
'If selected, ASSP will analyze the mail headers "RECEIVED:" lines for
IP's on the mail routing way to detect spam bots, that uses open relay or
hijacked mail servers for mail delivery.
Local and private IP's, and IP's listed in ispip, acceptAllMail,
whiteListedIPs, noProcessingIPs, noDelay and noPB will be ignored.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 19.03.2018 15:43
Betreff: Re: [Assp-test] NoDelay matching previous received lines?
We regularly get emails from these people and the tuplet already exists,
so no delay occurred (okay).
I looked more closely at the log. It didn't actually say that this
matched CAUSED a no delay, but it does say that it sees a noDelay match.
Mar-16-18 07:50:21 01065-08036 148.B.C.D <t...@ourvendor.com> to:
myu...@ourcharity.org IP 207.46.163.86 matches noDelay - with
207.46.163.0/24 Valid-Office365-Range
So yes, one of the IP addresses in the HEADER does match an ip in noDelay,
but the message didn't come from that address, so why do we care? I feel
like this line should only occur in the log if the IP that the mail is
coming from matches noDelay. The fact that it found a match in data is
insignificant and only causes potential confusion (as in my case).
On Mon, Mar 19, 2018 at 3:20 AM, Thomas Eckardt <
thomas.ecka...@thockar.com> wrote:
>Summary: are IP's in noDelay checked against just the IP that's
connecting to ASSP or does it search all of the received headers?
Delaying is done after the 'DATA' command is received. There is no header
available at this time.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 19.03.2018 01:54
Betreff: [Assp-test] NoDelay matching previous received lines?
Summary: are IP's in noDelay checked against just the IP that's connecting
to ASSP or does it search all of the received headers?
I've got all of Office365's IPS addresses (which I extract from their SPF)
set in NoDelay so that mail sent from Office365 is never delayed. That
seems to work fine.
One of our vendors uses Office365 but they then have all outbound mail go
through their internal SMTP server and then out to the destination SMTP
server.
As I'd expect, this shows as a couple received lines in the email, from
top to bottom:
Received from their-outgoing A.B.C.D by my ASSP
Received from their-proxy a.b.c.F by their-outgoing
Received: from nam02-bl2-obe.outbound.protection.outlook.com (
mail-bl2nam02lp0086.outbound.protection.outlook.com [207.46.163.86]) <--
real line
Received: from BLUPR17CA0052.namprd17.prod.outlook.com (10.162.85.148) by
BN6PR17MB1380.namprd17.prod.outlook.com (10.173.165.9)
The Office365 IP of 207.46.163.86 IS in my noDelay file, I wouldn't expect
that to trigger noDelay since it's A.B.C.D that's connecting to us (which
is not in NoDelay). However, the log shows not delayed because of a
207.46.163.86 match in noDelay. Does this no delay check look at the
entire header vs just the IP that it actually connecting to ASSP?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
