Fair enough! And I saw all log lines are part of the FUN battle against
these incessant spammers :)
On Wed, Mar 21, 2018 at 11:27 AM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
> >The analysis of enhancedOriginIPDetect is very helpful, but I don't see
> the point in displaying matches in the header that do not affect mail
> processing.
>
> ASSP never loggs for fun! Lines are logged because it is configured or it
> is important or it may helpfull. The IP's are logged in '
> enhancedOriginIPDetect' , because these IP's are ignored by this feature
> for the specific (logged) reason.
> How would you know why an IP is not checked? Yes, you can read the GUI (
> Local and private IP's, and IP's listed in ispip, acceptAllMail,
> whiteListedIPs, noProcessingIPs, *noDelay* and noPB will be ignored. )
> and have a look in to all the other configuartion options to find them.
> More smart admin may use the IP analyzer (IP-action) and copy the IP from
> the .eml file to the GUI. But most times the MaillogTail is used for
> problem analyzing - and there it helps alot to have the IP available (and
> the link as well).
>
> Thomas
>
>
>
>
>
> Von: "K Post" <nntp.p...@gmail.com>
> An: "ASSP development mailing list" <assp-test@lists.sourceforge.
> net>
> Datum: 21.03.2018 15:51
> Betreff: Re: [Assp-test] NoDelay matching previous received lines?
> ------------------------------
>
>
>
> Thanks for the explanation, and it's refreshing to know that my original
> understanding is consistent with what you just wrote.
>
> The analysis of enhancedOriginIPDetect is very helpful, but I don't see
> the point in displaying matches in the header that do not affect mail
> processing. I guess my suggestion is to NOT show a noDelay ip match in
> the log if the mail won't be delayed because of that match. Same goes for
> Private IP's, ISP ip's, accept all mail, whitelisted, no processing, no
> pb. Maybe there's a benefit that I don't understand or it's more difficult
> to code than it's worth, in which case I understand.
>
>
> On Tue, Mar 20, 2018 at 3:19 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> >that it found a match in data is insignificant and only causes potential
> confusion (as in my case).
>
> ip address logging is done if a match in 'allLogRe' is found or
> 'ipmatchLogging' is switched to 'ON'.
>
>
> The 'enhanced Originated IP detection' shows this noDelay match, because
> the IP is ignored for this reason.
>
> 'enhancedOriginIPDetect','Do an Enhanced Origin IP Address Detection in
> the Mail Header'
> 'If selected, ASSP will analyze the mail headers "RECEIVED:" lines for
> IP's on the mail routing way to detect spam bots, that uses open relay or
> hijacked mail servers for mail delivery.
> Local and private IP's, and IP's listed in ispip, acceptAllMail,
> whiteListedIPs, noProcessingIPs, *noDelay* and noPB will be ignored.
>
>
> Thomas
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 19.03.2018 15:43
> Betreff: Re: [Assp-test] NoDelay matching previous received lines?
> ------------------------------
>
>
>
> We regularly get emails from these people and the tuplet already exists,
> so no delay occurred (okay).
>
> I looked more closely at the log. It didn't actually say that this
> matched CAUSED a no delay, but it does say that it sees a noDelay match.
>
> Mar-16-18 07:50:21 01065-08036 1*48.B.C.D *<t...@ourvendor.com> to:
> myu...@ourcharity.org IP *207.46.163.86 matches noDelay* - with
> *207.46.163.0/24* <http://207.46.163.0/24> Valid-Office365-Range
>
> So yes, one of the IP addresses in the HEADER does match an ip in noDelay,
> but the message didn't come from that address, so why do we care? I feel
> like this line should only occur in the log if the IP that the mail is
> coming from matches noDelay. The fact that it found a match in data is
> insignificant and only causes potential confusion (as in my case).
>
>
> On Mon, Mar 19, 2018 at 3:20 AM, Thomas Eckardt <
> *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote:
> >Summary: are IP's in noDelay checked against just the IP that's
> connecting to ASSP or does it search all of the received headers?
>
> Delaying is done after the 'DATA' command is received. There is no header
> available at this time.
>
> Thomas
>
>
>
>
>
> Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>>
> An: "ASSP development mailing list" <
> *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>>
> Datum: 19.03.2018 01:54
> Betreff: [Assp-test] NoDelay matching previous received lines?
> ------------------------------
>
>
>
>
> Summary: are IP's in noDelay checked against just the IP that's connecting
> to ASSP or does it search all of the received headers?
>
>
> I've got all of Office365's IPS addresses (which I extract from their SPF)
> set in NoDelay so that mail sent from Office365 is never delayed. That
> seems to work fine.
>
> One of our vendors uses Office365 but they then have all outbound mail go
> through their internal SMTP server and then out to the destination SMTP
> server.
>
> As I'd expect, this shows as a couple received lines in the email, from
> top to bottom:
>
> Received from their-outgoing *A.B.C.D* by my ASSP
>
> Received from their-proxy *a.b.c.F* by their-outgoing
>
> Received: from *nam02-bl2-obe.outbound.protection.outlook.com*
> <http://nam02-bl2-obe.outbound.protection.outlook.com/> (
> *mail-bl2nam02lp0086.outbound.protection.outlook.com*
> <http://mail-bl2nam02lp0086.outbound.protection.outlook.com/> [
> *207.46.163.86*]) <-- real line
>
> Received: from *BLUPR17CA0052.namprd17.prod.outlook.com*
> <http://blupr17ca0052.namprd17.prod.outlook.com/> (10.162.85.148) by
> *BN6PR17MB1380.namprd17.prod.outlook.com*
> <http://bn6pr17mb1380.namprd17.prod.outlook.com/> (10.173.165.9)
>
>
> The Office365 IP of 207.46.163.86 IS in my noDelay file, I wouldn't expect
> that to trigger noDelay since it's A.B.C.D that's connecting to us (which
> is not in NoDelay). However, the log shows not delayed because of a
> 207.46.163.86 match in noDelay. *Does this no delay check look at the
> entire header vs just the IP that it actually connecting to ASSP? *
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! *http://sdm.link/slashdot*
> <http://sdm.link/slashdot>
> _______________________________________________
> Assp-test mailing list
> *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net>
> *https://lists.sourceforge.net/lists/listinfo/assp-test*
> <https://lists.sourceforge.net/lists/listinfo/assp-test>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
