Thanks Thomas. Possible other error - if DoNoFrom is set to score, shouldn't it ADD 50 (or whatever valance) to the message, vs making the message score 50? I have seen a couple DoNoFrom catches BLOCk the email because 50 is my limit when the message had a -35 (negative) score before getting to the DoNoFrom check. The message score went from -35 right to 50 and was then blocked. The -35 came from senderbase. Did that get ignored because I've got DoNoFrom to check even whitelisted mail?
also you wrote: - addresses in the From: and Sender: headers contain different domains (subdomains are ignored) Would you consider giving us the option to turn this one option off? I'm seeing legitimate email coming from mailing services where they put a Sender line with essentially what is the Mail-From from the envelope but the FROM line as the person who is paying to have the emailing service (generally what the email client picks up to display the from). I really don't know what the point of the Sender line is, but it's being used more and more. I'd really like to be able to tailor DoNoFrom further so it's effective with the way we get mail without causing the false positives that we're getting now. On Tue, Nov 20, 2018 at 7:16 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >From: "serv...@thecompany.com" <serv...@thecompany.com> > > this parsing mistake will be fixed in the next release > > > >I don't see where the GUI indicates that this should be blocked. For > DoNoFrom, the gui says ([ with my notes in brackets] > > I forgot the documentation > > - addresses in the From: and Sender: headers contain different domains > (subdomains are ignored) > > will be fixed > > Thomas > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 19.11.2018 17:19 > Betreff: Re: [Assp-test] DoNoFrom scoring with different domain in > From and Sender > ------------------------------ > > > > Update: I went back through the logs. I'm seeing lots of > X-Assp-Message-Score: 50 (multiple (2) 'From:' header tags found > ( DoNoFrom )) > X-Assp-IP-Score: 50 (multiple (2) 'From:' header tags found ( > DoNoFrom )) > tags, that's making messages be rejected. Most of from legitimate mailing > companies, like SendGrid, > > One that I found has a single from line (no sender line like the other one > I reported last week) which looks like this: > From: "serv...@thecompany.com" <serv...@thecompany.com> > > Is that being detected as "multiple email addresses are found in one > header." Yes, the email address is there twice, but it's the same > address, once instead of the name of the sender and once as the email > address itself. While bad form, do we really want to treat this as illegal > and add the default score of 50 for this, even though the rest of the > message is good? This message got a -35 score initially because of a > whitesenderbase, but the DoNoFrom added 50 (so a +15 net score), but the > message was still rejected. It's almost like DoNoFrom is set to BLOCK, > when it was actually set to score. > > Can we discuss if something changed in the most recent version? > > For now, I've set DoNoFrom to monitor. > > Thanks > > On Wed, Nov 14, 2018 at 12:25 PM K Post <*nntp.p...@gmail.com* > <nntp.p...@gmail.com>> wrote: > I had a message go to spam because DoNoFrom reports 2 different sender > domains in from and sender. > > Analyze says: > DoNoFrom: detected (1) faults in scoring mode - last reason: found (2) > different sender domains in 'From:' and 'Sender:' header tags ( DoNoFrom ) > - penalty: 1 * 50 = 50 > > I don't see where the GUI indicates that this should be blocked. For > DoNoFrom, the gui says ([ with my notes in brackets] > > - both headers (From: and Sender:) are missing > [they're both there] > > - any of these headers contains not a valid email address > [all valid] > > - multiple of the same headers are found > [only one from and one sender line] > > - multiple email addresses are found in one header. > [see below, only one address for sender and one for from, but they > are different domains] > > Sender: =?UTF-8?B?VmluY2V4bCBIdWdaZXa=?= <*bou...@bounce.theirbigorg.org* > <bou...@bounce.theirbigorg.org>> > Reply-To: *theper...@gmail.com* <theper...@gmail.com> > From: "Person Name" <*theper...@gmail.com* <theper...@gmail.com>> > > I didn't know that DoNoFrom would fail if there was a different sender > domain in From and Sender as is the case here. Am I mistaken? Is there a > way to allow different from and sender domains? I'd think that would be > pretty common. > > Thanks > ken > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test