Daniel, What value do you have for DoNoFromSelect?
I use 61, exactly for the reasons you mentioned. 63 is the default in your version. Thomas changed this default in 19015 - the default value for 'DoNoFromSelect' is changed from 63 to 59 option 4 - multiple from: addresses or from: header tags found (potential 2x score if option 2 is also enabled) - caused too many false positives I personally haven't seen the option 4 (4 - multiple from: addresses or from: header tags found (potential 2x score if option 2 is also enabled)) to be an issue, but I see lots of scenarios, like you're seeing, where there's a different from and sender. So I removed 2 from my number ( 2 - different domains found in from: and sender: email addresses - or multiple addresses in a single header (FROM: or SENDER:) of different domains are found ) leaving me with 61. I've been operating like this for a while without issue. Hope this helps Ken On Wed, Jan 23, 2019 at 8:08 PM Daniel Miller via Assp-test < assp-test@lists.sourceforge.net> wrote: > On 12/27/2018 5:56 AM, Thomas Eckardt wrote: > > - 'DoNoFromRemovesNPWL' is now moved to the GUI > > 'DoNoFromRemovesNPWL','DoNoFrom Removes NP, WL > Flag','0:disabled|1:whitelisted|2:noprocessing|3:both' > 'If the combination of DoNoFrom , DoNoFromSelect , DoNoFromWL and > DoNoFromNP gives more than one hit, the whitelisted and/or the noprocessing > flag will be removed from the message. > For example: if the FROM: and /or SENDER: address fakes a whitelisted > and/or noprocessing address or domain. > Default setting is both. > The noprocessing by size flag ( npSize ) will be keeped.' > > This appears to give me some false positives for some mailing list > messages. The "From:" shows a personal address while the "Sender:" shows > the mailing list. In my case - both of these addresses are already in WL > and/or NP. And these are valid, not faked - possibly the result of the > mail list administrator being able to send out using his own domain. > > If I simply set DoNoFromRemovesNPWL to "disabled" - what would be the > result? Would I still be protected against spoofed NPWL addresses? > > Ideally, when From & Sender don't match, but *both* are in NPWL, ignore > the condition. > > Daniel > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
