>Is there a way to have an entry like *.yahoo.com in noPB or noPBWhite? No - hostnames in IP lists are forward lookedup, not reverse
>I've got a little script that takes IP's from SPF records for major providers. How should such a script work for yahoo? - "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all" You would need a list of all defined yahoo related PTR's. >However, 66.163.184.147 doesn't match their SPF it matches yahoo's SFP record - the IP resolves to sonic309-21.consmr.mail.ne1.yahoo.com the SPF record is "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all" yahoo.com should be in strictSPFRe and/or blockstrictSPFRe Think about the logic - if a mail is valid DKIM signed by yahoo.com, it is impossible that it was sent from an invalid SPF IP. If SPAM are sent from valid yahoo.com accounts and you expect to receive also HAM from there - only the personal black list and/or content base checks will help. If you get attacked with malicious mails from valid yahoo accounts, report the abuse to yahoo (or any other major provider). >I'm aware that a spammer could easily have their ip reverse to a yahoo hostname No this should never be possible (even not in the US). To create a custom PTR-record - you need to create the related A or AAAA record first (you have to be the domain owner). Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 29.08.2019 02:34 Betreff: [Assp-test] noPB and NoPBWhite based on reverse dns Is there a way to have an entry like *.yahoo.com in noPB or noPBWhite? I know we can put something like sonic309-21.consmr.mail.ne1.yahoo.com but what if I never want any IP that reversed to any yahoo.com name to be penalized? I'm aware that a spammer could easily have their ip reverse to a yahoo hostname, but I'd hope to catch using other methods. I've got a little script that takes IP's from SPF records for major providers. (I've posted it here before). Those IP's get added to group definitions and can be used from there. One thing I've done for a long time is having the IP's from gmail's and yahoo's SPF records in noPB and noPBWhite. This way, these email providers are never penalized nor pbWhite. Too many spammers send mail through real yahoo and gmail accounts, but we can't negatively score because about 20% of our legit inbound mail comes from these 2 providers. We also don't want to pbWhite the IP's or bayesian/hmm spam will get 15 points removed and pass. This has worked great for a long long time. However, with yahoo, I'm noticing now that there's inbound mail coming from non-SPF matching IP addresses. For example: Aug-24-19 12:27:31 61051-11848 66.163.184.147 <sen...@yahoo.com> to: ouru...@domain.org [scoring] DKIM signature verified-OK - header-passed - identity is: @yahoo.com - sender policy is: neutral - author policy is: neutral Aug-24-19 12:27:32 61051-11848 66.163.184.147 <sen...@yahoo.com> to: ouru...@domain.org Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -15 That message DKIM verified. It really came through yahoo. However, 66.163.184.147 doesn't match their SPF, so it wasn't excluded from my IP whitelist. It's in the pbWhite. Even though the message gets 50 for bayesian, it starts at -15, so passes. Any other suggestions are very welcome!! thanks _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
