I've read the manual, especially this section recently, over and over and have tried to figure out a way to make this work for what I'm trying to accomplish:
For all "bomb*" regular expressions and "blackRe", "scriptRe", "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is possible to define a third parameter (to overwrite the default options) after the weight like: Phishing\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-]. The characters and the optional to use + and - have the following functions: use this regex (+ = only)(- = never) for: N = noprocessing , W = whitelisted , L = local , I = ISP mails . So the line ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex with a weight of 50, never scan noprocessing mails, never scan whitelisted mails, scan local mails and mails from ISP's (and all others). The line ~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a weight of 3.2 as factor, never scan noprocessing mails, scan only whitelisted mails even if they are received from an ISP . I appreciate your suggestion of increasing the score of mail from non-whitelisted yahoo.com email addresses, but unfortunately not all Yahoo mail comes from yahoo servers. As I tried to explain before, plenty of small shops seem to use yahoo/gmail/whatever as the sender address from their non-yahoo hosted e-commerce sites. Adding an additional negative score to negate the pbwhite listing that I don't want in the first place, will probably have these sent from outside yahoo mails which are legitimate, but poorly sent, be blocked too. Additionally, there are people with their own domain name sending through yahoo servers too. Currently ASSP reduces the score for these senders just because they're sending from a yahoo IP that's already whitelisted. If I could ignore these IP's because they reverse to a yahoo IP, I could then rely on the content filters to take over. When you have a moment, if you would be so kind as to explain your thoughts/comments on my use of google's SPF listings to exclude those IP's from the pb? It seems to fit my needs well, but I inferred from your previous messages that you didn't care for this idea. I want to make sure I'm not overlooking a caviot or something worse. Do you think it would be possible and a good idea to have ASSP look at things like *.mx.yahoo.com or *.yahoo.com in the noPb and noPBWhite? Wouldn't this be universally beneficial? Like I attempted to say before, my thought is that ASSP could do a reverse lookup of the IP and use the matching hostname (technically there could be multiple, though that's rare) to match the hostname regexes in the exclusion list. If it matches, then ignore the IP, just like that IP was actually listed in noPB/noPBWhite. I haven't considered what this does for caching or performance. I think this would generally solve my problem (and the same one that Daniel is trying to solve), but if it's a bad idea, I just want to understand why and know what else I can do as an alternative. Thanks On Sun, Sep 15, 2019 at 5:31 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >If ASSP could have a regex in nopb and nopbwhite like *.yahoo.com > > reduce or increase the score for > > ~<<<\.yahoo\.(?:com|net)$>>>~=>XXX:>W- > > to your needs, using invalidPTRRe. > XXX can be postive or negative (-XXX) > the optional ':>W-' ignores the rule for whitelisted mails. RTM ! > > Thomas > > > > > Von: "Daniel Miller via Assp-test" <assp-test@lists.sourceforge.net > > > An: assp-test@lists.sourceforge.net > Kopie: "Daniel Miller" <dmil...@amfes.com> > Datum: 15.09.2019 01:36 > Betreff: Re: [Assp-test] noPB and NoPBWhite based on reverse dns > ------------------------------ > > > > On 9/14/2019 2:26 PM, K Post wrote: > > > > Daniel, > > > > I don't think that using only the MX records (inbound addresses) for > > yahoo is going to cut it, plus yahoo uses different IP's for the same > > hostname based on geolocation. > > Ok...but (here's another opportunity to display my ignorance) what's the > difference? I'm assuming (yes I know what that means) that the geo-based > IP's determine which servers are going to be talking to a group of > clients. Which in this case means...you! So what's wrong with simply > listing the MX's that appear to be configured to talk to you? > > For example, I'm finding that > > mta5.am0.yahoonet.net <http://mta5.am0.yahoonet.net> to be > 74.6.136.150, > > which isn't in your list. Your goal is the same as mine and used the > > same theory that these big boys should just have their IP's ignored for > > PB reasons. However, I don't think you're doing a particularly good job > > of excluding all of the IP's. > > Probably not - but how are you inferring that? And I don't care if I > exclude *all* the IP's. I only care about mail that touches *my* server. > If the IP's for other countries aren't listed...they don't talk to me so > I don't care about them. > > > > > [...] You are using IP's from the MX > > record the for the same purpose, though as I said, I don't think that's > > capturing all that could be sending from yahoo. > > Entirely possible. And I agree that a script to automate what *should* > be a simple process is a great idea. But if the @ssholes, I mean "big > boys", choose not to follow standards - our choices are limited. > > > > > [...] If I have dns server > > access to a server that is the authorized server for a netblock, I could > > add a reverse for any controlled ip to be whatever.yahoo.com > > <http://whatever.yahoo.com> and pass! > > If you did...they'd probably be configured correctly and we wouldn't be > having this conversation. Naive of me I suppose - at the moment I'm not > worried about Microsoft/Yahoo's DNS servers being compromised just to > send me male supplement ads. > > > > > If a message comes from 74.6.136.150, your method wouldn't ignore the > > penaltybox / white, but mine is unlikely to as well. I don't know of a > > way to get yahoo's allowable sending IP's. If ASSP could have a regex > > in nopb and nopbwhite like *.yahoo.com <http://yahoo.com> that checks > > the reverse of a given IP, I believe that would solve my issue (and be > > good for yours too). > > I'd love such options as well - but for me as a functional alternative > if someone complains of a mail being blocked I check and take the > appropriate action. Early in my ASSP implementation there were a number > of servers, like Yahoo, that I had to manually add to nopb.txt and such. > Honestly I haven't had an issue with such senders in quite some time. > > I agree from it would certainly be preferable to have a purely automated > system for updating targeted domains. It would also be great if the > larger players in this game played according to the rules. But it seems > to me we have a functional method to accomplish the goal of > blocking/passing mail even it isn't ideal. > > Other than offending our sense of elegance (which without any sarcasm > whatsoever I completely agree with!) - what exactly does not work for > you with having a static list of Yahoo (and other) IP's? > > -- > Daniel > > > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
