OOh, this should hold me over!! Yahoo sending IP addresses as published by Yahoo. https://help.yahoo.com/kb/SLN23997.html
On Sun, Sep 15, 2019 at 1:04 PM K Post <nntp.p...@gmail.com> wrote: > I've read the manual, especially this section recently, over and over and > have tried to figure out a way to make this work for what I'm trying to > accomplish: > > For all "bomb*" regular expressions and "blackRe", "scriptRe", > "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is possible > to define a third parameter (to overwrite the default options) after the > weight like: Phishing\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-]. > The characters and the optional to use + and - have the following functions: > use this regex (+ = only)(- = never) for: N = noprocessing , W = > whitelisted , L = local , I = ISP mails . So the line > ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex with a > weight of 50, never scan noprocessing mails, never scan whitelisted mails, > scan local mails and mails from ISP's (and all others). The line > ~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a > weight of 3.2 as factor, never scan noprocessing mails, scan only > whitelisted mails even if they are received from an ISP . > > > > I appreciate your suggestion of increasing the score of mail from > non-whitelisted yahoo.com email addresses, but unfortunately not all > Yahoo mail comes from yahoo servers. As I tried to explain before, plenty > of small shops seem to use yahoo/gmail/whatever as the sender address from > their non-yahoo hosted e-commerce sites. Adding an additional negative > score to negate the pbwhite listing that I don't want in the first place, > will probably have these sent from outside yahoo mails which are > legitimate, but poorly sent, be blocked too. > > Additionally, there are people with their own domain name sending through > yahoo servers too. Currently ASSP reduces the score for these senders just > because they're sending from a yahoo IP that's already whitelisted. If I > could ignore these IP's because they reverse to a yahoo IP, I could then > rely on the content filters to take over. > > When you have a moment, if you would be so kind as to explain your > thoughts/comments on my use of google's SPF listings to exclude those IP's > from the pb? It seems to fit my needs well, but I inferred from your > previous messages that you didn't care for this idea. I want to make sure > I'm not overlooking a caviot or something worse. > > Do you think it would be possible and a good idea to have ASSP look at > things like *.mx.yahoo.com or *.yahoo.com in the noPb and noPBWhite? > Wouldn't this be universally beneficial? Like I attempted to say before, > my thought is that ASSP could do a reverse lookup of the IP and use the > matching hostname (technically there could be multiple, though that's rare) > to match the hostname regexes in the exclusion list. If it matches, then > ignore the IP, just like that IP was actually listed in noPB/noPBWhite. I > haven't considered what this does for caching or performance. I think this > would generally solve my problem (and the same one that Daniel is trying to > solve), but if it's a bad idea, I just want to understand why and know what > else I can do as an alternative. > > Thanks > > > > On Sun, Sep 15, 2019 at 5:31 AM Thomas Eckardt <thomas.ecka...@thockar.com> > wrote: > >> >If ASSP could have a regex in nopb and nopbwhite like *.yahoo.com >> >> reduce or increase the score for >> >> ~<<<\.yahoo\.(?:com|net)$>>>~=>XXX:>W- >> >> to your needs, using invalidPTRRe. >> XXX can be postive or negative (-XXX) >> the optional ':>W-' ignores the rule for whitelisted mails. RTM ! >> >> Thomas >> >> >> >> >> Von: "Daniel Miller via Assp-test" < >> assp-test@lists.sourceforge.net> >> An: assp-test@lists.sourceforge.net >> Kopie: "Daniel Miller" <dmil...@amfes.com> >> Datum: 15.09.2019 01:36 >> Betreff: Re: [Assp-test] noPB and NoPBWhite based on reverse dns >> ------------------------------ >> >> >> >> On 9/14/2019 2:26 PM, K Post wrote: >> > >> > Daniel, >> > >> > I don't think that using only the MX records (inbound addresses) for >> > yahoo is going to cut it, plus yahoo uses different IP's for the same >> > hostname based on geolocation. >> >> Ok...but (here's another opportunity to display my ignorance) what's the >> difference? I'm assuming (yes I know what that means) that the geo-based >> IP's determine which servers are going to be talking to a group of >> clients. Which in this case means...you! So what's wrong with simply >> listing the MX's that appear to be configured to talk to you? >> >> For example, I'm finding that >> > mta5.am0.yahoonet.net <http://mta5.am0.yahoonet.net> to be >> 74.6.136.150, >> > which isn't in your list. Your goal is the same as mine and used the >> > same theory that these big boys should just have their IP's ignored for >> > PB reasons. However, I don't think you're doing a particularly good >> job >> > of excluding all of the IP's. >> >> Probably not - but how are you inferring that? And I don't care if I >> exclude *all* the IP's. I only care about mail that touches *my* server. >> If the IP's for other countries aren't listed...they don't talk to me so >> I don't care about them. >> >> > >> > [...] You are using IP's from the MX >> > record the for the same purpose, though as I said, I don't think that's >> > capturing all that could be sending from yahoo. >> >> Entirely possible. And I agree that a script to automate what *should* >> be a simple process is a great idea. But if the @ssholes, I mean "big >> boys", choose not to follow standards - our choices are limited. >> >> > >> > [...] If I have dns server >> > access to a server that is the authorized server for a netblock, I >> could >> > add a reverse for any controlled ip to be whatever.yahoo.com >> > <http://whatever.yahoo.com> and pass! >> >> If you did...they'd probably be configured correctly and we wouldn't be >> having this conversation. Naive of me I suppose - at the moment I'm not >> worried about Microsoft/Yahoo's DNS servers being compromised just to >> send me male supplement ads. >> >> > >> > If a message comes from 74.6.136.150, your method wouldn't ignore the >> > penaltybox / white, but mine is unlikely to as well. I don't know of a >> > way to get yahoo's allowable sending IP's. If ASSP could have a regex >> > in nopb and nopbwhite like *.yahoo.com <http://yahoo.com> that checks >> > the reverse of a given IP, I believe that would solve my issue (and be >> > good for yours too). >> >> I'd love such options as well - but for me as a functional alternative >> if someone complains of a mail being blocked I check and take the >> appropriate action. Early in my ASSP implementation there were a number >> of servers, like Yahoo, that I had to manually add to nopb.txt and such. >> Honestly I haven't had an issue with such senders in quite some time. >> >> I agree from it would certainly be preferable to have a purely automated >> system for updating targeted domains. It would also be great if the >> larger players in this game played according to the rules. But it seems >> to me we have a functional method to accomplish the goal of >> blocking/passing mail even it isn't ideal. >> >> Other than offending our sense of elegance (which without any sarcasm >> whatsoever I completely agree with!) - what exactly does not work for >> you with having a static list of Yahoo (and other) IP's? >> >> -- >> Daniel >> >> >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >> >> >> >> DISCLAIMER: >> ******************************************************* >> This email and any files transmitted with it may be confidential, legally >> privileged and protected in law and are intended solely for the use of the >> individual to whom it is addressed. >> This email was multiple times scanned for viruses. There should be no >> known virus in this email! >> ******************************************************* >> >> _______________________________________________ >> Assp-test mailing list >> Assp-test@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/assp-test >> >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
