Such a feature is not worth the effort.
https://www.howto-outlook.com/howto/viewsenderaddress.htm
There are too many pitfalls and too many required manual configuration
tweaks and exceptions to be handled.
examples:
- assp does not know user and mailbox names - requires manual tweaks using
lists and/or regular expressions
- to keep the manual configuration impact low, a complex and very variable
LDAP and/or external scripting will be required
- a per local domain configuration will be required
- several bounce sender tagging mechanism will make problems (example: <
bob.jones=ourcharity....@domain.com> )
....
So, with this feature you would have to configure matching sets for each
user. But you can do this now already - in 'bombHeaderRe'. If you got a
regular expression working for one user, it is easy to build them for
every user.
example:
~<<<(?:^|\n)(?:from|sender|reply-to):\s*"?\s*(?:(?:(?:Mrs?|Ms|Miss|Dr|Prof)\.?
*)?(?{local %_ = qw, fname bob sname jones domain ourcharity.org
,})(?:(??{$_{'fname'}})[. _\-]+(??{$_{'sname'}})|(??{$_{'sname'}})[,
](??{$_{'fname'}})|(??{$_{'fname'}})\.(??{$_{'sname'}})\@(??{$_{'domain'}})))\s*"?[^<]*<[^\@]+\@(?!(??{$_{'domain'}}))\x3E>>>~=>YOURSCORE
this example requires the hidden variable 'AllowCodeInRegex' to be set to
1
and a small change in assp.pl - will be published soon
or more simple, but much more needs to be change in each line
~<<<(?:^|\n)(?:from|sender|reply-to):\s*"?\s*(?:(?:(?:Mrs?|Ms|Miss|Dr|Prof)\.?
*)?(?:bob[. _\-]+jones|jones[, ]bob|bob.jones\@ourcharity\.org
))\s*"?[^<]*<[^\@]+\@(?!ourcharity\.org)\x3E>>>~=>YOURSCORE
How ever, if you think you need such a feature, you'll need to sponsor it
or find a sponsor. I expect an effort of two weeks but not less than 100
hours to implement and test this feature as a level-1 plugin.
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <assp-test@lists.sourceforge.net>
Datum: 04.11.2019 00:28
Betreff: Re: [Assp-test] Message body modification
Right, but what I'm trying to accomplish (as described in detail in my
previous thread) is flagging, maybe just with subject modification mail
from outside senders with a name that matches one of our organization's
senders. I'd love to be able to have ASSP insert a warning, not on all
mail, but only when there's a suspicious name match. We can't reasonably
quarantine all external email, the messages in question don't have links
or attachments to block.
For example Bob Jones <bob.jo...@ourcharity.org> is the real address
within our organization. We're seeing name spoofing mail from Bob Jones <
bob.jones.ourcharity....@gmail.com> or Bob Jones <
president123mad...@gmail.com>. It shows up in outlook as Bob Jones in the
inbox. Lots of times, the message even had the signature that the person
actually uses. We've had even some of our most savvy users get tricked.
The messages slips through assp, because they're innocuous sounding "are
you in the office? I need your help" "I've got a favor to ask, reply when
you get this please?" Whatever, user gets fooled, replies, and then that
gmail address is whitelisted. The next mail asks for the purchase of gift
cards, etc. Common scheme. If we could change even just the subject line
like [Potential Spoof]: <real subject> that would help the recipient.
Inserting a warning into the body would be even better!
To do the matching though, we'd need to list the names our people and
their correct address and have ASSP flag only when there's a match from
outside. Of course there are lots of legitimate instances where our
people email from their real personal email address to our staff. Those
would get a subject or body modification too, but that's okay. We don't
have the budge to have a third part system do this.
Would you mind taking a look at the original thread for more detail and
explanation of what I'm thinking? I think it's at least worth discussion
- I think there's some real value to the ASSP community being how often
we're getting name spoofing messages.
On Sat, Nov 2, 2019 at 3:34 AM Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
simple company rules are the solution:
- every mail from outside the company is subject to be malicious - open
attachments or following links in such mails, requires a full manually
verification of the email before any action is done - on any doubt the
mail has to be quarantained
- qurantined mails are untouchable as long as they are not released by an
authorisized person or system
- every mail from outside the company passed an assp system
- every mail from/to inside the company will never reach any assp system
(except assp reporting)
- every mail from outside contains a X-ASSP header but at least the ASSP
received header - this header has to be used by the mail client and/or
server to classify the mail
>can I insert something into the bodies of selected messages as it is sent
to the real mail server
there is no such code in assp.pl - only ASSP_AFC is able to manipulate the
mail body (replace attachments , SMIME)
>without having that warning message saved in the corpus
assp stores the incoming mail + assp headers - never the content sent to
the server
Thomas
Von: "K Post" <nntp.p...@gmail.com>
An: "ASSP development mailing list" <
assp-test@lists.sourceforge.net>
Datum: 01.11.2019 18:02
Betreff: [Assp-test] Message body modification
Thomas, quick question: can I insert something into the bodies of selected
messages as it is sent to the real mail server without having that warning
message saved in the corpus?
Early last month, I sent "An idea: Visual warnings in message body" but
received no replies.
We're seeing SO many of these, that I might try to figure this out on my
own if there isn't broad appeal.
Thanks
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
