Fritz Borgstedt wrote:
> These are the conditions when helocheck will not happen:
>
> return 1 if $DoInvalidFormatHelo==0;
> return 1 if ($this->{relayok});
> return 1 if ($heloBlacklistIgnore && $helo =~ $HBIRE);
> return 1 if $this->{ispip}==1;
> return 1 if $this->{nodelay}==1;
> return 1 if $this->{acceptall}==1;
> return 1 if $this->{contentonly};
> return 1 if $this->{whitelisted};
> return 1 if $this->{noprocessing}==1;
>
> If you want to test it, you may insert a mlog after
> sub invalidHeloOK {
> my $ignore=($heloBlacklistIgnore && $helo =~ $HBIRE);
> mlog($fh,"HELO: '$helo'",relay=$this->{relayok},ignore=$ignore,....
We added SPF to happen with {noprocessing} because it was found that it
could be abused for more common matches - couldn't the same be said for
the HELO check?
Also, I have repeatedly seen delayed messages skip HELO and bombRe, and
come in as Bayesian. I see this because I run Bayesian test-mode - so
perhaps I am seeing things that are going wrong that you don't use
Bayesian test-mode.
-----[Initial delayed connection]-----
Dec-3-06 22:51:47 Connected: 216.138.146.62:34048 -> 127.0.0.1:25 ->
127.0.0.1:26
Dec-3-06 22:51:47 216.138.146.62 <[EMAIL PROTECTED]> adding new triplet:
(216.138.146.0,[EMAIL PROTECTED],[EMAIL PROTECTED])
Dec-3-06 22:51:47 216.138.146.62 <[EMAIL PROTECTED]> recipient delayed:
[EMAIL PROTECTED]
Dec-3-06 22:51:47 216.138.146.62 <[EMAIL PROTECTED]> is disconnected
-----[retry after 15 minutes]-----
Dec-3-06 23:06:49 Connected: 216.138.146.62:47805 -> 127.0.0.1:25 ->
127.0.0.1:26
Dec-3-06 23:06:51 216.138.146.62 <[EMAIL PROTECTED]> whitelisting triplet:
(216.138.146.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 15m 4s
Dec-3-06 23:06:52 216.138.146.62 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]
passing if safe because testmode, otherwise Bayesian spam
Dec-3-06 23:06:52 216.138.146.62 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]
spam determined to be safe, passing on to recipient Australia_ ->
c:/assp/corpus/normal/spam/5996.eml
Dec-3-06 23:06:52 216.138.146.62 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]
deleting spamming whitelisted tuplet: (216.138.146.0,nuviu.net) age: 1s
Dec-3-06 23:06:52 216.138.146.62 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is
disconnected
----------
When I submit the contents of the email (5996.eml) to the Analyzer, it
failed on [scriptRe], [validFormatHeloRe] and [invalidFormatHeloRe].
There has to be some processing logic issue for this to happen - right?
I did not have this problem until recently, after upgrading to a newer
version of ASSP to test.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
