Eric B. wrote: > Well, I kinda figured that when you delete an address from the whitelist, > you are basically indicating to ASSP that that sender isn't necessarily > sending valid email, so it needs to run through all enabled ASSP to validate > it. One of those tests would be delaying. However, if you aren't deleting > the tuplet associated with the address, you are skipping over one of the > tests that you are counting on helping you block spam. >
Not necessarily. Removal from the whitelist doesn't necessarily mean that something is spam - only that you don't want it skipping tests and automatically adding to your ham corpus. > Do you have any idea what that reason is? The only thing I could think of > is to protect again contamination from sender spoofing; that you wouldn't > necessarily want to delete all tuplets from [EMAIL PROTECTED], in case > [EMAIL PROTECTED] is a valid user when sending from ip 123.123.123.123 but > not > when sending from 99.99.99.99. > I'm not positive, but I would hazard to guess it's at least partially because multiple sending domains can (and in many cases do) originate from the same IP (same service provider). > However, if that is the case, then I am not understanding something about > the whitelist in general. If [EMAIL PROTECTED] is legitimately on the > whitelist, and [EMAIL PROTECTED] from ip 99.99.99.99 manages to send spam > that > gets through ASSP and ends up in your mailbox, when you report it as spam, > it will automatically delete [EMAIL PROTECTED] from the whitelist (assuming > that "EmailErrorsModifyWhite" is set). Therefore next time [EMAIL PROTECTED] > from 123.123.123.123 sends a valid email, it goes through the whole process > again to check if it is valid or not, and risk bouncing because > [EMAIL PROTECTED] is no longer on the whitelist. > > If you don't have EmailErrorsModifyWhite set, then all the report does is > update the spamdb, for other users, but any spam coming from [EMAIL > PROTECTED] > at 99.99.99.99 will still be allowed through and still land in your mailbox > since [EMAIL PROTECTED] would still be on the whitelist. > > I realize that I have very little practical experience with ASSP running on > a live site, and this just might be one of those theoretical situations that > never occur. Is it one of those cases? Its possible depending on the circumstance and configuration. ASSP is very powerful and very configurable. This is a case of appropriate administration depending on what you want or need to accomplish. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
