Based on what I've seen in ASSP SPF checking does not bypass additional filters. It's only used to filter or add to the message scoring based on failures.
Looking at the SPF data for that domain (yonasite.com) ANY IP would pass. "v=spf1 mx ptr ~all" ::SPF rant:: Spammers can setup SPF records just as well as the rest of the world. I've never been a big fan of it. I've never had good luck with it with any spam filtering product. I just disable it. In certain cases you can get false positives from it. IE Someone on a job board submits a response to your job posting and uses their email address. The Job site sends you the email. Then gets rejected by SPF because the persons email domain has a SPF record which obviously wouldn't have the Job site listed as a valid sender. Adn of course as we see a valid record doesn't mean anything at all..... ::end rant:: ----- Original Message ---- From: Daniel L. Miller <[EMAIL PROTECTED]> To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <[email protected]> Sent: Friday, July 27, 2007 3:17:01 PM Subject: Re: [Assp-user] Spam server won't be denied!!! Daniel L. Miller wrote: > Daniel L. Miller wrote: > >>>> I may have perhaps found the answer. My exportExtremeFileAppend was >>>> checked, and the exportextreme file was ... a trifle large. A "sort -u" >>>> shrunk it to a manageable size, and ASSP is blocking connections again. >>>> >>>> May I recommend a warning message in the GUI, and possibly an overflow >>>> error should be reported for larger files for when a idiot like me tries >>>> to shoot himself in the foot? >>>> >>>> >>>> >>> Could you be more specific as to the size. >>> >>> >> Of course I already deleted the file without taking note of the size - >> but it think it was over 10M. Took a while to load ASSP each time too! >> >> > I'm still blocking lots of others - but this particular site is still > able to get past the IP blocks. Mail analyzer states that the IP is in > both the exportextreme and the denysmtp. > > How are they getting through?!? I see the message DOES have a valid SPF - does a valid SPF bypass the penalty box blocks? Abbreviated headers follow: Return-Path: <[EMAIL PROTECTED]> Received: from mail.yonasite.com ([64.118.89.89] helo=mail.yonasite.com) by foxy.amfes.com; 27 Jul 2007 12:48:03 -0700 Received: by mail.yonasite.com (qmail 412 by uid 77) id hl95ve01g74b; Fri, 27 Jul 2007 14:13:09 -0400 (envelope-from <[EMAIL PROTECTED]>) Date: Fri, 27 Jul 2007 14:12:36 -0400 From: "GrassSeed" <[EMAIL PROTECTED]> Subject: [Bayesian] Get a Rich Beautiful Lawn X-Assp-Delay: delayed for 49m 54s; 27 Jul 2007 12:48:04 -0700 X-Assp-Received-RWL: not listed (foxy.amfes.com: local policy) rwl=none; client-ip=64.118.89.89 X-Assp-Received-SPF: pass (foxy.amfes.com: domain of [EMAIL PROTECTED] designates 64.118.89.89 as permitted sender) client-ip=64.118.89.89; [EMAIL PROTECTED]; helo=mail.yonasite.com; X-Assp-Received-DNSBL: pass X-Assp-Re-Red: remove X-Assp-Re-SuspiciousAttachment: X-Assp-Received-URIBL: pass X-Assp-Score: 25 (Bayesian) X-Assp-Bayes-Confidence: 0.99910 X-Assp-Spam-Prob: 1.00000 X-Assp-Tag: Bayesian X-Assp-Envelope-From: [EMAIL PROTECTED] X-Assp-Version: 1.3.4(14) X-Assp-Redlisted: Yes X-Assp-Spam: YES X-Assp-Spam-Reason: Bayesian Spam X-Assp-Totalscore: 25 -- Daniel ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user ____________________________________________________________________________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
