Hi list. Since i upgraded from 1.98(13056) to 1.99(13107) and even latest version (13129), i have noticed that most of spam messages received are detected as bounce and to discarded folder. Only few spam messages are going is spam folder (those not detected as bounce).
We are using assp with the following workflow : Outbound : outlook->msechange(mapi)-->assp relayport + postfix (on the same host) --> Internet. For sending mail to Assp Email Interface i have filled the name of an unexistant_domain ASSP Relaying/Local Domains. It works fine. ASSP can easily catch everything send to Email Interface Addresses (whitelist@unexistant_domain, assp-help@unexistant_domain.....and so on). Inboud : Internet-->ASSP + postfix (on the same host) --> Microsoft Exchange (mapi) --> Outlook. Here is an example of assp logfile showing how most of spam are detected : May-12-13 01:32:22 m-36831-04867 [isbounce] 109.239.222.145 internaluser[@]internaldomain validated by ldap-cache; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain Message-Score: added 25 for Blocked Country RU, total score for this message is now 25; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain [scoring:25] -- Blocked Country RU -- [New Pick After Closing Bell]; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain Message-Score: added 10 for Suspicious H ELO: '109.239.222.145', total score for this message is now 35; May-12-13 01:32:25 m-36831-04867 [SuspiciousHelo] 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain [scoring:10] -- Suspicious HELO: '109.239.222.145' -- [New Pick After Closing Bell]; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain info: skip SPF check - domain 109.239.222.145 is not a FQDN; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain Message-Score: added 11 for Low Reputation for 109.239.222.145, total score for this message is now 46; May-12-13 01:32:25 m-36831-04867 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: internaluser[@]internaldomain Message-Score: added 150 for DNSBL: failed, 109.239.222.145 listed in bl.spamcop.net db.wpbl.info, total score for this message is now 196; May-12-13 01:32:25 m-36831-04867 [DNSBL][isbounce] 109.239.222.145 FROM:<t.czarnet...@tellur.ru> to: georges internaluser[@]internaldomain [spam found][blocked] -- DNSBL, 109.239.222.145 listed in bl.spamcop.net db.wpbl.info -- [New Pick After Closing Bell] -> /var/db/assp/discarded/New_Pick_After_Closing_Bell__2149.e ml; How is it possible to that we cannot see the originating "mail from" in the first line of that messages detected as bounce? May-12-13 01:32:22 m-36831-04867 [isbounce] 109.239.222.145 internaluser[@]internaldomain validated by ldap-cache; The problem with those messages detected as bounce is that spam messages don't feed anymore spamdb because they are stored in discarded directory....... Any idea would be really appreciable.... A second issue we have is that if "do Message-ID Signing" '(backscatter detection) Delivery Status Notification (DSN) messages are blocked by ASSP (discarded). So we have disabled this feature. (Sorry Fritz, MDN messages are OK now but DSN are blocked) X-Assp-Score: 50 (MSGID-sig check failed <>), maybe this is due to misconfigured partners smtp server......?.... Thanks again for any advices or explanation about most spam detected as bounce.... Regards MAIRIE DE SALLANCHES Direction des Systèmes d'Information Alexandre RAYNAUD ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
