Hi list, Since a long time i have noticed that for some incoming mails, there is no information on the "Connecting IP" then even if i use "block" for DoReversed, this kind of mail pass through.
Here is an example of email that has no information about the "Connecting IP" in the ASSP "Mail Analyzer": General Hints: text processing uses unicode normalization ASSP-ID: ASSP.nospam m1-09027-06745 ASSP-Session: 7F35D1174AA0 (mail 1) removed all local X-ASSP- header lines for analysis sender and reply addresses: MAIL FROM: x...@news.xxx.fr recipient addresses: RCPT TO: some.addre...@domain.fr using enhanced Originated IP detection *detected IP's on the mail routing way: 178.248.x.x(mtaxx.xx.eu) *detected source IP: 178.248.x.x Feature Matching: * DKIM-check returned OK verified-OK * URIBL check: 'OK' * RBLCheck returned OK for 178.248.x.x: * domain domain.fr (in Reply-To) has a valid MX record: x.l.x.com * domainMX aspmx.l.google.com has a valid A record: 66.102.x.x * domain news.x.fr (in Mail From: , Errors-to , From , Return-Path) has a valid MX record: bounce.x.eu * domainMX bounce.x.eu has a valid A record: 62.27.x.x * PTR record via DNS: status=no PTR * RWLcheck returned OK for : status=unknown But in ASSP mail log first line log entry for the concerned email i can see the connecting IP : 178.248.x.x. Strangely, in ASSP "Mail Analyzer" this IP address is in the section : "using enhanced Originated IP detection" and there are no information at "Connecting Ip" level. Everytime that kind of email arrive, DoReversed is never apply. Another issue question is (actually we are receiving an incredible amount of cryptowall), while assp running, if i activate RBLWL (Whitelisted DNSBL Validation), do i need to restart ASSP or wait? I ask this because i did this but even adresses were blacklisted, mails with this cryptwall were continuing pass through ASSP. If anybody has any explation i would appreciate. Thank you. Regards, Alexandre RAYNAUD MAIRIE DE SALLANCHES ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
