>but still no information about Connecting IP. I don't know if this
matters....
ZIP such an eml file an send it to my privat email address.
Thomas
Von: "Raynaud Alexandre" <alexandre.rayn...@sallanches.fr>
An: <assp-user@lists.sourceforge.net>
Datum: 01.03.2016 17:12
Betreff: [Assp-user] TR: Missing Connecting IP / no blocking
Hi Thomas,
I have just installed version 2.4.8 16060.
To confirm that when Connecting Ip is missing in "ASSP mail Analyzer" and
mail pass through even DoReversed=Block, DoInvalidPTR=block, i have to
wait some bad mails with no ptr been sent to our domains.
On the other hand, what i can say is that I have just done a new analyze
using "ASSP mail Analyzer" of the header case 1 i sent in my previous post
but still no information about Connecting IP. I don't know if this
matters....
Regards,
Alexandre RAYANAUD
-----Message d'origine-----
De : Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Envoyé : mardi 1 mars 2016 16:19
À : For Users of ASSP
Objet : Re: [Assp-user] Missing Connecting IP / no blocking
Raynaud, please try 2.4.8 16060 and tell me if this is fixed.
http://assp.cvs.sourceforge.net/viewvc/assp/assp2/
Thomas
Von: "Raynaud Alexandre" <alexandre.rayn...@sallanches.fr>
An: <assp-user@lists.sourceforge.net>
Datum: 26.02.2016 11:06
Betreff: [Assp-user] Missing Connecting IP / no blocking
Hi Thomas Eckardt,
I agree i haven't been clear enough.
>The analyzer uses the "Received:" headerline to detect the connected IP -
show the one for this mail.
Here are 2 mail headers :
case 1 : no "Connecting IP" information in ASSP Mail Analyzer
Microsoft Mail Internet Headers Version 2.0
Received: from smtp.ourdomain.fr ([10.2.x.x]) by mailhost.local with
Microsoft SMTPSVC(6.0.3790.1830);
Thu, 25 Feb 2016 15:03:51 +0100
Received: from mta184030.ems01.eu (localhost [127.0.0.1])
by smtp.ourdomain.fr (Postfix) with ESMTP id 89132C052D
for <u...@ourdomain.fr>; Thu, 25 Feb 2016 15:03:48 +0100
(CET)
Received: from mta184030.ems01.eu ([178.248.184.30]
helo=mta184030.ems01.eu)
by ASSP.nospam with SMTP (2.4.7); 25 Feb 2016 15:03:47
+0100
==> We use "Block" for DoReversed and DoInvalidPTR. In this case 1 where
there is no "Connecting IP" information in ASSP Mail Analyzer, the
connected IP appears like this : detected IP's on the mail routing way:
178.248.184.30(mta184030.ems01.eu)
But even if this IP has no PTR (PTR record via DNS: status=no PTR), ASSP
won't block the email.
Case 2 : "Connecting IP" information is present in ASSP Mail Analyzer
Microsoft Mail Internet Headers Version 2.0
Received: from smtp.ourdomain.fr ([10.2.x.x]) by mailhost.local with
Microsoft SMTPSVC(6.0.3790.1830);
Thu, 25 Feb 2016 15:04:17 +0100
Received: from abts-kk-dynamic-024.51.172.122.airtelbroadband.in
(localhost [127.0.0.1])
by smtp.ourdomain.fr (Postfix) with ESMTP id 48166C052D
for <u...@ourdomain.fr>; Thu, 25 Feb 2016 15:04:14 +0100
(CET)
Received: from abts-kk-dynamic-024.51.172.122.airtelbroadband.in
([122.172.51.24]
helo=abts-kk-dynamic-024.51.172.122.airtelbroadband.in) by
ASSP.nospam with SMTP (2.4.7); 25 Feb 2016 15:04:14 +0100
==>In this case, if the connected IP has no valid PTR, it is blocked as
expected.
When we compare these 2 headers, nothing distinguish them but as i said,
in certain situations there are no "Connecting IP" information in ASSP
Mail Analyzer and in this case DoReversed=Block, DoInvalidPTR=block won't
be applied even ASSP Mail Analyzer shows something like : PTR record via
DNS: status=no PTR
This is the situation i wanted to describe Thomas and i hope i have been
enough clear this time.
>>do i need to restart ASSP or wait?
>After all workers have reread the config, your changes will take place.
OK, when the workers are supposed to reread the config? I ask this because
yesterday 15 minutes after i activated Do Reversed Lookup for Whitelisted
(DoReversedWL), the parameter was not yet effective and junkmail from
whitelisted domain were continuing to pass through even connected IP
addresses were DNSBlacklisted.
Thank you for your analyse.
Regards,
Alexandre
Von: "Raynaud Alexandre" <alexandre.raynaud@...>
An: <assp-user@...>
Datum: 25.02.2016 16:26
Betreff: [Assp-user] Missing Connecting IP / DoReversed blocking
Hi list,
Since a long time i have noticed that for some incoming mails, there is no
information on the "Connecting IP" then even if i use "block" for
DoReversed, this kind of mail pass through.
Here is an example of email that has no information about the "Connecting
IP" in the ASSP "Mail Analyzer":
General Hints:
text processing uses unicode normalization
ASSP-ID: ASSP.nospam m1-09027-06745
ASSP-Session: 7F35D1174AA0 (mail 1)
removed all local X-ASSP- header lines for analysis
sender and reply addresses:
MAIL FROM: xxx@...
recipient addresses:
RCPT TO: some.addresse@...
using enhanced Originated IP detection
*detected IP's on the mail routing way: 178.248.x.x(mtaxx.xx.eu)
*detected source IP: 178.248.x.x
Feature Matching:
* DKIM-check returned OK verified-OK
* URIBL check: 'OK'
* RBLCheck returned OK for 178.248.x.x:
* domain domain.fr (in Reply-To) has a valid MX record: x.l.x.com
* domainMX aspmx.l.google.com has a valid A record: 66.102.x.x
* domain news.x.fr (in Mail From: , Errors-to , From , Return-Path) has a
valid MX record: bounce.x.eu
* domainMX bounce.x.eu has a valid A record: 62.27.x.x
* PTR record via DNS: status=no PTR
* RWLcheck returned OK for : status=unknown
But in ASSP mail log first line log entry for the concerned email i can
see the connecting IP : 178.248.x.x. Strangely, in ASSP "Mail Analyzer"
this IP address is in the section : "using enhanced Originated IP
detection" and there are no information at "Connecting Ip" level.
Everytime that kind of email arrive, DoReversed is never apply.
Another issue question is (actually we are receiving an incredible amount
of cryptowall), while assp running, if i activate RBLWL (Whitelisted DNSBL
Validation), do i need to restart ASSP or wait? I ask this because i did
this but even adresses were blacklisted, mails with this cryptwall were
continuing pass through ASSP.
If anybody has any explation i would appreciate. Thank you.
Regards,
Alexandre RAYNAUD
MAIRIE DE SALLANCHES
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
[Anhang "ATT01359.txt" gelöscht von Thomas Eckardt/eck]
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
