Today we have a lot of spam getting through. They are all sent from random *@ups.com addresses using a lot of different IP's. Here's an example:
Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender Domain: @ups.com Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain ups.com has published a DMARC record Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: fail ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com helo=bba423262.alshamil.net.ae Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score: added 21 (spfValencePB) for SPF fail, total score for this message is now 21 Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this mail breakes the DKIM policies defined in the DMARC record for domain ups.com - there is no DKIM-signature found in this mail for domain ups.com Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163 <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok - (whiteListedDomains '@ups.com') - [Emailing Label] -> /var/db/assp/notspam/Emailing_Label--37641.eml Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 83.110.218.163 - processing time 4 seconds If I use the mail analyzer both HMM and Bayesian tell me they are confident it's spam but assp is not running the bayes/hmm check for these kind of emails because "ups.com" is whitelisted by ASSP's default configuration. Does this mean anyone can send any spam email to use for any of the whitelisted domains in ASSP? And how can I prevent this from happening? Thanks ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
