I do have "DoOrgWhiting" set to "Score" instead of "Whiting". Shouldn't it just decrease the score because ups.com is whitelisted and still continue with other other checks (hmm/bayes) as normal?
----- Original Message ----- From: Andy Knuts [mailto:a...@knuts.be] To: assp-user@lists.sourceforge.net Sent: Thu, 18 Aug 2016 13:40:20 +0100 Subject: [Assp-user] Whitelist & spam > Today we have a lot of spam getting through. They are all sent from random > *@ups.com addresses using a lot of different IP's. Here's an example: > > > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > Domain: @ups.com > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain ups.com > has published a DMARC record > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: fail > ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com > helo=bba423262.alshamil.net.ae > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score: added 21 > (spfValencePB) for SPF fail, total score for this message is now 21 > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this mail > breakes the DKIM policies defined in the DMARC record for domain ups.com - > there is no DKIM-signature found in this mail for domain ups.com > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163 > <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok - > (whiteListedDomains '@ups.com') - [Emailing Label] -> > /var/db/assp/notspam/Emailing_Label--37641.eml > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 > 83.110.218.163 - processing time 4 seconds > > > If I use the mail analyzer both HMM and Bayesian tell me they are confident > it's spam but assp is not running the bayes/hmm check for these kind of > emails because "ups.com" is whitelisted by ASSP's default configuration. > > Does this mean anyone can send any spam email to use for any of the > whitelisted domains in ASSP? > And how can I prevent this from happening? > > Thanks > > ------------------------------------------------------------------------------ > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
