Yes. I'm using the included whiteListDomains so ASSP default configuration is to whitelist ups.com. Maybe I need to enable BayesWL?
----- Original Message ----- From: K Post [mailto:nntp.p...@gmail.com] To: For Users of ASSP [mailto:assp-user@lists.sourceforge.net] Sent: Thu, 18 Aug 2016 16:26:19 +0100 Subject: Re: [Assp-user] Whitelist & spam > Do you have ups.com in whiteListedDomains? > > The line: > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 < > rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > Domain: @ups.com > leads me to believe that you do. > > On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <a...@knuts.be> wrote: > > > I do have "DoOrgWhiting" set to "Score" instead of "Whiting". > > Shouldn't it just decrease the score because ups.com is whitelisted and > > still continue with other other checks (hmm/bayes) as normal? > > > > > > ----- Original Message ----- > > From: Andy Knuts [mailto:a...@knuts.be] > > To: > > assp-user@lists.sourceforge.net > > Sent: Thu, 18 Aug 2016 13:40:20 > > +0100 > > Subject: [Assp-user] Whitelist & spam > > > > > > > Today we have a lot of spam getting through. They are all sent from > > random > > > *@ups.com addresses using a lot of different IP's. Here's an example: > > > > > > > > > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 > > > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > > > Domain: @ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain > > ups.com > > > has published a DMARC record > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: fail > > > ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com > > > helo=bba423262.alshamil.net.ae > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score: > > added 21 > > > (spfValencePB) for SPF fail, total score for this message is now 21 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this mail > > > breakes the DKIM policies defined in the DMARC record for domain ups.com > > - > > > there is no DKIM-signature found in this mail for domain ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok - > > > (whiteListedDomains '@ups.com') - [Emailing Label] -> > > > /var/db/assp/notspam/Emailing_Label--37641.eml > > > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 > > > 83.110.218.163 - processing time 4 seconds > > > > > > > > > If I use the mail analyzer both HMM and Bayesian tell me they are > > confident > > > it's spam but assp is not running the bayes/hmm check for these kind of > > > emails because "ups.com" is whitelisted by ASSP's default configuration. > > > > > > Does this mean anyone can send any spam email to use for any of the > > > whitelisted domains in ASSP? > > > And how can I prevent this from happening? > > > > > > Thanks > > > > > > ------------------------------------------------------------ > > ------------------ > > > _______________________________________________ > > > Assp-user mailing list > > > Assp-user@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > ------------------------------------------------------------ > > ------------------ > > _______________________________________________ > > Assp-user mailing list > > Assp-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
