>They are all sent from random *@ups.com addresses using a lot of different IP's.
SPF will catch it. Thomas Von: "Andy Knuts" <a...@knuts.be> An: "For Users of ASSP" <assp-user@lists.sourceforge.net> Datum: 18.08.2016 16:42 Betreff: Re: [Assp-user] Whitelist & spam Yes. I'm using the included whiteListDomains so ASSP default configuration is to whitelist ups.com. Maybe I need to enable BayesWL? ----- Original Message ----- From: K Post [mailto:nntp.p...@gmail.com] To: For Users of ASSP [mailto:assp-user@lists.sourceforge.net] Sent: Thu, 18 Aug 2016 16:26:19 +0100 Subject: Re: [Assp-user] Whitelist & spam > Do you have ups.com in whiteListedDomains? > > The line: > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 < > rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > Domain: @ups.com > leads me to believe that you do. > > On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <a...@knuts.be> wrote: > > > I do have "DoOrgWhiting" set to "Score" instead of "Whiting". > > Shouldn't it just decrease the score because ups.com is whitelisted and > > still continue with other other checks (hmm/bayes) as normal? > > > > > > ----- Original Message ----- > > From: Andy Knuts [mailto:a...@knuts.be] > > To: > > assp-user@lists.sourceforge.net > > Sent: Thu, 18 Aug 2016 13:40:20 > > +0100 > > Subject: [Assp-user] Whitelist & spam > > > > > > > Today we have a lot of spam getting through. They are all sent from > > random > > > *@ups.com addresses using a lot of different IP's. Here's an example: > > > > > > > > > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 > > > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Whitelisted sender > > > Domain: @ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be info: domain > > ups.com > > > has published a DMARC record > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be [scoring] SPF: fail > > > ip=83.110.218.163 mailfrom=rosalyn.backman...@ups.com > > > helo=bba423262.alshamil.net.ae > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be Message-Score: > > added 21 > > > (spfValencePB) for SPF fail, total score for this message is now 21 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be DMARC: this mail > > > breakes the DKIM policies defined in the DMARC record for domain ups.com > > - > > > there is no DKIM-signature found in this mail for domain ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163 > > > <rosalyn.backman...@ups.com> to: s...@seniorennet.be message ok - > > > (whiteListedDomains '@ups.com') - [Emailing Label] -> > > > /var/db/assp/notspam/Emailing_Label--37641.eml > > > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 > > > 83.110.218.163 - processing time 4 seconds > > > > > > > > > If I use the mail analyzer both HMM and Bayesian tell me they are > > confident > > > it's spam but assp is not running the bayes/hmm check for these kind of > > > emails because "ups.com" is whitelisted by ASSP's default configuration. > > > > > > Does this mean anyone can send any spam email to use for any of the > > > whitelisted domains in ASSP? > > > And how can I prevent this from happening? > > > > > > Thanks > > > > > > ------------------------------------------------------------ > > ------------------ > > > _______________________________________________ > > > Assp-user mailing list > > > Assp-user@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > ------------------------------------------------------------ > > ------------------ > > _______________________________________________ > > Assp-user mailing list > > Assp-user@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
