[Assp-user] Still running into false spam triggers on whitelist IPs

Wed, 20 May 2020 10:00:24 -0700

I'm still seeing issues where an IP address falls within a blacklisted range (ie /24) but the specific IP address is whitelisted.
I'm include the message headers and the log file lines (with actual email addresses redacted). It clearly shows that the IP is whitelisted, but then gets blacklisted. First, the log lines with the whitelist and blacklist in bold: 


May-20-20 11:29:40 [Worker_2] Connected: session:7F74E1ACC1E8 
192.185.50.250:17379 > 165.254.4.49:25 > 165.254.4.142:25
May-20-20 11:29:40 [Worker_2] 192.185.50.250 info: got STARTTLS request 
from 192.185.50.250
May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> info: found message size 
announcement: 731.80 kByte
May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> message proxied without processing - 
message size (749368) is above 100000 (npSize).
May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
[NoProcessing] 192.185.50.250 <sen...@domain.com> to: 
recipi...@domain.com message proxied without processing content base 
check (npSize)
May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com 
DKIM-Signature found
*May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com 
Received-RWL: whitelisted from 
(list.dnswl.org.wl.mcf.com->127.0.4.3,trust=3-[high] 
(category=Organisations);) - high trust is 3-[high] - 
client-ip=192.185.50.250*
May-20-20 11:29:41 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] [DKIM] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com [monitoring] 
DKIM signature failed - invalid (public key: not available) - sender 
policy is: neutral - author policy is: neutral
May-20-20 11:29:42 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com [monitoring] 
SPF: neutral ip=192.185.50.250 mailfrom=sen...@domain.com 
helo=gateway23.websitewelcome.com
*May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com 
Message-Score: added 50 for DNSBL: failed, 192.185.50.250 listed in 
bl.mcf.com, total score for this message is now 50**
**May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com [scoring] 
DNSBL: failed, 192.185.50.250 listed in (bl.mcf.com<-127.0.0.8)**
**May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
[PenaltyBox] 192.185.50.250 <sen...@domain.com> to: recipi...@domain.com 
[monitoring] totalscore for 192.185.50.250 is 50, last bad penalty was 
'DNSBLfailed'*
May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
[MessageLimit] 192.185.50.250 <sen...@domain.com> to: 
recipi...@domain.com [spam found] (MessageScore 50, limit 50) [WO 65424] 
-> /usr/share/assp/discarded/WO_65424--1258687.eml;
May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com [SMTP Error] 
554 5.7.1 Mail appears to be unsolicited and will be checked before 
being delivered --contact postmas...@formsfulfillment.com if you need help
May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com info: 
PB-IP-Score for '192.185.50.0' is 50, added 50 in this session
May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com finished 
message - received DATA size: 731.97 kByte - sent DATA size: 0 Byte
May-20-20 11:29:43 m1-88581-13275 [Worker_2] [TLS-in] [TLS-out] 
192.185.50.250 <sen...@domain.com> to: recipi...@domain.com 
disconnected: session:7F74E1ACC1E8 192.185.50.250 - processing time 3 
seconds


Here are the message headers:

Return-Path: <sen...@domain.com>
Delivered-To: s...@besttechsvc.com
Received: from ASSP.xmsi.net (ns1.mcf.com [165.254.4.23])
    by linuxmail.xmsi.net (Postfix) with ESMTP id 65E5D248129C
    for <s...@besttechsvc.com>; Wed, 20 May 2020 11:29:43 -0400 (EDT)
X-Assp-Version: 2.6.3(20002) on ASSP.xmsi.net
X-Assp-ID: ASSP.xmsi.net m1-88581-13275
X-Assp-Session: 7F74E1ACC1E8 (mail 1)
X-Assp-Intended-For-IP: 165.254.4.49
X-Assp-Client-TLS: yes
X-Assp-Server-TLS: yes
X-Assp-NoProcessing: YES - (noProcessing - message size (749368) is above
     100000 (npSize))

X-Assp-Received-RWL: whitelisted from 
(list.dnswl.org.wl.mcf.com->127.0.4.3,trust=3-[high]
     (category=Organisations);) - high trust is 3-[high] - 
client-ip=192.185.50.250

X-Original-Authentication-Results: assp.xmsi.net; dkim=invalid
X-Assp-Message-Score: 50 (DNSBL: failed, 192.185.50.250 listed in
     bl.mcf.com)
X-Assp-IP-Score: 50 (DNSBL: failed, 192.185.50.250 listed in
     bl.mcf.com)
X-Assp-DNSBL: failed, 192.185.50.250 listed in (bl.mcf.com<-127.0.0.8)
X-Assp-Tag: MessageLimit
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 50, limit 50
X-Assp-Message-Totalscore: 50
X-Assp-Spam-Level: ***********
X-Assp-Intended-For: recipi...@domain.com
X-Assp-Copy-Spam: Yes
Received: from gateway23.websitewelcome.com ([192.185.50.250]
     helo=gateway23.websitewelcome.com) by ASSP.xmsi.net with SMTPS(TLSv1_2
     ECDHE-RSA-AES128-GCM-SHA256) (2.6.3); 20 May 2020 11:29:40 -0400

Received: from cm16.websitewelcome.com (cm16.websitewelcome.com 
[100.42.49.19])

    by gateway23.websitewelcome.com (Postfix) with ESMTP id 2B9BF21997
    for <recipi...@domain.com>; Wed, 20 May 2020 10:26:31 -0500 (CDT)
Received: from host2025.hostmonster.com ([67.20.76.181])
    by cmsmtp with SMTP
    id bQc1jssPN8vkBbQc2jYWK5; Wed, 20 May 2020 10:26:31 -0500
X-Authority-Reason: nr=8
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

    d=jaspergrading.com; s=default; 
h=Content-Type:MIME-Version:Message-ID:Date:

Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
    List-Subscribe:List-Post:List-Owner:List-Archive;

    bh=iztcbaloApdLXib2iP5VQf68w4ny+XcGVPC0HEICHY8=; 
b=acwhI35G2mV29W9NsRHpiJ2PzF

Vt3I6+fnjX84P3mkL0bH6ppFzKlLD7DL2aWPrx+gmoO0eAK9tMxKQcBWfcNO9yWcNIjU+m3pFPEJn
v9CwlLfUboBBU9manbrYs5Dni0rOfa5eGhLoyJUjDAlQXr0v0kvNIngn6Mz1Du5Ls2zLEL0VGVXnT
Ts+1L9oCXsHIH+4ZHzFEv+a4kk531xd23bqiTKcuh4N9VyvrMxfHXYYMdf0c3gT0nVsWFvqYOzrZc
+uQO0B0QZ9z+LHMrBpGbQQSA+ukmhpmRfKrAlIOwetVBSQgLThgcBSyiP2lEqvXMg3Edar6x7dsc0
    zM2EKV/w==;

Received: from 50-248-237-17-static.hfc.comcastbusiness.net 
([50.248.237.17]:62950 helo=dianneHP)
    by host2025.hostmonster.com with esmtpsa 
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)

    (Exim 4.92)
    (envelope-from <sen...@domain.com>)
    id 1jbQc0-000zG7-7Q
    for recipi...@domain.com; Wed, 20 May 2020 09:26:29 -0600
Return-Receipt-To: <sen...@domain.com>
From: "Dianne Lively" <sen...@domain.com>
To: <recipi...@domain.com>
Subject: [SPAM] [MessageLimit] WO 65424
Date: Wed, 20 May 2020 11:26:23 -0400

Message-ID: 
<!&!AAAAAAAAAAAYAAAAAAAAAPZhVAQ4/yFNtar6jT8a0ZjCgAAAEAAAACtrB1FupO1Pglvc47++PzcBAAAAAA==@jaspergrading.com>

MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0078_01D62E99.807ABE10"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdYuuwU6jUQEpg+4TYKDl/VqTkPRAQ==
Content-Language: en-us
Disposition-Notification-To: <sen...@domain.com>

X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report

X-AntiAbuse: Primary Hostname - host2025.hostmonster.com
X-AntiAbuse: Original Domain - formsfulfillment.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jaspergrading.com
X-BWhitelist: no
X-Source-IP: 50.248.237.17
X-Source-L: No
X-Exim-ID: 1jbQc0-000zG7-7Q
X-Source:
X-Source-Args:
X-Source-Dir:

X-Source-Sender: 50-248-237-17-static.hfc.comcastbusiness.net (dianneHP) 
[50.248.237.17]:62950

X-Source-Auth: sen...@domain.com
X-Email-Count: 4
X-Source-Cap: amFzcGVyZ3I7amFzcGVyZ3I7aG9zdDIwMjUuaG9zdG1vbnN0ZXIuY29t
X-Local-Domain: yes


Any thoughts on why this is happening? Is there a setting I changed that 
could cause this, or something I can set to prevent this?


Thanks.

--
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best will do...
For all your technology needs including hosting solutions.
Cell: 914-262-1594
Like us on Facebook: https://www.facebook.com/besttechsvc


_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user






















					Reply via email to