I would propose that DNSBL processing of X-Originating-IP is appropriate but
not using Spamhaus PBL or any “residential/dsl/cable" blocklist since those
addresses are where you would expect webmail to come from. However, CBL and
many other DNSbl lists would be appropriate for use here.
> On
ooh lala.
Appetite wet for all of these changes. Are the 'MaxAllowedDups' changes
listed in the GUI? I'm guessing this is based on our discussions about not
keeping dups of notspam too...
Thanks for the quick work.
On Sun, Mar 20, 2016 at 9:25 AM, Thomas Eckardt
Thanks.
Comcast is one of the biggest ISP's in the US. I've got to believe that
they have a massive amount of mail sent from their webmail systems. I'm
shocked that we didn't run into this sooner. Appreciate the fix!
On Sun, Mar 20, 2016 at 3:27 AM, Thomas Eckardt
That file has:
Warning -
Our anti-spam and anti-virus system has detected a virus or phishing
attack within an email sent to you. Should you feel that this was
in error, or have questions please feel free to contact support and
supply them with a copy of this email.
The following are details
Hi all,
fixed in assp 2.5.2 build 16080:
- 'enhancedOriginIPDetect wrong detected tunneled IPv4 addresses
- the SSLfailed-Cache was not cleanedup from invalid IP-addresses if
'noBanFailedSSLIP' was changed
changed:
- faster SSL-linstener handling improves DoS and DDoS handling of
>Is X-Originating-IP something that's checked?
yes - this is a perfect information for assp
>X-Originating-IP: [:::W.X.Y.Z]
this leads in to two IP's that are put at the IP-address stack - the
extracted IPv4 followed by the expanded IPv6 (important: exactly in this
order !)
because :