I'm seeing this with a bunch of senders. Just noticing now, don't know how long this has been going on.
A whitelisted sender sends legit mail to the system. It goes to OKMAIL instead of notspam because it is somehow getting flagged as no processing. I don't see WHY it's no processing from the maillog. How can I figure that out? One thing that I do notice see when I did an analyze from the gui on at least one file is that the line: x-originating-ip: [76.189.xxx.xxx] is detected as being in the baracuda dns black list. It should be - it's a residential cable ISP IP address, but that's just what was used to send the mail through to their ISP legitimately. I've got enhancedOriginIPDetect on. Analyze shows detected IP's on the mail routing way: 76.189.xxx.xxx(xxxxxx.res.rr.com) •detected source IP: 76.189.xxx.xxx and DNSBL: failed, 76.189.xxx.xxx listed in bb.barracudacentral.org - message score: 50 I don't see this score of 50 in the maillog below though. Very confused about that. Should we be looking up the user's home IP address and assigning the same negative score was we would if we directly received a message from a home IP? See below for the relevant maillog Thanks May-13-15 20:46:53 msg64413-11501 xxx.yyy.130.50 < [email protected]> info: found message size announcement: 46.31 kByte May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] Whitelisted sender address: [email protected] for recipient [email protected] May-13-15 20:46:55 msg64413-11501 [Noprocessing] xxx.yyy.130.50 < [email protected]> to: [email protected] info: found valid MSGID signature in [In-Reply-To:] - accept mail May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] Message-Score: added -40 for KnownGoodHelo, total score for this message is now -40 May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] info: found known good HELO 'exchange.theirdomain.com' - weight is -2 May-13-15 20:46:55 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] Message-Score: added -15 (pbwValencePB) for In Penalty White Box, total score for this message is now -55 May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] info: removed MSGID-signature from header May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] [Plugin] calling plugin ASSP_AFC May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] info: 6 attachments found for Level-1 May-13-15 20:46:58 msg64413-11501 xxx.yyy.130.50 < [email protected]> to: [email protected] message proxied without processing (no bad attachments) May-13-15 20:46:58 msg64413-11501 [MessageOK] xxx.yyy.130.50 < [email protected]> to: [email protected] message ok - (noprocessing and whitelisted - found valid Message-ID signature) - [RE MailSubject] -> messages/okmail/RE_MailSubject.txt ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
