I had an inbound message rejected by ASSP, where the DKIM signature matched DKIMNP. I would have thought that if there's a DKIMNP match, that the message will just be passed and saved in discarded.
Also, Senderbase is white for the network that it came from. so that should have reduced the score by a lot. There was a bombDataRE match. seemingly twice for the same line. and also in BombData. I've got Dear Friend, in both files by mistake, that'll be fixed, but that pushed the score above 50, so it was rejected. Shouldn't DKIMNP override the rejection though? Here's the log, with my notes: msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] *DKIM-Signature found* Info: enhanced Originated IP detection ignored IP's: 102.xxx.yyy.85 (connected IP) , 10.11.74.34 msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] info: found DKIM signature identity '@ bounce.TheirDomain.com' @bounce.TheirDomain.com @bounce.TheirDomain.com,[email protected] matches *.TheirDomain.com in DKIMNPAddresses* msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] [scoring] DKIM signature verified-OK - header-passed - identity is: @bounce.TheirDomain.com - sender policy is: neutral - author policy s: neutral - *state changed to: noprocessing* Info: weighted regex (bombDataRe) result found for 'Dear Friend,' - with 'dear friend,' - weight is 0.5 *<-- we get a lot of Dear Friend, garbage, so I have it in BombData with a 50% score* Info: weighted regex (bombDataRe) result found for 'Dear Friend,' - with 'dear friend,' - weight is 0.5 *(not sure why this line is in the log twice)* msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] spambomb Regex: bombDataRe 'PB 18: for Dear Friend,' msg11890-19574 [BombData] 102.xxx.yyy.85 < [email protected]> to: [email protected] [scoring] (BombData 'Dear Friend,') msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] Message-Score: added 18 for Regex: bombDataRe 'PB 18: for Dear Friend,' BombData: 'Dear Friend,', total score for this message is now 18 msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] spambomb Regex: bombRe 'PB 35: for Dear Friend' msg11890-19574 [BombData][bombRe] 102.xxx.yyy.85 < [email protected]> to: [email protected] [scoring] (bombRe 'Dear Friend') msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] Message-Score: added 35 for Regex: bombRe 'PB 35: for Dear Friend' bombRe: 'Dear Friend', total score for this message is now 53 msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] deleting spamming safelisted tuplet: (102.xxx.yyy.0, bounce.TheirDomain.com) age: 1s msg11890-19574 [MessageLimit] 102.xxx.yyy.85 < [email protected]> to: [email protected] [spam found] (*MessageScore 53, limit 50*) [Our Newsletter October 15th 2021] -> messages/discarded/Our__Newsletter_October_15th_2021--254778.txt; msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected]* [SMTP Error] 554 5.7.1* [PE] rejected msg [PR] [msg11890-19574 212EA668] *<-- msg rejected, even though no processing* msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] info: PB-IP-Score for '102.xxx.yyy.0' is 53, added 53 in this session msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] finished message - received DATA size: 138.82 kByte - sent DATA size: 0 Byte msg11890-19574 102.xxx.yyy.85 <[email protected]> to: [email protected] disconnected: session:212EA668 102.xxx.yyy.85 - processing time 2 seconds
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
