Do you have ups.com in whiteListedDomains?
The line:
Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 <
[email protected]> to: [email protected] Whitelisted sender
Domain: @ups.com
leads me to believe that you do.
On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <[email protected]> wrote:
> I do have "DoOrgWhiting" set to "Score" instead of "Whiting".
> Shouldn't it just decrease the score because ups.com is whitelisted and
> still continue with other other checks (hmm/bayes) as normal?
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[email protected]]
> To:
> [email protected]
> Sent: Thu, 18 Aug 2016 13:40:20
> +0100
> Subject: [Assp-user] Whitelist & spam
>
>
> > Today we have a lot of spam getting through. They are all sent from
> random
> > *@ups.com addresses using a lot of different IP's. Here's an example:
> >
> >
> > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0
> > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <[email protected]> to: [email protected] Whitelisted sender
> > Domain: @ups.com
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <[email protected]> to: [email protected] info: domain
> ups.com
> > has published a DMARC record
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <[email protected]> to: [email protected] [scoring] SPF: fail
> > ip=83.110.218.163 [email protected]
> > helo=bba423262.alshamil.net.ae
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <[email protected]> to: [email protected] Message-Score:
> added 21
> > (spfValencePB) for SPF fail, total score for this message is now 21
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163
> > <[email protected]> to: [email protected] DMARC: this mail
> > breakes the DKIM policies defined in the DMARC record for domain ups.com
> -
> > there is no DKIM-signature found in this mail for domain ups.com
> > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163
> > <[email protected]> to: [email protected] message ok -
> > (whiteListedDomains '@ups.com') - [Emailing Label] ->
> > /var/db/assp/notspam/Emailing_Label--37641.eml
> > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0
> > 83.110.218.163 - processing time 4 seconds
> >
> >
> > If I use the mail analyzer both HMM and Bayesian tell me they are
> confident
> > it's spam but assp is not running the bayes/hmm check for these kind of
> > emails because "ups.com" is whitelisted by ASSP's default configuration.
> >
> > Does this mean anyone can send any spam email to use for any of the
> > whitelisted domains in ASSP?
> > And how can I prevent this from happening?
> >
> > Thanks
> >
> > ------------------------------------------------------------
> ------------------
> > _______________________________________________
> > Assp-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
