>They are all sent from random *@ups.com addresses using a lot of different IP's.
SPF will catch it. Thomas Von: "Andy Knuts" <[email protected]> An: "For Users of ASSP" <[email protected]> Datum: 18.08.2016 16:42 Betreff: Re: [Assp-user] Whitelist & spam Yes. I'm using the included whiteListDomains so ASSP default configuration is to whitelist ups.com. Maybe I need to enable BayesWL? ----- Original Message ----- From: K Post [mailto:[email protected]] To: For Users of ASSP [mailto:[email protected]] Sent: Thu, 18 Aug 2016 16:26:19 +0100 Subject: Re: [Assp-user] Whitelist & spam > Do you have ups.com in whiteListedDomains? > > The line: > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 < > [email protected]> to: [email protected] Whitelisted sender > Domain: @ups.com > leads me to believe that you do. > > On Thu, Aug 18, 2016 at 7:44 AM, Andy Knuts <[email protected]> wrote: > > > I do have "DoOrgWhiting" set to "Score" instead of "Whiting". > > Shouldn't it just decrease the score because ups.com is whitelisted and > > still continue with other other checks (hmm/bayes) as normal? > > > > > > ----- Original Message ----- > > From: Andy Knuts [mailto:[email protected]] > > To: > > [email protected] > > Sent: Thu, 18 Aug 2016 13:40:20 > > +0100 > > Subject: [Assp-user] Whitelist & spam > > > > > > > Today we have a lot of spam getting through. They are all sent from > > random > > > *@ups.com addresses using a lot of different IP's. Here's an example: > > > > > > > > > Aug-18-16 12:46:15 [Worker_3] Connected: session:7EFE8B4366C0 > > > 83.110.218.163:56196 > <snip>:25 > 127.0.0.1:125 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <[email protected]> to: [email protected] Whitelisted sender > > > Domain: @ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <[email protected]> to: [email protected] info: domain > > ups.com > > > has published a DMARC record > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <[email protected]> to: [email protected] [scoring] SPF: fail > > > ip=83.110.218.163 [email protected] > > > helo=bba423262.alshamil.net.ae > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <[email protected]> to: [email protected] Message-Score: > > added 21 > > > (spfValencePB) for SPF fail, total score for this message is now 21 > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] 83.110.218.163 > > > <[email protected]> to: [email protected] DMARC: this mail > > > breakes the DKIM policies defined in the DMARC record for domain ups.com > > - > > > there is no DKIM-signature found in this mail for domain ups.com > > > Aug-18-16 12:46:17 m1-17176-01346 [Worker_3] [MessageOK] 83.110.218.163 > > > <[email protected]> to: [email protected] message ok - > > > (whiteListedDomains '@ups.com') - [Emailing Label] -> > > > /var/db/assp/notspam/Emailing_Label--37641.eml > > > Aug-18-16 12:46:19 [Worker_3] Disconnected: session:7EFE8B4366C0 > > > 83.110.218.163 - processing time 4 seconds > > > > > > > > > If I use the mail analyzer both HMM and Bayesian tell me they are > > confident > > > it's spam but assp is not running the bayes/hmm check for these kind of > > > emails because "ups.com" is whitelisted by ASSP's default configuration. > > > > > > Does this mean anyone can send any spam email to use for any of the > > > whitelisted domains in ASSP? > > > And how can I prevent this from happening? > > > > > > Thanks > > > > > > ------------------------------------------------------------ > > ------------------ > > > _______________________________________________ > > > Assp-user mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > > ------------------------------------------------------------ > > ------------------ > > _______________________________________________ > > Assp-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
