Re: [Assp-user] DoNoSpoofing4From

Wed, 31 May 2017 07:46:41 -0700 

'DoNoFrom' will detect this from header as invalid

btw: not only assp detects this mistake (if configured)

X-Spam-Status: No, score=3.812 tagged_above=-10
            tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
            HELO_MISC_IP=0.001, HTML_MESSAGE=0.001, 
MIME_BASE64_TEXT=0.001,
            MIME_HTML_ONLY=1.105] autolearn=disabled

spamassassin also

Thomas





Von:    Brunner Markus <[email protected]>
An:     For Users of ASSP <[email protected]>
Datum:  31.05.2017 16:22
Betreff:        Re: [Assp-user] DoNoSpoofing4From



Hi,
 
this is the full header.
 
Received: from mail.starrag.com (10.152.1.40) by RO57anon.starrag.com
(10.152.1.23) with Microsoft SMTP Server id 14.3.279.2; Wed, 10 May 2017
21:27:36 +0200
Received: from alz51.rev.netart.pl (ro37.starrag.com [10.254.1.223]) by
mail.starrag.com (Postfix) with ESMTPS id 53717E00CF          for
<[email protected]>; Wed, 10 May 2017 21:27:54 +0200 (CEST)
X-Assp-ID: mail.starrag.com m1-44474-10908
X-Assp-Session: F283A48 (mail 1)
X-Assp-Intended-For: [email protected]
X-Assp-Version: 2.5.5(16366) on mail.starrag.com
X-Assp-Server-TLS: yes
X-Assp-Delay: not delayed (gripvalue low: 0.29); 10 May 2017
            21:27:54 +0200
X-Assp-Received-SPF: none (cache) ip=85.128.182.51 
[email protected]
            helo=alz51.rev.netart.pl
X-Original-Authentication-Results: mail.starrag.com; spf=none
X-Assp-Message-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
            l2.apews.org)
X-Assp-IP-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
            l2.apews.org)
X-Assp-DNSBL: neutral, 85.128.182.51 listed in (l2.apews.org<-127.0.0.2; )
X-Assp-Spam-Level: ****
Received: from alz51.rev.netart.pl ([85.128.182.51] 
helo=alz51.rev.netart.pl)
            by mail.starrag.com with SMTP (2.5.5); 10 May 2017 21:27:54 
+0200
X-Virus-Scanned: by amavisd-new using ClamAV (14)
X-Spam-Flag: NO
X-Spam-Score: 3.812
X-Spam-Level: ***
X-Spam-Status: No, score=3.812 tagged_above=-10
            tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
            HELO_MISC_IP=0.001, HTML_MESSAGE=0.001, 
MIME_BASE64_TEXT=0.001,
            MIME_HTML_ONLY=1.105] autolearn=disabled
Received: from [10.0.0.38] (remote.dse-ltd.co.uk [81.133.147.22]) by
goreckizory.nazwa.pl (Postfix) with ESMTP id E2A9737FEEB   for
<[email protected]>; Wed, 10 May 2017 21:27:34 +0200 (CEST)
Date: Wed, 10 May 2017 20:27:30 +0000
From: =?UTF-8?B?Sm9obi5Sb2JiaW5zQHN0YXJyYWcuY29t?=
Message-ID: <[email protected]>
To: <[email protected]>
Subject: =?UTF-8?B?SW52b2ljZSA4MTY4NzYyNDE5NSBDcmlzdCBMZWFo?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
            boundary="_c10740b4-96ca-4ccf-89ab-02bf68b8d5c3_"
Return-Path: <>
X-MS-Exchange-Organization-AuthSource: RO57.starrag.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
 
How can mails like this be blocked?
 
Best Regards
Markus
 
 
 
Von: Thomas Eckardt [mailto:[email protected]] 
Gesendet: Mittwoch, 31. Mai 2017 13:49
An: For Users of ASSP <[email protected]>
Betreff: Re: [Assp-user] DoNoSpoofing4From
 
this header is invalid - so there is nothing to recognize 

From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?= <[email protected]> 

would be the valid variant 
  
a from header has to contain a valid email address - if this is provided, 
it will be used by assp 

Thomas





Von:        Brunner Markus <[email protected]> 
An:        "[email protected]" <
[email protected]> 
Datum:        31.05.2017 13:11 
Betreff:        [Assp-user] DoNoSpoofing4From 




Hi, 
  
is there a way that assp recognize UTF8/b64 encoded “from” header for 
spoofing? 
  
Header looks like: 
From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?= 
  
Freundliche Grüsse / Kind regards 

Markus Brunner 
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user




DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to