>info: found bounced sender: <>
If there is no envelope sender provided (it's a bounce mail) - the 'from'
header check is skipped.
>[scoring] MSGID-sig check failed for bounce sender
If all your outgoing mails are msgid tagged by assp - block on this check.
At least
is listed by [CACHE] ips.backscatterer.org + MSGID-sig check failed
for bounce sender = should be blocked by the penalty box
MessageScore
Thomas
Von: Brunner Markus <[email protected]>
An: For Users of ASSP <[email protected]>
Datum: 31.05.2017 17:03
Betreff: Re: [Assp-user] DoNoSpoofing4From
Hi,
'DoNoFrom' is set to score and nofromValencePB is set to 50. But it was
not added to total score.
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [isbounce] 85.128.182.51 bounce message detected
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] [scoring] SPF: none
(cache) ip=85.128.182.51 [email protected]
helo=alz51.rev.netart.pl
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [DNSBL] 85.128.182.51 to: [email protected] [scoring]
DNSBL: neutral, 85.128.182.51 listed in l2.apews.org
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] Message-Score: added 17
for DNSBL: neutral, 85.128.182.51 listed in l2.apews.org, total score for
this message is now 17
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] [monitoring] IP:
85.128.182.51 is listed by [CACHE] ips.backscatterer.org
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] HMM-Check has given
less than 6 results - using monitoring mode only
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] HMM Check [monitoring]
- Prob: 0.00000 => ham - answer/query relation: 6% of 46
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] Bayesian Check
[scoring] - Prob: 0.00000 => ham - answer/query relation: 54% of 48
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] info: found bounced
sender: <> and recipient: <[email protected]> without valid
MSGID-signature
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] [MSGID-sig] 85.128.182.51 to: [email protected] [scoring]
MSGID-sig check failed for bounce sender
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] Message-Score: added 25
(fbmtvValencePB) for MSGID-sig check failed for bounce sender , total
score for this message is now 42
17-05-10.maillog.txt:May-10-17 21:27:54 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] [Plugin] calling plugin
ASSP_AFC
17-05-10.maillog.txt:May-10-17 21:27:55 m1-44474-10908 [Worker_1]
[TLS-out] [MessageOK] 85.128.182.51 to: [email protected] message ok
[Invoice 81687624195 Crist Leah]
17-05-10.maillog.txt:May-10-17 21:27:55 m1-44474-10908 [Worker_1]
[TLS-out] 85.128.182.51 to: [email protected] info: PB-IP-Score for
'85.128.182.0' is 0, added 17 in this session
Why?
Markus
Von: Thomas Eckardt [mailto:[email protected]]
Gesendet: Mittwoch, 31. Mai 2017 16:44
An: For Users of ASSP <[email protected]>
Betreff: Re: [Assp-user] DoNoSpoofing4From
'DoNoFrom' will detect this from header as invalid
btw: not only assp detects this mistake (if configured)
X-Spam-Status: No, score=3.812 tagged_above=-10
tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
HELO_MISC_IP=0.001, HTML_MESSAGE=0.001,
MIME_BASE64_TEXT=0.001,
MIME_HTML_ONLY=1.105] autolearn=disabled
spamassassin also
Thomas
Von: Brunner Markus <[email protected]>
An: For Users of ASSP <[email protected]>
Datum: 31.05.2017 16:22
Betreff: Re: [Assp-user] DoNoSpoofing4From
Hi,
this is the full header.
Received: from mail.starrag.com (10.152.1.40) by RO57anon.starrag.com
(10.152.1.23) with Microsoft SMTP Server id 14.3.279.2; Wed, 10 May 2017
21:27:36 +0200
Received: from alz51.rev.netart.pl (ro37.starrag.com [10.254.1.223]) by
mail.starrag.com (Postfix) with ESMTPS id 53717E00CF for
<[email protected]>; Wed, 10 May 2017 21:27:54 +0200 (CEST)
X-Assp-ID: mail.starrag.com m1-44474-10908
X-Assp-Session: F283A48 (mail 1)
X-Assp-Intended-For: [email protected]
X-Assp-Version: 2.5.5(16366) on mail.starrag.com
X-Assp-Server-TLS: yes
X-Assp-Delay: not delayed (gripvalue low: 0.29); 10 May 2017
21:27:54 +0200
X-Assp-Received-SPF: none (cache) ip=85.128.182.51
[email protected]
helo=alz51.rev.netart.pl
X-Original-Authentication-Results: mail.starrag.com; spf=none
X-Assp-Message-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
l2.apews.org)
X-Assp-IP-Score: 17 (DNSBL: neutral, 85.128.182.51 listed in
l2.apews.org)
X-Assp-DNSBL: neutral, 85.128.182.51 listed in (l2.apews.org<-127.0.0.2; )
X-Assp-Spam-Level: ****
Received: from alz51.rev.netart.pl ([85.128.182.51]
helo=alz51.rev.netart.pl)
by mail.starrag.com with SMTP (2.5.5); 10 May 2017 21:27:54
+0200
X-Virus-Scanned: by amavisd-new using ClamAV (14)
X-Spam-Flag: NO
X-Spam-Score: 3.812
X-Spam-Level: ***
X-Spam-Status: No, score=3.812 tagged_above=-10
tests=[FROM_EXCESS_BASE64=0.105, FROM_NO_USER=2.599,
HELO_MISC_IP=0.001, HTML_MESSAGE=0.001,
MIME_BASE64_TEXT=0.001,
MIME_HTML_ONLY=1.105] autolearn=disabled
Received: from [10.0.0.38] (remote.dse-ltd.co.uk [81.133.147.22]) by
goreckizory.nazwa.pl (Postfix) with ESMTP id E2A9737FEEB for
<[email protected]>; Wed, 10 May 2017 21:27:34 +0200 (CEST)
Date: Wed, 10 May 2017 20:27:30 +0000
From: =?UTF-8?B?Sm9obi5Sb2JiaW5zQHN0YXJyYWcuY29t?=
Message-ID: <[email protected]>
To: <[email protected]>
Subject: =?UTF-8?B?SW52b2ljZSA4MTY4NzYyNDE5NSBDcmlzdCBMZWFo?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_c10740b4-96ca-4ccf-89ab-02bf68b8d5c3_"
Return-Path: <>
X-MS-Exchange-Organization-AuthSource: RO57.starrag.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
How can mails like this be blocked?
Best Regards
Markus
Von: Thomas Eckardt [mailto:[email protected]]
Gesendet: Mittwoch, 31. Mai 2017 13:49
An: For Users of ASSP <[email protected]>
Betreff: Re: [Assp-user] DoNoSpoofing4From
this header is invalid - so there is nothing to recognize
From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?= <[email protected]>
would be the valid variant
a from header has to contain a valid email address - if this is provided,
it will be used by assp
Thomas
Von: Brunner Markus <[email protected]>
An: "[email protected]" <
[email protected]>
Datum: 31.05.2017 13:11
Betreff: [Assp-user] DoNoSpoofing4From
Hi,
is there a way that assp recognize UTF8/b64 encoded “from” header for
spoofing?
Header looks like:
From: =?UTF-8?B?U2NoZXJyZXIgS2V2aW4=?=
Freundliche Grüsse / Kind regards
Markus Brunner
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
