Set 'BombLog' to diagnostic - it will show the bomb check results in any
case. Otherwise only hits will be shown.
Thomas
Von: "Pontus Hellgren" <pontus.hellg...@scandinavianhosting.se>
An: "'ASSP development mailing list'"
<assp-test@lists.sourceforge.net>
Datum: 07.03.2017 13:41
Betreff: [Assp-test] BombRe and BombDataRe or not?
Hi There!
What would possibly disable/bypass BombRe and BombDataRe(and sometimes
RBL)
in ASSP when processing a "normal" mails that is not whitelisted in any
way
(at least not that I know of).
Is there any cache that ASSP uses that makes BombRe and BombDataRe
obsolete?
The mails becomes "discarded" and if I run analyze on it I get:
Feature Matching:
. DKIM-check returned OK body altered - header passed - suspicious-OK
. SPF-check returned OK for 78.46.206.67 -> i...@puppytreasure.com,
mail.puppytreasure.com
. SPF: pass (cache) ip=78.46.206.67 mailfrom=i...@puppytreasure.com
helo=mail.puppytreasure.com
. DMARC-check returned OK
. URIBL check: 'OK'
. Valid Format of HELO: 'mail.puppytreasure.com'
. IP in Helo check: 'OK'
. AUTH would be disabled
. RBLCacheCheck returned OK for 78.46.206.67: inserted as not ok at
2017-03-07 13:08:01 , listed by zen.spamhaus.org{127.0.0.3} - message
score:
35
. RBLScore: zen.spamhaus.org -> 127.0.0.3 -> 35
. domain puppytreasure.com (in Mail From: , From , Reply-To) has a valid
MX
record: mail.puppytreasure.com
. domainMX mail.puppytreasure.com has a valid A record: 78.46.206.67
. 78.46.206.67 is in PTRCache: status=PTR OK - mail.puppytreasure.com
. 78.46.206.67 is in RWLCache: status=not listed
. 78.46.206.67 SenderBase: status=not classified, data=[CN=DE, ORG=HETZNER
ONLINE GMBH, DOM=your-server.de, BLS=, HNM=Y, CIDR=28,
HN=mail.puppytreasure.com]
This is a well made spam mail and if BombRe and BombDataRe whould have
been
processed on the mail it would be in the dump.
RBLScore is 35 and Baysian is set to spam so there should be added some
more
points, but if I check the headers of the passed mail it only reports
Bayesian and not like above RBL. That also should have put a nail in the
koffin for this mail.
Here is the ASSP log:
Mar-07-17 13:04:34 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er diagnostic: FileScan will
run command - /usr/local/assp/virusscan/avg.sh /run/avg/a.3.74087.eml 2>&1
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er diagnostic: FileScan
returned OK
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er FileScan: scanned 10754
bytes in message - OK
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er Bayesian Check [scoring] -
Prob: 1.00000 => spam - answer/query relation: 100% of 112
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er Message-Score: added 41
for
Bayesian Probability: 1.00000, total score for this message is now 41
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] [MessageLimit][lowlimit]
78.46.206.67 <bou...@puppytreasure.com> to: spi...@spamst.er info: Maillog
-
created file discarded/8330--1341231.eml
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] [MessageLimit][lowlimit]
78.46.206.67 <bou...@puppytreasure.com> to: spi...@spamst.er [spam found]
and possibly passing because messagescore(41) low [F mer luft i konomien
med
44 762 kroner p kontoen] -> discarded/8330--1341231.eml
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er info: Maillog - removed
old
file discarded/8330--1341231.eml
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er info: Maillog - created
file
discarded/8330--1341231.eml
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er spam found and passing [F
mer luft i konomien med 44 762 kroner p kontoen] ->
discarded/8330--1341231.eml
Mar-07-17 13:04:37 m1-88272-08330 [Worker_3] 78.46.206.67
<bou...@puppytreasure.com> to: spi...@spamst.er info: received and
processed
all DATA
I'm confused when or when not tests are made?
Analyze utilizes some and real scan some others?
What am I missing, why is ASSP not doing some checks of this mail and
adding
it together?
Especially when it's passing the real scan.
Regards,
Pontus
ASSP version 2.5.6(17060) on Ubuntu.
---
Detta e-postmeddelande har sökts igenom efter virus med antivirusprogram
från Avast.
https://www.avast.com/antivirus
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Announcing the Oxford Dictionaries API! The API offers world-renowned
dictionary content that is easy and intuitive to access. Sign up for an
account today to start using our lexical data to power your apps and
projects. Get started today and enter our developer competition.
http://sdm.link/oxford
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
