Hi Benny,
>> asn plugin currently does not work with ipv6 I'll cross that bridge when I come to it. > and if you see mails pretending sent from google/gmail it wont be dkim > pass and spf pass The example i saw last week was from "Google Audit" <sec...@googletechteam.co.uk>, was DKIM signed and valid [but obviously not by Google's key :)] and was asking a user to verifiy thier account... URIs weren't blacklisted at the time. Test results of that scan were... DKIM_SIGNED=0.1 DKIM_VALID=-0.1 DKIM_VALID_AU=-0.1 HTML_MESSAGE=0.001 KAM_COUK=0.1 MIME_HTML_ONLY=0.723 RP_MATCHES_RCVD=-0.582 SPF_PASS=-0.001 TXREP=1.105 My thought process was that emails with Google in the Senders Name or email address should only really originate from IP addresses / ASN's Google own (initial invesgation suggest gmail.com comes from AS15169 thought I've not thrown a wide net yet). > asn is nice but too unstable to make rules on I feel its worth exploring for my purposes. Any further advice will be grafefully recived. Regards Steve -------- Original Message -------- Subject: Re: A rule to check X-ASN header (23-Nov-2015 12:13) From: Benny Pedersen <m...@junc.eu> To: st...@mailinglists.spectrumcs.net > steve skrev den 2015-11-23 13:05: > > > Any advice gratefully received! > > asn plugin currently does not work with ipv6 > > and if you see mails pretending sent from google/gmail it wont be dkim > pass and spf pass > > asn is nice but too unstable to make rules on > > To: users@spamassassin.apache.org
