ASSP says "message ok" but is not forwarding it? Only noticed it for specific spam messages

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ASSP says "message ok" but is not forwarding it? Only noticed it for specific spam messages

Andy Knuts
I noticed something strange with ASSP. I have configured it to forward messages to localhost:125. On port 125 there's a postfix installation without any filtering. It's just used for routing messages to the right server.
So ASSP is forwarding every non-spam message to postfix and it's working as expected.

Strange thing I noticed is that every spam message coming from @globo.com is not identified as spam and ASSP says "message ok". So it should be forwarding it to postfix, right?
Well, it doesn't! There's nothing in the postfix logs about those messages. We get a couple of them every day and they never show op in postfix log.

As it's a spam message I don't care about it. But I wonder what's happening and if this same issue could happen wit non-spam mails too.

Here's an example from maillog.txt:

Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] Message-Score: added 2 for 191.252.30.0 in griplist (0.84), total score for this message is now 2
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] [DKIM] 191.252.30.163 <[hidden email]> to: [hidden email] [scoring] DKIM domain mismatch - globo.com found in DKIMCache, but no DKIM-Signature found in mail header (Cache)
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] Message-Score: added 15 (dkimValencePB) for DKIM domain mismatch - globo.com found in DKIMCache, but no DKIM-Signature found in mail header, total score for this message is now 17
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] info: remove IP-score from 191.252.30.163 - this mail passed the SPF check
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] Message-Score: added -10 (spfpValencePB) for SPF pass, total score for this message is now 7
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] Message-Score: added 25 for Blocked IP-Country BR (LOCAWEB SERVI�OS DE INTERNET S/A), total score for this message is now 32
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] [scoring] SenderBase -- Blocked IP-Country BR (LOCAWEB SERVI�OS DE INTERNET S/A)
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] info: check IP's on mail route for DNSBL
Jul-16-16 01:52:15 m1-26734-05756 [Worker_4] [MessageOK] 191.252.30.163 <[hidden email]> to: [hidden email] message ok [wowsome]
Jul-16-16 01:55:15 m1-26734-05756 [Worker_4] 191.252.30.163 <[hidden email]> to: [hidden email] info: PB-IP-Score for '191.252.30.0' is 0, added 15 in this session


Around that time there wasn't even a connection logged in postfix log.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user