RBL not checked for some emails?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

RBL not checked for some emails?

Andy Knuts
My ASSP is filtering a lot of spam, so far so good.
But most of the spam that still gets in my mailbox is sent from IP's listed on b.barracudacentral.org.
For some reason ASSP is not checking the RBL lists for those emails while it does check RBL's for many other mails.
I enabled verbose logging for dnsbl and I can see it doing a lot of RBL check for many mails.
For some reason it's just not checking the RBL's for some emails and they end up in my mailbox.

I have been investigating this for a while and i THINK ASSP is not checking RBL's if DKIM has passed, is this correct?

If yes, can we modify this behaviour?

Thanks

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_emails?

Thomas Eckardt/eck
RBL is skipped in the following cases.

- a RBLCache entry is found (OK - not listed)
- acceptallmail
- ISPIP
- noprocessing
- RWL
- whitelisted
- noRBL
- outgoing or local mail
- contentonly


Thomas






Von:    "Andy Knuts" <[hidden email]>
An:     [hidden email]
Datum:  14.07.2016 11:45
Betreff:        [Assp-user] RBL_not_checked_for_some_emails?



My ASSP is filtering a lot of spam, so far so good.
But most of the spam that still gets in my mailbox is sent from IP's
listed on b.barracudacentral.org.
For some reason ASSP is not checking the RBL lists for those emails while
it does check RBL's for many other mails.
I enabled verbose logging for dnsbl and I can see it doing a lot of RBL
check for many mails.
For some reason it's just not checking the RBL's for some emails and they
end up in my mailbox.

I have been investigating this for a while and i THINK ASSP is not
checking RBL's if DKIM has passed, is this correct?

If yes, can we modify this behaviour?

Thanks

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_emails?

Andy Knuts
Well, it does not seem to do any RBL check if DKIM has passed.
Looking assp.pl I see this:

...
    mlog($fh,"$tlit DKIM signature $this->{dkimverified} - $detail - sender policy is: $dkimwhy_s - author policy is: $dkimwhy_a") if $ValidateSenderLog && $DoDKIM>=2;
    $this->{rwlok}=1;
...

So it sets rwlok=1 if DKIM has passed. Commenting this out makes RBL check works no matter if DKIM has passed or not.

Kind regards,
Andy

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Sat, 16 Jul 2016 11:50:59
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_emails?


> RBL is skipped in the following cases.
>
> - a RBLCache entry is found (OK - not listed)
> - acceptallmail
> - ISPIP
> - noprocessing
> - RWL
> - whitelisted
> - noRBL
> - outgoing or local mail
> - contentonly
>
>
> Thomas
>
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  14.07.2016 11:45
> Betreff:        [Assp-user] RBL_not_checked_for_some_emails?
>
>
>
> My ASSP is filtering a lot of spam, so far so good.
> But most of the spam that still gets in my mailbox is sent from IP's
> listed on b.barracudacentral.org.
> For some reason ASSP is not checking the RBL lists for those emails while
> it does check RBL's for many other mails.
> I enabled verbose logging for dnsbl and I can see it doing a lot of RBL
> check for many mails.
> For some reason it's just not checking the RBL's for some emails and they
> end up in my mailbox.
>
> I have been investigating this for a while and i THINK ASSP is not
> checking RBL's if DKIM has passed, is this correct?
>
> If yes, can we modify this behaviour?
>
> Thanks
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema ils?

Thomas Eckardt/eck
It makes no sense to block a mail by RBL (IP) if it passed the DKIM check.
Other domains may use the same sending IP. In this case it is better to
block the domain.

Thomas







Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  16.07.2016 15:22
Betreff:        Re: [Assp-user] RBL_not_checked_for_some_ema    ils?



Well, it does not seem to do any RBL check if DKIM has passed.
Looking assp.pl I see this:

...
    mlog($fh,"$tlit DKIM signature $this->{dkimverified} - $detail -
sender policy is: $dkimwhy_s - author policy is: $dkimwhy_a") if
$ValidateSenderLog && $DoDKIM>=2;
    $this->{rwlok}=1;
...

So it sets rwlok=1 if DKIM has passed. Commenting this out makes RBL check
works no matter if DKIM has passed or not.

Kind regards,
Andy

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Sat, 16 Jul 2016 11:50:59
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_emails?


> RBL is skipped in the following cases.
>
> - a RBLCache entry is found (OK - not listed)
> - acceptallmail
> - ISPIP
> - noprocessing
> - RWL
> - whitelisted
> - noRBL
> - outgoing or local mail
> - contentonly
>
>
> Thomas
>
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  14.07.2016 11:45
> Betreff:        [Assp-user] RBL_not_checked_for_some_emails?
>
>
>
> My ASSP is filtering a lot of spam, so far so good.
> But most of the spam that still gets in my mailbox is sent from IP's
> listed on b.barracudacentral.org.
> For some reason ASSP is not checking the RBL lists for those emails
while
> it does check RBL's for many other mails.
> I enabled verbose logging for dnsbl and I can see it doing a lot of RBL
> check for many mails.
> For some reason it's just not checking the RBL's for some emails and
they

> end up in my mailbox.
>
> I have been investigating this for a while and i THINK ASSP is not
> checking RBL's if DKIM has passed, is this correct?
>
> If yes, can we modify this behaviour?
>
> Thanks
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema ils?

Andy Knuts
So, all a spammer has to do is add a DKIM record to his domain, in order to avoid getting blocked by RBL's?

----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 09:21:25
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_ema ils?


> It makes no sense to block a mail by RBL (IP) if it passed the DKIM check.
> Other domains may use the same sending IP. In this case it is better to
> block the domain.
>
> Thomas
>
>
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  16.07.2016 15:22
> Betreff:        Re: [Assp-user] RBL_not_checked_for_some_ema    ils?
>
>
>
> Well, it does not seem to do any RBL check if DKIM has passed.
> Looking assp.pl I see this:
>
> ...
>     mlog($fh,"$tlit DKIM signature $this->{dkimverified} - $detail -
> sender policy is: $dkimwhy_s - author policy is: $dkimwhy_a") if
> $ValidateSenderLog && $DoDKIM>=2;
>     $this->{rwlok}=1;
> ...
>
> So it sets rwlok=1 if DKIM has passed. Commenting this out makes RBL check
> works no matter if DKIM has passed or not.
>
> Kind regards,
> Andy
>
> ----- Original Message -----
> From: Thomas Eckardt
> [mailto:[hidden email]]
> To: For Users of ASSP
> [mailto:[hidden email]]
> Sent: Sat, 16 Jul 2016 11:50:59
> +0100
> Subject: Re: [Assp-user] RBL_not_checked_for_some_emails?
>
>
> > RBL is skipped in the following cases.
> >
> > - a RBLCache entry is found (OK - not listed)
> > - acceptallmail
> > - ISPIP
> > - noprocessing
> > - RWL
> > - whitelisted
> > - noRBL
> > - outgoing or local mail
> > - contentonly
> >
> >
> > Thomas
> >
> >
> >
> >
> >
> >
> > Von:    "Andy Knuts" <[hidden email]>
> > An:     [hidden email]
> > Datum:  14.07.2016 11:45
> > Betreff:        [Assp-user] RBL_not_checked_for_some_emails?
> >
> >
> >
> > My ASSP is filtering a lot of spam, so far so good.
> > But most of the spam that still gets in my mailbox is sent from IP's
> > listed on b.barracudacentral.org.
> > For some reason ASSP is not checking the RBL lists for those emails
> while
> > it does check RBL's for many other mails.
> > I enabled verbose logging for dnsbl and I can see it doing a lot of RBL
> > check for many mails.
> > For some reason it's just not checking the RBL's for some emails and
> they
> > end up in my mailbox.
> >
> > I have been investigating this for a while and i THINK ASSP is not
> > checking RBL's if DKIM has passed, is this correct?
> >
> > If yes, can we modify this behaviour?
> >
> > Thanks
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema ils?

GrayHat
:: On Mon, 18 Jul 2016 11:20:51 +0200
:: <[hidden email]>
:: "Andy Knuts" <[hidden email]> wrote:

> So, all a spammer has to do is add a DKIM record to his domain, in
> order to avoid getting blocked by RBL's?

sure, then he'll be rejected due to DKIM failure LOL !


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema ils?

Andy Knuts
No. I'm talking about spammers who send spam from their own domains. So they actually send spam, perfectly DKIM signed.
We get a lof of those lately. ASSP is letting them through even if they are listed in every RBL.

I commented out the '$this->{rwlok}=1;' line a couple days ago. So this modified version of ASSP is blocking those email now.
Because it does RBL checks even if DKIM has passed.

I just don't agree that we shouldn't be doing RBL check if DKIM has passed. Especially since there are a lot of spammers sending spam with correct DKIM signatures.



----- Original Message -----
From: Grayhat [mailto:[hidden email]]
To:
[hidden email]
Sent: Mon, 18 Jul 2016 11:30:36
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_ema ils?


> :: On Mon, 18 Jul 2016 11:20:51 +0200
> :: <[hidden email]>
> :: "Andy Knuts" <[hidden email]> wrote:
>
> > So, all a spammer has to do is add a DKIM record to his domain, in
> > order to avoid getting blocked by RBL's?
>
> sure, then he'll be rejected due to DKIM failure LOL !
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema _ils?

Thomas Eckardt/eck
>Especially since there are a lot of spammers sending spam with correct
DKIM signatures

If someone wants to DKIM sign mails, he requires to hold and to register a
domain.
Use WHOIS , hire a lawyer and proceed against the domain holder. Try to
get a writ of injunction against the domain holder - or let the domain put
down.
There is nothing more easy than this - DKIM is made to support this. If a
spammer is so stupid to sign his mails with DKIM/DomainKey or SMIME, he is
on very thin ice!

Thomas




Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  18.07.2016 11:41
Betreff:        Re: [Assp-user] RBL_not_checked_for_some_ema    _ils?



No. I'm talking about spammers who send spam from their own domains. So
they actually send spam, perfectly DKIM signed.
We get a lof of those lately. ASSP is letting them through even if they
are listed in every RBL.

I commented out the '$this->{rwlok}=1;' line a couple days ago. So this
modified version of ASSP is blocking those email now.
Because it does RBL checks even if DKIM has passed.

I just don't agree that we shouldn't be doing RBL check if DKIM has
passed. Especially since there are a lot of spammers sending spam with
correct DKIM signatures.



----- Original Message -----
From: Grayhat [mailto:[hidden email]]
To:
[hidden email]
Sent: Mon, 18 Jul 2016 11:30:36
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_ema ils?


> :: On Mon, 18 Jul 2016 11:20:51 +0200
> :: <[hidden email]>
> :: "Andy Knuts" <[hidden email]> wrote:
>
> > So, all a spammer has to do is add a DKIM record to his domain, in
> > order to avoid getting blocked by RBL's?
>
> sure, then he'll be rejected due to DKIM failure LOL !
>
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema _ils?

m.huijgen
Depending on your and the spammer's location an e-mail to his hosting
provider may suffice.



From:   Thomas Eckardt <[hidden email]>
To:     For Users of ASSP <[hidden email]>
Date:   18-07-2016 12:07
Subject:        Re: [Assp-user] RBL_not_checked_for_some_ema _ils?



>Especially since there are a lot of spammers sending spam with correct
DKIM signatures

If someone wants to DKIM sign mails, he requires to hold and to register a

domain.
Use WHOIS , hire a lawyer and proceed against the domain holder. Try to
get a writ of injunction against the domain holder - or let the domain put

down.
There is nothing more easy than this - DKIM is made to support this. If a
spammer is so stupid to sign his mails with DKIM/DomainKey or SMIME, he is

on very thin ice!

Thomas




Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  18.07.2016 11:41
Betreff:        Re: [Assp-user] RBL_not_checked_for_some_ema    _ils?



No. I'm talking about spammers who send spam from their own domains. So
they actually send spam, perfectly DKIM signed.
We get a lof of those lately. ASSP is letting them through even if they
are listed in every RBL.

I commented out the '$this->{rwlok}=1;' line a couple days ago. So this
modified version of ASSP is blocking those email now.
Because it does RBL checks even if DKIM has passed.

I just don't agree that we shouldn't be doing RBL check if DKIM has
passed. Especially since there are a lot of spammers sending spam with
correct DKIM signatures.



----- Original Message -----
From: Grayhat [mailto:[hidden email]]
To:
[hidden email]
Sent: Mon, 18 Jul 2016 11:30:36
+0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_ema ils?


> :: On Mon, 18 Jul 2016 11:20:51 +0200
> :: <[hidden email]>
> :: "Andy Knuts" <[hidden email]> wrote:
>
> > So, all a spammer has to do is add a DKIM record to his domain, in
> > order to avoid getting blocked by RBL's?
>
> sure, then he'll be rejected due to DKIM failure LOL !
>
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,


> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the


individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: RBL_not_checked_for_some_ema _ils?

Andy Knuts
In reply to this post by Thomas Eckardt/eck
We get those emails from .BR and .CN domains.

----- Original Message -----
From: [hidden email]
To:
For Users of ASSP [mailto:[hidden email]]
Sent: Mon, 18 Jul
2016 12:56:47 +0100
Subject: Re: [Assp-user] RBL_not_checked_for_some_ema
_ils?


> Depending on your and the spammer's location an e-mail to his hosting
> provider may suffice.
>
>
>
> From:   Thomas Eckardt <[hidden email]>
> To:     For Users of ASSP <[hidden email]>
> Date:   18-07-2016 12:07
> Subject:        Re: [Assp-user] RBL_not_checked_for_some_ema _ils?
>
>
>
> >Especially since there are a lot of spammers sending spam with correct
> DKIM signatures
>
> If someone wants to DKIM sign mails, he requires to hold and to register a
>
> domain.
> Use WHOIS , hire a lawyer and proceed against the domain holder. Try to
> get a writ of injunction against the domain holder - or let the domain put
>
> down.
> There is nothing more easy than this - DKIM is made to support this. If a
> spammer is so stupid to sign his mails with DKIM/DomainKey or SMIME, he is
>
> on very thin ice!
>
> Thomas
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  18.07.2016 11:41
> Betreff:        Re: [Assp-user] RBL_not_checked_for_some_ema    _ils?
>
>
>
> No. I'm talking about spammers who send spam from their own domains. So
> they actually send spam, perfectly DKIM signed.
> We get a lof of those lately. ASSP is letting them through even if they
> are listed in every RBL.
>
> I commented out the '$this->{rwlok}=1;' line a couple days ago. So this
> modified version of ASSP is blocking those email now.
> Because it does RBL checks even if DKIM has passed.
>
> I just don't agree that we shouldn't be doing RBL check if DKIM has
> passed. Especially since there are a lot of spammers sending spam with
> correct DKIM signatures.
>
>
>
> ----- Original Message -----
> From: Grayhat [mailto:[hidden email]]
> To:
> [hidden email]
> Sent: Mon, 18 Jul 2016 11:30:36
> +0100
> Subject: Re: [Assp-user] RBL_not_checked_for_some_ema ils?
>
>
> > :: On Mon, 18 Jul 2016 11:20:51 +0200
> > :: <[hidden email]>
> > :: "Andy Knuts" <[hidden email]> wrote:
> >
> > > So, all a spammer has to do is add a DKIM record to his domain, in
> > > order to avoid getting blocked by RBL's?
> >
> > sure, then he'll be rejected due to DKIM failure LOL !
> >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
>
> are
> >
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>
>
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev_______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user