Whitelistdb + Spam from gmail addresses?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Whitelistdb + Spam from gmail addresses?

Andy Knuts
I have a gmail account [hidden email] and my email address protected by ASSP is myuser@mydomain. I have sent emails from myuser@mydomain to [hidden email] so it got whitelisted by ASSP. Now, there are spammers sending spam faking it to come from [hidden email] to myuser@mydomain. It's clearly spam but it gets through because ASSP whitelisted the email address [hidden email].

How can I prevent this?

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Whitelistdb + Spam from gmail addresses?

Andy Knuts
I'm still having this issue while gmail.com is in StrictSPFRe.
Example:

Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78 <[hidden email]> to: [hidden email] DKIM-Signature found
Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78 <[hidden email]> to: [hidden email] info: domain gmail.com has published a DMARC record
Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78 <[hidden email]> to: [hidden email] strictspf Regex: strictSPFRe '@gmail.com'
Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78 <[hidden email]> to: [hidden email] [scoring] SPF: softfail (cache) ip=104.129.245.78 mailfrom=[hidden email] helo=emilyskye.me
Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78 <[hidden email]> to: [hidden email] Message-Score: added 21 (spfValencePB) for SPF softfail, total score for this message is now 21
Aug-03-16 08:11:00 m1-04659-09264 [Worker_2] [MessageOK] 104.129.245.78 <[hidden email]> to: [hidden email] message ok - (whitelistdb) - [RE Still chained to your day job] -> /var/db/assp/notspam/RE_Still_chained_to_your_day_job--21377.eml


----- Original Message -----
From: Andy Knuts [mailto:[hidden email]]
To:
[hidden email]
Sent: Wed, 27 Jul 2016 10:53:52
+0100
Subject: [Assp-user] Whitelistdb + Spam from gmail addresses?


> I have a gmail account [hidden email] and my email address protected by
> ASSP is myuser@mydomain. I have sent emails from myuser@mydomain to
> [hidden email] so it got whitelisted by ASSP. Now, there are spammers
> sending spam faking it to come from [hidden email] to myuser@mydomain.
> It's clearly spam but it gets through because ASSP whitelisted the email
> address [hidden email].
>
> How can I prevent this?
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
>
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Whitelistdb + Spam from gmail addresses?

Andy Knuts
I need to add gmail to blockstrictSPFRe, isn't it?

----- Original Message -----
From: Andy Knuts [mailto:[hidden email]]
To:
For Users of ASSP [mailto:[hidden email]]
Sent: Wed, 03 Aug
2016 09:28:44 +0100
Subject: Re: [Assp-user] Whitelistdb + Spam from gmail
addresses?


> I'm still having this issue while gmail.com is in StrictSPFRe.
> Example:
>
> Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> <[hidden email]> to: [hidden email] DKIM-Signature found
> Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> <[hidden email]> to: [hidden email] info: domain gmail.com has
> published a DMARC record
> Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> <[hidden email]> to: [hidden email] strictspf Regex: strictSPFRe
> '@gmail.com'
> Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> <[hidden email]> to: [hidden email] [scoring] SPF: softfail (cache)
> ip=104.129.245.78 mailfrom=[hidden email] helo=emilyskye.me
> Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> <[hidden email]> to: [hidden email] Message-Score: added 21
> (spfValencePB) for SPF softfail, total score for this message is now 21
> Aug-03-16 08:11:00 m1-04659-09264 [Worker_2] [MessageOK] 104.129.245.78
> <[hidden email]> to: [hidden email] message ok - (whitelistdb) -
> [RE Still chained to your day job] ->
> /var/db/assp/notspam/RE_Still_chained_to_your_day_job--21377.eml
>
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[hidden email]]
> To:
> [hidden email]
> Sent: Wed, 27 Jul 2016 10:53:52
> +0100
> Subject: [Assp-user] Whitelistdb + Spam from gmail addresses?
>
>
> > I have a gmail account [hidden email] and my email address protected by
> > ASSP is myuser@mydomain. I have sent emails from myuser@mydomain to
> > [hidden email] so it got whitelisted by ASSP. Now, there are spammers
> > sending spam faking it to come from [hidden email] to myuser@mydomain.
> > It's clearly spam but it gets through because ASSP whitelisted the email
> > address [hidden email].
> >
> > How can I prevent this?
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> are
> >
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning
> > reports.http://sdm.link/zohodev2dev
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Whitelistdb + Spam from gmail addresses?

aquilinux
Yes, of course.
strictSPFRe only tells assp to be *strict* and fail even Softfail/Neutral
spf responses (which is the case). In order to block them add domains also
to blockstrictSPFRe.

Regards,
aqx

On Wed, Aug 3, 2016 at 9:34 AM, Andy Knuts <[hidden email]> wrote:

> I need to add gmail to blockstrictSPFRe, isn't it?
>
> ----- Original Message -----
> From: Andy Knuts [mailto:[hidden email]]
> To:
> For Users of ASSP [mailto:[hidden email]]
> Sent: Wed, 03 Aug
> 2016 09:28:44 +0100
> Subject: Re: [Assp-user]        Whitelistdb + Spam from gmail
> addresses?
>
>
> > I'm still having this issue while gmail.com is in StrictSPFRe.
> > Example:
> >
> > Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> > <[hidden email]> to: [hidden email] DKIM-Signature found
> > Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> > <[hidden email]> to: [hidden email] info: domain gmail.com has
> > published a DMARC record
> > Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> > <[hidden email]> to: [hidden email] strictspf Regex:
> strictSPFRe
> > '@gmail.com'
> > Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> > <[hidden email]> to: [hidden email] [scoring] SPF: softfail
> (cache)
> > ip=104.129.245.78 mailfrom=[hidden email] helo=emilyskye.me
> > Aug-03-16 08:10:59 m1-04659-09264 [Worker_2] 104.129.245.78
> > <[hidden email]> to: [hidden email] Message-Score: added 21
> > (spfValencePB) for SPF softfail, total score for this message is now 21
> > Aug-03-16 08:11:00 m1-04659-09264 [Worker_2] [MessageOK] 104.129.245.78
> > <[hidden email]> to: [hidden email] message ok - (whitelistdb)
> -
> > [RE Still chained to your day job] ->
> > /var/db/assp/notspam/RE_Still_chained_to_your_day_job--21377.eml
> >
> >
> > ----- Original Message -----
> > From: Andy Knuts [mailto:[hidden email]]
> > To:
> > [hidden email]
> > Sent: Wed, 27 Jul 2016 10:53:52
> > +0100
> > Subject: [Assp-user] Whitelistdb + Spam from gmail addresses?
> >
> >
> > > I have a gmail account [hidden email] and my email address
> protected by
> > > ASSP is myuser@mydomain. I have sent emails from myuser@mydomain to
> > > [hidden email] so it got whitelisted by ASSP. Now, there are
> spammers
> > > sending spam faking it to come from [hidden email] to
> myuser@mydomain.
> > > It's clearly spam but it gets through because ASSP whitelisted the
> email
> > > address [hidden email].
> > >
> > > How can I prevent this?
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > > patterns at an interface-level. Reveals which users, apps, and
> protocols
> > are
> > >
> > > consuming the most bandwidth. Provides multi-vendor support for
> NetFlow,
> > > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > > planning
> > > reports.http://sdm.link/zohodev2dev
> > > _______________________________________________
> > > Assp-user mailing list
> > > [hidden email]
> > > https://lists.sourceforge.net/lists/listinfo/assp-user
> > >
> >
> >
> ------------------------------------------------------------------------------
> > _______________________________________________
> > Assp-user mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/assp-user
> >
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>


--
"Madness, like small fish, runs in hosts, in vast numbers of instances."

Nessuno mi pettina bene come il vento.

------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user