spam an forwarded email

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

spam an forwarded email

Christian Leicht
Hello,
what can i do ?
Some of my users get spam an (auto)forward all emails to a web.de
Emailaddress. On outgoing the spam sender is whitlisted. After a time
Web.de is blocking my Server IP.
Whats happend?
Thanks for a tipp

Christian

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: spam an forwarded email

Thomas Eckardt/eck
>On outgoing the spam sender is whitlisted

forwarded mails out->in(FW)->out should be detected as redlisted mail by
assp (redRe)
redlisted mails never contributes to whitelist additions

>After a time
>Web.de is blocking my Server IP.
>Whats happend?

This depends on the forwarding mechanism of your mail server/client.
Forwarding an email, is a bad idea. If your mail server (client) provides
a 'send a copy to' , use this mechanism.
Let's say, the original mail was from gmail.com - it is forwarded to
web.de through your server. Think about, what web.de sees: an email from
gmail.com sent by your IP - web.de checks SPF -> fail! Your server or
client modifies the mail subject (FW: is added for example) -> web.de
checks the DKIM signature -> fail. Your server/client removes the DKIM
signature - web.de knows, gmail has to have one -> fail. Worst case - spam
is forwarded - web.de detects spam from your IP - report goes to
RBL-providers - your IP will get globaly blacklisted after some time!

I don't know, if web.de provides a whitepaper, how emails should be
forwarded to them. There are several X-MIME headers that can be used to
tag forwarded mail (like: X-Forwarded-For), but like all X-MIME headers -
there is no 'have to' or 'must' - only a 'can'. It is allowed to ignore
them all.

An safe way to forward is:
- use the local account as envelope sender
- replace the from header address by the local account
- put the original from address in to the 'Sender:' header line
- possibly add the 'X-Forwarded-For' header
- remove all DKIM or DomainKey signatures
- remove all SMIME signature parts

Someone would say: SRS is developed for this forwarding to solve the SPF
failure - Yes, this is true, but I don't know any implementation for SRS
at any of the large email providers.

Thomas



Von:    Christian Leicht <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  23.08.2016 13:35
Betreff:        [Assp-user] spam an forwarded email



Hello,
what can i do ?
Some of my users get spam an (auto)forward all emails to a web.de
Emailaddress. On outgoing the spam sender is whitlisted. After a time
Web.de is blocking my Server IP.
Whats happend?
Thanks for a tipp

Christian

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: spam an forwarded email

Christian Leicht
Hello Thomas,
thanks for your good description.

Now i have too use DKIM in my setup with postfix and amavisd-new.
I have a little problem with the setup. I use since years ASSP (Anti
Spam SMTP Proxy) and wont miss it.
I only like to use amavisd for the DKIM and Antivirus stuff.

My Setup is now:

Internet -> ASSP -> Postfix -> ASSP -> Internet

Get the Emails on Port 25,465,587 in ASSP and send it to
Postfix on Port 10025

In the /etc/services is
asspsmtp        10025/tcp       mail
asspssmtp       10026/tcp

in /etc/postfix/master.cf
asspsmtp      inet  n       -       -       -       -       smtpd -v
#asspsmtpd     inet  n      -       -       -       -       smtp

I have setup letsencrypt certs in ASSP and Postfix.
This configuration worked well so far.


I read the Amavisd default uses port 10025
I shifted the ASSP Port to 10035 and 10036 but it doesent work.
ASSP and Postfix cant get a connection on 10035
I do not understand what's going on.

How can I add Amavisd when I leave ASSP on port 10025
Do i have to add something in /etc/services?

Thanks for Help

Christian


Am 23.08.2016 um 14:34 schrieb Thomas Eckardt:

>> On outgoing the spam sender is whitlisted
>
> forwarded mails out->in(FW)->out should be detected as redlisted mail by
> assp (redRe)
> redlisted mails never contributes to whitelist additions
>
>> After a time
>> Web.de is blocking my Server IP.
>> Whats happend?
>
> This depends on the forwarding mechanism of your mail server/client.
> Forwarding an email, is a bad idea. If your mail server (client) provides
> a 'send a copy to' , use this mechanism.
> Let's say, the original mail was from gmail.com - it is forwarded to
> web.de through your server. Think about, what web.de sees: an email from
> gmail.com sent by your IP - web.de checks SPF -> fail! Your server or
> client modifies the mail subject (FW: is added for example) -> web.de
> checks the DKIM signature -> fail. Your server/client removes the DKIM
> signature - web.de knows, gmail has to have one -> fail. Worst case - spam
> is forwarded - web.de detects spam from your IP - report goes to
> RBL-providers - your IP will get globaly blacklisted after some time!
>
> I don't know, if web.de provides a whitepaper, how emails should be
> forwarded to them. There are several X-MIME headers that can be used to
> tag forwarded mail (like: X-Forwarded-For), but like all X-MIME headers -
> there is no 'have to' or 'must' - only a 'can'. It is allowed to ignore
> them all.
>
> An safe way to forward is:
> - use the local account as envelope sender
> - replace the from header address by the local account
> - put the original from address in to the 'Sender:' header line
> - possibly add the 'X-Forwarded-For' header
> - remove all DKIM or DomainKey signatures
> - remove all SMIME signature parts
>
> Someone would say: SRS is developed for this forwarding to solve the SPF
> failure - Yes, this is true, but I don't know any implementation for SRS
> at any of the large email providers.
>
> Thomas
>
>
>
> Von:    Christian Leicht <[hidden email]>
> An:     For Users of ASSP <[hidden email]>
> Datum:  23.08.2016 13:35
> Betreff:        [Assp-user] spam an forwarded email
>
>
>
> Hello,
> what can i do ?
> Some of my users get spam an (auto)forward all emails to a web.de
> Emailaddress. On outgoing the spam sender is whitlisted. After a time
> Web.de is blocking my Server IP.
> Whats happend?
> Thanks for a tipp
>
> Christian
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: spam an forwarded email

Christian Leicht
In reply to this post by Thomas Eckardt/eck
Hello Thomas,
thanks for your good description.

Now i have too use DKIM in my setup with postfix and amavisd-new.
I have a little problem with the setup. I use since years ASSP (Anti
Spam SMTP Proxy) and wont miss it.
I only like to use amavisd for the DKIM and Antivirus stuff.

My Setup is now:

Internet -> ASSP -> Postfix -> ASSP -> Internet

Get the Emails on Port 25,465,587 in ASSP and send it to
Postfix on Port 10025

In the /etc/services is
asspsmtp        10025/tcp       mail
asspssmtp       10026/tcp

in /etc/postfix/master.cf
asspsmtp      inet  n       -       -       -       -       smtpd -v
#asspsmtpd     inet  n      -       -       -       -       smtp

I have setup letsencrypt certs in ASSP and Postfix.
This configuration worked well so far.


I read the Amavisd default uses port 10025
I shifted the ASSP Port to 10035 and 10036 but it doesent work.
ASSP and Postfix cant get a connection on 10035
I do not understand what's going on.

How can I add Amavisd when I leave ASSP on port 10025
Do i have to add something in /etc/services?

Thanks for Help

Christian


Am 23.08.2016 um 14:34 schrieb Thomas Eckardt:

>> On outgoing the spam sender is whitlisted
>
> forwarded mails out->in(FW)->out should be detected as redlisted mail by
> assp (redRe)
> redlisted mails never contributes to whitelist additions
>
>> After a time
>> Web.de is blocking my Server IP.
>> Whats happend?
>
> This depends on the forwarding mechanism of your mail server/client.
> Forwarding an email, is a bad idea. If your mail server (client) provides
> a 'send a copy to' , use this mechanism.
> Let's say, the original mail was from gmail.com - it is forwarded to
> web.de through your server. Think about, what web.de sees: an email from
> gmail.com sent by your IP - web.de checks SPF -> fail! Your server or
> client modifies the mail subject (FW: is added for example) -> web.de
> checks the DKIM signature -> fail. Your server/client removes the DKIM
> signature - web.de knows, gmail has to have one -> fail. Worst case - spam
> is forwarded - web.de detects spam from your IP - report goes to
> RBL-providers - your IP will get globaly blacklisted after some time!
>
> I don't know, if web.de provides a whitepaper, how emails should be
> forwarded to them. There are several X-MIME headers that can be used to
> tag forwarded mail (like: X-Forwarded-For), but like all X-MIME headers -
> there is no 'have to' or 'must' - only a 'can'. It is allowed to ignore
> them all.
>
> An safe way to forward is:
> - use the local account as envelope sender
> - replace the from header address by the local account
> - put the original from address in to the 'Sender:' header line
> - possibly add the 'X-Forwarded-For' header
> - remove all DKIM or DomainKey signatures
> - remove all SMIME signature parts
>
> Someone would say: SRS is developed for this forwarding to solve the SPF
> failure - Yes, this is true, but I don't know any implementation for SRS
> at any of the large email providers.
>
> Thomas
>
>
>
> Von:    Christian Leicht <[hidden email]>
> An:     For Users of ASSP <[hidden email]>
> Datum:  23.08.2016 13:35
> Betreff:        [Assp-user] spam an forwarded email
>
>
>
> Hello,
> what can i do ?
> Some of my users get spam an (auto)forward all emails to a web.de
> Emailaddress. On outgoing the spam sender is whitlisted. After a time
> Web.de is blocking my Server IP.
> Whats happend?
> Thanks for a tipp
>
> Christian
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Whitelist & strict SPF?

Andy Knuts
Look at the message below:

Aug-24-16 12:15:32 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> info: found message size announcement: 19.47 kByte
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] Whitelisted sender Domain: [hidden email]
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] Whitelisted sender address: [hidden email] for recipient [hidden email]
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] info: found known good HELO 'mailing.plopsafun.be' - weight is -2
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] Message-Score: added -40 for KnownGoodHelo, total score for this message is now -40
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] strictspf Regex: strictSPFRe '@gmail.com'
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] blockspf Regex: blockstrictSPFRe '@gmail.com'
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] [scoring] SPF: softfail ip=176.62.160.58 mailfrom=[hidden email] helo=mailing.plopsafun.be
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] Message-Score: added 21 (spfValencePB) for SPF softfail, total score for this message is now -19
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] [SPF] 176.62.160.58 <[hidden email]> to: [hidden email] [spam found] (SPF softfail - strict) [RE Korting] -> /var/db/assp/spam/RE_Korting--44072.eml;
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] [SMTP Error] 554 5.7.1 failed SPF: gmail.com ... _spf.google.com: Sender is not authorized by default to use '[hidden email]' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58 <[hidden email]> to: [hidden email] info: PB-IP-Score for '176.62.160.0' is 21, added 21 in this session


How can I whitelist this particular kind of messages so it won't get blocked by blockstringSPFRe?

The company "plopsa.be", which is a themepark in Belgium is using a @gmail.com address in the sender envelope when sending it's newsletter. Customers are complaining because they do not receive these message anymore but it's normal because SPF fails for gmail.com and I have gmail.com in blockstrictSPFRe in order to block spam.

I have added [hidden email] to the whitelist as you can see, and [hidden email] is also whitelisted but ASSP is still blocking it.

Any way to prevent this from happening?

Thanks

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist_&_strict_SPF?

Thomas Eckardt/eck
Using '[hidden email]' as envelope sender from
176.62.160.58 is WRONG!
To receive bounces at this address, it should be used in the 'errors-to:'
header line.

This whitelisted mail is checked for SPF because SPFWL is set.

To skip the SPF check you have three choices.

- unset 'SPFWL' - not recommended
- define 'contentOnlyRe' to match the mail - not recommended
- define 'bounce\.plopsa\.emailing\@gmail\.com' in 'noSPFRe' - (assumes
the envelope sender is always the same)
  and/or define '176\.62\.160\.58' in 'noSPFRe' - (assumes the sending IP
is always the same - don't do this if the IP is one of a large mail
provider)
  and/or define any other unique mail content in 'noSPFRe' - (assumes the
content can be found in every such mail)

Not a real solution, but a nice trick would be to add the following entry
in to the SPFCache (using the GUI)

176.62.160.58 gmail.com|::|[2030-08-18,14:11:00] pass mailing.plopsafun.be

The entry will expire after 2030-08-18 - until this date all mail from
this IP and gmail.com will pass the SPF check.

modifying any DB directly
pkey: '176.62.160.58 gmail.com'
pvalue: '8999999999 pass mailing.plopsafun.be'

both without the quotes

8999999999 is the 2255-03-14,16:59:59

Thomas





Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  25.08.2016 10:03
Betreff:        [Assp-user] Whitelist_&_strict_SPF?



Look at the message below:

Aug-24-16 12:15:32 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> info: found message size announcement:
19.47 kByte
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] Whitelisted sender
Domain: [hidden email]
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] Whitelisted sender
address: [hidden email] for recipient [hidden email]
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] info: found known good
HELO 'mailing.plopsafun.be' - weight is -2
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] Message-Score: added
-40 for KnownGoodHelo, total score for this message is now -40
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] strictspf Regex:
strictSPFRe '@gmail.com'
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] blockspf Regex:
blockstrictSPFRe '@gmail.com'
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] [scoring] SPF:
softfail ip=176.62.160.58 mailfrom=[hidden email]
helo=mailing.plopsafun.be
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] Message-Score: added
21 (spfValencePB) for SPF softfail, total score for this message is now
-19
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] [SPF] 176.62.160.58
<[hidden email]> to: [hidden email] [spam found] (SPF
softfail - strict) [RE Korting] ->
/var/db/assp/spam/RE_Korting--44072.eml;
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] [SMTP Error] 554 5.7.1
failed SPF: gmail.com ... _spf.google.com: Sender is not authorized by
default to use '[hidden email]' in 'mfrom' identity,
however domain is not currently prepared for false failures (mechanism
'~all' matched)
Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
<[hidden email]> to: [hidden email] info: PB-IP-Score for
'176.62.160.0' is 21, added 21 in this session


How can I whitelist this particular kind of messages so it won't get
blocked by blockstringSPFRe?

The company "plopsa.be", which is a themepark in Belgium is using a
@gmail.com address in the sender envelope when sending it's newsletter.
Customers are complaining because they do not receive these message
anymore but it's normal because SPF fails for gmail.com and I have
gmail.com in blockstrictSPFRe in order to block spam.

I have added [hidden email] to the whitelist as you can
see, and [hidden email] is also whitelisted but ASSP is still blocking
it.

Any way to prevent this from happening?

Thanks

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Whitelist_&_strict_SPF?

Andy Knuts
Ok. I will modify our configuration to allow these emails temporarily. At the same time I will get in contact with plopsa.be and explain the problem so it can be fixed at the source...

Thanks for your quick reply!


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Thu, 25 Aug 2016 11:19:25
+0100
Subject: Re: [Assp-user] Whitelist_&_strict_SPF?


> Using '[hidden email]' as envelope sender from
> 176.62.160.58 is WRONG!
> To receive bounces at this address, it should be used in the 'errors-to:'
> header line.
>
> This whitelisted mail is checked for SPF because SPFWL is set.
>
> To skip the SPF check you have three choices.
>
> - unset 'SPFWL' - not recommended
> - define 'contentOnlyRe' to match the mail - not recommended
> - define 'bounce\.plopsa\.emailing\@gmail\.com' in 'noSPFRe' - (assumes
> the envelope sender is always the same)
>   and/or define '176\.62\.160\.58' in 'noSPFRe' - (assumes the sending IP
> is always the same - don't do this if the IP is one of a large mail
> provider)
>   and/or define any other unique mail content in 'noSPFRe' - (assumes the
> content can be found in every such mail)
>
> Not a real solution, but a nice trick would be to add the following entry
> in to the SPFCache (using the GUI)
>
> 176.62.160.58 gmail.com|::|[2030-08-18,14:11:00] pass mailing.plopsafun.be
>
> The entry will expire after 2030-08-18 - until this date all mail from
> this IP and gmail.com will pass the SPF check.
>
> modifying any DB directly
> pkey: '176.62.160.58 gmail.com'
> pvalue: '8999999999 pass mailing.plopsafun.be'
>
> both without the quotes
>
> 8999999999 is the 2255-03-14,16:59:59
>
> Thomas
>
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     "For Users of ASSP" <[hidden email]>
> Datum:  25.08.2016 10:03
> Betreff:        [Assp-user] Whitelist_&_strict_SPF?
>
>
>
> Look at the message below:
>
> Aug-24-16 12:15:32 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> info: found message size announcement:
> 19.47 kByte
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] Whitelisted sender
> Domain: [hidden email]
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] Whitelisted sender
> address: [hidden email] for recipient [hidden email]
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] info: found known good
> HELO 'mailing.plopsafun.be' - weight is -2
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] Message-Score: added
> -40 for KnownGoodHelo, total score for this message is now -40
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] strictspf Regex:
> strictSPFRe '@gmail.com'
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] blockspf Regex:
> blockstrictSPFRe '@gmail.com'
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] [scoring] SPF:
> softfail ip=176.62.160.58 mailfrom=[hidden email]
> helo=mailing.plopsafun.be
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] Message-Score: added
> 21 (spfValencePB) for SPF softfail, total score for this message is now
> -19
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] [SPF] 176.62.160.58
> <[hidden email]> to: [hidden email] [spam found] (SPF
> softfail - strict) [RE Korting] ->
> /var/db/assp/spam/RE_Korting--44072.eml;
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] [SMTP Error] 554 5.7.1
> failed SPF: gmail.com ... _spf.google.com: Sender is not authorized by
> default to use '[hidden email]' in 'mfrom' identity,
> however domain is not currently prepared for false failures (mechanism
> '~all' matched)
> Aug-24-16 12:15:33 m1-33732-13084 [Worker_3] 176.62.160.58
> <[hidden email]> to: [hidden email] info: PB-IP-Score for
> '176.62.160.0' is 21, added 21 in this session
>
>
> How can I whitelist this particular kind of messages so it won't get
> blocked by blockstringSPFRe?
>
> The company "plopsa.be", which is a themepark in Belgium is using a
> @gmail.com address in the sender envelope when sending it's newsletter.
> Customers are complaining because they do not receive these message
> anymore but it's normal because SPF fails for gmail.com and I have
> gmail.com in blockstrictSPFRe in order to block spam.
>
> I have added [hidden email] to the whitelist as you can
> see, and [hidden email] is also whitelisted but ASSP is still blocking
> it.
>
> Any way to prevent this from happening?
>
> Thanks
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user