Menu
▾
▴
Re: [Assp-test] Antwort: Re: Incorrect addresses added to whitelist via the email interface
|
From: Mark E. <MEd...@th...> - 2010-10-01 20:56:34
|
On Oct 1, 2010, at 1:27 PM, Thomas Eckardt wrote: > IMHO is this not a correct MIME message: > >> From: Trustwave <em...@co...< > mailto:em...@co...>> >> To: IT_AV <IT...@th...<mailto:IT...@th...>> > > both lines are not correct > >> Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local< > mailto:380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local>> > > and this also > > I would block this mail because of this. Thanks for your reply Thomas. I didn't notice, but my original email to the list got all messed up and had "mailto" and "http" links added to it, and was therefore misleading. Let me try to transmit the email headers and asspnotspam report again below. My concerns: em...@co... -- Assp would whitelist this address, because it is in the From header. MEd...@th... -- This is not only a local address, but it wasn't in the original email at all. MEd...@th... was the address from which I forwarded the mail to asspnotspam. That's two reasons it should not have been added to the whitelist. 380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local -- This comes from the Message-ID header. Why should this be added to the whitelist? 474...@co... -0...@co... -- These are both partial addresses from the Reply-To header. I can see why a Reply-To address makes sense for the whitelist, maybe, although I find that somewhat questionable as Reply-To isn't considered when whitelisting incoming email, is it? In any case, these addresses are mangled. Here is the original info. Hopefully it doesn't get messed up in transit... Response from asspnotspam: 380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local: added to whitelist 380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local,MEd...@th...: added to whitelist em...@co...: added to whitelist em...@co...,MEd...@th...: added to whitelist -0...@co...: added to whitelist -0...@co...,MEd...@th...: added to whitelist 474...@co...: added to whitelist 474...@co...,MEd...@th...: added to whitelist Headers of email: Received: from mta.communications.trustwave.com (10.10.16.12) by mail.thecjm.org (10.10.11.5) with Microsoft SMTP Server id 8.2.176.0; Tue, 31 Aug 2010 17:47:56 -0700 Received: from mta.communications.trustwave.com ([66.231.89.232] helo=mta.communications.trustwave.com) by cjm-assp2.thecjm.lan with ESMTP (2.0.1); 31 Aug 2010 17:52:31 -0700 Received: by mta.communications.trustwave.com (PowerMTA(TM) v3.5r15) id hfm7340ie1s9 for <IT...@th...>; Tue, 31 Aug 2010 17:20:09 -0600 (envelope-from <bou...@bo...>) From: Trustwave <em...@co...> To: IT_AV <IT...@th...> Content-Class: urn:content-classes:message Date: Tue, 31 Aug 2010 17:48:33 -0700 Subject: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance Program Thread-Topic: [FILTERED] Welcome to the TrustKeeper PCI DSS Compliance Program Thread-Index: ActJb1JL8etJMiuKR3yN/ydOPzhWdg== Message-ID: <380dc3a4-58c9-4e10-bdb1-965395b820fb@xtinmta12.xt.local> List-Unsubscribe: <mailto:leave-fca51c777c610d7d1a4c342838-fe25...@le...> Reply-To: Trustwave <rep...@co...> Accept-Language: en-US Content-Language: en-US X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-AuthSource: cjm-exch1.TheCJM.lan X-MS-Has-Attach: X-Auto-Response-Suppress: DR, OOF, AutoReply X-MS-Exchange-Organization-SCL: 9 X-MS-TNEF-Correlator: x-assp-delay: not delayed (gripvalue low: 0.12); 31 Aug 2010 17:52:31 -0700 x-assp-spam: YES x-assp-spam-reason: MessageScore passed low limit dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608; d=communications.trustwave.com; h=From:To:Subject:Date:List-Unsubscribe:MIME-Version:Reply-To:Message-ID:Content-Type:Content-Transfer-Encoding; i=em...@co...; bh=B6gxA/9SZFGUgHR1Lai21kKsmjo=; b=wA+6A7SuzemZNTiiHQzCwY981V4rljahKmesPaLshlSrjrZ/8ZaZu6GxGFKg4qM+k2MCEAMnuudZ jsaGddQnMuf4cWRAnQZ3qKNEkIRmMtJqWksOOtQDtw168VfsoRMsGLLKcAFbmUixCgKlXr9+0IEM PyKhUeM4kxRDUvqmLKU= x-spam-status: yes x-job: 75073_14143185 x-assp-envelope-from: bou...@bo... Content-Type: multipart/alternative; boundary="_000_380dc3a458c94e10bdb1965395b820fbxtinmta12xtlocal_" MIME-Version: 1.0 |