From: Barry B. <Barry@CommercialNetworkServices.com> - 2007-09-27 15:54:54
|
Only local or authenticated users contribute to the whitelist. Only users with a local domain in mail from contribute to the whitelist. Both of the above were unchecked. I checked the first. I don't think I can check the second 'Only users with a local domain in mailfrom contribute to the whitelist." because I don't have a list of all domains in assp. I let the mail servers decide to accept mail or not. The list is too dynamic and there are a few servers. It's just not possible to link it at the moment. Even so, how can an outside user whitelist themselves? I don't understand how this can be possible, regardless of the checkboxes. Can someone please explain?? So with all this garbage being whitelisted, what now? Should I delete the whitelist and start over? I think my spam/not spam samples are still clean. I hope checking the first option 'only local or authorized can contribute' will help. What do you think? Thank you! Barry _____ From: ass...@li... [mailto:ass...@li...] On Behalf Of Hill, Brett Sent: Thursday, September 27, 2007 4:21 AM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] how is this spam getting through? Do you have "Only users with a local domain in mailfrom contribute to the whitelist." checked in the "Whitelisting" section? _____ From: ass...@li... [mailto:ass...@li...] On Behalf Of Barry Bahrami Sent: Thursday, September 27, 2007 12:32 AM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: [Assp-user] how is this spam getting through? I've had reports of spam lately and so I checked our logs. This is what I'm finding in assp: Sep-26-07 21:17:23 id-6642c8854 24.4.81.119 <jr...@dr...> to: da...@ou... whitelist addition: ke...@dr... Sep-26-07 21:17:23 id-6642c8854 [Local/White] 24.4.81.119 <jr...@dr...> to: da...@ou... <mailto:david@davidriglerdesigns> com local or whitelisted () Your_longer_[porn spam subject]-> c:\assp/notspam/8854.eml It seems these guys are somehow whitelisting themselves. I see it all over the logs. I upgraded to 1.3.2 and then 1.3.3 and now 1.3.4 (which is working great otherwise, btw). All versions are doing the same thing. Barry |