Re: [Assp-test] Attachment from "good" list blocked
:: On Tue, 18 Jul 2017 11:58:09 -0400 :::: "Robert K Coffman Jr. -Info From Data Corp." wrote: > https://pastebin.com/NKPYnZsD > > > I have UserAttach set up for huntington.com (see bottom of the paste) > but their html attachments are still being blocked. Why is that? Jul-18-17 09:58:09 m1-86288-10388 [Worker_1] [TLS-in] [Attachment] 170.128.35.52 to: usern...@hyperglobalmega.com SPAM FOUND bad attachment 'securedoc_20170718T095806.html' cause: 'Java script - possibly locky (ransomware) virus' check out where you defined that "possibly locky..." message and you'll find what's blocking the mail -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Possible feature requests
:: On Wed, 28 Jun 2017 08:38:34 -0700 :::: Daniel Miller wrote: > Again, my request is to auto-block *IPs* of *failed* auths. Not lock > the account. Not block valid auths. Regular users would never see a > problem. The "problem" with such an approach are the critters I call "slow crackers"; basically it's a distributed network of bots, those are coordinated and will attempt, one at a time, to bruteforce a given account, this means that you may see two/three logon attempts from IP#1, then other two/three from IP#2 and so on, rotating IP through the whole botnet, this means that, when the penalty time will expire, the botnet had completed quite a number of attempt and can quietly reuse IP#1 and so on to go on for the next cycle and, while such an approach may seem slow, it isn't, imagine having multiple bots attempting to crack a given account and performing the above in parallel, ASSP will ban the IPs... sure, but that won't help On the other hand, banning the account (username) isn't a good idea, since, as already noted, someone may just lock off a legit user from his inbox by running a distributed bruteforce attack. A possible approach may be the following: Upon a successful logon, ASSP stored the /24 user subnet, and does the same for different ones, so ASSP will keep (say) 10 or the like IP ranges associated with an account (ranges may have a timestamp so will be removed after some time if they aren't used again) After a number of failed logons from "unknown" IPs, ASSP will "block" the account, but the block will ONLY be applied to logon attempts coming from "unknown" IPs, regular one will be allowed to go through The above means that a (say) German user coming from a given IP block will be able to access the SMTP even if the user account was blocked due to repeated bruteforce attempts, at the same time, attempts coming from (say) China will be rejected with a "no such user" (or the like) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] crazy forum post
:: On Mon, 13 Feb 2017 06:53:48 +0100 :::: Thomas Eckardt wrote: > http://assp.sourceforge.net/forum/viewtopic.php?f=6=3031 > > I don't want to start a discussion about this! It's only for your > information. I don't know, if I should cry or laugh. Plain vanilla trolling imHo, see, the terms "whitelist" and "blacklist" have been in use for years worldwide and are commonly accepted, so, if that folk wants to go on, he'd better start from roots, not from ASSP which just uses the common, accepted terminology. -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] LetsEncrypt SSL Certs with ASSP
:: On Sun, 22 Jan 2017 07:55:22 -0500 :::: Doug Lytle wrote: > Hey guys, > > I just followed and setup LetsEncrypt SSL Certificates for my Zimbra > mail server following the below link: > > https://forums.zimbra.org/viewtopic.php?f=15=60781 > > I wanted to know if this could also be used for SSL/TLS > communications with ASSP? Well, given that ASSP is written in Perl, I suspect that, willing to implement support for the "Let's Encrypt" framework, one should start from stuff like https://github.com/do-know/Crypt-LE https://metacpan.org/pod/Net::ACME https://metacpan.org/pod/Protocol::ACME either one of the above should do, then, by the way the thing should be implemented inside ASSP (not sure it may fit into a plugin); as for the "Let's Encrypt" initiative, for the ones which don't know about it https://letsencrypt.org/ HTH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] assp settings new installation
:: On Wed, 19 Oct 2016 22:04:31 +0530 :::: Vaibhav Jaiman wrote: > - have setup assp and mailenable on the same box . > - ASSP listening on 25|587|2525 > - MailServer listening on 125 > > (Inbound) > Internet -> ASSP -> MailServer -> Remote > > have configured below settings > > listenport - 25|587|127.0.0.1:2525 > smtpDestination - 127.0.0.1:125 > RelayHost - 127.0.0.1:125 > Relay Port - 127.0.0.1:2525|127.0.0.1:587|127.0.0.1:25 > allowRelayCon - 127.0.0.1 My suggestion is the following * Inbound sender | | ASSP: 25, 587 | | MailEnable: 8025 * OutBound MailEnable | | ASSP: 8025 (relayport - just local) | | IIS SMTP: 9025 (just local) | | destination the idea is that the inbound mail flows through ASSP to the backend MailEnable server where it's then distributed as needed; the outbound mail, originated from MailEnable is sent to ASSP which then forwards it to the IIS SMTP acting as the outbound mail router; you'll probably need to proper tweak thing, but the above, once configured will work quite well; oh and ensure to disable authentication on port 25 (at least for plain vanilla, non-SSL connections and *force* it on port 587) and to properly configure the IIS SMTP to route bounces/errors What else... oh, yeah, if you feel ok with MailEnable then, good for you, but personally, I think that hMailServer is better than ME, also since it supports a webmail client (RoundCube) which has addons which allow to integrate it quite strictly with hMailServer -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Password Protected "RTF" Files Slipping Through
:: On Wed, 19 Oct 2016 13:31:55 +0200 :::: Thomas Eckardt wrote: > 4. I'm unable to password protect RTF files (tried office 2003, XP, > 2013) - password is removed I suspect it isn't a real RTF file but a passworded zip with a modified extension; basically whoever builds such kind of trash creates a script, adds it to a passworded "zip" and renames it to "rtf" -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Password Protected "RTF" Files Slipping Through
:: On Wed, 19 Oct 2016 09:14:44 +0200 :: <20161019091444.5...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > Ok for the sigs being up-to-date; but my point was about the "extra" > signatures offered by SaneSecurity, not the regular ones; I found that > the regular signatures are often "behind" while the ones offered by > SaneSecurity are faster to catch-up, so my suggestion was to add those > signatures to your ClamAV scanner to help improve its efficiency; I've > been using a number of signatures from SaneSecurity along with the > regular clamav signatures and I found them to be quite effective at > blocking "junk" (spam, malware and so on) that's why I'm suggesting to > give them a spin just in case, here's the list of additional signatures I'm using; notice that it's important to always include the first two since they allow to quickly fix false-positives issues (if any, by the way) and to improve the scanner performances rsync://rsync.sanesecurity.net/sanesecurity/sanesecurity.ftm rsync://rsync.sanesecurity.net/sanesecurity/sigwhitelist.ign2 rsync://rsync.sanesecurity.net/sanesecurity/junk.ndb rsync://rsync.sanesecurity.net/sanesecurity/jurlbla.ndb rsync://rsync.sanesecurity.net/sanesecurity/lott.ndb rsync://rsync.sanesecurity.net/sanesecurity/phish.ndb rsync://rsync.sanesecurity.net/sanesecurity/rogue.hdb rsync://rsync.sanesecurity.net/sanesecurity/scam.ndb rsync://rsync.sanesecurity.net/sanesecurity/spam.ldb rsync://rsync.sanesecurity.net/sanesecurity/spamimg.hdb rsync://rsync.sanesecurity.net/sanesecurity/spamattach.hdb rsync://rsync.sanesecurity.net/sanesecurity/blurl.ndb rsync://rsync.sanesecurity.net/sanesecurity/bofhland_cracked_URL.ndb rsync://rsync.sanesecurity.net/sanesecurity/bofhland_malware_URL.ndb rsync://rsync.sanesecurity.net/sanesecurity/bofhland_phishing_URL.ndb rsync://rsync.sanesecurity.net/sanesecurity/bofhland_malware_attach.hdb rsync://rsync.sanesecurity.net/sanesecurity/scamnailer.ndb rsync://rsync.sanesecurity.net/sanesecurity/crdfam.clamav.hdb rsync://rsync.sanesecurity.net/sanesecurity/porcupine.ndb rsync://rsync.sanesecurity.net/sanesecurity/phishtank.ndb rsync://rsync.sanesecurity.net/sanesecurity/winnow_malware.hdb rsync://rsync.sanesecurity.net/sanesecurity/winnow_malware_links.ndb rsync://rsync.sanesecurity.net/sanesecurity/winnow_phish_complete.ndb rsync://rsync.sanesecurity.net/sanesecurity/winnow.complex.patterns.ldb rsync://rsync.sanesecurity.net/sanesecurity/winnow_spam_complete.ndb rsync://rsync.sanesecurity.net/sanesecurity/winnow.attachments.hdb rsync://rsync.sanesecurity.net/sanesecurity/winnow_extended_malware.hdb rsync://rsync.sanesecurity.net/sanesecurity/winnow_bad_cw.hdb rsync://rsync.sanesecurity.net/sanesecurity/foxhole_generic.cdb rsync://rsync.sanesecurity.net/sanesecurity/foxhole_filename.cdb rsync://rsync.sanesecurity.net/sanesecurity/malwarehash.cdb HTH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Password Protected "RTF" Files Slipping Through
:: On Tue, 18 Oct 2016 11:29:44 -0400 :::: K Post wrote: > > I suppose that, since you're talking (ok, writing) about AFC, you're > > running ClamAV; now... are you using the extra signatures available > > from SaneSecurity ? I'm referring to > > > > http://sanesecurity.com/usage/signatures/ > We are using up to date clamav sigs. The problem is that these files > are encrypted so they're not being detected. Ok for the sigs being up-to-date; but my point was about the "extra" signatures offered by SaneSecurity, not the regular ones; I found that the regular signatures are often "behind" while the ones offered by SaneSecurity are faster to catch-up, so my suggestion was to add those signatures to your ClamAV scanner to help improve its efficiency; I've been using a number of signatures from SaneSecurity along with the regular clamav signatures and I found them to be quite effective at blocking "junk" (spam, malware and so on) that's why I'm suggesting to give them a spin -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Password Protected "RTF" Files Slipping Through
:: On Tue, 18 Oct 2016 17:19:55 +0200 :: <20161018171955.3...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > :: On Tue, 18 Oct 2016 10:27:10 -0400 > :: > <calhpkamx-umhq93g4pshni-xjs4doujhvhty7r1cywfkwtj...@mail.gmail.com> :: > K Post <nntp.p...@gmail.com> wrote: > > > VirusTotal has zero hits on the samples that I submitted, but if > > they're encrypted, that explains why... > > I suppose that, since you're talking (ok, writing) about AFC, you're > running ClamAV; now... are you using the extra signatures available > from SaneSecurity ? I'm referring to > > http://sanesecurity.com/usage/signatures/ > > to use them you'll need to schedule one of the update scripts > available on Steve's (sanesecurity) site, depending from your OS to > ensure your ClamAV will also use updated "extra" signatures; then, in > case the AV doesn't catch the critters, you may submit samples to > Steve and he'll add signatures on the fly so that you'll have them > available in a really short time :) Forgot; since I'm at it, Thomas, if you're reading this, please have a look at the script found here http://sanesecurity.com/statistics/ I think it may be "added" to ASSP to generate AV stats ;-) -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Password Protected "RTF" Files Slipping Through
:: On Tue, 18 Oct 2016 10:27:10 -0400 :::: K Post wrote: > VirusTotal has zero hits on the samples that I submitted, but if > they're encrypted, that explains why... I suppose that, since you're talking (ok, writing) about AFC, you're running ClamAV; now... are you using the extra signatures available from SaneSecurity ? I'm referring to http://sanesecurity.com/usage/signatures/ to use them you'll need to schedule one of the update scripts available on Steve's (sanesecurity) site, depending from your OS to ensure your ClamAV will also use updated "extra" signatures; then, in case the AV doesn't catch the critters, you may submit samples to Steve and he'll add signatures on the fly so that you'll have them available in a really short time :) -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Inbound TLS from gmail.com addresses / servers
:: On Tue, 2 Aug 2016 18:02:25 +0200 :::: Thomas Eckardt wrote: > I really don't know what I can do to fix up the SSL/TLS problems. Well, Thomas, if the OP agrees, you may make private contacts and connect to his ASSP box to run some tests, maybe reproducing the issue while "at the console" may allow you to see what's going on (just an idea, and maybe a crazy one, but when everything else fails...) -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Inbound TLS from gmail.com addresses / servers
:: On Mon, 1 Aug 2016 18:06:11 -0400 ::
Re: [Assp-test] Very slow TLS sessions - Windows server
:: On Thu, 9 Jun 2016 17:27:28 +0200 :: <20160609172728.0...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > also, what OS are you running on ? I mean windows version, btw; also, is the box also running an AV (other than the ClamD used by ASSP) and if yes, which one ? -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Very slow TLS sessions - Windows server
:: On Wed, 1 Jun 2016 22:55:00 -0400 :::: K Post wrote: > Could this be the problem? Is OpenSSL even used by ASSP for receiving > email? I feel like it's not, but thought I'd put this out there. What do you have in SSL_version and SSL_cipher_list ? If empty, try the following config SSL_version SSLv23:!SSLv3:!SSLv2 SSL_cipher_list kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED also, what OS are you running on ? -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Couldn't upgrade to TLS for client
:: On Fri, 3 Jun 2016 12:29:01 +0200 :: <20160603122901.7...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > :: On Fri, 3 Jun 2016 10:17:58 + > :: <5ad00d80569e0f4f9a12bbb01f00ee795a868...@bcsw-smx07.mymhp.net> > :: Martin Voßloh <martin.voss...@mhp.com> wrote: > > > Hi, > > > > it´s possible that the entry is going wrong in this mail? > > > > kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED > > > > the "k" in front of some entrys? > > no, the "k" is correct, stands for "key exchange" and is accepted by > OpenSSL w/o problems (also tried it with other apps using OpenSSL to > implement SSL support) notice that, using the above string, you'll offer the following ciphers Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.2 128 bits RC4-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.1 128 bits RC4-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 256 bits CAMELLIA256-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.0 128 bits AES128-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.0 128 bits RC4-SHA if using a normal certificate, if instead you have an ECDSA enabled certificate, you'll also offer the following ciphers in addition to the above (and preferred) ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 as you see, the setup offers the stronger ciphers firts while still mantaining support for weaker, older ones as a last resource which helps mantaining compatibility with older clients -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Couldn't upgrade to TLS for client
:: On Fri, 3 Jun 2016 10:17:58 + :: <5ad00d80569e0f4f9a12bbb01f00ee795a868...@bcsw-smx07.mymhp.net> :: Martin Voßlohwrote: > Hi, > > it´s possible that the entry is going wrong in this mail? > > kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED > > the "k" in front of some entrys? no, the "k" is correct, stands for "key exchange" and is accepted by OpenSSL w/o problems (also tried it with other apps using OpenSSL to implement SSL support) -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Couldn't upgrade to TLS for client
:: On Thu, 2 Jun 2016 11:55:38 + :: <5ad00d80569e0f4f9a12bbb01f00ee795a865...@bcsw-smx07.mymhp.net> :: Martin Voßlohwrote: > Hello, > > I have very often this error in my logs: > Jun-01-16 11:39:39 [Worker_5] Error: Couldn't upgrade to TLS for > client XXX.XXX.XXX.XXX: > > These settings I have for: SSL version used for transmission > (SSL_version) SSLv23:!SSLv3:!SSLv2 first of all, try the following DoTLS do TLS SSL_version SSLv23:!SSLv3:!SSLv2 SSL_cipher_list kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED the above will give you a decent cipher suites combo offering strong ciphers first but allowing to downgrade to weak ones in case the remote client doesn't support the stronger ones; sure, you may still see some "TLS" messages, but in such a case, those will probably come from very old clients which don't support TLS and only support "SSLvX" (or from bots trying to exploit the SSL bugs to extract infos) so, just ignore those errors :) -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.5.2 build 16137
:: On Wed, 18 May 2016 09:37:39 +0200 :: <20160518093739.4...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > :: On Mon, 16 May 2016 17:25:00 +0200 > :: > <titc.7944f04b18.off5af21ce.9dfbb52e-onc1257fb5.005468e1-c1257fb5.0054b...@thockar.com> > :: > Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > > > Hi all, > > > > fixed in assp 2.5.2 build 16137: > > > > - the termination reply, if 'preHeaderRe' matched, was send to the > > wrong peer > > bug: connection debug files reappeared (debug folder) ! forgot, rolling back to 2.5.2 build 16134 solves the issue -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.5.2 build 16137
:: On Mon, 16 May 2016 17:25:00 +0200 :::: Thomas Eckardt wrote: > Hi all, > > fixed in assp 2.5.2 build 16137: > > - the termination reply, if 'preHeaderRe' matched, was send to the > wrong peer bug: connection debug files reappeared (debug folder) ! -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SSL wants a read first
:: On Wed, 11 May 2016 13:57:47 +0200 :::: Thomas Eckardt wrote: > >Error: Worker_2 accept_SSL SSL wants a read first > > Accept failes because there are data at the socket which have to be > read first. But there is nobody who can read this data (without an > accept) except the Net::SSLeay layer itself. > IMHO the client sends a sequence that can't be processed by the SSL > layer > - for example plain data. Not sure these are related, but may be worth checking https://github.com/libwww-perl/net-http/pull/11 https://www.mail-archive.com/openssl-users@openssl.org/msg74631.html -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SSL wants a read first
:: On Wed, 11 May 2016 11:11:33 +0200 :: <2016051133.7...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > Just upgraded to the latest version and noticed a number of these > messages appearing in the log (ok, dbgview) for different IPs just to be clear, maybe the issue has been there for a while, I just noticed it after upgrading but it may have been affecting previous versions as well -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] SSL wants a read first
Just upgraded to the latest version and noticed a number of these messages appearing in the log (ok, dbgview) for different IPs [5756] (ASSP): 2016-05-11 02:00:12 [Worker_2] Error: Worker_2 accept_SSL to client 192.0.2.0 failed IO::Socket::SSL=GLOB(0x3c3d38c4) (timeout: 10 s) : SSL wants a read first I know that this issue surfaced time ago and was dealt with, but I wonder if some of the latest changes cause the issue to resurface. -- Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] [request] AFC and rar archives
:: On Mon, 9 May 2016 14:14:20 +0200 ::
Re: [Assp-test] [request] AFC and rar archives
:: On Thu, 28 Apr 2016 12:05:35 +0200 :::: aquilinux wrote: > Hi Thomas, any chance in having assp processing rar archives? well, in theory it should be possible (rar and 7z below) http://search.cpan.org/dist/Compress-Deflate7/lib/Compress/Deflate7.pm http://search.cpan.org/~jmbo/Archive-Rar-1.9/Rar.pm in practice, I don't know if it may be worth -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] TLS problems of connectivity?
:: On Tue, 12 Apr 2016 11:23:57 +0200 :::: Thomas Eckardt wrote: > SSL_version:=SSLv2/3:!SSLv3:!SSLv2 > SSL_cipher_list:=DEFAULT:!aNULL:!RC4:!MD5 in case someone is interested, here's my config (watch the wrap) DoTLS := do TLS SSL_version := SSLv23:!SSLv3:!SSLv2 SSL_cipher_list := kEECDH+ECDSA:kEECDH:kEDH:HIGH:+SHA:+RC4:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!DSS:!PSK:!SRP:!kECDH:!CAMELLIA128:!IDEA:!SEED the above prioritizes strong ciphers while allowing a graceful fallback to weaker ones to mantain support for obsolete clients; it's serving me well and I feel like I can recommend it; the resulting ciphers offered by ASSP with the above config will then be the following Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 256 bits CAMELLIA256-SHA Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.2 128 bits RC4-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 256 bits CAMELLIA256-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.1 128 bits RC4-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 256 bits CAMELLIA256-SHA Accepted TLSv1.0 128 bits AES128-SHA Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Accepted TLSv1.0 128 bits RC4-SHA as you see, the ciphers allow to fallback all the way down to RC4-SHA so allowing even really obsolete clients to connect over SSL; at the same time, the preferred ciphers are the strongest one offered, this means that up-to-date clients will have strong security HTH -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Opposite of Block Report
:: On Fri, 19 Feb 2016 09:59:58 -0500 ::
Re: [Assp-test] Unable to run versions newer than 16018
:: On Wed, 10 Feb 2016 11:14:45 -0500 :::: Scott MacLean wrote: > Any idea where I could start to try to figure out what is going on? I'd try the following: stop assp remove the assp\sl-cache folder run a ppm update --install once the update completes run a ppm log --errors 60 check for update errors, fix them and repeat the update; done so, start assp from the command line and let it run so; this way, in case of errors or crashes, you'll see the full message(s) on the console -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Connection issues
:: On Thu, 21 Jan 2016 11:20:23 + :::: cw wrote: > 2016-01-19 20:31:15 m1-35475-10020 [Worker_6] [TLS-in] 94.186.192.136 > info: found message size announcement: 5.36 MByte here the sender announces the message size > Accepted 2016-01-19 20:31:16 m1-35475-10020 [Worker_6] [TLS-in] > 94.186.192.136 to: recipi...@domain.tld [SMTP > Reply] 354 Enter message, ending with "." on a line by itself and here starts the DATA phase for the message > 2016-01-20 04:08:24 m1-35475-10020 [Worker_6] [TLS-in] 94.186.192.136 > to: recipi...@domain.tld info: 1 attachment found > for Level-1 > 2016-01-20 04:08:24 m1-35475-10020 [Worker_6] [TLS-in] 94.186.192.136 > to: recipi...@domain.tld message proxied without > processing (no bad attachments) > 2016-01-20 04:08:24 m1-35475-10020 [Worker_6] [TLS-in] [MessageOK] > 94.186.192.136 to: recipi...@domain.tld message > ok - (noProcessing - message size (5623467) is above 512000 (npSize)) > - [KFI] -> /usr/local/assp/store/okmail/KFI--1513900.eml then ASSP stores the message w/o problems > 2016-01-20 04:08:24 m1-35475-10020 [Worker_6] [TLS-in] 94.186.192.136 > to: recipi...@domain.tld info: received all data > - all data moved to send queue (8) all ok till now, but then ... > 2016-01-20 04:08:25 m1-35475-10020 [Worker_6] [TLS-in] 94.186.192.136 > to: recipi...@domain.tld info: no (more) data > readable from 94.186.192.136 (connection closed by peer) - last > command was 'DATA' here seems to lie the problem, sounds like the remote end isn't sending a QUIT command as it should, so ASSP keeps waiting for further commands from the remote end and keeps the connection active even if idle; then, after some time, the remote end decides to close the connection; now, I'm just shooting in the dark here, but ... does your SMTP server offer the "PIPELINE" option ? If so, it may be possible that the sender sees and uses it, in such a case the sender will send the DATA command followed by the dot and the QUIT command in a single swoop and I wonder if ASSP handles this properly -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP version 2.4.7(16004) :: MainLoop WebTraffic start
It was Fri, 8 Jan 2016 17:21:21 +0100 when Thomas Eckardtwrote: > Does the same happens using http ? just a note; since previous versions of ASSP didn't allow the use of HTTPS, in some cases, I used stunnel https://www.stunnel.org to setup things so that ASSP was/is listening over SSL; the whole setup is easy and quick and can also be used to reach other stuff running on the box ;) -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Logs not rolling
It was Mon, 28 Dec 2015 12:46:12 +0100 when Thomas Eckardtwrote: > The only reason I can see for this is a online filesystem virus > scanner (defender, MSE, ), that is locking the just closed > maillog.txt. Define a scan exception rule for the 'assp/logs' folder. Or, even better, exclude the whole ASSP folder from AV checks; as you know, Thomas, ASSP may (and probably will) store "phish" and other nasty stuff (including viruses if configured to do so) to use them for the corpus so, an AV scan may delete that stuff and that won't do any good to ASSP, so better excluding the whole ASSP folder from scans and let ASSP work as it was designed :) sure, from time to time, one may schedule a scan (no removal, just check and signal) on the folder just to ensure things are ok, but aside from that, better leaving it alone -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.3...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) hmmm... maybe I'm wrong, but after a quick eyeball at the code it sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts while, to be effective it should work with *successful* ones so that, if a given user account gets successful authentication from a number of different IPs in less than a given time T, then we could assume that the account got compromised and is being abused by bots, but the above makes sense only if the check is performed on *valid* auth not on errors -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Sun, 8 Nov 2015 12:09:34 -0500 :::: Scott MacLean wrote: > This sounds like a great feature, but as soon as I turned it on (I > used 3 600), EVERY user attempting to send email, even those > connecting for the first time (including myself) were blocked with a > 4.7.1, and subsequent attempts got them added to PBBlack as well. I > had to turn it off and clean out recent entries to PBBlack to get > things back on track. well, at least it works, doesn't it :D ? No, ok, seriously, sounds like Thomas fixed it with #15313; as for the feature, the idea is to attempt protecting the mail system from bots attempting to abuse stolen credentials to pump out spam; ASSP already has a rate limiter which helps detecting "mass mailing", slowing them down and alerting the admin but, till now, ASSP had no way to deal with a flock of bots with a bunch of different IPs authenticating using some stolen credentials and sending (say) 1 or 2 messages each; both issues can now be taken care of using the new feature :) -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.3...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) forgot, as for the notify, one may want to add the following to the "NotifyRe" warning: too many recipients too many authentication attempts to get notifications for both the rate limiter *and* the new auth IP checker, this could allow mail admins to be quickly alerted about possible outbound spamruns and/or compromised accounts -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Possible auth bug
It was Fri, 16 Oct 2015 10:12:49 +0200 when Thomas Eckardtwrote: > offering PLAIN and discard it - is an admin config mistake > doing PLAIN if it is not offered - is a client fault and will be > counted doing wrong authentication - is a client fault and will be > counted the server offers (and accepts) both PLAIN and LOGIN, but for some reason, the client is failing the PLAIN one (which works, tested it) > no no no :) ! Seems you had a bad night and you need a very > strong coffee this morning :):):) > Yeah Andrea - I also suffer on the shorter and shorter daylight. LOL ... yeah, that's an issue, I must admit it :) ! Anyhow, will keep an eye on the reported (by a couple users) issue and if possible (and if it repeats) send you a copy of the logs just to let you see what I'm seeing; as you wrote I always though the mechanism was set up to reset the failcount at the first successful login, but this, apparently, doesn't seem to be the case; I'll need to fathom it a bit and, if I won't find a way out, try having another couple eyes on the issue in case it may be a bug :) -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Possible auth bug
I'm running the latest version of ASSP and I've possibly spotted a bug; some clients try authenticating with "PLAIN" login, fail, retry using the "LOGIN" mechanism and succeed, here's a log snippet info: authentication - plain is used info: authentication (PLAIN) realms - foruser:u...@domain.xyz, user:u...@domain.xyz [SMTP Error] 535 Authentication failed. Restarting authentication process. info: authentication - login is used info: authentication (LOGIN) realms - user:u...@domain.xyz authenticated to 192.0.2.1 now, the problem is that (apparently) after the successful authentication ASSP does not reset the "failed login count" for the sending IP, so, if the client sends a number of messages, after a while ASSP locks out the IP due to "too many auth failures"; now this sounds like a bug to me, since, after the IP successfully authenticates, its "fail count" should be reset to zero -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Don't to DNSBL for a from domain
:: On Thu, 8 Oct 2015 11:23:49 -0400 ::
Re: [Assp-test] BUG? DNS Server Rotation 15255
:: On Fri, 18 Sep 2015 17:46:12 +0200 :: <20150918174612.6...@gmx.net> :: Grayhat <gray...@gmx.net> wrote: > :: On Fri, 18 Sep 2015 11:39:06 -0400 > :: >
Re: [Assp-test] BUG? DNS Server Rotation 15255
:: On Fri, 18 Sep 2015 11:39:06 -0400 ::
Re: [Assp-test] error: RWL check failed : send: Bad file descriptor
:: On Wed, 16 Sep 2015 09:04:55 -0400 ::
Re: [Assp-test] SURBL changes
It was Tue, 11 Aug 2015 08:47:55 +0200 when Thomas Eckardt thomas.ecka...@thockar.com wrote: Thank you for the information -Tom. At this time I'm unable to use these very nice new features of SURBL in assp. Implementing them in the current URIBL-code, will make the code too complex. The current code has to be redesigned, or a new code and logic must be written for SURBL. I'll put it on the TODO list. A possible tweak may be writing an ASSP module to deal with SURBL -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Public suffixes (TLDs) list
:: On Thu, 23 Jul 2015 15:00:06 +0200 :: 20150723150006.2...@gmx.net :: Grayhat gray...@gmx.net wrote: Not sure ASSP needs it, but in case, here's the main site https://publicsuffix.org/ and here's the list https://publicsuffix.org/list/public_suffix_list.dat notice that it's used from (e.g.) mozilla and others to find out TLDs, also notice that the file uses some particular syntax, so some records may contains stuff like *.tld or !prefix.tld not a real problem, but better knowing it; anyhow, the list contains all the TLDs including the double ones and is constantly updated. also, and since ASSP is written in Perl https://github.com/usrflo/registered-domain-libs/ :) -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Public suffixes (TLDs) list
Not sure ASSP needs it, but in case, here's the main site https://publicsuffix.org/ and here's the list https://publicsuffix.org/list/public_suffix_list.dat notice that it's used from (e.g.) mozilla and others to find out TLDs, also notice that the file uses some particular syntax, so some records may contains stuff like *.tld or !prefix.tld not a real problem, but better knowing it; anyhow, the list contains all the TLDs including the double ones and is constantly updated. HTH -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 15130
:: On Sun, 10 May 2015 22:54:08 -0400 :: CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: example: 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO, cruzio.com, , Y, 19, changedetection.com SO GREAT that it shows the changedetection.com hostname in the analyze gui now, but it's not matching my whitelist, because the domain of cruzio.com takes priority. If only ASSP would look to the hostname as well, regardless of if there's a domain listed, we'd be golden. the purpose for the senderbase queries is different, it's used to find the IP *owner* country (as opposed as the IP country, a big player may use IPs spread all over the globe but be based in country XX) and the owner informations; when it comes to IPs and domain/host names we have DNS lists and URI lists... and sincerely it seems to me that you are missing the inner working of ASSP, see, the code uses a layered check approach where each bit and piece contributes to the scoring; my humble suggestion is to try reading the archives of this list and/or looking at the ASSP source code -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase not always matching domain
:: On Thu, 7 May 2015 14:35:35 -0400 :: calhpkamvo4yb2h2wsmywmpjzuwphzec_inrygywmggcgkw8...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: However, a nslookup for the txt record only shows 38.100.169.66.query.senderbase.org text = 0-0=1|1=CHARTER COMMUNICATIONS|2=7.2|3=7.3|4=62870|6=0|7=47|8=9404927|9=157351|45=N|46=16|48=24|50=Fort Worth|5 1=TX|52=76114|53=US|54=-97.3972|55=32.7807 reverse the IP, luke dig +short 66.169.100.38.query.senderbase.org. TXT 0-0=1|1=COGENT COMMUNICATIONS|2=7.7|3=7.7|6=0|7=317|8=24457518|9=49497|20=mta60 2.e.delta.com|22=Y|40=4.9|41=4.7|43=4.7|44=9.7|45=N|46=21|48=24|53=US|54=-97.0|5 5=38.0 or, using nslookup nslookup -type=TXT 66.169.100.38.query.senderbase.org. but the result will be the same; the org_name (1) will be COGENT and the hostname (20) mta602.e.delta.com while the country (53) is US; for further details about the results, see here http://cpansearch.perl.org/src/JOENIO/Net-SenderBase-1.02/lib/Net/SenderBase/Results.pm -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Feature Idea: DMARC aggregate reporting parsing?
:: On Mon, 4 May 2015 12:47:33 -0400 :: CALhpkA=NgD+KSyNOuncxzfOWKmpHb+ai=q2r3emxwnnc9dv...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: Yeah, a chuckle (and I hope that didn't come across as mean spirited or anything - certainly wasn't intended that way - I just gave a chuckle, because it's more of a yeah right - that'll never be approved type of situation - I didn't mean it as a commend on you in any way) The problem is that dmarcian's free service doesn't have much in the way of reporting and doesn't have any email alerts. Their pay service sounds terrific, but that's just not a possibility here. So, I was hoping to see ASSP handle some of this for us.It appears that its already able to send the aggregated XML reports to the dmarc addresses per domain, so I'm wondering if it's reasonable to extend ASSP to parse those xml reports that come inbound. Do you think that would be a useful feature? I see... but then, if I'm not wrong, the codebase over which the dmarcian site has been built is open source, so nobody forbids you (or whoever else, for that) to pick the very same code and build your own DMARC parsing and reporting app; and no, I don't think that building such a feature inside ASSP would be a good idea; ASSP is (and I hope will be) a mail (SMTP) filter, trying to add to it features which are outside of its purpose and may negatively impact over its primary one -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase not always matching domain
:: On Tue, 5 May 2015 10:42:12 -0400 :: CALhpkA=j9zy3y8tpmgwyn2f6oosn5k578e2vtv1yp_brobj...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: Take Delta Airlines for example. They send a message from 38.100.169.66 Looking at senderbase: http://www.senderbase.org/lookup/?search_string=38.100.169.66 I get Hostname mta602.e.delta.com Domain Help e.delta.com Network Owner Help Cogent Communications http://www.senderbase.org/lookup/ip/?search_string=38.100.169.66 :) -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase not always matching domain
:: On Tue, 5 May 2015 11:22:07 -0400 :: CALhpkAnP1_EObYXMgfduF7smppj82gPx1=tbtp+vpsq0xlj...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: Sorry Greyhat, you lost me. What does this show different from what I was saying? Maybe I wasn't clear. When I pull up the analyze interface in assp it shows only Cogent, doesn't show e.delta.com, do it's not a match to my regex, and thereby doesn't get the whitesenderorg bonus. yeah, you're right, it's a strange behavior; I wonder if ASSP is using the /24 instead of the IP (didn't check the code) ... And here's another issue I'm seeing with Senderbase: 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org DKIM-Signature found and here ASSP says that the message contains a DKIM signature 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org info: domain emails.snapfish.com has published a DMARC record and that the sending MTA domain (emails...) publishes a DMARC record http://www.senderbase.org/lookup/?search_string=12.130.137.89 [MissingMX] 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org [scoring] MX missing: emails.snapfish.com 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org Message-Score: added 10 (mxValencePB) for MX missing: emails.snapfish.com, total score for this message is now 10 wrong, the domain has two MX records, that is MX 10 imh.rsys2.net. MX 20 imh2.rsys2.net. 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org HMM Check [scoring] - Prob: 1.0 = spam 12.130.137.89 snapfish.4...@envfrm.rsys2.com to: u...@ourcharity.org Message-Score: added 49 for HMM Probability: 1., total score for this message is now 59 ok sounds like HMM isn't properly trained, let's skip this one for the moment ... The from IP in the Responsys network, and I've got that network whitelisted in my senderbasewhite org config. I've got senderbase set to score. Senderbase logging is set to normal. here's what senderbase replies when queried (over DNS) for that IP IP address : 12.130.137.89 version : 1 org_name : RESPONSYS org_daily_magnitude : 7.3 org_monthly_magnitude: 7.2 org_first_message: 0 org_domains_count: 3 org_ip_controlled_count : 5640 org_ip_used_count: 2889 hostname : omp.emails.snapfish.com hostname_matches_ip : Y ip_daily_magnitude : 4.1 ip_monthly_magnitude : 4.7 ip_average_magnitude : 4.8 ip_30_day_volume_percent : 7.8 ip_in_bonded_sender : N ip_cidr_range: 12.130.136.0/22 undocumented #48 : 24 ip_country : US ip_longitude : -97.0 ip_latitude : 38.0 so, yes, the ASSP org check should match that RESPONSYS if you placed it in whiteorg In the ASSP analyze interface, it shows a WHITE match as it should) 12.130.137.89 SenderBase: status=white SenderBase, data=US, RESPONSYS, , , Y, 22 but where's the senderbase line in the log? good point but I've no answer, sounds like you found a bug -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Feature Idea: DMARC aggregate reporting parsing?
:: On Sat, 2 May 2015 18:56:45 -0400 :: CALhpkAma-LHYogv95zH4SoqQEFdSEJanfn52E=flxxvbthy...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: I'm loving the idea of DMARC. We've been getting reports for a couple different .org domains. The problem is that they need to be parsed manually. Any chance that ASSP could intercept DMARC reports (aggregate and failure reports), extract the xml from the zip and simply toss the results into a database? Do you think people would find this useful. Failure reports will help identify what servers are sending mail as us that shouldn't be. Aggregate will give us a good idea of the volume of email that's going to each of the providers who send reports. Would be terrific to be able to see stats and specifics per domain. Certainly not a critical feature... Thoughts? yes, have a look here https://dmarcian.com/get_started/ :) -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Feature Idea: DMARC aggregate reporting parsing?
:: On Mon, 4 May 2015 11:36:22 -0400 :: CALhpkA=5pxi9xM7rrP-gO3guwN5LkEd_UTdubf=L=fdkkue...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: On Mon, May 4, 2015 at 2:28 AM, Grayhat gray...@gmx.net wrote: yes, have a look here https://dmarcian.com/get_started/ :) Thanks for the chuckle grayhat! Ah, the joys of a virtually no IT budget charity. Chuckle ? Well, you asked for some kind of tool to parse DMARC reports and draw some eye candy and the above has what you asked for, just look at the domain lifter https://dmarcian.com/domain_lifter/ the basic account is free and you can automatically reroute (or forward) your DMARC reports to them so that they'll be automagically parsed :P -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Prevent certain domains to be used with amiguous origin (as anti-phishing)
:: On Tue, 24 Mar 2015 14:06:29 +0100 :: zarafa.55116155.be48.464ae5f7799bf59d@zarafa-server.mirmana.local :: Jean-Pierre van Melis j...@mirmana.com wrote: coming from banks that are local in my country. Some of these banks use SPF-records and I've set all these domains to convert these SPF-records to strict. This isn't enough because these spammers are now using envelope-addresses and they are not scanned for SPF (well they shouldn't be) uh... SPF *does* check envelope FROM ! It doesn't check the mime part of the message but that's by design; sure, one may decide to implement the SenderID and the so-called PRA mechanism https://tools.ietf.org/html/rfc4407 but sincerely I'm not sure it would bring advantages and, for sure it may cause a whole lot of false-positives :P -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 15067
:: On Mon, 9 Mar 2015 06:37:32 +0100 :: titc.75106d84be.offee15045.c8f559d7-onc1257e03.001cdd31-c1257e03.001ee...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: The concept of the central RDB (for HMM and Bayesian) backend is not fast enough to process several hundred thousands or million mails a day. If 100.000 mails have to be processed with HMM and/or Bayesian in a day, this will lead in to 6.000.000 - 60.000.000 SQL queries a day (only for HMM). What DB engine (cluster) is able to do this? And this is only the average calculation - what about the peaks? Hmmm... MongoDB :) ? Or maybe some other NoSQL DB; the problem is that the code would need to be extensively modified to use them http://kkovacs.eu/cassandra-vs-mongodb-vs-couchdb-vs-redis -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 15067
It was Sun, 8 Mar 2015 13:38:51 +0100 when Thomas Eckardt thomas.ecka...@thockar.com wrote: Such a setup requires an enormous and expensive amount of hardware resources, a very high knowledge in does this mean that if one upgrades ASSP it will not work anymore due to system constraints ? -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Net::SMTP::SSL Broken
:: On Fri, 27 Feb 2015 22:14:43 + :: sig.2500180832.54f0ec53.6070...@gmail.com :: Colin colin.war...@gmail.com wrote: This isn't an ASSP bug, but a heads up to anyone building a new system. As it turns out, apparently Net::SMTP::SSL hasn't been updated in many years. Recent changes in libnet (post 1.27) mean that Net::SMTP::SSL will no longer pass build tests. Noticed that, lately my ASSP logs an error in the moduleloaderrors logfile about the fact that it can't load Net::SMTP::SSL, yet the SSL and TLS support are working just fine, so I suspect this isn't a big issue -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Changing to MySQL
It was Sun, 28 Dec 2014 16:50:22 -0500 when Trevor Jacques tre...@videlicet.com wrote: 27-Dec-2014 22:26:34 [Worker_1] Delaydb database error: TIEHASH: Can't open dbi:mysql:database=assp;host=127.0.0.1, Can't connect to MySQL server on '127.0.0.1' (61) at assp.pl line 8259 thread 1. First of all, ensure to run ASSP from console, that is NOT as a daemon but as a regular, manually started process; this way you'll be able to see messages on the console (and errors too), next, did you try enabling the MySQL logging (and increasing its level) to check MySQL logs and try seeing if there's some MySQL side error ? Did you check if the DB and tables needed by ASSP have been correctly created (even if not populated) ? In case, have a look here (check the MySQL related portion of the instructions) http://wiki.linuxservertech.com/index.php?action=artikelcat=16id=20artlang=en Also, and as a final note; when migrating from flat files or BDB to MySQL it would be a good idea disabling SMTP so that ASSP will have all the time to import data into the DB tables -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Changing to MySQL
It was Mon, 29 Dec 2014 08:59:15 +0100 when Thomas Eckardt thomas.ecka...@thockar.com wrote: Can't connect to MySQL server on '127.0.0.1' MySQL-Server: my.ini - max_connections=800 (very old assp versions may require this) assp.pl diff: 2.1.2(11329) - 2.4.4(14355) 4500 changed lines 14000 missing lines :-( :-( :-( I suspect it may be a very good idea upgrading to the latest version of ASSP, sure, it may/will require time and effort, but for sure it will solve a number of issues and ensure to have all the latest patches and improvements :) -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Changing to MySQL
It was Mon, 29 Dec 2014 07:18:56 -0500 when Trevor Jacques tre...@videlicet.com wrote: Understood, but: The version of asap is the latest that my server config can run,... I’m not yet in a position to change that configuration. It’s an old box. :-/ All other indications are that using a db should work with this set up. ok Trevor, try the following; setup a virtual machine (VMWare, Virtual Box, whatever floats your boat), install the OS which you have/need, next install all the other bits and pieces along with MySQL and, by the way, the latest ASSP with all the needed modules and stuff, at that point, your VM image may be uploaded/used onto whatever hoster and in the mean time you will still have your current box/setup running :) -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Changing to MySQL
It was Mon, 29 Dec 2014 09:36:48 -0500 when Trevor Jacques tre...@videlicet.com wrote: microseconds 29-Dec-2014 07:34:01 [Worker_1] Delaydb database error: TIEHASH: Can't open dbi:mysql:database=assp;host=127.0.0.1, Can't connect to MySQL server on '127.0.0.1' (61) at assp.pl line try editing the hosts file, add something like mysql.assp.local there pointing the entry to 127.0.0.1, then change the ASSP setup to use mysql.assp.local as the DB server (and before doing so, check that such a host is working from [say] cmdline mysql) -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SMTP AUTH Failure Logging FEATURE REQUEST
It was Sat, 27 Dec 2014 04:03:40 -0800 when Mr. Courtney Creighton a...@dezignguy.com wrote: Mr. Courtney Creighton wrote on 12/27/2014 1:17 AM: So, I'd like to ask if it's possible to add additional logging info so that ASSP can log the SMTP AUTH attempts in a manner to distinguish failures? Well, I've got a workaround for now... with some adjustments to my settings, I can look for the line when ASSP triggers on MaxAUTHErrors (lowered my setting), and my logscanner can then pass that IP to the firewall. Blocked 119.29.xx.xx - too many AUTH errors (2) Still, it might be nice to know just how many AUTH attempts are failing, and not just when they reach the MaxAUTHErrors threshold. 2 attempts in the above case :) -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Changing to MySQL
It was Mon, 29 Dec 2014 10:04:03 -0500 when Trevor Jacques tre...@videlicet.com wrote: try the following; setup a virtual machine ...install the OS which you have/need, One can’t do that with OS X Server Leopard. :-( I have to find a way Hmmm... sounds like using VirtualBox and a couple tricks it should be possible http://lifehacker.com/5583650/run-mac-os-x-in-virtualbox-on-windows to get assp to work in the current environment, or just leave it using files for databases. or you may move ASSP to a separate box/instance :) -- Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Question about TLS
First of all, the config; ASSP SSL is configured as follows DoTLS = do TLS SSL_version = TLSv1 SSL_cipher_list = HIGH:!LOW:@STRENGTH so basically the SSL configuration isn't so strict (for the sake of testing I left the cipher list quite relaxed); now the problem: using openssl I tested the ASSP as follows: openssl s_client -connect my.assp.xyz:25 openssl s_client -starttls smtp -connect my.assp.xyz:25 both the above work without problems, they report that the connection is encrypted and that the used protocol is TLSv1... but then, if I try the following openssl s_client -starttls smtp -tls1_1 -connect my.assp.xyz:25 openssl s_client -starttls smtp -tls1_2 -connect my.assp.xyz:25 in both cases the result is a failure; now... why is ASSP only supporting TLSv1 and not 1.1 and 1.2 ? -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Question about TLS
:: On Mon, 22 Dec 2014 12:02:48 +0100 :: titc.9433ab725d.of306905e4.80bd1da5-onc1257db6.003ae7d5-c1257db6.003ca...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: Net::SSLeay C:\ ppm s Net-SSLeay 1: Net-SSLeay Perl extension for using OpenSSL (1.0.1j) Version: 1.66 Author: Maintained by Mike McCauley and Florian Ragwitz since November 2005 Repo: bribes.org CPAN: http://search.cpan.org/dist/Net-SSLeay-1.66/ Installed: 1.66 (site) Installed: 1.52 (perl) sounds like the installed version should support TLS1.1 and 1.2 but judging from the openssl tests I ran this doesn't seem to be the case; I wonder if that version difference between site and perl may be the source of the issue (not sure what it means) -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Question about TLS
:: On Mon, 22 Dec 2014 12:22:10 +0100 :: titc.6433be3d22.ofa02dfcab.80f8e04f-onc1257db6.003e277c-c1257db6.003e7...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: Sets the version of the SSL protocol used to transmit data. 'SSLv23' uses a handshake compatible with SSL2.0, SSL3.0 and TLS1.x, while 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1' or 'TLSv1_2' restrict handshake and protocol to the specified version. I tried entering SSLv23:!SSLv3:!SSLv2 in SSL_version but ASSP refuses the above popping up an invalid cipher message :( ... solved it by entering the following string SSLv2/3:!SSLv2:!SSLv3 which in effect disables SSL while allowing TLS 1.0 and up so now, connections on port 25 are accepted in clear or using STARTTLS which is exactly what I needed; thanks. -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14355
It was Sun, 21 Dec 2014 17:56:12 +0100 when ObiWan an...@gmx.net wrote: It was Sun, 21 Dec 2014 16:05:10 +0100 when Thomas Eckardt thomas.ecka...@thockar.com wrote: Hi all, fixed in assp 2.4.4 build 14355: - the 'Received:' header line parser in the analyzer code was not working correct in every case Not sure it's related, but I didn't notice this problem with previous version: [2544] (ASSP): 2014-12-21 08:53:32 [Worker_1] Downloading griplist.conf via direct HTTP connection [2544] (ASSP): 2014-12-21 08:53:32 [Worker_1] AdminInfo: griplist.conf download failed: 500 write failed: Bad file descriptor [2544] (ASSP): 2014-12-21 08:53:32 [Worker_1] Downloading Griplist via direct HTTP connection [2544] (ASSP): 2014-12-21 08:53:33 [Worker_1] AdminInfo: Griplist download failed: 500 write failed: Bad file descriptor [2544] (ASSP): 2014-12-21 08:53:33 [Worker_1] Info: next Griplist download in 1 hour 40 mins while after upgrading to 14355 I noticed the above in the log same issue with blocklist and other lists :( (oh and there's enough free space on disk) -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14355
It was Sun, 21 Dec 2014 18:13:34 +0100 when grayhat gray...@gmx.net wrote: same issue with blocklist and other lists :( (oh and there's enough free space on disk) sounds like it's unrelated; rolled back to previous version and the issue remains, same error riplist download failed: 500 write failed: Bad file descriptor also, while I was checking the logs I also found this error in the log error: Couldn't upgrade to TLS for client 146.101.78.103: SSL accept attempt failed error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number so... what should I do to solve the griplist/blocklist errors and... is the above SSL error a transient one or something I'll need to somewhat fix (and how) ? -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Google drops NoTLS?
:: On Thu, 11 Dec 2014 14:55:31 +0100 :: 028501d0154a$210e68a0$632b39e0$@scandinavianhosting.se :: Pontus Hellgren pon...@scandinavianhosting.se wrote: Hi there! Got some people complaining about not getting mail from domains hosted at googles mailservers. Dec-11-14 14:44:24 [Worker_1] 209.85.214.182 info: got STARTTLS request from 209.85.214.182 Dec-11-14 14:44:24 [Worker_1] 209.85.214.182 [SMTP Error] 502 command not implemented Dec-11-14 14:44:24 [Worker_1] Disconnected: session:AA61610 209.85.214.182 - processing time 1 seconds hmmm... why don't you just configure your ASSP to act as a TLS proxy ? I suspect that your mail server is offering TLS but ASSP isn't configured to deal with it, so the Goog tries to use TLS and getting a 5xx error just does what the RFCs say, that is, generates an NDR. If your backend SMTP server doesn't support TLS it may be a good idea to configure doTLS to do TLS and, by the way, to add the needed certificates to ASSP. On a second thought... not sure about it, probably Thomas may shed some light... let's suppose the backend SMTP server is configured to do TLS and offers a 250-STARTTLS to the EHLO command, now, let's also say that ASSP doTLS is set to drop TLS; in such a case, the sender will see a Hey, I support TLS message but when it tries to use TLS, ASSP will drop it and emit an error... if that's the case then the issue is related to ASSP which will need to eat the STARTTLS offer emitted by the server... although, sincerely, I think the real issue is due to a wrong setup, not to the ASSP code :P -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Google drops NoTLS?
:: On Thu, 11 Dec 2014 22:50:05 +0100 :: 009a01d0158c$6ce8b860$46ba2920$@scandinavianhosting.se :: Pontus Hellgren pon...@scandinavianhosting.se wrote: Thanx for all info! ASSP was set to proxy TLS but I guess I have some work to do on the MTA and ASSP because the chain of delivery is not working as I would like it to do. I do want assp to check all mail so I will try and make assp make use of the MTAs certificate. For now I will have to live with ASSP and no TLS, because clearly the MTA is not doing TLS right. Thanks for a great program and a Great forum. if you want to use TLS you'll need to install on ASSP the same certificate(s) you're using for your MTA, next, set ASSP to do TLS this way, ASSP will deal with the TLS negotiation *and* will be able to see the incoming email in clear so being able to filter it -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 14:42:58 +0200 :: titc.03729f3878.ofcd7ece66.f480b515-onc1257d79.0045488a-c1257d79.0045d...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: 'FileLogScan','Scan Stored Files for Virus with FileScan' 'If virus check is enabled ( DoFileScan ), every file/mail in the 'resendmail' (except reports) folder and Thomas... why don't you change this feature to some kind of stored mail scan; that is, if the flag is enabled, ASSP may queue received mails into some list, then a separate, background thread will call the ClamAV scanner to scan each file and, if needed, quarantine it (as a note the quarantine folder may be used during spamcorpus rebuild :D) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 14:49:43 +0200 :: 20141022144943.0...@gmx.net :: Grayhat gray...@gmx.net wrote: Thomas... why don't you change this feature to some kind of stored mail scan; that is, if the flag is enabled, ASSP may queue received mails into some list, then a separate, background thread will call the ClamAV scanner to scan each file and, if needed, quarantine it (as a note the quarantine folder may be used during spamcorpus rebuild :D) to explain it better, ASSP will save files as it does, but it will also queue names so that the worker handling the scan will extract them from the queue and scan them; this will avoid the need of separately scanning them *and* may allow placing a notice in the spamreport which will show infected :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 15:09:47 +0200 :: titc.6372c6e693.of581c4ccf.bef7cd3e-onc1257d79.00471ba1-c1257d79.00484...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: How ever, assp has to make sure, that no other assp process is able to access the file before it was scanned - so, a long term queue (anytime queue) is not an option. thinking loud: store the file in a separate scan folder, then the scanner process will decide where to move it (regular storage or quarantine); this way only the scanner will know where the file is :) As for using a regular thread or an high one... I wonder why you aren't spawning another thread just for this task; all in all it will run only if this scan is enabled :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14295
:: On Wed, 22 Oct 2014 16:03:05 +0200 :: titc.5372cf6baa.of7b87b0fb.218efdb5-onc1257d79.004a1b98-c1257d79.004d2...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: used by the rebuildspamdb to make the spam detection more accuate. Only the resend is dangerous - an infected file should not (never) be resent. uhm... well, in general I'd agree, but think about AV false positives; in such cases having the ability to get the email may be quite useful :) -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Whitelisted Domain | still getting blocked by DNSBL
:: On Thu, 2 Oct 2014 07:57:27 + :: 998763f529fc47b793af998c7c7b1cba@GTIEXMB02.ghobash.local :: Nadeem Abdulla nadeem.abdu...@abaninvestment.com wrote: 172.29.1.106 The above IP is a PRIVATE, unroutable one; see http://en.wikipedia.org/wiki/Private_network for details; if that's the IP you're trying to whitelist and if it's reaching your ASSP over a public internet connection then you have some big networking problem -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Running ASSP with MS Exchange?
:: On Mon, 22 Sep 2014 19:47:22 + :: 5ccb67a6fa6f8244bed9f1a68b59fec00198148...@newman.corp.necomm.com :: Jay Tarbox jtar...@necomm.com wrote: I've been running it with Exchange for years now. The way I do it is - Exchange is configured with an outbound smarthost which is the relay port of ASSP. ASSP has a relay host of a.b.c.d:55587 pointing back at the IP of Exchange server. This allows ASSP to see email that's gone out, so as to whitelist and allow a response. I have installed IIS's SMTP engine in the Exchange server which listens on 55587, then sends email out to the internet. Inbound, I simply have ASSP pointed at Exchange, port 25 as the SMTP destination. just some notes; I prefer having the IIS SMTP running on the ASSP box so that outbound emails don't go back to the backend server; same goes for the DB, the ASSP box also runs the DB engine (whatever you choose to setup) used to store all the needed infos -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14253
may fetch the notes and email them to the admin Joining any of the available assp user mailinglists solves this problem :):):) the 'Notify' feature will do it , if configured this way - eg. somthing like: Info: autoupdate: new assp\.pl\.gz downloaded=ad...@mydomain.org If someone does'nt enable 'AutoUpdateASSP' and has'nt joined any of the assp user mailinglists , I assume that he/she is not interested in any further information about assp. I know :) but then, often, your short emails announcing new/updated versions are more informative than the whatsnew that's why I asked, then, sure, whoever runs the beta should join this list but the real point is that one may miss some announcements (for a reason or another) so having them included into the hey admin, there's new version email could be useful imHo :) -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 14253
:: On Wed, 10 Sep 2014 07:29:23 +0200 :: titc.0330ce0a1a.ofd73851c5.b7a19be5-onc1257d4f.001d6340-c1257d4f.001e2...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: Hi all, fixed in assp 2.4.4 build 14253: - the fix for invalid UTF8 data in build 14250 was too strict and has possibly destroyed mail data Thanks Thomas; just a note/request, given that ASSP can alert the admin about available updates, what about placing the release notes (the same you email here) on the server so that upon checking for a new version, ASSP may fetch the notes and email them to the admin along with the notice of the new available version ? -- Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] New installation ASSP
:: On Tue, 10 Jun 2014 14:17:49 +0200 :: ofe2777f5c.4eb81c38-onc1257cf3.0041552b-c1257cf3.00438...@dometic.se :: Anders Westin anders.wes...@dometic.com wrote: Today: I´m running two linux servers: Server 1: (MX weight 10), it´s on this server i run Rebuild SpamDb dist:( 2.6.32-5-686-bigmem (Debian 2.6.32-39squeeze1)) Mysql ASSP Bind Server 2: (MX weight 20) dist:( 2.6.32-5-686-bigmem (Debian 2.6.32-39squeeze1)) ASSP Bind Tomorrow: I´m planning at least three servers one DB server and two ASSP machines: First of all, why don't you use VMs :) ? Then... if you're planning to use 3 boxes (virtual or not) consider using unbound in place of Bind as the DNS resolver (see http://www.unbound.net/), you may then consider running RBLDNSD (http://www.corpit.ru/mjt/rbldnsd.html) on the DB box so that you'll be able to both run your own blacklists or keep a local copy of external DNSBLs -- HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing Easy Data Exploration http://p.sf.net/sfu/hpccsystems ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] New installation ASSP
:: On Tue, 10 Jun 2014 15:41:36 +0200 :: of06006753.84cf443d-onc1257cf3.004ab36a-c1257cf3.004b3...@dometic.se :: Anders Westin anders.wes...@dometic.com wrote: Hi Grayhat Of course i run them virtual thanks for the tip of unbound and local RBL oh, you're welcome; as for unbound, for further configuration tips and ideas, have a look at https://calomel.org/unbound_dns.html the site has some quite interesting tips ;) -- HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing Easy Data Exploration http://p.sf.net/sfu/hpccsystems ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Perl and HeartBleed
Folks, not sure you followed the lates security issue regarding OpenSSL, if you didn't, have a look here http://heartbleed.com/ http://filippo.io/Heartbleed/ https://github.com/FiloSottile/Heartbleed basically, the issue is due to a bug affecting the *whole* OpenSSL 1.0.0x series and causing the libs to disclose data; now, patching is a need, not an option, but what about ASSP ? See, if you try looking at the Perl folder (e.g. ActivePerl on 2k8) you'll find a bunch of OpenSSL DLLs spread around inside a number of different folders... so, HOW do you patch that beast so that ASSP is *not* vulnerable ? -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.2 build 14092
:: On Fri, 4 Apr 2014 17:26:20 +1100 :: 3f0c3797-6756-4e57-9577-ad7b56281...@bordo.com.au :: James Brown jlbr...@bordo.com.au wrote: Looks like it is still happening under Mac OS X: Apr-04-14 01:01:11 [Worker_10001] Warning: got unexpected signal SEGV in Worker_10001: package - main, file - sub main::BayesWordClean, line - 11! ASSP version 2.4.2(14092) I know what you are going to say about Perl versions! (I’m just too scared to upgrade in case it breaks things!) All I can say is that I upgraded to 5.16 without too much hassle; as a note, a good way to run such upgrades is running ASSP inside a dedicated VM; in such a case you may just clone the VM, upgrade Perl and the modules and once everything will be ok, update the corpus of the new VM with the one from the live ASSP and then swap the VMs; notice though that in my case I just upgraded the current ASSP Perl in place w/o doing the above (the above is just a suggestion to help running the upgrade in safe mode) -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] DKIM spam
:: On Fri, 14 Mar 2014 13:51:37 - :: sig.91501147d0.01cf3f8c$85a7ed20$90f7c760$@lanternhosting.co.uk :: Colin Waring co...@lanternhosting.co.uk wrote: I was wondering if anyone else was seeing an increase in spam messages that come with a valid DKIM signature? It has gotten to the point where I have had to set DoDKIM to disabled because so much rubbish is coming through and I can't think of many circumstances where DKIM is actually used extensively. I don't think it's a DKIM issue (or an SPF one or whatever); see, the number of bots trying to bruteforce credentials (either over SMTP or POP3/IMAP) dramatically raised (and I'm not counting the malware which steals them from victim's machines) and once those credentials are upped to some botnet controller, the bots will just start pumping a lot of junk through a server using the stolen credentials and DKIM or SPF won't be able to do much; bottom line, ensure to check for bounces and keep an eye on your servers; as for bounces; if someone here is running on win and using the IIS SMTP as the outbound mail router, it may (will !) be a good idea to configure it to also send a copy of NDR emails to some mailbox you manage (say ndr...@example.com) so that you'll be able to see the bounces and take action (ok, this is a raw and straight approach but as a first step it's better than nothing) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Spammers able to go through ASSP with false credentials... (as it seems to be for me)
@Grayhat It does appear there is such an increase... These people had these passwords for a long time (which in itself is wrong, of course). Couple notes; if possible, try enforcing password complexity rules [1] a little bit and ask your users to change their passwords or, if possible setup some password expiry policy so that passwords will change in time; also, be warned about the so-called password reuse [2] which is a perfect way to compromise everything at once :) [1] http://xkcd.com/936/ [2] http://xkcd.com/792/ -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Spammers able to go through ASSP with false credentials... (as
ASSP development mailing list assp-test@lists.sourceforge.net schreibt: It now gives me exactly the credentials being used... just a bit of warning; logging usernames AND passwords means that anyone having access to the logs will be able to access those email accounts; not so nice imVHo better if ASSP could only log failed attempts credentials. -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Spammers able to go through ASSP with false credentials... (as it seems to be for me)
:: On Sun, 23 Feb 2014 19:38:38 +0400 :: titc.713176f2cf.offd9ec82f.07a8fced-onc1257c88.00556a78-44257c88.0055f...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: Feb-21-14 17:44:09 [Worker_2] [TLS-out] 116.203.191.142 [SMTP Reply] 235 2.7.0 Authentication successful [...] The connected server (85.214.251.232:25) has replied '235 2.7.0 Authentication successful' - why should assp assume that this is wrong? Also, and since we're at it, sounds like there has been an increase in email credetials bruteforcing attempts; if you check ASSP (or mailserver) logs you may notice quite a number of logon failures and most of them coming from flocks of different IPs (also check POP3 and IMAP on mailserver logs); sounds like botmasters are using lists of email addresses scraped on the 'net to try finding weak passwords and then abuse the accounts to pump out junk -- Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP log file update frequency
I think the possibly maximum is around 50 seconds. The MainThread is monitored by the MaintThread for actions. If the delay is too long, it may happen that the assp process will restart. the only real solution (assuming we need it ... and I'm not sure about it) would be setting up the log as a queue so that each and every log write enqueues a line to the log, then we may have a logger thread which will run lazy picking up (popping if you prefer) items from the queue and writing them to the log... still, I'm not sure I'd like it; also, and since we're at it, I don't think this is an ASSP issue rather a fail2ban one -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP log file update frequency
:: On Mon, 17 Feb 2014 14:05:38 -0500 :: sigth.1125b22c27.2d291066-e804-491c-91f8-5a1807df2...@videlicet.com :: Trevor Jacques tre...@videlicet.com wrote: On 17 Feb 2014, at 9:59, Thomas Eckardt thomas.ecka...@thockar.com wrote: hmmm ... lazy - to log, or not to log, that is the question :):):) :-) Be sure, delayed logging will never become a feature in assp. Given that it takes only two lines and that it might be useful, so that some of use can make assp play even more nicely with others, I can’t imagine why not. :-) There are many features and settings in assp that are noted as something like “change at your own risk” and many others that most assp admins never touch; that does not mean that they should be absent. By having a setting in the assp GUI to set the ‘logWriteDelay’ to a few seconds could help those of us who both need it and who do not write perl code. if the above should find room in ASSP code, I think it shouldn't go into the gui, rather as an option in the override module; that said, I don't think that slowing down the logging could be a good idea; see, the log is there for a purpose and, in your case, a possible solution may be configuring ASSP to write to syslog and then use those logs for fail2ban -- Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] rebuildspamdb always hangs at certain position
Is there anyone else having a problem with a stucking rebuild process or hanging workers (on HMM or Bayes) running ASSP_WordStem 1.24 and Perl 5.16.3 or later? perl -v This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x86-multi-thread upgraded to latest ASSP *and* latest wordstem; ASSP didn't complete rebuild since 07/02 (reporting now since I wanted to be sure); no problems before; rolled back to 2.3.4 (14029) and forced a rebuild right now, will report in a while, but I think that there may be something wrong with latest ASSP, not sure if it's related to the wordstem or something else -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] rebuildspamdb always hangs at certain position
Is there anyone else having a problem with a stucking rebuild process or hanging workers (on HMM or Bayes) running ASSP_WordStem 1.24 and Perl 5.16.3 or later? perl -v This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x86-multi-thread upgraded to latest ASSP *and* latest wordstem; ASSP didn't complete rebuild since 07/02 (reporting now since I wanted to be sure); no problems before; rolled back to 2.3.4 (14029) and forced a rebuild right now, will report in a while, but I think that there may be something wrong with latest ASSP, not sure if it's related to the wordstem or something else confirmed, using a previous ASSP version, the rebuild completes w/o problems so the issue must be related to some change made after the version 2.3.4 (14029); just to add some details, I suspect the issue may be related to changes made after 2.3.4 (14037) HTH -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] rebuildspamdb always hangs at certain position
:: On Wed, 12 Feb 2014 19:01:23 +0400 :: titc.912072d482.of89b6fc3e.45f2cf2e-onc1257c7d.0051beb9-44257c7d.00528...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: Andrea, please create the 'assp/rebuilddebug.txt' file before running the rebuild. If the rebuild stucks, the last line of the file will show the .eml file, which caused the problem. If you have some time, zip and send me the .eml file. aye, did it, but before zipping and all that, thougth to retry running a rebuild with a previous version of ASSP, still running, but sounds like even using the *latest* wordstem (with a previous ASSP) the problem disappears, so I don't think it's a wordstem issue -- Android apps run on BlackBerry 10 Introducing the new BlackBerry 10.2.1 Runtime for Android apps. Now with support for Jelly Bean, Bluetooth, Mapview and more. Get your Android app in front of a whole new audience. Start now. http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Bayes, HMM and valence
By default the bays and HMM valence values are set to 49 and 55 (regular and local); now... according to the interface if one enables both checks (setting them to score), the values should be revised... the problem is that it's unclear how to set them; I mean, if I read the GUI it says for this reason it is recommended to use both Bayesian and HMM. If you enable both checks, check your settings for baysValencePB, HMMValencePB, bayslocalValencePB and HMMlocalValencePB - eg. divide them by 2. or set the bayes values to 1/3 and the HMM values to 2/3. now... following the above one would set values to (say) 24 and 27 (or 25 and 28) but... is this correct ? Also, I tried enabling HMM (that is setting it to score) and then running a rebuild to ensure its table was correctly populated but even then, ASSP logged messages like this HMM-Check has given less than 6 results - using monitoring mode only and while I can't understand the above (ok, probably I'm just dumb) the above means that HMM won't score the message so I'd be left running on bayes and since I changed bayes to 24, some spam could get through... Bottom line; what's the correct way (step by step) to enable HMM, how to correctly set the valence(s) and... what does that less than... message mean ? -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Bayes, HMM and valence
:: On Fri, 31 Jan 2014 15:56:48 +0100 :: titc.91085f2ee9.ofe5f40407.12ddb897-onc1257c71.004c28b4-c1257c71.00521...@thockar.com :: Thomas Eckardt thomas.ecka...@thockar.com wrote: HMM-Check has given less than 6 results - using monitoring mode only This is related to 'maxBayesValues'. monitoring only if $this-{hmmres} int($maxBayesValues / 12 + 1) scoring only if $this-{hmmres} int($maxBayesValues / 3 + 1) [... snippage ...] First of all, Thomas, thank you very much for the clarification, I think I got it now, thanks again; then ... forget the locals, I don't scan local mails. But you see, I want to block anything that smells somehow like spam. I had no false postive I do the same (don't check local - except for AV scan :D) but then, I had to ask, others may be interested :) I'm using several automatic spam collecting (honeypots) addresses with just in time reporting. So, I get the newest spam very quick, but not on my account :-) As for collecting... I wrote a fake smtp receiver (plain vanilla C code) which I use to implement the so-called MX Sandwich or no listing trick, that is http://nolisting.org/ http://wiki.apache.org/spamassassin/OtherTricks http://www.mail-archive.com/users@spamassassin.apache.org/msg51583.html basically, I've something like this @ IN MX 10 mx01.example.com. @ IN MX 20 mx02.example.com. @ IN MX 30 mx03.example.com. where mx01 resolves to an IP where port 25/tcp is (and will always be) in filtered state, mx02 is where ASSP sits and listens and mx03 is where my fake smtp receiver listens; the latter will emit a tempfail as soon as it receives a DATA command and, at the same time will gather data about the connecting IP (senderbase, DNSBL...) and log them, for example 2014-01-31|08:02:58|01A4D596| 3462|1.164.213.150|1.160.0.0/12|1.164.0.0/16|1-164-213-150.dynamic.hinet.net|mailserver.localhost.com|SoftFail|BL|zen.spamhaus.org|TW|CHTD, CHUNGHWA TELECOM CO., LTD.|Taipei|25.0392|121.525|0|0|0|1|gabriella_co...@gabriella-coria.us|skyki...@example.com|no-error|mx01.example.com|192.0.2.151 2014-01-31|08:03:21|B86B9F9A| 32613|184.107.159.154|184.107.0.0/16|184.107.0.0/16|www.strongmoments.com|216.155.126.36|SoftFail|BL|zen.spamhaus.org|CA|IWEB TECHNOLOGIES|Montréal|45.5|-73.5833|0|0|0|1|gtstjqkk2460227964...@docomo.ne.jp|da...@example.com|no-error|mx01.example.com|192.0.2.151 2014-01-31|08:03:25|C26A1006| 6739|194.106.16.6|194.106.16.0/21|194.106.0.0/19|194.106.16.6.static.user.ono.com|194.106.16.6.static.user.ono.com|SoftFail|BL|zen.spamhaus.org|ES|ONO|Madrid|40.4391|-3.674|0|0|0|1|davidsonvzezodjmoas...@spray.se|millysdonteventhinkaboutmailin...@example.com|no-error|mx01.example.com|192.0.2.151 now, the above are three log records and, while I'm not going to detail the various data columns (may be that in case you're interested), I think it's easy to see that they contain quite a bunch of useful infos; my problem, at the moment is feeding such data to ASSP, I may write some code to load/parse/filter entries but I don't know how to feed the data to ASSP to help it filtering ... any idea ? Oh, and by the way, in case you're interested the code is available *and* if you want, I may arrange things to send your way a mail feed with the logs so that you may use them to feed the ASSP filters ;-) -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase
On my way to a new version - this is the nudge that I needed. (pending some more answers to my other thread on general windows recommendations and the requirements of hmm) Well, as for the hMM, start vanilla, that is, install your new ASSP, configure it, migrate your files, upgrade to DB and then once it will be working, you may experiment by enabling HMM but, as Thomas wrote, just one step at a time :) -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase
:: On Tue, 28 Jan 2014 13:56:42 -0500 :: CALhpkAkknxNz3w4GAtpt120=duav_aypbm39e+obtsvynau...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: Hey, would you look at that! There's a setting for senderbase log verbosity! Changing it to verbose, gives me: Timeout occurred getting results at C:/Perl/site/lib/Net/SenderBas e/Query/DNS.pm DNSTimeout was 5 seconds. Changed to 10, no difference. Any suggestions? DNS settings on the server seem fine and are responsive. ensure that you're able to run DNS queries over TCP not just over UDP; if your firewall is blocking queries to 53/TCP then you're in trouble; on windows, fire up nslookup without parameters, next enter server 8.8.8.8 set vc and done that enter some hostnames to see if resolution is ok; on Linux, use dig +tcp host.name @8.8.8.8 where host.name will be a valid hostname; in both cases the queries will be sent to the google DNS resolver over TCP and if they fail... -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Install advise on new Windows box
I'm going to be starting from scratch on a new Windows install, but migrating data over from an older 2.x install. That current install uses all flat files, no database. well... in theory flat-files should work as they are but I'd wait for some notes from Thomas about it; that said... 1) This will likely be a Windows 2012 r2 box, so 64 bit. Any specific issues on W2k12? Is it preferable to use an older OS? No problem, just use a 32bits Perl, using a 64 bits one won't give you any advantage 4) Install the latest OpenSSL version 0.9.x (don't use version 1.x.x on production systems) http://www.slproweb.com/products/Win32OpenSSL.html Is that still advisable? I think that picking the latest from http://www.openssl.org/ and ensuring that the libs (DLLs) are on the PATH may be ok 3) Also that quickstart says to use activestate perl 5.12. That can't be up to date can it? What's recommended, 5.16, 5.18? Lower? This is perl 5, version 16, subversion 3 (v5.16.3) built for MSWin32-x86-multi-t hread :) a) Now that I'm hoping to use HMM, I need a database (right?). What's recommended MySQL or BerkleyDB? I saw the post by Thomas that said that BerkleyDB is now stable with perl 5.16/5.18, but I don't know if that's better than using MySQL. Berkeley is ok but has little tools to manage the DB in case you'll ever need to put your hands in; in my case I found that MSSQL is a good pick; if you can't or don't want to use the full version the free express will just fit the bill... then, ok, you may decide to go for MySQL which is fine too, but sincerely I don't trust Oracle so much and not knowing what will happen to MySQL... :P As a note I'd like to see a patch (or something like that) allowing to run ASSP over MariaDB and/or FireBirdSQL but then... :) a) Is there an up to date guide on moving from flat files to a proper database? Well... start by installing ASSP and configuring everything (ASSP, clamAV+signatures, domains...) and once all ok, move your files to the new box and ensure all's ok; done that *BACKUP* the config and then just follow the directions to migrate files to DB; notice that if you're planning to use hMM instead of Bayes, you'll need to ensure that your DB is up to the task since hMM poses quite a *load* on the DB (and the machine running it) -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Install advise on new Windows box
I'm going to be starting from scratch on a new Windows install, but migrating data over from an older 2.x install. That current install clamAV+signatures, domains...) and once all ok, move your files to the new box and ensure all's ok; done that *BACKUP* the config and then forgot; a good approach (if you have the hardware and all the needed stuff) would be using a Virtual Machine, that way you won't only be able to quickly backup the whole installation, but you won't depend from hardware and even be able to create snapshots and roll them back in case something goes berserkr :) -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase
:: On Tue, 28 Jan 2014 09:02:50 -0500 :: CALhpkAnvBsA3FGYqSNCcg08eL1utRny+sr_Ac4Xa0YjNRuB=y...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: Confirmed that it seems like only the cached entries are working. Every one of the 300+ senderbase matches from today, are from the cache. For example: 199.101.162.46 couple questions: 1: are there any DNS-related messages in your logs ? 2: are you using your own (no forwarders) DNS resolvers or are you using public resolvers like OpenDNS, Google or whatever else ? -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Senderbase
Hey Grayhat- been a while... Thanks for your followup. Hi there, yes, been (and being sigh) busy I'm using our internal dns servers, without forwarders. I see DNSBL messages, RWL, etc as expected. ok, one thing less to check (I hope) :) Could a format error in the whiteSenderBase be the culprit? I don't see an error when it's loaded. There's 1000+ entries, hard to check well, maybe, sure or may be due to some check kicking in *before* the senderbase one; carefully checking the logs and/or increasing logging would be a good idea imVHo -- WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] upgrading from ASSP version 2.3.3(13276) to 2.3.4(latest)
hi all. is there any caveat or recommendation or special modules/packages requirements for upgrading from ASSP version 2.3.3(13276) to version 2.3.4(latest)? i'm running a 2 hosts production system on Linux, perl 5.14, all databases as tables on Mysql. upgrade your Perl runtime and all the packages; upgrade ASSP and ensure to run the module installation script, then upgrade your packages again, that should do the trick; notice that making a good backup won't hurt; all in all, Murphy was right, so let's try minimizing issues :D -- November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Virus scanners
We have ClamAV running on our mailserver and are currently suffering a significant number of Trojans getting past. ClamAV is a more than decent mail AVscanner but you'll need to feed it with some additional signatures, namely the ones available here http://www.sanesecurity.co.uk/databases.htm just have an look at the various available sigs to decide which ones you want to use, then, to use them, pick one of the updater scripts available on the same site (see usage) HTH -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60133471iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Virus scanners
So far I have identified two domains that most mail claims as the from address. Both publish SPF records but define ~all so I have added them to strictSPFRe. Hmmm... now I'm becoming curious; you're running ASSP, so, which filters did you enable (set aside SPF and AV scanning) ? See, it sounds like you're running w/o some filters (e.g. DNSBL/DNSWL and URIBL/URIWL) -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60133471iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] assp dying
I have a cron job for this (attached). It opens a connection to both the SMTP and Web interface ports and makes sure it gets a connection hmm... not bad, but before that, I think you'd better check if the ASSP process is running, then, if it's running (and only if it's running) you may go on and check if it's also correctly responding to requests :) -- LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151iu=/4140/ostg.clktrk ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Need guide on how to do upgrade to the latest version of assp Re: assp spawning spam
Subj: assp spawning spam on an installation of mine they managed to get hold of the boss address (of all addresses) and they send spam to the outside world. they -- is who? Computer with antispam? Or computers of internal users? I suspect that someone bruteforced or either obtained by other means (a virus, phishing...) the email credentials and is now using them to authenticate and spit out junk; there are a couple settings in ASSPv2 which I'd recommend to avoid such issues; first of all, the rate limiter which allows you to configure the max number of messages per time interval which a given account can send; start by setting up it this way LocalFrequencyInt:=1800 LocalFrequencyNumRcpt:=120 LocalFrequencyOnly:= NoLocalFrequency:=file:files/nolocalfrequency.txt and configure the files/nolocalfrequency.txt file to contain just the local assp address (used to send reports and so on); also, ensure that the notification email to (Notify) under logging contains a valid address since ASSP will then send infos about senders tripping over the rate limiter to such an address; next, edit lib\CorrectASSPcfg.pm and add it (or uncomment) the following $main::AUTHLogUser = 1; save the file and restart ASSP, the above tells ASSP to log a line to the maillog containing a given authenticated user name, this way, you'll be able to check who is logging (or trying to log) into your box... then, sit back and monitor your ASSP for a while -- Try New Relic Now We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test