Re: [Assp-user] Rebuildspamdb trouble
Any solution on this October problem, Markus? My processing time is similar - nearly finished, finally, after 14 hours. I have 14,000 files in the spam and 28,000 in the notspam files to analyze, 20 total files in the error directories. A couple of side-notes - this started for me after the upgrade of ASSP, and I also upgraded Perl at the same time. I also have the problem that ASSP running as a service in the service console doesn't allow for my running the rebuildspamdb.pl file (or rather, it DOES run, but creates a 1kb file.) - I have to also start ASSP from the command line. I'm thinking along the lines of Perl old version is running the ASSP service in the console, and new version is running when I start via command line (C:\assp\ directory command: assp.pl) I've also noted that rebuildspamdb.pl won't run via task manager I'm thinking of this: uninstall all old Perl versions stop the ASSP service uninstall assp-as-a-service via perl addservice.pl -u re-install assp as a service via perl addservice.pl -i c:\\assp\\assp.pl c:\\assp re-start the ASSP service Would like to know if you solved your issue before I try this, and/or your thougts Hello, My output look like that: total time processing=45241 second(s) Uploading Greylist via Direct Connection uploaded 10894 bytes Somethine about 12 houres ? Any suggestions ? Markus -- View this message in context: http://www.nabble.com/Rebuildspamdb-trouble-tf2512271.html#a8363697 Sent from the assp-user mailing list archive at Nabble.com. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] prob with 1.2.7.1(22) in testmode
Fritz Borgstedt wrote: Ok, fix is in built(25) thx - ASSP v1.2.7.1(33) seems to work as expected :-) -- View this message in context: http://www.nabble.com/prob-with-1.2.7.1%2822%29-in-testmode-tf2963982.html#a8372745 Sent from the assp-user mailing list archive at Nabble.com. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Rebuildspamdb trouble
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy assp-user@lists.sourceforge.net schreibt: Any suggestions ? Reduce Maxbytes to 5 k. Delete the oldest 5000 in Spam/Notspam. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] ASSP returns the error you define (w as: Virus detected smtp conne
Perhaps my memory is failing me. I though I remembered being able to customize the SPF error message in the past. -- ME2 (mobile) -Original Message- From: Fritz Borgstedt [EMAIL PROTECTED] Date: Saturday, Jan 13, 2007 1:53 pm Subject: Re: [Assp-user] ASSP returns the error you define (w as: Virus detected smtp conne Speaking of this; would it be possible to again have the ability to customize the SPF message? What do you mena with again? - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] sarbanes-oxley
The more I read on the SOX compliancy the more it sounds like becoming HIPAA compliant. If that's the case there are no specific lists of what is compliant and what isn't in terms of most software but rather controls put into place to keep things secure etc. I think the issue will be less about assp itself but the security of the box it's running on. Regards, Elvar Pascal Dreissen wrote: I am not sure but is there ANY open source initiative SOx compliant ? Since the processes they describing aren't easy to do in open source projects if you ask me! --Met vriendelijke groet / Best regards, Pascal Dreissen Citeren Elvar [EMAIL PROTECTED]: Can anyone tell me if ASSP is sarbanes-oxley compliant? I heard schools will be forced to use a spam filter that conforms to that and I have assp running at some schools I do work for. Thanks, Elvar - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
[Assp-user] [v1.2.7.1(33)] prob with helo check
i'm running the latest 1.2.7.1(33) in full testmode. although i've set all helo checks in Validate Sender to 0 assp still locks entries for [...]passing if safe because testmode, otherwise Helo forged:[...] and marks mail as [SPAM]. did i simply miss a config option? -- View this message in context: http://www.nabble.com/-v1.2.7.1%2833%29--prob-with-helo-check-tf3015200.html#a8373169 Sent from the assp-user mailing list archive at Nabble.com. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] ASSP returns the error you define (w as: Virus detected smtp c
Perhaps my memory is failing me. I though I remembered being able to customize the SPF error message in the past. No. But now. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] sarbanes-oxley
I think ASSP may be considered SOX compliant if you are grabbing and archiving the logs. SOX is something I do for a living. Sarbanes compliance is very much related to the evaluation by your auditor. If you have good controls and policies around anything, it can used in a Sarbanes environment. For Sarbanes compliance around ASSP here are a couple of things I can think of that you should probably have: 1) A solid back and restore procedure a) Evidence that you test this periodically b) a DR procedure (have a spare ready to go if the primary fails) 2) Good documentation that explains ASSP's role in your email a) Mail flow diagrams b) Explanation of your RegEx rules 3) A good change control procedure a) Have a test platform 4) Documentation explaining who has access, etc. 5) A job that archives the ASSP log files I would probably forward all your SPAM email to a generic mailbox with some type of retention policy. Then, you should have a policy that that mailbox is reviewed on a recurring basis to see if there are false positives, etc. One area that may be a snag is that there is only one admin login to ASSP. However, it logs the IP from where the admin logged in from. So you would need mitigating controls (a firewall, ACLs on your router, or a host based IDS like Black Ice) restricting where someone could log in from. For compliance, ASSP really needs separate logins for each admin. LDAP / Active Directory authentication would be a huge plus. Part of the recurring procedures should include a review of the logs. Maybe search for admin logins and tie those back to the IP and who was logged in at the time. Remember to have a policy that produces evidence that these reviews are occurring. Perhaps screen shots tied to a ticket in your helpdesk system. But again, compliance depends on your auditor and whether they will accept the software's roles and the controls around its use. Regardless of what you do, you should produce the evidence that you're following procedures. Think about how to reproduce the evidence in your audit and document that as well. That way, you don't have to go back to square one and try and remember how to show who the admins are that logged in and why. Ultimately, talk to your auditor after you've done your best effort to implement the necessary controls around ASSP. Hope this helps, Chris Pascal Dreissen wrote: I am not sure but is there ANY open source initiative SOx compliant ? Since the processes they describing aren't easy to do in open source projects if you ask me! -- Met vriendelijke groet / Best regards, Pascal Dreissen Citeren Elvar [EMAIL PROTECTED]: Can anyone tell me if ASSP is sarbanes-oxley compliant? I heard schools will be forced to use a spam filter that conforms to that and I have assp running at some schools I do work for. Thanks, Elvar - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Rebuildspamdb trouble
From: CheriOR [EMAIL PROTECTED] Any solution on this October problem, Markus? My processing time is similar - nearly finished, finally, after 14 hours. I have 14,000 files in the spam and 28,000 in the notspam files to analyze, 20 total files in the error directories. I haven't seen any ram/proc speed/os info but I'd tick the 'Use less RAM to rebuild the spamdb' box. Also what setting do you for 'Ordered-Tie hash table size'? Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] sarbanes-oxley
Chris, your response on this topic is very helpful and I sincerely thank you for your time. I will definitely use this as a guide. Kind regards, Elvar Chris Norman wrote: I think ASSP may be considered SOX compliant if you are grabbing and archiving the logs. SOX is something I do for a living. Sarbanes compliance is very much related to the evaluation by your auditor. If you have good controls and policies around anything, it can used in a Sarbanes environment. For Sarbanes compliance around ASSP here are a couple of things I can think of that you should probably have: 1) A solid back and restore procedure a) Evidence that you test this periodically b) a DR procedure (have a spare ready to go if the primary fails) 2) Good documentation that explains ASSP's role in your email a) Mail flow diagrams b) Explanation of your RegEx rules 3) A good change control procedure a) Have a test platform 4) Documentation explaining who has access, etc. 5) A job that archives the ASSP log files I would probably forward all your SPAM email to a generic mailbox with some type of retention policy. Then, you should have a policy that that mailbox is reviewed on a recurring basis to see if there are false positives, etc. One area that may be a snag is that there is only one admin login to ASSP. However, it logs the IP from where the admin logged in from. So you would need mitigating controls (a firewall, ACLs on your router, or a host based IDS like Black Ice) restricting where someone could log in from. For compliance, ASSP really needs separate logins for each admin. LDAP / Active Directory authentication would be a huge plus. Part of the recurring procedures should include a review of the logs. Maybe search for admin logins and tie those back to the IP and who was logged in at the time. Remember to have a policy that produces evidence that these reviews are occurring. Perhaps screen shots tied to a ticket in your helpdesk system. But again, compliance depends on your auditor and whether they will accept the software's roles and the controls around its use. Regardless of what you do, you should produce the evidence that you're following procedures. Think about how to reproduce the evidence in your audit and document that as well. That way, you don't have to go back to square one and try and remember how to show who the admins are that logged in and why. Ultimately, talk to your auditor after you've done your best effort to implement the necessary controls around ASSP. Hope this helps, Chris Pascal Dreissen wrote: I am not sure but is there ANY open source initiative SOx compliant ? Since the processes they describing aren't easy to do in open source projects if you ask me! -- Met vriendelijke groet / Best regards, Pascal Dreissen Citeren Elvar [EMAIL PROTECTED]: Can anyone tell me if ASSP is sarbanes-oxley compliant? I heard schools will be forced to use a spam filter that conforms to that and I have assp running at some schools I do work for. Thanks, Elvar - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take
Re: [Assp-user] Rebuildspamdb trouble
Using a Windows Server 2003 machine with 1.80GHz processor, 1.82 GHz, 504 MB of RAM. Interfacing with IMail. Machine also running 5 websites with IIS and SQLServer. Processor and Memory used pretty heavily with the SQLServer and IMail processes (mostly with Perl) Good recommendations so far, although I'm puzzled by the suggestion to check the use less RAM box, as it says it will slow down rebuildspamdb and it never did finish after 30 hours of processing (was re-writing the spamdb files, but client access was hit hard I had to kill the process and use a backup copy of spamdb) I'm quite concerned, though, as to why the rebuildspamdb process will not run with only the ASSP as a service that auto-starts via the service console, and I must start the ASSP service from the command line to get it to run. Will do more testing this weekend, as it is not possible to effectively take down the client access for testing. Thanks again, all! Thank you! Cheri Harder Advantage Web Solution www.awsolution.com brougham Baker wrote: From: CheriOR [EMAIL PROTECTED] Any solution on this October problem, Markus? My processing time is I haven't seen any ram/proc speed/os info but I'd tick the 'Use less RAM to rebuild the spamdb' box. Also what setting do you for 'Ordered-Tie hash table size'? Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Rebuildspamdb trouble
From: Cheri Harder [EMAIL PROTECTED] Using a Windows Server 2003 machine with 1.80GHz processor, 1.82 GHz, 504 MB of RAM. Interfacing with IMail. Machine also running 5 websites with IIS and SQLServer. Processor and Memory used pretty heavily with the SQLServer and IMail processes (mostly with Perl) You don't have enough ram for all that lot. Good recommendations so far, although I'm puzzled by the suggestion to check the use less RAM box, as it says it will slow down rebuildspamdb and it never did finish after 30 hours of processing (was re-writing the spamdb files, but client access was hit hard I had to kill the process and use a backup copy of spamdb) Because the perl process is swapping in and out from the page file constantly, try it and see. It worked for me. I'm quite concerned, though, as to why the rebuildspamdb process will not run with only the ASSP as a service that auto-starts via the service console, and I must start the ASSP service from the command line to get it to run. You can get to the admin website when it is just started from the service console? ASSP is actually running from that (shows up with a netstat)? What user are you running the service as? We have a vertical app that shows the same effect- if the service user doesn't have rights to it's data file\directory we get the same thing- starting it as the logged on admin works as that has sufficient rights. Bro - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] ASSP returns the error you define (w as: Virus detected smtp c
Fritz Borgstedt wrote: Perhaps my memory is failing me. I though I remembered being able to customize the SPF error message in the past. No. But now. It wouldn't be the first time I remembered something incorrectly. ))) I'm in your debt yet again - thanks Fritz! - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Regex?
2007/1/2, Fritz Borgstedt [EMAIL PROTECTED]: This Received header is a 100% spam header and very often used. Received: from 65.254.254.56 (HELO mail.aade.com) by a-h-p.de with esmtp (SNT-XJE5 .,2;5) id +;*U3T-NQ*0:-.A for [EMAIL PROTECTED]; Tue, 2 Jan 2007 18:09:42 +0180 I notice the time zone is invalid. +0180 would mean an offset of 1 hour and a ridiculous 80 minutes. Has anyone ever tried a header-bomb to detect an invalid time zone offset? Something like this?: [EMAIL PROTECTED];\s+(Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+\d\d?\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+-]\d\d [6-9]\d - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Regex?
2007/1/15, Wim Borghs [EMAIL PROTECTED]: 2007/1/2, Fritz Borgstedt [EMAIL PROTECTED]: This Received header is a 100% spam header and very often used. Received: from 65.254.254.56 (HELO mail.aade.com) by a-h-p.de with esmtp (SNT-XJE5 .,2;5) id +;*U3T-NQ*0:-.A for [EMAIL PROTECTED]; Tue, 2 Jan 2007 18:09:42 +0180 I notice the time zone is invalid. +0180 would mean an offset of 1 hour and a ridiculous 80 minutes. Has anyone ever tried a header-bomb to detect an invalid time zone offset? Something like this?: [EMAIL PROTECTED];\s+(Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+\d\d?\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+-]\d\d [6-9] \d That blank after [6-9] shouldn't have been there :-( or only the date/time part: (Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s+\d\d?\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+-]\d\d [6-9]\d - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] sarbanes-oxley
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elvar wrote: Can anyone tell me if ASSP is sarbanes-oxley compliant? I heard schools will be forced to use a spam filter that conforms to that and I have assp running at some schools I do work for. Thanks, Elvar - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user your email server can likely be made to be SOX compliant, with a patch or an update. for example qmail-tap from inter7.com usually does the trick for qmail. but assp? what SOX compliance issues are there for mail you are refusing to accept into your mail system? I know assp keeps logs, but if you can me more specific about what you are looking for maybe someone here can help you better. - -- Rance Hall System Administrator Nebraska Turkey Growers 1-308-468-5711, ext. 106 [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFq5EA0tI7mAGO6FwRAvcJAJoCtuwbu76JWm+g9Qs/02GqVAoR9QCggLuI 7tV89T/0mxDg1jtZRX3OV8A= =n44q -END PGP SIGNATURE- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Virus detected smtp connection ?
Nope, Tried that also, virussess keep bouncing and repeating. This morning i had more than 100 messages about virus detected, did not had this behavioure before! Micheal Espinola Jr schreef: Matti Haack wrote: Mybe you should better send Error 554 (Transaction failed) instead of 500 (Command not recognized 'command') I use: ~~~ 550 5.7.7 [BLOCK REASON] Mail appears infected with '$infection'. Clean and resend. This attempt has been logged. Because (http://www.asspsmtp.org/wiki/SMTP_Error_Codes): ~~~ 550 - Requested action not taken: mailbox unavailable /e.g., mailbox not found, no access, or command rejected for policy reasons/ 5.x.x - Permanent Failure A failure which is not likely to be resolved by resending the message in the current form. Some change to the message or the destination must be made for successful delivery. x.7.7 - Message integrity failure A transport system otherwise authorized to validate a message was unable to do so because the message was corrupted or altered. This may be useful as a permanent, transient persistent, or successful delivery code. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] [v1.2.7.1(33)] prob with helo check
On 16/01/2007, at 2:19 AM, larsneo wrote: i'm running the latest 1.2.7.1(33) in full testmode. although i've set all helo checks in Validate Sender to 0 assp still locks entries for [...]passing if safe because testmode, otherwise Helo forged:[...] and marks mail as [SPAM]. did i simply miss a config option? -- View this message in context: http://www.nabble.com/-v1.2.7.1%2833% 29--prob-with-helo-check-tf3015200.html#a8373169 Sent from the assp-user mailing list archive at Nabble.com. Yes - I've noticed with build 33 that ASSP thinks my backup MX servers have a forged HELO. EG: ... passing if safe because testmode, otherwise Helo forged:'mail1b.optus.net.au' Seems like the forged HELO suddenly got a bit too aggressive! James. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Regex?
2007/1/2, Fritz Borgstedt [EMAIL PROTECTED]:
This Received header is a 100% spam header and very often used.
Received: from 65.254.254.56 (HELO mail.aade.com)
by a-h-p.de with esmtp (SNT-XJE5 .,2;5)
id +;*U3T-NQ*0:-.A
for [EMAIL PROTECTED]; Tue, 2 Jan 2007 18:09:42 +0180
This should also match:
Received:\s+from\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s+\(HELO\s+\S+\)\s+by\s+(\S+)\s+with\s+esmtp\s+\(\S+\s\S+\)[EMAIL
PROTECTED];
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] [v1.2.7.1(33)] prob with helo check
I think you best switch off 'Forged Local Helo Test Mode' until this is fixed. That should prevent the bug from manifesting. Or go back to a previous version of assp... - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
[Assp-user] Solved: Unusual disappearing from Whitelist -ASSP v1.2.7(final3)
Well, I cannot say that I received many answers to this, indeed zero. :) I am trying from a different email account in case some spam filter was blocking some of you. Anyway, I solved it, after realising that there was indeed more than one email address that did not want to stay whitelisted. Apparently my whitelist got a little mixed up (all on its own) and was not in total alphabetical order. ASSP seems not to like this. I sort-ed and deleted the extra entries that had occurred and all is fine. Maybe one could put something resembling sort -c whitelist in the startup script? Or maybe this could be a check in ASSP itself when it starts up (in order to log)? Regards, Edward --- Message: 5 Date: Fri, 12 Jan 2007 19:25:23 +0100 From: Edward Arrigo [EMAIL PROTECTED] Subject: [Assp-user] Unusual disappearing from Whitelist -ASSP v1.2.7(final3) To: assp-user@lists.sourceforge.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Dear All, I would like to draw your attention to the following (filtered) logs. I have this particular external person (from what I can determine only this email address) who seems constantly able not to remain on the whitelist. When it happens (for example an hour after the last line in these logs) a query on the Update or Verify the Whitelist/Redlist of the web gui shows the user as not whitelisted, however, both (viewing) the file from the command line and from the show whitelist button does indeed contain the email address. What do you think? Regards, Edward Arrigo Jan-4-07 11:38:07 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-SPF: pass (ASSP-nospam: local policy) client-ip=194.73.73.211; envelope-from= [EMAIL PROTECTED]; helo=c2bthomr03.btconnect.com; Jan-4-07 11:38:10 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-RBL: pass Jan-4-07 11:38:10 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Regex:Black 'money' Jan-4-07 11:38:10 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Bayesian spam Re_Cannes_Cuesta_Rey_ - /downloaded/assp/spam/Re_Cannes_Cuesta_Rey_--456.eml Jan-5-07 00:29:58 Whitelist addition: [EMAIL PROTECTED] (admin) Jan-8-07 19:10:02 192.168.0.55 [EMAIL PROTECTED] to: [EMAIL PROTECTED] whitelist addition: [EMAIL PROTECTED] Jan-8-07 19:10:03 192.168.0.55 [EMAIL PROTECTED] to: [EMAIL PROTECTED] local or whitelisted - (no bad attachments) Fw_Cannes_Cuesta_Rey_ - /downloaded/assp/notspam/Fw_Cannes_Cuesta_Rey_--844.eml Jan-8-07 19:21:23 192.168.0.55 [EMAIL PROTECTED] to: [EMAIL PROTECTED] local or whitelisted - (no bad attachments) Craftsman_s_Bench_ - /downloaded/assp/notspam/Craftsman_s_Bench_--846.eml Jan-8-07 20:20:39 194.73.73.220 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Regex:Red 'Read:' Jan-8-07 20:20:39 194.73.73.220 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-SPF: pass (ASSP-nospam: local policy) client-ip=194.73.73.220; envelope-from= [EMAIL PROTECTED]; helo=C2bthomr05.btconnect.com http://c2bthomr05.btconnect.com/; Jan-8-07 20:20:40 194.73.73.220 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-RBL: neutral (dnsbl.sorbs.net-127.0.0.6; ) Jan-8-07 20:20:40 194.73.73.220 [EMAIL PROTECTED] to: [EMAIL PROTECTED] message ok Read_Craftsman_s_Bench_ Jan-8-07 20:20:52 194.73.73.227 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Regex:Red 'Read:' Jan-8-07 20:20:52 194.73.73.227 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-SPF: pass (ASSP-nospam: local policy) client-ip=194.73.73.227; envelope-from= [EMAIL PROTECTED]; helo=c2bthomr11.btconnect.com; Jan-8-07 20:20:52 194.73.73.227 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-RBL: pass Jan-8-07 20:20:52 194.73.73.227 [EMAIL PROTECTED] to: [EMAIL PROTECTED] message ok Read_Cannes_Cuesta_Rey_ Jan-8-07 20:23:21 194.73.73.223 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-SPF: pass (ASSP-nospam: local policy) client-ip=194.73.73.223; envelope-from= [EMAIL PROTECTED]; helo=c2bthomr07.btconnect.com; Jan-8-07 20:23:22 194.73.73.223 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-RBL: pass Jan-8-07 20:23:22 194.73.73.223 [EMAIL PROTECTED] to: [EMAIL PROTECTED] message ok Quorum_Exp_FOB_Nic_12_1_06_pdf_ Jan-8-07 21:41:40 192.168.0.55 [EMAIL PROTECTED] to: [EMAIL PROTECTED] whitelist addition: [EMAIL PROTECTED] Jan-8-07 21:41:40 192.168.0.55 [EMAIL PROTECTED] to: [EMAIL PROTECTED] local or whitelisted - (no bad attachments) Re_Quorum_Exp_FOB_Nic_12_1_06_pdf_ - /downloaded/assp/notspam/Re_Quorum_Exp_FOB_Nic_12_1_06_pdf_--865.eml Jan-8-07 23:06:07 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Regex:Red 'Read:' Jan-8-07 23:06:07 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-SPF: pass (ASSP-nospam: local policy) client-ip=194.73.73.211; envelope-from= [EMAIL PROTECTED]; helo=c2bthomr03.btconnect.com; Jan-8-07 23:06:07 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Received-RBL: pass Jan-8-07 23:06:07 194.73.73.211 [EMAIL PROTECTED] to: [EMAIL
