[Assp-user] process order and cpu utilization
it looks to me that cpu use has rised a little in the last few builds, and delaying triplests have doubled. i think that's due to a change in processing order (maybe you put delaying before helo check) . Is that correct ? (btw, i have have zero Invalid PTR: in my stats, so i can't tell if that works) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy assp-user@lists.sourceforge.net schreibt: it looks to me that cpu use has rised a little in the last few builds, and delaying triplests have doubled. i think that's due to a change in processing order (maybe you put delaying before helo check) . Is that correct ? ASSP is configuring the processing order itself. The general rule here is, that checks with collection option 6 are performed earlier and that setting testmode for a check moves it to a later point. To put in real world: if you want to see CCSPAMALL from HELO checks you would place them in collection modus 3 or 7, that would move the HELO checks behind Delaying. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
2007/1/23, Marrco [EMAIL PROTECTED]: (btw, i have have zero Invalid PTR: in my stats, so i can't tell if that works) Have you searched your log for PTR missing? Using ASSP v1.2.7.1(68) you should see something like: Jan-23-07 hh:mm:ss 65.70.243.86 [EMAIL PROTECTED] to: [EMAIL PROTECTED] Sender Validation:scoring + 5: PTR missing for 65.70.243.86 Jan-23-07 hh:mm:ss PB: 65.70.243.86 score: 20+5 = 25 reason:65.70.243.86:PTRmissing (depending on your logging-settings...) Do you have Reversed Lookup set to 3 = score only? It won't count in the stats then. The mail may count as Penalty Box Blocked or another spam hit or as Bayesian Ham... - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
(btw, i have have zero Invalid PTR: in my stats, so i can't tell if that works) try the latest built (69) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
(btw, i have have zero Invalid PTR: in my stats, so i can't tell if
that
works)
Have you searched your log for PTR missing?
yes, ah i have them in my logs
Do you have Reversed Lookup set to 3 = score only?
yes, that feature is working, adds score to the PB entry. but that's for
missing ptr, not for an invalid one
i don't see in my Info and Stats is Invalid PTR:
but i my config i have :
Reversed Lookup FQDN set to [1]
and
Expression to Invalidate Format of PTR*
set to : (file:invalidptr.txt)
^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$
dynamic
ddns
localhost
^c-.*\.comcast\.net$
^(cpe|rrcs)-.*\.(biz|res)\.rr\.com$
^(pool|static)-.*\.verizon\.net$
\.abo\.wanadoo\.fr$
\.dhcp\..*\.charter\.com$
\.dynamic\.hinet\.net$
icip\.rima-tde\.net$
\.user\.veloxzone\.com\.br$
\.user\.veloxzone\.com\.br$
c.*\.virtua\.com\.br$
p.*\.dip\.t-dialin\.net$
\.(internetdsl|adsl)\.tpnet\.pl$
\.(adsl|fbx)\.proxad\.net$
^s[0-9].*\.shawcable\.net$
\.(onocable|user)\.ono\.com$
\.(pppoe|pptp)\.mtu-net\.ru$
pool.*\.uni2\.es$
-cust.*\.ntl\.com$
^bzq-.*\.bezeqint\.net$
\.(cable|stb)\.blueyonder\.co\.uk
\.(customer|dial-up|dsl)\.telesp\.net\.br$
-[0-9]{2,3}-.*\.qwest\.net\.br$
\.bb\.netvision\.net\.il$
\.(dsl|dial|ipd)\.brasiltelecom\.net\.br$
\.rev\.gaoland\.net$
\.pools\.arcor-ip\.net$
(ppp|static|revip).*\.asianet.co.th$
and it used to work, many builds ago..
now i can't tell if that feature is broken 1.2.7.1(68), or i'm not receiving
spam triggering that check, or i did something in my config to disable that
filter.
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy assp-user@lists.sourceforge.net schreibt: now i can't tell if that feature is broken 1.2.7.1(68), or i'm not receiving spam triggering that check, or i did something in my config to disable that filter. The feature was broken and is back now even better: you can now decide to just validate the PTR without setting Lookup for Missing PTR to be active. )) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] process order and cpu utilization
The feature was broken and is back now even better: you can now decide to just validate the PTR without setting Lookup for Missing PTR to be active. )) fritz, you're da man ! confirmed working in (69) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
I am not sure i understand this correct. If my server has a local domain/hostname of etc. domain.com, then helo domain.com would be forged or what? on 10-01-2007 22:24 Fritz Borgstedt wrote: Furthers, what is a forged helo? An invalid HELO greeting messsage used by SMTP servers. ASSP has an option to check connecting servers helo messages against the rfcs and optionally penalize them for having an invalid one. Personally I find this blocks more spambots. A forged helo is different from an invalid helo. ASSP uses the local domain list and Local Host Names to block sender which uses local domains and local hostnamesnr in their helo. That helo is surely forged. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user __ NOD32 1971 (20070110) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
From: Andreas Krüger [EMAIL PROTECTED] I am not sure i understand this correct. If my server has a local domain/hostname of etc. domain.com, then helo domain.com would be forged or what? short answer : yes, that's forged. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order
But if my server hosts several domain names for email accounts, wouldn't they be local domains? Etc, kruger.nu is my domain, which i use for my email address, my server hosts this domain, so aren't this a local domain name? on 11-01-2007 15:30 Fritz Borgstedt wrote: [EMAIL PROTECTED] schreibt: I am not sure i understand this correct. If my server has a local domain/hostname of etc. domain.com, then helo domain.com would be forged or what? yes, it is forged. Why should a foreign host use your domain? __ NOD32 1971 (20070110) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order
But if my server hosts several domain names for email accounts, wouldn't they be local domains? Etc, kruger.nu is my domain, which i use for my email address, my server hosts this domain, so aren't this a local domain name? Yes. And if someone else's server identifies itself as kruger.nu while trying to send mail to you, obviously that's forged. They're not kruger.nu, you are. :) Personally, I get more 'localhost' helos than anything. All of them get blocked. smime.p7s Description: S/MIME cryptographic signature - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
But if my server hosts several domain names for email accounts, wouldn't they be local domains? Etc, kruger.nu is my domain, which i use for my email address, my server hosts this domain, so aren't this a local domain name? on 11-01-2007 15:36 Marrco wrote: From: Andreas Krüger [EMAIL PROTECTED] I am not sure i understand this correct. If my server has a local domain/hostname of etc. domain.com, then helo domain.com would be forged or what? short answer : yes, that's forged. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
I was trying that, but i dont understand the extreme blocking for the penalty box. Furthers, what is a forged helo? And lastly, what is the RBL cache for? Andreas on 10-01-2007 02:01 Micheal Espinola Jr (mobile) wrote: You could match them to the options listed in the web interface menu. -- ME2 (mobile) -Original Message- From: =?ISO-8859-1?Q?Andreas_Kr=FCger?= [EMAIL PROTECTED] Date: Tuesday, Jan 9, 2007 7:48 pm Subject: [Assp-user] Process order Hello, I am sitting here and reading the process order for an email when it runs trough ASSP, and i was wondering what these things is, and what they do? * PenaltyExtreme - Penalty Box extreme blocking * ForgedHELO - forged HELO detection (built-in) * DoRBLCache - caching and reuse of prior DNSBL/RBL hits * DoFakedLocalHelo - verify HELO against localDomains * DoNoValidLocalSender - block spoofed sender addresses * DoNoSpoofing - block spoofed localDomains I don't understand what happens in these processes, could someone explain them to me? Regards, Andreas - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
Andreas Krüger wrote: I was trying that, but i dont understand the extreme blocking for the penalty box. If you will look in the Penalty Box configuration options you will note an Extreme Threshold option. When IP addresses reach a PB score matching or exceeding that option the IP is recorded to the extreme file and they are blocked for the amount of time set in the option labeled Expiration Time for Extreme Denials. Furthers, what is a forged helo? An invalid HELO greeting messsage used by SMTP servers. ASSP has an option to check connecting servers helo messages against the rfcs and optionally penalize them for having an invalid one. Personally I find this blocks more spambots. And lastly, what is the RBL cache for? Rather than checking the RBL servers each time we get a connection ASSP caches the results for ip's that have had posistive hits for an ammount of time specified in the admin interface. RBL cache hits are when ASSP has the IP address in it's cache from a previous RBL check. This saves processing time as you do not have to wait for a DNS response for each and every connection. That should cover those questions for the most part. Kevin - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
Furthers, what is a forged helo? An invalid HELO greeting messsage used by SMTP servers. ASSP has an option to check connecting servers helo messages against the rfcs and optionally penalize them for having an invalid one. Personally I find this blocks more spambots. A forged helo is different from an invalid helo. ASSP uses the local domain list and Local Host Names to block sender which uses local domains and local hostnamesnr in their helo. That helo is surely forged. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
Re: [Assp-user] Process order]
Fritz Borgstedt wrote: Furthers, what is a forged helo? An invalid HELO greeting messsage used by SMTP servers. ASSP has an option to check connecting servers helo messages against the rfcs and optionally penalize them for having an invalid one. Personally I find this blocks more spambots. A forged helo is different from an invalid helo. whoops. missed that :( /me slinks off to corner in shame Kevin - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
[Assp-user] Process order
Hello, I am sitting here and reading the process order for an email when it runs trough ASSP, and i was wondering what these things is, and what they do? * PenaltyExtreme - Penalty Box extreme blocking * ForgedHELO - forged HELO detection (built-in) * DoRBLCache - caching and reuse of prior DNSBL/RBL hits * DoFakedLocalHelo - verify HELO against localDomains * DoNoValidLocalSender - block spoofed sender addresses * DoNoSpoofing - block spoofed localDomains I don't understand what happens in these processes, could someone explain them to me? Regards, Andreas - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
