Re: [Assp-test] Question re: ASSP as post-queue filter

ere, but I am using Postfix > and I have ASSP in front of it, but Postfix is, in fact, the perimeter > SMTP server as ASSP just acts as a proxy. Does having ASSP in front of > Postfix really inhibit using Postfix as you desire? > > - Bob > > On 6/11/2019 11:38 AM, Charles Ma

Re: [Assp-test] Question re: ASSP as post-queue filter

On Wed Jun 12 2019 01:39:08 GMT-0400 (Eastern Standard Time), Thomas Eckardt wrote: > >integrate ASSP as a post-queue filter using amavisd-new > > Don't try this! Use assp instead of amavis-new. The postfix config > should be the same in both cases. The listeners and targets in assp > should be

Re: [Assp-test] Question re: ASSP as post-queue filter

ed based code (except the main html > page got two additional links) - full customized signatures and YARA > ] > > Nothing breakes this. Nothing beats this (except some 100.000$ > solutions). > Only silence. > &

[Assp-test] Question re: ASSP as post-queue filter

Hello, I used to use ASSP a long, long time ago, and really loved the way its Spam Reports worked, but ended up having to switch for political reasons, then years later, the boss decided to migrate to Office 365. Now I may have the opportunity to switch us back to a self-hosted linuz system

Re: [Assp-test] Stopping repeated auth logon connection attempts

On 1/13/2016 10:22 AM, Harley_1955 wrote: > Hello everyone, I've got a problem of repeated auth logon connection attempts > that I'm trying to stop. ylmf-pc makes repeated attempts, 2000 of them last > night. I have put ylmf-pc into the "noAUTHHeloRe" file and that stops

Re: [Assp-test] DNS Problems

On 5/27/2014 1:52 AM, Masood Rahim mas...@intertune.com wrote: he problem is not the DNS servers, as I have pointed them to many dns servers in addition to the amazon web service dns and they continue to die. I have a monit process that restarts assp automatically when this happens. Anyone

Re: [Assp-test] Spammers able to go through ASSP with false credentials... (as it seems to be for me)

On 2/24/2014 6:06 AM, Jean-Pierre van Melis j...@mirmana.com wrote: These people had these passwords for a long time (which in itself is wrong, of course). I beg to differ... The most important thing to do is require *strong* passwords. The second most important thing to do is educate users

Re: [Assp-test] Spammers able to go through ASSP with false credentials... (as it seems to be for me)

On 2/24/2014 10:14 AM, Charles Marcus cmar...@media-brokers.com wrote: and that they will*never* get an email with a link in it asking them to change Unless of course *they* initiated the process. -- Best regards, Charles

Re: [Assp-test] VMWare OVF assp V2 appliance available

Thanks very much for the explanation Thomas... I look forward to hearing how your next attempt goes... :) On 2013-11-16 2:19 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: 64 Bit was my first try on FreeBSD. I gave up at the point, where I was unable to terminate the assp process using

Re: [Assp-test] VMWare OVF assp V2 appliance available

On 2013-11-15 10:30 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: Hi all, I've nearly finished to provide a VMWare OVF for assp V2. The VM is based on FreeBSD 9.2 for i386 (32Bit). Wow, sounds awesome... except... Any reason that you opted for 32bit? I would much prefer a 64bit

Re: [Assp-test] Reporting to User

and it has been there since forever - and in fact the Block Reporting features (I especially like the 'on-demand' feature) is one of the best things about ASSP... On 2013-09-19 11:16 AM, Colin Waring co...@lanternhosting.co.uk wrote: There is a whole section in the admin panel called Block

Re: [Assp-test] Feature Request - Content-Filter-Only mode, with all of the pe

On 2012-07-27 1:37 AM, Daniel L. Miller dmil...@amfes.com wrote: On 7/25/2012 10:54 AM, Charles Marcus wrote: Ok, well... Can you point me to documentation that explains how to setup ASSP such that it totally bypasses/disables all of the 'SMTP Proxy' functionality, so that it works only

[Assp-test] Feature Request - Content-Filter-Only mode, with all of the per user Block Reporting/Training features intact

Hello, I'm just seeing if this is something that the devs would even consider... I love ASSP, but I had to stop using it a long time ago (when the new v2 development took off thanks to Thomas joining the project) because for our needs, it was just a much too fast moving target, and more

Re: [Assp-test] Feature Request - Content-Filter-Only mode, with all of the per u

On 2012-07-25 11:23 AM, Fritz Borgstedt f...@iworld.de wrote: ASSP 1.9 is rocksolid and can be used pre/post. Understood, and thanks, but I would need full/solid SSL/TLS support, so v1 is no longer an option for me. ASSP 2 is rocksolid and can be used pre/post. Well, I know a lot of mail

Re: [Assp-test] Feature Request - Content-Filter-Only mode, with all of the pe

On 2012-07-25 12:46 PM, Fritz Borgstedt f...@iworld.de wrote: ASSP development mailing listassp-test@lists.sourceforge.net schrei bt: That said - and again, *please* do not take offense - but complaints about new versions of v2 locking up/freezing/etc abound on the assp-test list, There is

[Assp-test] OT: question about perl regex evaluating headers...

Hi all, Sorry for the off topic question, but I figured where better to ask a perl regex question? ;) - and, it is related to spam (prevention of *outbound* spam by postfixadmins vacation.pl script). So, as I said, I use the vacation.pl (v 4.0) responder in postfixadmin, and I'm trying to

Re: [Assp-test] Antwort: Re: Antwort: Feature - replace attachments with a link?

Thanks for the thoughtful reply Thomas, my comments inline below... On 2012-02-11 4:16 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: 1. each replaced attachment has to be moved to a web server (for download) immediatly Correct... 2. it has to be placed on a some how 'cryptic' and

Re: [Assp-test] Antwort: Feature - replace attachments with a link?

Thanks for the comments guys - replies below... On 2012-02-09 3:16 AM, Grayhat gray...@gmx.net wrote: Charles - this could be done with the ASSP_AFC plugin in V2. Without the plugin a mail with a bad attachment is blocked - the plugin will replace the bad attachments with a text part.

Re: [Assp-test] Antwort: Feature - replace attachments with a link?

On 2012-02-09 7:30 AM, Charles Marcus cmar...@media-brokers.com wrote: This is exactly what I am interested in, and why. Basic testing on my mailstore reveals that about 85% of the mail store is attachments, and 40-60% of that amount could be eliminated by deduplicating just the attachments

Re: [Assp-test] Antwort: Feature - replace attachments with a link?

On 2012-02-09 8:08 AM, Daniel Urstöger dan...@gosi.at wrote: I have haven´t really followed this discussion all the way, but there is a open source mailstorage that does support single instance storage for attachments: dbmail. iirc it supports that since 2.3 and current version is 3.0. Yeah,

Re: [Assp-test] Antwort: Feature - replace attachments with a link?

On 2012-02-09 8:32 AM, Grayhat gray...@gmx.net wrote: Personally, since there will never be duplicate attachments, keeping them forever (or at least for many years) shouldn't be a real problem, and that is what I would do. The simplest way for those who well... that fits your reality, but

[Assp-test] Feature - replace attachments with a link?

I seem to recall a feature like this being discussed, but can't remember if it was ever implemented... Thomas? Anyone? Thanks -- Best regards, Charles -- Keep Your Developer Skills Current with LearnDevNow! The

Re: [Assp-test] Switching from files to database, suggestions/guides?

On 2012-01-25 2:44 AM, Grayhat gray...@gmx.net wrote: Warning: Spamdb contains 151091 records (allocating at least 35.9MB) - it is highly recommended to use a database for 'spamdb' and same for whitelistdb. I'd also like to experiment with the Hidden Makrov Model functionality, which requires

[Assp-test] Hosted ASSP2 SaaS service?

Does anyone know of a reliable outsourced antispam service that uses ASSP2 as the tool of choice? I have a client that simply does not want to do it inhouse (no matter how easy I tell them it will be), but really like the features/functionality I've been telling them about ASSP... especially

Re: [Assp-test] Hosted ASSP2 SaaS service?

On 2012-01-19 11:05 AM, Grayhat gray...@gmx.net wrote: Does anyone know of a reliable outsourced antispam service that uses ASSP2 as the tool of choice? Sorry, no idea, maybe Thomas will have some pointers I have a client that simply does not want to do it inhouse (no matter how easy I tell

Re: [Assp-test] SSL / V2

On 2011-12-29 3:43 PM, Robert K Coffman Jr. -Info From Data Corp. bcoff...@infofromdata.com wrote: If I want to buy a certificate for ASSP to proxy SSL, what type of certificate do I need? It appears as though a self generated cert doesn't play well with Outlook by default, and I don't want

Re: [Assp-test] Antwort: PTR problem

On 2011-12-20 3:59 AM, Bob Berryman b...@sanlogan.com wrote: Of course I could implement local DNS but that would be building a nuke to kill a chicken Anyone who runs their own mailserver should always at least be running their own caching DNS server (and do NOT use any public DNS servers like

Re: [Assp-test] Block report mails not being sent

On 2011-11-09 9:02 PM, Mr. Courtney Creighton a...@dezignguy.com wrote: Nov-09-11 17:25:42 [Worker_1] Error: couldn't send block report for ad...@domain.com toad...@domain.com at 66.135.57.44:1025 - EHLO command failed: 220 We do not authorize the use of this system to transport

Re: [Assp-test] Antwort: Re: Disabling SSLFailed cache

On 2011-10-21 7:18 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: This is not a reasonable suggestion... think of someone with hundreds or even thousands of clients... An more reasonable suggestion for even thousands of clients is to use a verificable cert. Good point, but still only

Re: [Assp-test] Disabling SSLFailed cache

On 2011-10-21 8:53 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: The SSLFailed cache in assp is a DoS prevention - there is no good reason to disable it - even not for privat IP's. Wasn't suggesting it should be disabled, I was suggesting that maybe refusing to continue to offer

Re: [Assp-test] Disabling SSLFailed cache

On 2011-10-21 9:18 AM, Peter W Bowey supp...@pbcomp.com.au wrote: I see that you have 'possibly' not aswered the orig. query? Is it possible for ASSP to use self-signed certs? I suspect the real answer is 'no'. [sorry Charles]. I hope that is not the (permanent) case... it would be sad

Re: [Assp-test] Disabling SSLFailed cache

On 2011-10-21 9:25 AM, Peter W Bowey supp...@pbcomp.com.au wrote: The challenge is in the ASSP verification for 'self-signed certs'. It is a bummer for Thomas...:-) +1 I'm not suggesting it is easy to do (I don't know as ianap)... and if Thomas' answer is 'it is desirable, but hard to do',

Re: [Assp-test] Disabling SSLFailed cache

On 2011-10-21 9:24 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: I'll change the behavior of assp for SSL-failed privat IP's and 'acceptAllMail' IP's - by giving them one more chance to correct there mistake. Thanks Thomas!! -- Best regards, Charles

Re: [Assp-test] fixes in assp 2.1.2 build 11278

On 2011-10-07 9:07 AM, K Post nntp.p...@gmail.com wrote: Does anyone really know what day of the year it is without looking it up? What about doing a versioning number like this: 2.1.2 111006.000 I truly don't understand all the fuss... Why not just something simple like: 2.1.### Where ###

Re: [Assp-test] Antwort: Re: Thunderbird SSL/TLS with ASSP Version 2

On 2011-10-03 11:20 PM, Paul Farrow a...@thefabfarrows.com wrote: If I telnet'd to port 25 it would immediately redirect me to port 465 and say there was a problem with the ssl - it was as though it was automatically issuing the start-tls. I then put 465 in the listenportssl config and it

Re: [Assp-test] Thunderbird SSL/TLS with ASSP Version 2

On 2011-10-03 8:08 AM, Paul Farrow a...@thefabfarrows.com wrote: I take it other fokes can reproduce this problem I am seeing? Others have said they are NOT (I'm not either)... If you definately think its a problem with TB will you raise a ticket with Mozilla? As I am kinda stuck with my TB

Re: [Assp-test] This is now becoming a joke....

On 2011-08-03 9:06 AM, Peter W Bowey supp...@pbcomp.com.au wrote: However, the 'removal' from a officail black list IP is SLOW (days), unless you pay a up-front fee to the Blacklist site. Not true except for a few ones that I would never block on... Most have a delisting process that you

Re: [Assp-test] This is now becoming a joke....

On 2011-08-03 10:35 AM, Peter W Bowey supp...@pbcomp.com.au wrote: I operate a computer recovery Workshop here, and some of my 'bad' clients Computers have caused a serious blacklist event when they spam through my www + mail connectivity linms! As I operate a real business that needs

Re: [Assp-test] This is now becoming a joke....

On 2011-08-03 10:57 AM, Peter W Bowey supp...@pbcomp.com.au wrote: Like I said, anyone who blocks on a BL that requires payment for removal gets what they deserve. Sorry, but that is a non-realistic statement! It's very realistic to those who live in the real world. Thanks to ASSP, I no

Re: [Assp-test] changes in 2.0.2_3.1.05

On 2011-06-09 10:44 AM, Peter W Bowey wrote: (Perl 5.012003) Ta-da... -- Best regards, Charles -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track

Re: [Assp-test] changes in 2.0.2_3.1.05

On 2011-06-09 10:44 AM, Peter W Bowey wrote: (Perl 5.012003) Maybe you missed my first pointer... Unless I'm mistaken, perl 5.12 is not supported, so maybe this is your problem? -- Best regards, Charles -- EditLive

Re: [Assp-test] fixes in 2.0.2_3.1.02

On 2011-06-02 9:46 AM, Peter W Bowey wrote: I have done some benchmarks on this latest ASSP 2.0.2_3.1.02. Results show performance and memory as being 'lighter and faster'. I am seeing about a 20% improvement in mail processing times. Linux memory pool use remains stable with less peaks than

Re: [Assp-test] GUI request/suggestion

On 2011-05-31 8:35 PM, Trevor Jacques wrote: Hello. Would it be possible for you to add the preHeaderRe file to the pulldown list of e-mail addresses that is linked from the mail log? There are many, many e-mails that kill assp, and they almost all come through yahoo (one yahoo server or

Re: [Assp-test] GUI request/suggestion

On 2011-06-01 9:04 AM, Trevor Jacques wrote: why not get copies of these message to Thomas/Fritz asap so they can fix the ASSP bug that causes it to choke on them? I have done this many times, off the list. Thomas has not been able to isolate the problem with these e-mails. Interesting - was

Re: [Assp-test] GUI request/suggestion

On 2011-06-01 9:14 AM, GrayHat wrote: I have done this many times, off the list. Thomas has not been able to isolate the problem with these e-mails. Their source seems to be through multiple Yahoo servers, and relayed through one server I trust for other reasons. I've not seen them arrive from

Re: [Assp-test] fixes in assp 2.0.2_3.0.28

On 2011-06-01 10:37 AM, Trevor Jacques wrote: The server has been S much more reliable and 'quiet' since I installed fail2ban. Based on my experience, I'd recommend it for anyone using a *nix server. +1000 :) Although I'd say it is not just to keep it quiet, it is a security MUST... it

Re: [Assp-test] Antwort: Re: GUI request/suggestion

On 2011-06-01 11:36 AM, Thomas Eckardt wrote: ASSP should NOT choke on ANY message This is not possible. ASSP is based on an OS (which is not perfect) +Perl (which is not perfect) + several modules (which are not perfect) + assp.pl is not perfect. And don't forget - the spammers are smart

Re: [Assp-test] Antwort: SMTP Secure Listen Port SSL Destination issues

On 2011-03-21 9:46 AM, Steve Moffat wrote: SMTPS is 465, not what you have. *Port (TCP/UDP): 465 (TCP) *Description: SMTP over SSL. TCP port 465 is reserved by common industry practice for secure SMTP communication using the SSL protocol. SMTPS over port 465 is deprecated... port 587 -

Re: [Assp-test] Antwort: SMTP Secure Listen Port SSL Destination issues

On 2011-03-21 10:02 AM, Steve Moffat wrote: Hmmm, where do you get that info from? Mine works fine. It's just the block reports that don't. None of the banks I work with that require SMTP/TLS use 587 Deprecated != won't work Feel free to use port 465, especially if you need to support

Re: [Assp-test] Pretty urgent. one PC acts as a bot and polutes the assp spam/notspam db

On 2011-02-25 3:09 PM, Spyros Tsiolis wrote: I think I've explained my point of view thoroughly in my previous mail. But your explanation was ridiculous. You plainly stated that you would not and/or *could* not use the appropriate tool (redlist) to accomplish what you wanted. snip third

Re: [Assp-test] ASSP as after-queue content filter for EMail Block Reporting/Quarantine management only

Thanks very much for your reply Thomas - I hope you had a great vacation! Just one follow-up question... On 2011-02-23 7:18 AM, Thomas Eckardt wrote: - do not use assp for outgoing mail - this is useless, if only the Bayes engine is and whitelisting is not used But I would like - if possible

[Assp-test] ASSP as after-queue content filter for EMail Block Reporting/Quarantine management only

Is anyone using ASSP, not for its front-end capabilities, but only for its Bayesian content filtering *and* Block Reporting/Quarantone management capabilities only? Would Fritz or Thomas be so kind as to outline the proper way to integrate it in such a manner... Thanks, -- Best regards,

Re: [Assp-test] Fwd: Work-in-progress: trickle attack defense

On 1/27/2011 8:06 PM, James Brown wrote: Does ASSP also stop such trickle attacks? I'd rather use ASSP for all my anti-spam than have to implement postscreen. If not, would it be worth adding to ASSP? Actually, postfix is so good at stopping the vast majority of spam all by itself using

Re: [Assp-test] Block Reports

On 2010-11-19 10:13 AM, Fritz Borgstedt wrote: The collection cleaning tools existing since a year or so will clean the corpus and keep the size below MaxFiles. The tools provide a better control over the age of deleted files. Thanks for the replies - Fritz's explained it best - 'yes, its ok

Re: [Assp-test] fixes in assp 2.0.2_2.0.01

On 2010-11-17 4:19 PM, Thomas Eckardt wrote: such version numbering changes needs many many code changes - and will make it impossible to use older plugins in new numbered assp versions I've never understood ASSPs version numbering scheme. This is not intended as a slight to Fritz, Thomas or

Re: [Assp-test] workers get stuck very frequently (makeSubject)

On 2010-11-01 1:47 AM, Thomas Eckardt wrote: On linux and MAC I don't see any problems at the moment to use 5.12.x. For Windows, some needed modules are still not available. For this reason an offical support of Perl 5.12 is not possible for windows only... right, forgot about the modules...

Re: [Assp-test] workers get stuck very frequently (makeSubject)

On 2010-10-29 12:42 PM, m...@mailspot.at wrote: Since I added this sender address to no processing, no worker has been stuck. It would still be nice to know what about this mail could have caused assp to hang.. Did you provide the entire email to Fritz and/or Thomas? If they had the

Re: [Assp-test] Accept mail but don't deliver

On 2010-10-24 9:56 PM, K Post wrote: ASSP will dump a message silently when encountering such an address. Accepts specific addresses (n...@example.com), user parts (nobody) or entire domains (@example.com). 'Dump' in the above explanation should really should be changed to 'discard'. 'Dump'

Re: [Assp-test] Accept mail but don't deliver

Is there a way with ASSP 2 to have an inbound mail be accepted, but dropped before it's sent to the recipient? It would be extremely easy to do this at the MTA (at least with postfix) rather than trying to do it with ASSP... -- Best regards, Charles

Re: [Assp-test] Important RE:Re: URI Bug

On 2010-10-21 1:39 PM, Matti Haack wrote: If you are not so firm with regexes, I recomend Regex Buddy, which makes even complex regexes easy to create and to understand! http://www.regexbuddy.com/ It's not free, but the 30€ are nothing compared to the pain broken regexes will

Re: [Assp-test] mail with too long subject kills assp

On 2010-10-07 6:46 AM, Thomas Eckardt wrote: we saw in some cases V1 and V2 system going to stop working or using 100% CPU and lot of memory, if a mail with a subject 768551Priotiy Refill Order 130612Special Order 710500Priotiy Refill Order 338466Special Order 335560Priotiy Refill Order

Re: [Assp-test] Antwort: Re: mail with too long subject kills assp

On 2010-10-07 9:35 AM, Thomas Eckardt wrote: For this reason the 'preHeaderRe' is implemented to be able to block such 'crash forcing mails' before they can do there dangerous 'work'. A mail with such a subject is not sent to deliver spam - it is like a DoS Attack. I understand, but my point

Re: [Assp-test] Antwort: Re: mail with too long subject kills assp

On 2010-10-07 10:30 AM, K Post wrote: I think what we're suggesting is logical and I'm sure Thomas will too. It's just a question of finding the time to code it! After Thomas' last, it might not be so easy... maybe because there is no easy way to distinguish 'Subject' in the header. I'd think

Re: [Assp-test] Antwort: Re: Antwort: Re: mail with too long subject kills assp

On 2010-10-07 12:14 PM, Thomas Eckardt wrote: Charles, throw away your thinking about the 'subject' - think big. Maybe any other part (or parts) of the header caused assp to crash, nobody knows - but it was realy easy to detect this single mail by a single line of the subject - this was the

Re: [Assp-test] TLS with ASSP

On 2010-09-30 2:06 PM, Daniel Riek wrote: Recently we have been getting more spam through TLS What does whether or not you're using TLS (however implemented) have to do with the amount of spam you get? -- Best regards, Charles

Re: [Assp-test] fixes and changes in 2.0.2_1.2.04

On 2010-09-01 8:29 AM, Andrew Porter a...@defsdoor.org wrote: On 31/08/10 16:48, Charles Marcus wrote: That's why I prefer to do it in the firewall with fail2ban. Are you setting fail2ban to monitor the ASSP log ? If so would you care to share your fail2ban config ? http://www.fail2ban.org

Re: [Assp-test] fixes and changes in 2.0.2_1.2.04

On 2010-08-31 10:43 AM, GrayHat gray...@gmx.net wrote: if you put ASSP in front of the mailserver, it won't see the attacker IP so it won't be able to use such a mechanism, worse, enabling it on the backend mailserver would cause the ASSP to get banned That's why I prefer to do it in the

Re: [Assp-test] Healthy/Unhealthy response request

Scott MacLean wrote: My problem is that my status checker connects, and looks for a preset response. If it sees the response, great. If it doesn't see it, it knows there is a problem. Obviously, I have it connect and look for the response healthy. However, the response when there is a

Re: [Assp-test] assp V2 configuration synchronization - important hint

On 2010-08-19 4:53 PM, Fritz Borgstedt f...@iworld.de wrote: It is only sharing the settings ? So for example a setting is using an external file for input, only the filename is synced not the data in the external file ? If there is a filename in the field, the file will be synced. If there

Re: [Assp-test] Feature request: Weak Password Warning

On 2010-06-25 4:53 AM, GrayHat wrote: exactly my point; it doesn't make sense imHo allowing users to change their passwords w/o checking them and then reject the emails due to weak passwords; the password issue must be dealt with at mailserver level I don't think Matti meant that these should

Re: [Assp-test] Feature request: Weak Password Warning

On 2010-06-24 6:31 AM, Matti Haack wrote: Good idea, but why not just use cracklib or something that is already designed and well tested for something like this: http://search.cpan.org/dist/Crypt-Cracklib/Cracklib.pm This would be helpful too. But I think ASSP already includes lot of code

Re: [Assp-test] 120+ connections to mysql

On 2010-06-19 12:41 AM, Thomas Eckardt wrote: I have problems with too many connections to the mysql database. increase the possible connections in your mysql.ini Is this by design (opening 120+ db connections)? Yes. Postfix has a 'proxy:' feature that will reduce the number of connections

Re: [Assp-test] Further issues with v2

On 2010-06-10 2:25 PM, Paul K. Dickson wrote: Sounds like my old boss. Me: I have the exchange 2003 test server cluster up. I'm trying to test it out. Does anyone want to have their mailbox moved there to help me out? I put mine there a week ago and have not had any problems My boss:

Re: [Assp-test] Further issues with v2

On 2010-06-10 2:50 PM, Paul K. Dickson wrote: You've got me there.. Gotta give you that one :D What can I say.. It was 6 years ago and I was still a little wet behind the ears. Not to mention he had been in my job two years previous so I figured he'd be ok to ask. I didn't realize at the

Re: [Assp-test] optional URL for the webif

On 2010-05-31 9:31 PM, K Post wrote: Oh boy, oh boy. This is not good. I'm thankful that we've had this discussion with you Charles as you've helped me find a major implementation error on our end! No worries - I like being challenged, because it makes sure I understand something correctly,

Re: [Assp-test] optional URL for the webif

Please separate your reply from the quoted text... And I never intended this to turn into an in-depth discussion, I just wanted the OP to know that it was possible to do name-based SSL vhosting on apache with a single IP... On 2010-05-29 10:02 AM, Jean-Pierre van Melis wrote: Well, in my

Re: [Assp-test] optional URL for the webif

On 2010-05-29 11:19 AM, K Post wrote: Google's your friend here, but it's not a complicated process. It's no different from requesting a single certificate, except you run through the process three times. In our case, we requested one certificate for each of one.domain.org, two.domain2.org and

Re: [Assp-test] optional URL for the webif

On 5/28/2010 8:46 PM, K Post wrote: NAME based with a single IP. So you're using a single self-signed cert with multiple names - or, if you're using separate certs for each site, then I'd like to know how you're accomplishing that, because everything I've ever found on doing this says you

Re: [Assp-test] optional URL for the webif

On 2010-05-27 1:35 PM, K Post wrote: Ah, ah, ah. I missed that you were talking about using a self signed certificate for this. There's no problem that I know of running named based virtual servers with SSL as long as each certificate comes from a trusted CA. Its not about a trusted CA (or

Re: [Assp-test] optional URL for the webif

On 2010-05-27 1:34 PM, K Post wrote: FYI - when we were getting activesync setup we used a self signed certificate. Activesync WILL WORK with a self signed certificate, but you need to have the CA be trusted. To do this, you need to export the certificate and then import it into the

Re: [Assp-test] optional URL for the webif

On 2010-05-28 10:07 AM, K Post wrote: We are using a SINGLE ip with 3 virtual hosts running SSL on Apache. *Name*-based or *IP* based? Our certificates are all issued from commercial CA's. What's the issue? sigh I guess it would help if you wouldn't enter a thread half-way without reading

Re: [Assp-test] optional URL for the webif

On 2010-05-26 6:36 PM, Jean-Pierre van Melis wrote: Activesync refuses to work with self-signed certificates. You can't tell it to accept a non-CA certificate. According to what I've read, that's actually not activesync that is refusing to work with one, it is the device/carrier... Sometimes

Re: [Assp-test] optional URL for the webif

On 2010-05-25 7:22 PM, Jean-Pierre van Melis wrote: This reverse proxy can also work on HTTPS-connections. Because a wildcard certificate is quite expensive and a 1-domain certificate can even be had for free (https://startssl.com) this hostname can't change. I can still direct the traffic to

Re: [Assp-test] optional URL for the webif

On 2010-05-26 10:14 AM, K Post wrote: On Wed, May 26, 2010 at 6:53 AM, Charles Marcus wrote: It is a myth that you cannot do name-based virtual SSL hosting on a single IP... it is actually very simple (at least on linux), but the apache guys don't want you to know about it, because

Re: [Assp-test] optional URL for the webif

On 2010-05-26 1:09 PM, Jean-Pierre van Melis wrote: I can only get 1 single free certificate on my TLD (free as in no money involved). Why can't you just use self-signed certs? These are fine for in-house use, securing corp mail servers, web based management services, etc... I don't want to

Re: [Assp-test] Email interface - admin email security question

On 2010-05-24 12:33 AM, Thomas Eckardt wrote: *...@*=thatu...@ourdomin.org=10 *...@*=%3ethatuser@ourdomin.org=%3E10 This syntax is only allowed to admins. What's to stop a clever local user from sending an email using an admin address and removing all blacklist entries. Nothing else than

Re: [Assp-test] Email interface - admin email security question

On 2010-05-24 10:58 AM, Paul wrote: Anything other than the envelope sender is easily spoofed and should never be used for administrative tasks like this. Depending on the installation, even the envelope sender can be spoofed. Hence the qualifier 'easily'... -- Best regards, Charles

Re: [Assp-test] test for personal whitelist wanted

On 2010-05-03 10:43 AM, Thomas Eckardt wrote: The reason for the whitelist was, that everyone who receives a block report, is able to whitelist addresses - and maybe there is someone who don't want these addresses whitelisted. Public blacklisting is not so common (I think). +1 But, if

Re: [Assp-test] fixes and changes in 2.0.2_1.0.10

On 2010-04-15 4:19 AM, Thomas Eckardt wrote: - if VRFY or RCPT TO check is used and the MTA is not available - assp now uses 'LDAPFail' to decide if the adrress is valid or not. 'LDAPFail','LDAP/VRFY failures return false',20,\checkbox,'','(.*)',undef,'If checked, when an error occurs in

Re: [Assp-test] fixes and changes in 2.0.2_1.0.10

On 2010-04-15 2:23 PM, Thomas Eckardt wrote: On 2010-04-15 4:19 AM, Thomas Eckardt wrote: - if VRFY or RCPT TO check is used and the MTA is not available - assp now uses 'LDAPFail' to decide if the adrress is valid or not. 'LDAPFail','LDAP/VRFY failures return

Re: [Assp-test] fixes and changes in 2.0.2_1.0.10

On 2010-04-15 4:36 PM, Thomas Eckardt wrote: 'NoValidRecipient' is used in every case. ?? Why? You should *never* reject with a 5XX Invalid Recipient in a TEMP fail situation. This is a really bad decision. How ever - I never send a 5xx on a unknown recipient. Maybe this is just a

Re: [Assp-test] fixes and changes in assp 2.0.2_1.0.09

On 2010-04-13 9:37 AM, GrayHat wrote: - if VRFY or RCPT TO is used to verify the recipient address and the MTA is not available the address was rejected - it is now accepted in this case Thomas... this sounds quite crazy to me; imHo, if the backend VRFY... isn't available, ASSP should

Re: [Assp-test] URIBL Question

On 2010-03-19 7:25 PM, Marcus Lindley wrote: Another update, I unchecked use my local dns servers to troubleshoot and just let it use the opendns.com servers and I got the same results. You should not be using OpenDNS or Google's DNS servers for spamhaus queries - it won't work, because

Re: [Assp-test] version number suggestions

On 2010-03-13 10:30 AM, K Post wrote: We'd have 2.0.2 DEV Build 15 which is clearly older than 2.0.2 DEV Build 14 and for the public release 2.0.1 Release 15 Make sense? Not really... I hate text in version numbers. Since even are dev versions and odd are release versions, why not just

Re: [Assp-test] Assp dying

, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6200 x224 678.514.6299 fax -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs

Re: [Assp-test] tls/ssl support

On 2010-03-02 9:19 PM, Jeff Barrow wrote: My recommendation is to remove the smtpDestinationSSL setting. It should then use the real server and issue the STARTTLS command to initiate SSL to it when a connction comes in on 465. Actually, shouldn't you use SSL only on port 465, and STARTTLS on

Re: [Assp-test] Antwort: resent mail - from line issues

On 2009-12-28, K Post (nntp.p...@gmail.com) wrote: Might it be a good idea to have assp use the FROM line, including the sender's name if it's there? This way, it appears correctly in the mail client. Shouldn't it duplicate both the envelope info *and* all of the original headers?

Re: [Assp-test] Antwort: resent mail - from line issues

On 2009-12-28, Fritz Borgstedt (f...@iworld.de) wrote: It does duplicate all of the original headers. The X-Assp-Envelope-From stores additional the envelope mail from. So it seems quite logical to resend from the address in this header. As long as the 'From' header is also there so that it

Re: [Assp-test] ASSPv2: resending spam - minor issue

On 12/18/2009, GrayHat (gray...@gmx.net) wrote: Now, in such cases it becomes impossible to use the resend function, so, I think that a possible solution to fix such an issue may be having ASSP adding some kind of special header to the message reporting the envelope recipient so that the

Re: [Assp-test] DNS Benchmarck Utility

On 12/5/2009 7:01 AM, marrco wrote: And you can also consider in your setup to add these new public dns : 8.8.8.8 and 8.8.4.4 http://code.google.com/speed/public-dns/ http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns .html Sorry, but I don't think I'll ever trust

  1   2   3   >