Andrew Porter wrote:
Ethan Albone wrote:
My suggestion :
Why don't you consider to write something to detect a DDOS email
dictionary attack ? Each time someone start to bomb the server with
[EMAIL PROTECTED] using always a new ip for an x time ,
assp deny the sender as possible . Is it
Does anyone have a link to a reasonable study on how much each spam
costs a company?
I'm wanted to quantify how much money we're saving by blocking spam.
Any suggestions appreciated...
Thanks,
Chris
-
Take Surveys. Earn
I would also point out that if you use a DNS name and use multiple
records, you get round robin functionality as well.
brougham Baker wrote:
From: Fritz Borgstedt [EMAIL PROTECTED]
LDAP
is not a single point of failure.
fritz
You're right- I missed that-
Enter the
And I'm trying to figure out how.
Does anyone know of a utility that will send email and try different
parameters?
Basically, I believe someone is getting through via the HELO they are
passing.
I need a way to test this other than telnet, as the firewall in front of
my server detects that
It doesn't forge the helo info, so Im not sure this will work.
Marcel van Lieshout wrote:
try this from your mailserver
do a telnet to relay-test.mail-abuse.org/
hth
Marcel
Chris Norman wrote:
And I'm trying to figure out how.
Does anyone know of a utility that will send email
My HELO check is:
^(([a-z\d][a-z\d\-]*)?[a-z\d]\.)+[a-z]{2,6}$
Thoughts?
C
Chris Norman wrote:
It doesn't forge the helo info, so Im not sure this will work.
Marcel van Lieshout wrote:
try this from your mailserver
do a telnet to relay-test.mail-abuse.org/
hth
Marcel
Chris
, they're using info. I'd telnet and test, but my IP is in my accept
all mail from.
The firewall detects if I'm connecting via telnet and kills the session
when I try it from work (ISP firewall).
I'm at a loss how they're doing this.
C
Paul wrote:
On 5 Apr 2007 at 10:45, Chris Norman wrote
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris Norman
Sent: 05 April 2007 05:45 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: [Assp-user] Someone is able to relay off me (1.2.6 - win32)
And I'm trying to figure out how.
Does anyone know
Cool, thanks Fritz.. that's exactly what I was looking to find out.
I figured it wasn't ASSP because I've NEVER had any issues with it, but
that helps tremendously.
I've tweaked things down on my Merak server and am watching closely.
Chris
Fritz Borgstedt wrote:
[EMAIL PROTECTED] schreibt:
I was looking through some of my spams and came up with an idea that I
thought I'd share with the list. It may be a stupid idea, so flame away
if if I'm missing the obvious.
Although its technically possible, the feasibility of implementing this
concept (or something like it) would fall to
I'm not sure, but this morning I found I had over 7000 bounces.
At first, I thought a user might have a virus on their machine, but I
see by examining various headers that the emails came though my various
instances of ASSP.
I've been running 1.2.6 on w2k for quite a while now and haven't seen
K, I'm more confused now.
I have tried to verify that
[EMAIL PROTECTED]
is indeed whitelisted on all four of my ASSP instances and none them report the
address as whitelisted.
Maybe it hasn't been saved to the file yet?
TIA,
Chris
Fritz Borgstedt wrote:
[EMAIL PROTECTED] schreibt:
My
Aha, I found a missing pipe ( | ) in my ips.
So one of my ip's was structured like 192.168.206.123.67.177.
Do you think that would cause this?
Thanks for your help,
Chris
Fritz Borgstedt wrote:
[EMAIL PROTECTED] schreibt:
I have tried to verify that
[EMAIL PROTECTED]
is indeed
Mehul N. Sanghvi wrote:
Gregor Reich said the following on 3/9/2007 9:23 AM:
Hi all
We're using ASSP for one week now - and it is the tool of our choice; we
almost got rid of spam!
Now, because we have to run different configurations (different smtp
destinations for example) I want
My two cents:
An installer worries me on many levels. I wouldn't release it with
1.3.0. I would put it out there separately as something needing testing
and feedback on non-production machines.
The only reason I say this is that the installer introduces complexity
and abstraction from the
Uhm, I'm a windows admin and I figured out how to install modules rather
quickly using PPM. I found an extremely large and helpful community
online as well as more than adequate documentation.
First and foremost, start here (From Wiki):
http://www.asspsmtp.org/wiki/Quick_Start_for_Win32
Step
and modules are at the very core of open source.
Be careful of being critical, even if its constructive criticism, in the
open source world. Its a culture of contributing to the solution, not
the problem.
Best,
Chris
Chris Norman wrote:
Uhm, I'm a windows admin and I figured out how to install
Hi all, just wondering if 1.3.0 is still going to be released March 1st.
Best,
Chris
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions
11:59:59 PM...
Ged West wrote:
Hopefully :-)
What time on march 1st remains to be seen.
Ged
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chris
Norman
Sent: Thursday, March 01, 2007 12:11 PM
To: Questions and Answers for users of ASSP Anti
Fritz Borgstedt wrote:
[EMAIL PROTECTED] schreibt:
I have seen where a address is marked as spam (or potential spammer)
and the
mail program will send a email back to the sender to verify if the
sender is
legitimate, does ASSP have this ability?
ASSP will answer on the fly with
Does anyone know of a company offering hosted / managed ASSP? My wife's
company needs help and with my full time job can't guarantee I'd be
available if something went wrong.
Thanks,
Chris
-
Take Surveys. Earn Cash.
I was thinking it might be a good idea to rotate the key in case a
spammer looked at it and added it to the subject for spamming my domains.
Perhaps I'm not a big enough host for them to bother, but it certainly
make me feel better anyway.
I suppose I could just change it if I saw spam come
Anyone else read this?: http://www.hexview.com/sdp/node/38
An interesting idea but I think it would be easily foiled by the spammers.
Basically, the idea is that MTA's post the sending IP and get a score
back. Each time an MTA reports and IP, its score goes up.
Then you do with what you will
I think ASSP may be considered SOX compliant if you are grabbing and
archiving the logs. SOX is something I do for a living.
Sarbanes compliance is very much related to the evaluation by your
auditor. If you have good controls and policies around anything, it can
used in a Sarbanes
.
Best,
Chris
Eric B. wrote:
Chris Norman [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
I wrote both the original merak PopB4SMTP routine and the revamped, 2nd
one.
I cut my teeth on Perl writing that function! The first one was very
poor, but once I figured out the binary
I wrote both the original merak PopB4SMTP routine and the revamped, 2nd one.
I cut my teeth on Perl writing that function! The first one was very
poor, but once I figured out the binary format of the file, I wrote the
2nd that takes the length of the IP address and prepends the IP with
that
I use PopB4SMTP. Wouldn't it stand to reason that even if a client knew
what IP to spoof in a packet to cause your server to log the IP need
to know a login / pw? And if so, doesn't that make the risk moot?
Or, are we talking about something that may hi-jack your pop session via
injection or
You know, it's a good think I didn't want historical data too far in the
past!
From the stats page:
* Note: historical data is only available back to Sep 4, 2003*
LOL. j/k.
Perhaps that date should be updated to today? Thanks Fritz for your
hard work getting the script working again.
Best,
Thanks to Kevin then!
*Toast*
C
Fritz Borgstedt wrote:
Perhaps that date should be updated to today? Thanks Fritz for your
hard work getting the script working again.
No, that Kudo goes to Kevin.
-
Take
... and back in the day if I didn't feed those hamsters ...
I remember those big square batteries from Dallas Semiconductor ( or
something like that) that went into IC slots. Those were the worst. When
DTK released a motherboard with the small disk batteries I was glad to
see it.
Now-adays,
Would a delayed HELO do the same thing? IE, the 250 response.
I'm just curious, this feature may already be in ASSP and I've never
used it.
Chris
Micheal Espinola Jr wrote:
Doug Traylor wrote:
If setting it to 2 seconds is not having a negative effect on my server as
far as CPU usage
Put it back in training mode for now. Train tweak till its working for
you.
C
Robert Temple wrote:
I've had ASSP up and running for the past two months and am
discovering that it is rejecting almost all new legitimate email,
i.e. email from addresses that haven't been received before the
Thanks Fritz or whoever implemented my Merak compatible popb4smtp function.
That saves me time upgrading.
Wonderful!
Best,
Chris
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel
If the email domains behind ASSP have significantly different HAM,
wouldn't that result in a muddled SPAM database?
Under this implementation, would ASSP then maintain separate
SPAM/HAM/WL/etc. for each?
I run four ASSP instances on separate IPs pointing back to a single MTA
instance
don't think Thunderbird allows you to
programatically send an email.
C
Eric B. wrote:
Chris Norman [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Sorry, I'm running a bit light on sleep.
I meant Thunderbird.
I did some quick fishing a couple of weeks ago, but couldn't turn
Geode,
On the WiKi, there are some good examples of RegEx's. BombRE and
ScriptRE. http://www.asspsmtp.org/wiki/BombRe_and_ScriptRe
Save those as text files in your assp installation location, then
enter file:/filename/ where you would enter the RegExs.
Once there, you can actually
Does anyone know of a extension for firefox that works like the outlook
plugin that's on the ASSP Wiki?
Thanks in advance,
Chris
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and
I'm very happy with my ASSP implementation, Fritz. Thank you for all
your hard work.
What I was suggesting would be for new customers, ie. New users of
ASSP. I was thinking it might assist in adoption.
As an ASSP user, I know my preferences and settings would be very
different than yours so
I've been as ASSP user for a while and it works well.
There's a new features being added with each release, a lot more.
One thing that would make ASSP easier to adopt is some basic settings
recommendations. Think browser security settings (high, medium, low).
At least it would configure ASSP
The x where emails, so I x'd them out.. sorry if it caused
any confusion.
Best,
C
Chris Norman wrote:
For sure it wasn't.
I replaced it with the default regex ASSP has and restarted assp and
now see it as having a red re:
Thanks,
Chris
In analyzer I see
I have multiple instances of ASSP running on one box, is it possible for
two of them to share a whitelist?
Each instance of ASSP is installed under a common subfolder.
In the common subfolder, I've created a folder called sharedfiles.
Then, on two of the instances, I've made the folder path to
Sorry, let me correct my grammar:
the users are sending through a different instance of assp (not than assp).
Sorry again,
Chris
Chris Norman wrote:
I have multiple instances of ASSP running on one box, is it possible for
two of them to share a whitelist?
Each instance of ASSP is installed
for outgoing e-mail.
- Original Message -
From: Chris Norman [EMAIL PROTECTED]
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net
Sent: Tuesday, July 18, 2006 4:46 PM
Subject: Re: [Assp-user] Shared whitelist db file
Sorry, let me correct my
hpRe had \transfer\ in it, while noProcessing was blank.
I deleted the \transfer\ to see if that does the trick.
Thanks!
C
Micheal Espinola Jr wrote:
Examine your noProcessing and npRe, or better yet disable them for now.
I'll be the issue is in the npRe.
Chris Norman wrote:
On one
44 matches
Mail list logo