From: Spyros Tsiolis [EMAIL PROTECTED]
Say, does anyone know _why_ they do this ?
Do they get some kind of payment ?
Say, 1c for every 100 spam messages sent or something like that ?
It doesn't make any sense for someone to have this as a full-time
(or part-time for that reason) job !
From: Daniel K. Du Vall [EMAIL PROTECTED]
It's like your asking every one in the country or world to only drive
one make and model of auto.
That's just plain stupid.
Your analogy is more like what mail client\server\spam protection you use.
Most countries DO tell their drivers what side of
I find it really easy to scan the subject as file name in the okmail
directory. Is it ok to just move spam found here directly to errors/spam?
Am I setting myself up for a fall? I realize that the sending address won't
get added\removed from the various lists but is that the worst that will
From: GrayHat [EMAIL PROTECTED]
Now, I'm not saying this is wrong, but it's a static
approach to a dynamic problem imVHo, while
using a dynamic scoring system like the country
scoring I proposed may work somewhat better
you wrote you're already scoring some TLDs;
now, imagine a worm suddenly
From: Charles Marcus [EMAIL PROTECTED]
On 9/15/2007, Marrco ([EMAIL PROTECTED]) wrote:
I forgot one important : server callouts / address verification. You
can hate them, but some MTA implement that feature
I consider anyone who probes my server using sender address verification
as guilty
Nearly 17% of the spam I see is to addresses that have never or will never
be valid on my system. As a result of this I have a relatively large
SpamTrapAdddresses.txt file- I have a script file to show me new addresses
that the MTA rejects but aren't in the SpamTrapAddresses file. I've started
to
From: Fritz Borgstedt [EMAIL PROTECTED]
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
Nearly 17% of the spam I see is to addresses that have never or will
never
be valid on my system. As a result of this I have a relatively large
From: Dave Emory [EMAIL PROTECTED]
Fritz Borgstedt wrote:
The answer is in test-user maillist )).
All I see are some subscribe and test messages.
That's all I see too.
Bro
-
This SF.net email is sponsored by: Splunk
Does move2num overwrite\rename files that have filenames that lie between 0
and MaxFiles already? Or does it check the current file name leave it alone
if it is in the range only overwriting if that file number gets chosen again
by another file?
Bro
I'm sick and tired of hearing that 'health and
I'm considering changing the ispgreyvalue to something a little over 0.5.
Counting the various occurrences of mail from my non-assp protected
secondary I've found-
errors spam 44/210 (21%)
spam 2613/10087 (26%)
errors notspam 157/528 (30%)
notspam 1135/41964 (2.7%)
okmail 442/6503 (6.8%)
So
From: Fritz Borgstedt [EMAIL PROTECTED]
Nope. The rebuildspamdb is running on one server and the spamdb is
copied to a second. That is the situation we are discussing here. This
can be done without restarting assp on the second server and should be
done without running rebuildspamdb on the
From: Fritz Borgstedt [EMAIL PROTECTED]
No, I do not collect spam at the secondary. I just resync all files
to the secondary (without the collection).
Does this include the assp.cfg? I'm presuming not, but if you do how do you
handle the unique fields per install?
Bro
From: Fritz Borgstedt [EMAIL PROTECTED]
I agree - a more meaningful message, followed by a graceful shutdown
would be better... dovecot gives a message 'time moved forward/back
by x
seconds' or something like that...
I do not agree.
I agree with you Fritz- I've got one PC on my network
From: Fritz Borgstedt [EMAIL PROTECTED]
LDAP
is not a single point of failure.
fritz
You're right- I missed that-
Enter the DNS-name(s) or IP address(es) of the server(s) that run(s) the
LDAP database. For example: localhost. Separate entries with pipes: eg.
Charles Marcus wrote:
On 4/10/2007 brougham Baker ([EMAIL PROTECTED]) wrote:
I would love ASSP to have a mechanism (email using blat\cron+mail)
that would copy the relevant settings between themselves.
Wouldn't that be called 'rsync'?
Sorry - blinded by a bright flash of light
From: Kevin [EMAIL PROTECTED]
Pascal Dreissen wrote:
One thing though, if the Mysql server is offline, ASSP Crashes (or kills
it self) immediatly. Is there any way to occur this behaviour ?
The best possible way i think should be that ASSP would deny the
connection for the time being
From: MIS Manager [EMAIL PROTECTED]
I am having an issue with receiving emails sent from MySpace accounts (I
am
not happy I even have to deal with this site, but our company wants a
presence on MySpace for whatever reason). I have put Myspace on our
noprocessing list, but they are not getting
From: Chris Norman [EMAIL PROTECTED]
Since the IP address of the original sender can be gathered from the
headers, would it make sense to weight those IPs prior to ever receiving
email from them?
For example, if my fresh spam has gone from SenderIP -- Open Host --
ISP Relay -- Me, would it
I've cross posted this assp help forum as it does bring up some interesting
questions and also to get it archived in the mailing list as well. More
below-
Read and respond to this message at:
https://sourceforge.net/forum/message.php?msg_id=4174218
By: at0r
I fixed the problem (which indeed
From: Matti Haack [EMAIL PROTECTED]
But if the spammer retries, he will be accepted for a smtp handshake.
If it fails (Bad Helo, Errorrs etc.) he will be dropped and PB
score will rise and his Greyliting entry is deleted, so he has to try
at least 2 more times.
Are they RBL tested
Are the RBL requests sent before the TCP ACK is sent back to the connecting
mail server?
I was thinking that this would slow spammers down due to the 10 half open
connection limit on XP. I'm assuming that most spam senders are trojan'ed
here. This would open ASSP up to causing a denial of service
From: Fritz Borgstedt [EMAIL PROTECTED]
assp-user@lists.sourceforge.net schreibt:
Are they RBL tested again?
why not?
I can't think of a reason why not.
I was hoping they would be checked again as they may now be on one of the
RBL lists.
Bro
From: CheriOR [EMAIL PROTECTED]
Any solution on this October problem, Markus? My processing time is
similar
- nearly finished, finally, after 14 hours. I have 14,000 files in the
spam
and 28,000 in the notspam files to analyze, 20 total files in the error
directories.
I haven't seen any
From: Cheri Harder [EMAIL PROTECTED]
Using a Windows Server 2003 machine with 1.80GHz processor, 1.82 GHz,
504 MB of RAM. Interfacing with IMail. Machine also running 5 websites
with IIS and SQLServer. Processor and Memory used pretty heavily with
the SQLServer and IMail processes (mostly
From: Evan Eggers [EMAIL PROTECTED]
Sample IP addresses from earlier today reported as PTRmissing by ASSP, but
having valid PTR according to dnsstuff are:
208.61.234.147
151.124.247.101
199.230.26.212
Perhaps DNSStuff is more persistent but when i tried using NSLookup from the
command prompt of
From: Micheal Espinola Jr [EMAIL PROTECTED]
208.61.234.147
151.124.247.101
199.230.26.212
Perhaps DNSStuff is more persistent but when i tried using NSLookup from
the
command prompt of a windows workstation they all timed out. I tried
known-good addresses and they worked properly.
- Original Message -
From: Micheal Espinola Jr [EMAIL PROTECTED]
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net
Sent: 09 January 2007 16:58
Subject: Re: [Assp-user] Incorrect PTRmissing?
brougham Baker wrote:
The known good ones
From: Fritz Borgstedt [EMAIL PROTECTED]
May be Doug will say something, he is the one I believe who uses it
(besides me).
That what? Uses the PB to block persistent idiot ip addresses? I do too.
What feature do you mean?
Bro
From: Fritz Borgstedt [EMAIL PROTECTED]
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
Many mail systems allows this behavior. Its in an RFC. I'll look for
it when I get to my office.
forget it, i built it already in.
Is there a way
From: Fritz Borgstedt [EMAIL PROTECTED]
Is there a way to choose the delimiter? The + is only suggested.
Bro
Did you actually looked at it?
No, I have tried 1.2.7 on three separate occasions so far, and have had to
go back to 1.2.6 each time. As the delimiter is selectable, I will try
Fritz Borgstedt wrote:
Are you doing user validation?
No-
So, why are you wondering about the lack of Empty Recipient Messages
at your site?
Because I never managed to work out what drove that statistic up
You cannot catch the bad ones using trap-adresses, you do not know
them.
I've got a secondary MX running ASSP. This has an entry in ISISP. It is
still in testmode for Bayes and SPF.
A mail comes through the secondary- is marked as bayes spam (because it is).
This box fowards it to the primary where it is seen to have a Re-Red of
X-Assp-Spam: YES as it should. The
Fritz Borgstedt wrote:
Whatever, some statistics of 1.2.7 in production on one of my servers
are here:
http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B87130?WasRead=1
Why are your Empty Recipient Messages so high?
I have a total of 5 for 63 days runtime on my backup MX server.
Bro
Fritz Borgstedt wrote:
Why are your Empty Recipient Messages so high?
I have a total of 5 for 63 days runtime on my backup MX server.
Are you doing user validation?
No- i invent too many addresses on the fly (at work with no access to any
systems at home)- I block the bad ones using
Any idea what this is all about? The mail didn't get through. This and the
header limit was why I went back to 1.2.6- I've only just tried 1.2.7 again.
Dec-30-06 01:33:25 Connected: 213.225.139.107:2854 - 213.152.60.37:25 -
10.7.11.37:225
Dec-30-06 01:33:25 213.225.139.107 [EMAIL PROTECTED] to:
Has anyone played extensively with their PB setup to optimize the settings?
I think that there are probably two choices here- based on the
PenaltyUseNetblocks setting to either Penalise the individual address or the
whole Class C Network Block.
When set to use the whole block, the settings need
Bryan Jarvis wrote:
Hi, Corwin --
Well, since my SMTP Server has port 25 (normal SMTP in/out )
changed to 125, it listens to ASSP on 125 and also tries
to send via 125. Only one application per machine can
use port 25, right? Our router forwards port 25 to our server,
which ASSP is now
1.2.7(25) old I know
Should mail from addresses listed on BounceSenders end up in the spam dir?
I checked the docs on the wiki (now complete YAY!) and the only thing i
found was it's introduction on the change log.
Bro
-
I see lots of spam that has a date from the future and past- presumably this
is so it sits at the bottom of the mail list.
How hard would it be to have a PB entry of 'received time in the future'
where the date header is checked against the first (bottom of the list)
received header?
I rarely
From: Andreas Krüger [EMAIL PROTECTED]
How do you downgrade?
I am running Net::DNS version 0.59 - but i installed it trough CSPAN with:
install Net::DNS
So how to downgrade to version 0.59 on Linux?
This was a Win32 only issue so far- are you sure your symptoms are the same?
Bro
At the weekend I went from 1.2.7(12) to 1.2.7(20). Since then I haven't had
a single spam email saved to the corpus. I tried creating a new directory
called spam1- on 20, no spam saved there- when I roll back to 12 they
started saving within seconds.
On Win32
--
Bro
I'm sick and tired of
From: Fritz Borgstedt [EMAIL PROTECTED]
X-Assp-Spam-Reason: BombHeaderRe: 'Headerlength (11002) 1'
There is a restriction of headerlength in section other settings
HeaderMaxBytes.
Default in 1.2.7 is 32000.
I increased HeaderMaxBytes to 35000 yesterday. I've had 10 false positives
Got some email marked as spam with this reason- two where false positives,
one was real Spam. These are the complete headers. Am I getting these
because of the number of hosts that it has gone through? How would I disable
this particular BombHeader- I don't know enough perl to find it.
Bro
1.2.7(12)
Allow Emails from this outbound addresses
Put here addresses from e.g. gmail which should be allowed to report to the
interface.
Would Allow Emails from these external addresses be better?
--
Bro
I'm sick and tired of hearing that 'health and safety' is stopping people
doing
From: Eric B. [EMAIL PROTECTED]
Fritz Borgstedt [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Is RBL working in 1.2.6?
I got a report, that it stopped working.
I don't know if these stats will mean much to you, but with 9500 emails,
only 3 have shown RBL failures. It might be
From: Micheal Espinola Jr [EMAIL PROTECTED]
Eric B. wrote:
I don't understand a couple of things here with that last pattern.
For starters, why do you have the [a-z\d] at the end of the expression?
Doesn't the (?!-\b) already ensure that the string will finish with
[a-z\d]
? If so, why
From: Fritz Borgstedt [EMAIL PROTECTED]
Question though - how reliable is this technique, with respect to
false
positives (blocking legitimate mail)?
Not reliable.
Yep, I found that too- lots of legitimate email was no longer getting
through.
Bro
From: Micheal Espinola Jr [EMAIL PROTECTED]
Greeting Delaying is useful because spambot/zombies will most likely not
wait to receive the SMTP greeting before issuing commands. A true MTA
will. If an SMTP connection starts issuing commands prior to receiving
the SMTP greeting, that it is
From: Andrew Macpherson [EMAIL PROTECTED]
--On Tuesday, December 05, 2006 11:56:22 -0500 Eric B.
[EMAIL PROTECTED] wrote:
| Under what conditions sould someone report a false-positive as
| IsNotSpam instead of IsWhitelist? Or vice versa - when should one
| report it as IsWhiteList
From: Micheal Espinola Jr [EMAIL PROTECTED]
brougham Baker wrote:
It's great in theory and I was really looking forwards to this feature.
In
testing I have found that a large number of up-to-date legitimate list
servers running Mailman stopped sending me mail.
Oh, that's very interesting
From: Micheal Espinola Jr [EMAIL PROTECTED]
Personally, what I would like to see is the guy descriptions shortened
and have links to ASSP documentation. I think that would be easier to
maintain. Just my $.02.
Or another button next to the notes button called 'help' or 'guidance' or
'section
From: Micheal [EMAIL PROTECTED]
I agree. I find 5 minutes to be quite versitile. It avoids a vast
majority of spam while not being long enough to periodically annoy my users.
This is why I can't wait for the mySQL stuff- so that I can easily do stats
on things like this.
I saw that I was
From: Fritz Borgstedt [EMAIL PROTECTED]
It may be an interesting approach to start for 3 to 4 weeks with 0 min.
That's what I've done currently to get the corpus up as it really cuts down
on the Spam I get.
Also my MTA rejects invalid senders- I get loads of Spam to address that
have never
From: Fritz Borgstedt [EMAIL PROTECTED]
Is it possible to see the list of delayed tuplets somehow?
remove Digest::MD5
then you can list them in clear with any texteditor
Are there any disadvantages to doing this? Would you advise this for
everyone?
Bro
From: Fritz Borgstedt [EMAIL PROTECTED]
Which confuses me even further. If my understanding is correct, and
mailok
msgs have indeed cleared all spam tests, then why should they not be
considered as ham?
It is much more simple: MailOK are messages which are considered as
HAM, but are not
Is there a relationship between the values used in Max Bytes and Ordered-Tie
hash table size?
Should the Ordered-Tie value be larger than Max Bytes? If so by how much?
Yes I have increased Max Bytes (I can imagine the pained expression on
Fritz's face). What I found was that lots of spam I get
From: Marrco [EMAIL PROTECTED]
From: Micheal Espinola Jr [EMAIL PROTECTED]
the problem. If there are any others out there running Win32 and
Net-DNS 0.58+, please speak up!
0.59 Here with 1.2.6 (28) ... no problems for more than 1 month
But there is always one factor we can't control or
Micheal Espinola Jr wrote:
You should create a cleanup script for this. I have one that I use
for Win32, but it requires a tool from the Windows Resource Kit. If
anyone can find me an free/OSI/GNU equivalent to FORFILES.EXE, I'll post
the
script to the Wiki.
From: Jimm Wetherbee [EMAIL PROTECTED]
All,
Fritz was good enough to point out just where in File Paths the
information on mailok is, but I still confused about the relation
between it and the notspam folder. For instance, is it purely archival
in nature? Also, it would seem that if mailok
From: [EMAIL PROTECTED]
Bayes Confidence shows 0.00, so why did this fail?
Your setup can tell you- login to your ASSP interface and choose 'Mail
Analyzer' and paste the whole message in- this will tell you why it was
marked as spam (mostly). If you have rebuilt the spamdb the answers will be
From: Fritz Borgstedt [EMAIL PROTECTED]
Validate Sender Domain MX/A
is using Email::Valid
Which means it doesn't use Net::DNS, it uses Mailtools instead. Where we
hanging part of our diagnosis on Validate Sender results?
Bro
From: Micheal Espinola Jr [EMAIL PROTECTED]
Lars Troen wrote:
To confirm this you can try telnet'ing to port 53 of an external dns
server.
You can force nslookup to use TCP only by typing 'set vc' acording to
http://support.microsoft.com/kb/263237 I knew this was possible but thought
that it
From: Micheal Espinola Jr [EMAIL PROTECTED]
I recently performed my first installation of ASSP that was not with
Microsoft Exchange and not within a self-controlled DNS environment.
This time, the MTA is MailEnable and the server and DNS are at a hosted
co-location facility.
My problem so
From: Micheal Espinola Jr [EMAIL PROTECTED]
RBL queries are running fine now. The issue now solely lies with SPF.
Something you've done or sorted itself out?
Bro
-
Using Tomcat but need to do more? Need to support web
From: Micheal Espinola Jr [EMAIL PROTECTED]
brougham Baker wrote:
Something you've done or sorted itself out?
I isolated part of the issue to a DNS server giving flaky responses. I
got that out of the mix and RBL behaves normally.
Fritz does his own RBL code, which may indicate something
From: Micheal Espinola Jr [EMAIL PROTECTED]
brougham Baker wrote:
You are using SPF in debug mode? What is that telling you?
I have. It tells me that after 45 seconds the connection times out on
this problem install. On my other (1.2.6) install I get SPF queries
done in under 1 second
From: Fritz Borgstedt [EMAIL PROTECTED]
Brougham Wrote:
I just had a peek in my whitelist- just to see what is in there (and
why it
is so big), it looks like emails from the Lyris mail server aren't
been
handled by the 'Normalize VERP Addresses' function properly.
'Normalize VERP
From: Fritz Borgstedt [EMAIL PROTECTED]
Would it be too much to ask to see what you have in your RegEx files
as well
http://www.magicvillage.de/~Fritz_Borgstedt/assp/0001BEA3-801C/05A4733E-000F4555?WasRead=1
Would anyone like to hazard a guess why Fritz's noProcessing file
NPAddressen has
Someone was getting all zero's for their ip addresses. So did I this
evening-
Oct-27-06 23:54:09 Connected: 193.111.201.133:63839 - 0.0.0.0:25 -
10.7.11.37:225
Turned out to be a bad nic- saw it first in ASSP then everything.
Traceroute's seemed to suffer worst next then a continual ping (ping
From: Micheal Espinola Jr [EMAIL PROTECTED]
I ask because I don't understand how or why a spammer would bother to
waste time and processing for encrypting their traffic when they can
just bang away on plain 'ol SMTP via tcp/25.
I'm getting a feeling that the TLS port in these cases is not
When you use the | type entries- they are reread when you hit 'Apply
Changes' button.
If I move any entries to the file:somename.txt type, when are they reread?
I notice that an 'Edit file' button appears and opens a window where you can
edit the file but are the files reread into the ASSP config
From: Kevin [EMAIL PROTECTED]
brougham Baker wrote:
If not could we have a script that would generate a file of valid email
addresses by parsing the logfiles?
Intresting idea.
Most people use a script to pull a list of addressed from their mta of
choice or they use ldap lookups.
I don't
From: Micheal Espinola Jr [EMAIL PROTECTED]
Charles Marcus wrote:
Ack! In the REGISTRY?! What MTA is that?? What a horrible, horrible
implementation. My first suggestion would be to change MTA's asap... it
would be my firstmost topmost priority...
I concur. If you can, change whatever
From: Tyran Ormond [EMAIL PROTECTED]
I'm going to guess that the MTA in question is Imail. Storing the
list in the Registry is just fine for a small server with low user
turn over. Exporting the Imail Registry structure to a .reg file
each night is trivial and just as trivial to restore as
From: Chuck Schick [EMAIL PROTECTED]
I am THE Chuck Schick but not the one from Caddy Shack - that was a cheap
imitation :-)
Chuck Schick
For those of you in the UK- Caddy Shack is on BBC1 this evening.
Bro
-
Using
I wanted to try a semi-clean install. I've basically done a new assp install
and copied only my spam\notspam directories (folding in the error
directories- after all if the bayes is right they aren't errors anymore) and
my whitelist file. Everything else is a clean file\reconfig.
The thing is I
can you use wildcards in the flatfile? I have about 50 addresses that start
with me- having me-* would be so easy.
If not could we have a script that would generate a file of valid email
addresses by parsing the logfiles?
Bro
That's nothing like i'm seeing-
mail.southwest.com MX (Mail Exchanger) Priority: 10 mail-1.southwest.com
mail.southwest.com MX (Mail Exchanger) Priority: 10 mail-2.southwest.com
no mail03 at all
Bro
- Original Message -
From: Roger Stevenson [EMAIL PROTECTED]
To: 'Questions and Answers
From: geniusfreak [EMAIL PROTECTED]
On 8/25/06, brougham Baker [EMAIL PROTECTED] wrote:
That's nothing like i'm seeing-
mail.southwest.com MX (Mail Exchanger) Priority: 10 mail-1.southwest.com
mail.southwest.com MX (Mail Exchanger) Priority: 10 mail-2.southwest.com
no mail03 at all
I'm using ASSP 1.2.5(13) through Perl 5.008007 on NT4 Workstation, ASSP is
on an NTFS partition. I don't think this is PB related as I haven't had that
many email in the last couple of weeks so this must have been going on since
1.2.2.
I'm using 'Use Subject as Maillog Names', I think, the files
80 matches
Mail list logo
