Hi everyone,
I just got back from a trip to find a significant increase in
zombie-spammer connection timeouts. Luckily, my settings were open
enough to not inhibit connections and my MTA times-out after 1 minute,
but I noticed a lot of repeat session timeouts in my logs from the same
IP's.
TestRe needs to be disabled completely to avoid seeing that in the
log. I create an on/off check box for it that I have been testing for
the past few weeks. It works fine. I'll forward the code to Fritz and
see if he wants to use it or create his own.
Rybski Dajo wrote:
1.2.2
I
Nicely done, and more secure than the HTML form-based submittal that I
was cautioning against.
Fritz Borgstedt wrote:
I have set up such a system for years:
My error message: 550 5.7.7 Error: see
http://www.unicorn-gmbh.de/ihelp/error/
Using Tomcat but need to do more? Need to support
Similar to what you do, something that *I* would like to see is:
1. An ASSP web page that uses a rotating/randomizing MD5 hash as a
confirmation code.
2. A time-expiring non-whitelist (another tuplet-type list perhaps?)
that allows the message through as a test-mode Bayesian, devoid of PB
the \transfer\ to see if that does the trick.
Thanks!
C
Micheal Espinola Jr wrote:
Examine your noProcessing and npRe, or better yet disable them for now.
I'll be the issue is in the npRe.
Chris Norman wrote:
On one of my assp implementations, I'm seeing almost every email
Ugg... Please excuse the poor grammar in that post - I was rushing so
I could leave work on-time. :-)
Micheal Espinola Jr wrote:
I have written some overviews to get you on your way. If you have more
specific questions afterward, please don't hesitate to ask me via the
list or directly
Doug Traylor wrote:
1st of all, thanks for adding it to 1.2.4(3) Fritz.
Good deal!
Not my choice.
Understood, but an odd combination when dealing with this particular
subject. Still, I understand your situation.
Agreed. While you *should* receive email to these addresses - it's not
necessarily a wise idea to list them as spamLovers.
Peter Awad wrote:
It's proper protocol to include abuse@ and postmaster@
However expect these addresses to be abused with spam. The most popular
being website
Fritz Borgstedt wrote:
I was saying that no action was taken, action meaning blocking.
Language barrier strikes again! :-)
Is that no blocking at all (against any processes or other RE's during
that point in ASSP processing), or no blocking as it pertains to the
match in the testRe (as if
that any dissemination, distribution, or copying of this
communication is strictly prohibited by law. If you have received this
communication in error, please notify me immediately.
Micheal Espinola Jr wrote:
Hi Travis,
If you don't mind, please keep me in the loop on this. Perhaps we can
Saved attachments from Outlook are not usable by ASSP, as they are not
saved in a plain-text format. I'm not sure if OE fairs any different,
but you should check.
Anyhow - what do your logs and the ASSP-inserted headers tell you about
why the message was considered spam?
Sasan Forghani
Sasan Forghani wrote:
list or any sourceforge list. Any ideas why? Is there anyone at Source
Forge I can contact about my inability to post to the lists?
Of course. Go through the help system on the sourceforge.net website.
Paul wrote:
Michael's posts are getting through to me about 12-24 hours late. I dunno
why
they're picking on him again!!
12 hours late? Geesh. I don't get it. I switched to my own private
domain so I wouldn't get subject to Gmail getting blocked because of
spamcop.net's RBL.
I
Fritz Borgstedt wrote:
I now honors softfail and neutral
1.2.4 (5)
You're variation of my code didn't work on my Win32 box. Here's the
error(s):
syntax error at c:\assp\assp.pl line 3388, near fail if
syntax error at c:\assp\assp.pl line 3415, near }
Execution of c:\assp\assp.pl aborted
Fritz Borgstedt wrote:
try again
Look good. Thanks,
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics
SPF softfail and neutral failing is working great on my end. I invite
other people to try it.
I try to use verbose error responses whenever possible, in the hopes
that end-users and their remote admins will solve a problem without
interaction from me. I think this is even more important in
Dickson, Paul wrote:
I guess I
can do domain\.com\ , but if
there happens to be that text in the body of the message, it wont be
processed. Id rather definitely identify the sender, rather than have
the possibility for false identification.
True, so add more to
Travis Forghani wrote:
I'm using Microsoft DNS server (Windows Server 2003). I followed the
instructions that Michael gave me on setting up the Email Interface.
Why do I need to add the bogus domain to the Local Domains? ASSP is
running on one machine, mail server running on another. Both
criticize them, you're a mile away and you have their
shoes.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Micheal
Espinola Jr
Sent: Thursday, July 20, 2006 2:52 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: [Assp-user
For people with performance problems writing logs, I would suggest that
disk-related I/O is your bottle neck. You could try one (or all) of the
following to alleviate the issue:
Defrag your disk.
Use a higher-performance (RPM) hard disk
Use a higher-performance disk controller
Use a
Fritz Borgstedt wrote:
I can not understand, because the redlist prevents adresses from
entering the whitelist.
Think of it in terms of cleaning-up after itself. As an example:
Perhaps you notice that something is polluting (unbalancing) the corpus,
so you redlist the address - but the
Fritz, et all:
Travis's recent issues with ASSP process hangs were centered around not
having all of the modules installed. Personally, I think the ASSP
process hung while trying to access missing modules, but the specifics
could not be fully determined without more debugging work on Travis's
Fritz Borgstedt wrote:
All modules are checked, routines will not run, if modules are not
available.
Are we absolutely sure that all subroutines are covered in the existing
check routine? I only ask because something was causing Travis's Perl
process to go 100%.
I personally do not
Melvin Backus wrote:
If in fact that is the case then nothing more is required. I was under the
impression that was in fact the case, but it is always within reason to
expect that some particular module may have been missed, etc. Assuming
that isn't the case, then perhaps the problem was
[EMAIL PROTECTED] wrote:
Yes. My thoughts center around the idea of turning this software loose on
people who might need
some additional hand holding and how maybe that's not so great an idea when
beta testing.
That's exactly what I am trying to address - and hopefully make less
Travis Forghani wrote:
I'll make a note of module requirements in the quick start guide I am
writing. Also, so far the Perl process has not gone to 99%. It seems
that Michael is right about all modules being needed. The only reason
I hadn't installed the modules prior to Michaels script
For anyone interested, I set up an ASSP site on Frappr. Some other
support lists I belong to have done something similar, so I figured why
not ASSP too?
If you aren't familiar with Frappr - Frappr is kind of a cross between
del.icio.us and Google Maps. It allows members to show their
I don't have the details from your original crash posting. What
versions, modules in use, etc, are you running? I don't see why from
this posting you believe it is SRS-related.
List Receiver wrote:
I had another ASSP crash overnight, caused by seemingly a similar
problem as indicated in my
Possibly. Do not configure ASSP to point to blank or non-existent
files. There have been problems in the past.
Adam Campbell wrote:
Am I reading this correctly? A ham message was blocked and a spam message
was whitelisted, because of an non-existent npRE file?
Screen-shot:
http://www.espinola.net/images/content/assp/AnalyzerUpdate.jpg
What I have done:
I have color-coded types of matches/statuses: red=negative,
green=positive, orange=subjective, gray=neutral.
I have embedded hyperlinks: Whitelist, Red RE, Bomb Re, etc, all
link-back to the relevant
Yay! :-)
Although only 9 members so far, its a pretty diverse group!
James Brown wrote:
Australia has its first entry!
Amazing how detailed the map is - even down to the individual land
parcel size.
James.
On 26/07/2006, at 12:09 PM, Micheal Espinola Jr wrote:
For anyone
If you want to try Win32 again at some point, let me know and I'll
forward you a copy of my installation script. You run it, and let it
do its thing. It will install Perl, the modules, etc, and leave you
with a base setup of ASSP.
I have never had an issue with any implementations started
geniusfreak wrote:
I like it.
The only issue i see is that there is no legend so you can tell what
the colors mean just by looking at that screenshot.
Thanks! Yea, I've been thinking about a small legend at the top.
Howevershouldn't the colors be reversed?
green = good?
red = bad?
An update to changes:
http://www.espinola.net/images/content/assp/AnalyzerUpdate2.jpg
...added a color legend
...added section titles
...compressed display to better fit 800x600
The reason I began the pet-project is because I create Spam Analysis
reports for membership-related emails that my
Gotcha. Thanks!
Fritz Borgstedt wrote:
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
Does this (the "Non-Processing-List") mean that if the sender
recipient
in on the noProcessing list that the PB will be applied, or if it
While going through my notes and saved emails of posted RE's, I have
noticed that some of you are specifying the following patterns:
\r, \n, $, \x0D, \x0A, etc..
I wanted to remind everyone that ASSP's message-content regular
expression processing operates with the /s modifier hard-coded.
Roger Stevenson wrote:
Is your script different from Anderson's
script? That is what I used, which installed version 1.1.0. The
second server I built I
My script, is in-fact, a real Windows batch script (.CMD). Anderson
made an
installer application, and as I understand it - that
OK, I'm apparently Wiki-illiterate - How do you create a new article?
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT
nt to make and
then edit that page.
hope that helps.
On 7/27/06, Micheal Espinola Jr [EMAIL PROTECTED] wrote:
OK, I'm apparently Wiki-illiterate - How do you create a new article?
-
Take Surveys. Earn Cash. Influence
geniusfreak wrote:
Does this make sense?
I follow your train-of-thought now. Although, I'm not sure how I can
apply it to the regex and list matches. I will give it some thought
though. If you have any thoughts on application, speak up.
I'm looking at it from the perspective that i
Travis Forghani wrote:
Maybe we can include your script in the quick start guide or I can
write a tutorial on installing the modules using the Perl Install
command. If I go the route of writing the steps needs to install the
modules and force all dependencies, I'll need to become more
You upgraded to which version?
Do you have all required files in your "images" folder?
Joseph Armstrong wrote:
Hello, long time, no post.
I seem to be having problems
connecting to the web admin interface since I updated from v1.1.
If I reinstall the old version back,
I
tly prohibited by law. If you have received this communication in error, please notify me immediately.
Micheal Espinola Jr wrote:
Travis Forghani wrote:
Maybe we can include your script in the quick start guide or I can
write a tutorial on installing the modules using the
Ahh!!! That's right! I can't believe I still have that listed in my
script. At least it doesn't hurt anything. Thanks for the reminder
Fritz...
Fritz Borgstedt wrote:
net-rblclient (Note: to look up IP's against RBL's)
*NOT* part of the installation.
I really do not
Never mind. You and I get lost in the language sometimes. :-)
Fritz Borgstedt wrote:
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
? In my assp.pl, the default value for this option is 0 - doesn't
that
mean that its
Updated Screen-shot:
http://www.espinola.net/images/content/assp/AnalyzerUpdate3.jpg
What's new:
* I have slightly modified the information displayed for overall
display organization and compression (less padding in tables, etc).
* I have added alternating column colors to more easily
I know what you mean - sure thing. I'll probably do the edit and post
the results this evening.
geniusfreak wrote:
Michael,
Looks good. Just a quick request.
Can you add some padding between the Good Words and Bad Words
column, the colors help but they are a bit to light to make it obvious
http://www.pointdee.co.uk/assp-wiki/index.php?title=BombRe_and_ScriptRe *
I'm looking for feedback on the content as well as layout. I'm new at
Wiki*, so be gentle. :-)
* Yea, I'm still filling in some of the bombRe regex content now that I
am comfortable with what I think is a good layout
David, you haven't told us any information about your platform,
versions, or how you have ASSP configured and how you clients access
your MTA.
David Lee wrote:
I have all Delay options turned off. Today all my computers refused to send
mail through ASSP ..
they returned the delay message
Thanks Kevin,
I'll continue to add content and description to the page.
geniusfreak wrote:
On 7/31/06, Micheal Espinola Jr [EMAIL PROTECTED] wrote:
http://www.pointdee.co.uk/assp-wiki/index.php?title=BombRe_and_ScriptRe *
I'm looking for feedback on the content as well
Hi John, its great to see you online and kicking! :-)
The spam depicted in spam1.jpg was an interesting challenge for me.
This is along the lines of what I came up with:
--
BGCOLOR=(['".]|).[EF].[EF].[^]*.*?FONT.*?COLOR=(['".]|).[EF].[EF].#
spam - light-colored background with
How's this look?
http://www.espinola.net/images/content/assp/AnalyzerUpdate3.jpg
What's changed:
* I have increased the cell padding between Bad/Good to 20px.
geniusfreak wrote:
Michael,
Looks good. Just a quick request.
Can you add some padding between the Good Words and Bad Words
I took your added comment and merged it into a "Additional Resources"
section. What do you think? Cool with you?
http://www.pointdee.co.uk/assp-wiki/index.php?title=BombRe_and_ScriptRe#Additional_Resources
geniusfreak wrote:
On 7/31/06, Micheal Espinola Jr [EMAIL PROTEC
geniusfreak wrote:
My thanks to Julius for creating such an informative and detailed tutorial.
Indeed! Very well written!
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and
[EMAIL PROTECTED] wrote:
That's great layout and much clearer, thanks.
Glad to hear it, thanks!
couple of points
Will the colour section go multi-lined? Is your example typical?
If you are referring to the Feature Matching section at the top, yes -
that is typical output. It's
It does, but the definitions have not been updated in a very long time.
Roger Stevenson wrote:
I seem to remember there being some discussion before about the ClamAV not
working. Does it?
Roger Stevenson
NEA Clinic
-
Only if SPFWL (in the SPF options) is enabled.
Travis Forghani wrote:
A whitelisted sender is checked by SPF, etc before being allowed in,
right? I figure that a whitelisted sender is not scrutinized by the
Bayesian filter, right?
I'm not certain if you are adding more detail to the conversation, or
if you are confused about what I was referring to, so I'll add this:
I didn't say it didn't. I was referring to ASSP. ClamSMTP is an
external application to ASSP.
Charles Marcus wrote:
Micheal Espinola Jr wrote
]
[mailto:[EMAIL PROTECTED]] On Behalf Of Micheal
Espinola Jr
Sent: Wednesday, August 02, 2006 2:02 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user] mail interface question and suggestion.
Dickson, Paul wrote:
If I turn on "Spam/Ham R
ader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please notify me immediately.
Micheal Espinola Jr wrote:
I thi
of users who want them, or users who dont.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Micheal Espinola Jr
Sent: Wednesday,
August 02, 2006
2:14 PM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re:
[Assp-user] mail
interface question
.
Micheal Espinola Jr wrote:
*Redlisted mail does not enter the corpus*. That's it - period. I
didn't respond to what Luke wrote - I responded to your statements
about "message ok" and logging destinations.
Redlisted email is still subject to additional processing, such a
immediately.
Micheal Espinola Jr wrote:
Micheal Espinola Jr wrote:
I would not consider or document the use of the Redlist in terms of
auto-responders only, as it has many other practical applications.
Auto-responders and out-of-office responses should be part of a list
If thats true then I am operating on some outdated knowledge in regards
to the Redlist or more likely I am confusing the Redlist functionality
with another product. I apologize for the confusion.
Crap. I need to perform my own tests and figure out how I got my wires
crossed on this one.
geniusfreak wrote:
I think we have a new feature request... :)
I think I'm gonna go stick my head in the sand! (Sorry for the
wild-goose chase.) But if anything good can come of this, I can only
hope. I have to agree, I cant think of a good reason why Redlisted
email should go into the
geniusfreak wrote:
Though it is sad, i would have liked it to do what we thought it did.
(did that make sense?)
It did - and I agree, if only to make myself feel right - J/K. I think
it would be a great feature.
-
Jérôme PHILIPPE wrote:
sorry for this tension with Micheal.
Don't worry about it. (I think) he gets aggravated with me all the
time. I don't take it personally. ;-)
I was only trying to make things be a single-change for him, and not
harass him with little bits here and there to change in
Roger Stevenson wrote:
See, I would have guessed it was because I
didn't use the upgrade.pl's to move from version to version. What I
basically ended up doing is moving my spam/notspam folders to a new
server and building a new database and configuration around them.
File
http://del.icio.us/michealespinola/Wikipedia+help+editor
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics
Roger Stevenson wrote:
Do whitelisted senders bypass RBL checks?
Yes, if RBLWL is not enabled. Check the RBL section of the interface.
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff
Which version are you running? Here is the description in the current
BETA:
The address:port of your message handling system's smtp server.
If only the port is entered, or the keyword __INBOUND__:port
is used, then the connection will be established to the same IP where
the connection was
Evans Martin wrote:
I think Im
running 1.2.3. How
would I tell. Im a total ASSP noob. The description that you have
written below exactly\
The version is listed in two places. The bottom left of the web
interface (at the bottom of the menu), and within the Info and Stats
geniusfreak wrote:
According to the description there is no difference in putting
__INBOUND__:125 or just 125. If that is indeed the case there
there should be no difference in the behavior.
I know what it says, but I asked if there was a difference in
behavior. :-)I agree that based on
geniusfreak wrote:
If anyone (especially Fritz) knows that the processing order is for
the latest versions would you please update this list?
Fritz is definitely the one who knows. He's posted info about the order
a couple of times in the past few months, but I cant recall if it was in
the
Adapting to recent spam, I the \W? used in regex's to capture stock,
dugs, watches, etc, spam is no longer viable. I am having much better
luck with it changed to \S?.
HTH
-
Using Tomcat but need to do more? Need to
I think this will do it:
\bbegin\b \d\d\d \b\S{0,72}.*(\S{61}).{0,61}\bend\b
It works good in my tests. Can anyone verify?
Thanks!
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff
geniusfreak wrote:
Why would we want to block this?
ASSP doesn't recognize the attachment type, and can't block it.
But, perhaps with my RE we can apply that to some new attachment
blocking functionality in ASSP.
-
Dickson, Paul wrote:
Example?
VuIAGRA
CuIALIS
VuALIUM
AuMBIEN
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
Fritz Borgstedt wrote:
It is not working, I do not know, why not. Would be nice, if somebody
would look through
it.
Aww, bummer!:-) I'll see if I can come up with anything in my
next round of testing.
-
Using
geniusfreak wrote:
This is on my test server.
http://img74.imageshack.us/my.php?image=asspiecssissuesu7.jpg
the image folder is the same one from 1.2.3 since there has not been
any updates since that as far as i am aware.
Which version of IE? I haven't seen a problem like this in a very
geniusfreak wrote:
This is on my test server.
http://img74.imageshack.us/my.php?image=asspiecssissuesu7.jpg
the image folder is the same one from 1.2.3 since there has not been
any updates since that as far as i am aware.
Can you recreate the problem, and send me the page source that is not
geniusfreak wrote:
gr and i spent so much time battling IE...fixing it there breaking
it in FF fixing it there breaking it in IEredundant huh.
Try this.
body, p, td {
font-size: 11pt;
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #66;
padding: 2px;
margin:
Dickson, Paul wrote:
I know many of you will object to this because of the large amounts of
foreign mail that it will reject, but I have found, since blacklisting
all foreign domains six months ago, I have had only three requests for
whitelisting from people outside the U.S. To me, that is a
Dickson, Paul wrote:
A little better. Use at your own risk. Watch the wrap around.
tel\W*\W*\W*\W*\(?\d\d\)?(-|\s)\(?\d\d\d?\)?(-|\s)\(?\d\d\d\)?(-|\s)\(?\
d\d\d\d?\)?
tele\W*\W*\W*\W*\(?\d\d\)?(-|\s)\(?\d\d\d?\)?(-|\s)\(?\d\d\d\)?(-|\s)\(?
\d\d\d\d?\)?
Dickson, Paul wrote:
Lol.. that catches IP's.. nevermind:) :DERP:
So, based on those results, I made this simple regex
\d\d\W\d\d\d\W\d\d\d\W\d\d\d
How about:
(\d\d\W\d\d\d\W\d\d\d\W\d\d\d)(?!(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))
This
Dickson, Paul wrote:
I couldn't get that to work,
You're right, it doesn't work. Something must have glitched in my RegEx
tester - because it doesn't work for me now either. I'll see if I can
revise it.
-
Using Tomcat
Dickson, Paul wrote:
I couldn't get that to work
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Micheal
Espinola Jr
Sent: Wednesday, August 09, 2006 11:54 AM
To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Subject: Re: [Assp-user
Dickson, Paul wrote:
This is my level 2 blocking, and level 2 is set for all three areas:
Notice the |zip on the end.
Below is the only mail she has gotten today. It seems someone is
sending to her, from her, with an IP that is NOT designated as an
@fredco-md.net mail server IP in assp. 1:
[EMAIL PROTECTED] wrote:
1. You are checking spf, but it's not set up for fredco-md. Are you
rejecting on the softfail in
the default policy?
Good point. I would recommend turning softfail on if it isn't. Neutral
may not be useful terribly, but softfail should catch lots of things
Chris Moore wrote:
Hello list
On a weekly basis, ASSP is catching a mail from an individual supplier and
marking it as bayesian spam. This supplier is whitelisted according to the
Whitelist/Redlist page of ASSP.
In the headers of the message, does the X-Assp-Envelope-From: header
field
Dickson, Paul wrote:
No idea how it was encoded. ASSP didn't log it being stuck in the spam
or notspam folder and the user deleted the original. I have softfail
off because of to many false positives, and since it will tag as spam
even if they are on the whitelist, it really pisses users
Roger Stevenson wrote:
11-Mar-2006 00:03:11 Action: Scan Error From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: SpongeBob Squarepants DVD Boardgame chesterot Size: 4989 SMTP ID:
M2006031100031025411
Info: Message could not be scanned completely. Scan Status: 56 - Malformed
Aaron Allen wrote:
Testing mail delivery
Try the addresses listed here:
http://www.asspsmtp.org/wiki/index.php?title=Testing
-
Using Tomcat but need to do more? Need to support web services,
Aaron Allen wrote:
Thanks
for the quick
response. For some reason ASSP wasnt relaying to this list, so I
am bypassing ASSP now. However, I do have a message with an e-mail
attachment that is awaiting moderator approval to be sent to this list.
Waiting approval indicates
billc wrote:
Hi all,
I seem to remember that ASSP does not have to be restarted after the
spamdb is rebuilt.
Just wanted to check
There is no need to restart ASSP. It detects the file change and
reloads it into memory on its own, just like any of the RE list files.
Fritz Borgstedt wrote:
The result *is not* ignored, the *only* thing which is different: the
message is not blocked but getting flagged.
Thanks for clarifying that. I didn't mean to apply being ignored from
processing - only from being blocked. Poor choice of words considering
functions
Roger Stevenson wrote:
I added a couple of people to the BaysSpamLover list because they were
getting false positives and they say they really need to get all their
email. I decided to prepend {SPAM} to all the passed mails so they could
sort them with Outlook. Now all the ham I have
expertsexchange has since changed to experts-exchange.com, but they were
the butt of many jokes for a while. Huge mistake on their part - no pun
intended. Someone is now squatting the domain name.
Great list. Do you mind if I add it to the Wiki ?
http://www.asspsmtp.org/
Dickson, Paul
Greg Watson wrote:
webserver cannot find the CSS or images. I noticed you pass just the
filename via the URL. Changing this to =/etc/passwd in your browser gives
the password file as well. This is a security risk and I'd like to ask if
someone knows how to restrict this to only a hard
Micheal Espinola Jr wrote:
Quick-Fix! Change (line location varies depending on version):
if ($fil!~/.*\.(css|gif|jpg|png)$/i) {
To reiterate - this is a quick fix. It will prevent any files with the
extensions other than .css, .gif, .jpg, and .png from being accessed
1 - 100 of 847 matches
Mail list logo
