My log is being filled with lots of spam correctly being identified as such by BombDataRe, but I'm getting so much that mail server is barely coping.
Any ideas on how to deal with this? My logs are filled with: Apr-15-09 16:39:52 id-75684-10240 [Worker_3] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-73430-10571 [Worker_2] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-75878-05988 [Worker_6] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Bailout-News: ≠Obama endorses Loan = 25' Apr-15-09 16:39:52 id-76760-03627 [Worker_5] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Pharmacy = 25' Apr-15-09 16:39:52 id-70400-04884 [Worker_1] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-75684-10240 [Worker_3] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-73430-10571 [Worker_2] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-70400-04884 [Worker_1] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-75684-10240 [Worker_3] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-76760-03627 [Worker_5] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Pharmacy = 25' Apr-15-09 16:39:52 id-75878-05988 [Worker_6] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Bailout-News: ≠Obama endorses Loan = 25' Apr-15-09 16:39:52 id-73430-10571 [Worker_2] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-70400-04884 [Worker_1] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-75684-10240 [Worker_3] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Subject: Re: Fast Approvals. 24HourAutoLoan = 25' Apr-15-09 16:39:52 id-76760-03627 [Worker_5] 192.168.1.2 <[email protected] > to: [email protected] Regex:BombDataRe 'Pharmacy = 25' etc. Any suggestions? Running 2.0.7.16 on Mac OS X 10.4.11. Thanks, James. Non-default settings are: # Network Setup # smtpDestination -- SMTP Destination: 127.0.0.1:10026 (Default: 125) listenPort2 -- Second SMTP Listen Port: 2525 (Default: ) smtpAuthServer -- Second SMTP Destination: 10026 (Default: ) EnforceAuth -- Force SMTP AUTH on Second SMTP Listen Port: On (Default: Off) # SMTP Session Limits # MaxErrors -- Maximum Errors Per Session: 10 (Default: 5) maxSMTPSessions -- Maximum Sessions: 150 (Default: 64) HeaderMaxLength -- Maximum Header Size: 100000 (Default: 50000) smtpIdleTimeout -- SMTP Idle Timeout: 120 (Default: 180) # SPAM Control # SpamError -- Spam Error: 500 Mail appears to be unsolicited (ASSP)-- send error reports to [email protected], or call 61 3 9212 7012 and Ill fix the problem. (Default: 554 5.7.1 Mail appears to be unsolicited -- send error reports to postmas...@localdomain) DoBlackDomain -- Do Blacklisted Addresses/Domains: score (Default: block) AddIntendedForHeader -- Add Envelope-Recipient Header: On (Default: Off) # Copy Spam & Ham # ccMaxBytes -- Restrict Copy Spam to MaxBytes: Off (Default: On) spamSubjectCC -- Prepend Spam Subject to Copied Spam: On (Default: Off) spamTagCC -- Prepend Spam Tag to Copied Spam: Off (Default: On) # SPAM Lover/Hater # # No Processing # npSize -- Message Size Limit: (Default: 500000) # Whitelisting # ValidateRWL -- Enable Realtime Whitelist Validation: On (Default: Off) RWLmaxreplies -- Maximum Replies: 5 (Default: 4) noRWL -- Dont Validate RWL for these IPs*: (Default: 127.0.0.| 192.168.|10.) RWLCacheInterval -- RWL Cache Refresh Interval: 30 (Default: 7) MaxWhitelistDays -- Max Whitelist Days: 750 (Default: 180) WhitelistLocalOnly -- Only local or authenticated users contribute to the whitelist.: On (Default: Off) # Relaying # acceptAllMail -- Accept All Mail* : 192.168.1.4|192.168.1.29|127.0.0.1 (Default: ) ispip -- ISP/Secondary MX Servers*: 208.79.240.2|208.79.241.2| 192.168.1.2 (Default: ) NoRelaying -- No Relaying Error <a href="http://apps.sourceforge.net/mediawiki/assp/Relaying" ; target="ASSPHELP"><img src="get?file=images/ info.png" alt="wiki" /></a>: 550 Relaying not allowed (ASSP) (Default: 530 Relaying not allowed) # Recipients/Local Domains # sendAllAbuseNP -- Skip Spam Checks for Abuse Catchall: On (Default: Off) LocalAddressesValid -- Accept Remote Sender with Valid Local Addresses : On (Default: Off) # Validate Helo # useHeloBlacklist -- Use the Helo Blacklist: block (Default: score) ForceFakedLocalHelo -- Enforce Check of Forged Helos Before Delaying: Off (Default: On) DoFakedLocalHelo -- Block Forged Helos: score (Default: block) DoFakedWL -- Do Not Block Whitelisted: On (Default: Off) DoFakedNP -- Do Not Block Noprocessing: On (Default: Off) myServerRe -- Local Domains,IPs and Hostnames*: 192.168.1.29 (Default: ) ForceValidateHelo -- Enforce Early Helo Checks: Off (Default: On) # Validate Sender # ForceNoValidLocalSender -- Early "Remote Sender with Local Domain Address" Check: Off (Default: On) DoNoSpoofing -- Block Local Address from External Sender : disabled (Default: score) DoInvalidPTR -- Reversed Lookup FQDN: block (Default: score) PTRCacheInterval -- Reversed Lookup Cache Refresh Interval: 30 (Default: 7) DoDomainCheck -- Validate MX or A Record: block (Default: score) MXACacheInterval -- Validate Domain MX Cache Refresh Interval: 30 (Default: 7) # IP Blocking # DoFrequencyIP -- Check Frequency - Maximum Connections Per IP: block (Default: disabled) maxSMTPipConnects -- Maximum Frequency of Connections Per IP : 5 (Default: 10) maxSMTPipDuration -- Maximum Frequency of Connections Per IP Duration: 60 (Default: 90) maxSMTPipExpiration -- Expiration of Maximum Frequency: 600 (Default: 7200) DoDomainIP -- Check Number of IPs Per Domain: block (Default: disabled) maxSMTPdomainIP -- Limit Number of IPs Per Domain: 3 (Default: 10) # SenderBase # DoCountryBlocking -- Do Country Blocking: block (Default: monitor) DoSenderBase -- Do Country Code Scoring: disabled (Default: score) # PenaltyBox # DoPenalty -- Do PenaltyBox - IP History<a href="http://apps.sourceforge.net/mediawiki/assp/Penalty_Box" ; target="ASSPHELP"><img src="get?file=images/ info.png" alt="wiki" /></a>: block (Default: monitor/messageScoring) noPB -- Dont do Profiling for these IPs* : 74.53.59.133 (Default: ) DoPenaltyMakeTraps -- Use Detected Invalid Addresses to Make Traps: block (Default: collect) PenaltyMakeTraps -- Invalid Addresses Limit: 5 (Default: 10) PBTrapInterval -- Invalid Addresses Refresh Interval: 1 (Default: 3) PenaltyUseNetblocks -- Use IP Netblocks: Off (Default: On) PenaltyError -- Penalty Reply: 554 5.7.1 Call Bordo on (61 3) 9212 7012 if unable to send message. (Penalty Box) (Default: ) PenaltyDuration -- Penalty Interval: 180 (Default: 60) PenaltyExpiration -- Expiration Time: 120 (Default: 360) DoPenaltyExtreme -- PenaltyBox Extreme IP Profiling: monitor (Default: disabled) PenaltyExtreme -- Extreme Scoring Threshold: 130 (Default: 150) DoExtremeExport -- Do Export Penalty BlackBox Extreme: On (Default: Off) baValencePB -- Bad Attachment, default=20: 5 (Default: 20) baysValencePB -- Bayesian, default=39: 25 (Default: 39) blValencePB -- Blacklisted Domain, default=20: 100 (Default: 20) bombSuspiciousValencePB -- Bomb Suspicious - scoring only, default=10: 20 (Default: 10) bombValencePB -- Bomb Expression, default=20: 25 (Default: 20) erValencePB -- Empty Recipients, default=5: 40 (Default: 5) fhValencePB -- Forged HELO, default=150: 250 (Default: 150) fiphValencePB -- Suspicious HELO: IP in HELO, default=5: 10 (Default: 5) fiphmValencePB -- Suspicious HELO: IP in HELO mismatch, default=5: 10 (Default: 5) flValencePB -- Invalid Local Sender, default=20: 5 (Default: 20) hlValencePB -- Blacklisted HELO, default=20: 25 (Default: 20) ihValencePB -- Invalid HELO, default=10: 40 (Default: 10) irValencePB -- Invalid Recipient, default=10: 40 (Default: 10) midmValencePB -- Missing Message-ID, default=10: 15 (Default: 10) midsValencePB -- Suspicious Message-ID, default=10: 25 (Default: 10) midiValencePB -- Invalid Message-ID, default=10: 25 (Default: 10) meValencePB -- Max Errors Exceeded, default=10: 75 (Default: 10) msValencePB -- Message Scoring Limit Exceeded, default=10: 15 (Default: 10) mxaValencePB -- Missing MX &amp; A Record, default=15: 10 (Default: 15) pbeValencePB -- Extreme Bad IP History, TotalScore larger than PenaltyExtreme, default=25: 40 (Default: 25) pbValencePB -- Bad IP History, TotalScore larger than PenaltyLimit, default=15: 20 (Default: 15) gripValencePB -- GRIP value (+ if > 0.9,- if < 0.1), default=5: 20 (Default: 5) ptmValencePB -- Missing PTR Record, default=10: 20 (Default: 10) ptiValencePB -- Invalid PTR Record, default=15: 10 (Default: 15) rblnValencePB -- DNSBL Neutral, default=35: 5 (Default: 35) rblValencePB -- DNSBL Failed, default=100: 50 (Default: 100) rlValencePB -- Failed Relay Attempt, default=10: 25 (Default: 10) saValencePB -- Spam Collect Address, default=25: 135 (Default: 25) scriptValencePB -- Script Expression, default=25: 5 (Default: 25) bccValencePB -- Blocked Country Code Score, default=25: 50 (Default: 25) spfsValencePB -- SPF Softfailed, default=5: 10 (Default: 5) spfnonValencePB -- SPF None: 5 (Default: ) spfValencePB -- SPF Failed, default=10: 25 (Default: 10) stValencePB -- Penalty Trap Address, default=50: 100 (Default: 50) uriblnValencePB -- URIBL Neutral, default=20: 10 (Default: 20) uriblValencePB -- URIBL Failed, default=25: 20 (Default: 25) vdValencePB -- Virus detected, default=50: 45 (Default: 50) # Delaying/Greylisting # DelaySL -- Spam-Lovers Greylisting: On (Default: Off) DelayEmbargoTime -- Embargo Time: 1 (Default: 5) CleanDelayDBInterval -- Clean Up Delaying Database: 3600 (Default: 10800) # SPF/SRS # ValidateSPF -- Enable SPF Validation: block (Default: score) SPF2 -- Do SPF Version 2 Validation: On (Default: Off) SPFNP -- noProcessing SPF Validation: On (Default: Off) SPFtrusted -- Use Trusted Forwarder List: On (Default: Off) SPFError -- SPF Failed Reply: 550 5.7.1 failed SPF: SPFRESULT (Default: 554 5.7.1 failed SPF: SPFRESULT) # DNSBL # ForceRBLCache -- Early DNSBL Cache Blocking: On (Default: Off) RBLError -- DNSBL Failed Reply: 550 5.7.1 Blacklisted by RBLLISTED (Default: 554 5.7.1 DNS Blacklisted by RBLLISTED) RBLmaxreplies -- Maximum Replies: 22 (Default: 7) RBLmaxhits -- Maximum Hits: 4 (Default: 2) RBLmaxtime -- Maximum Time: 10 (Default: 15) # URIBL # ValidateURIBL -- Enable URI Blocklist Validation <a href="http://www.uribl.com/about.shtml" ; target="ASSPHELP"><img src="get?file=images/ info.png" alt="about" /></a>: disabled (Default: block) URIBLmaxuris -- Maximum URIs: 200 (Default: ) URIBLmaxdomains -- Maximum Unique Domain URIs: 5 (Default: ) URIBLmaxreplies -- Maximum Replies: 3 (Default: 2) URIBLCacheInterval -- URIBL Cache Refresh Interval for Hits: 7 (Default: 1) URIBLError -- Reply Code to Refuse Failed URIBL Message: 550 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged. (Default: 554 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged.) # Attachment Blocking # BlockExes -- External Attachment Blocking Level: Level 1 (Default: Level 0) # ClamAV and FileScan # AvError -- Reply Code to Refuse Infected Messages: 550 5.7.1: Mail appears infected with $infection -- disinfect and resend. (Default: 554 5.7.1 Mail appears infected with \\[$infection\\].) UseAvClamd -- Use ClamAV: On (Default: Off) ClamAVBytes -- ClamAV Bytes: 100000 (Default: 60000) # Regex Filters / Spambomb # bombReNP -- Do Bomb/Script Regular Expressions Checks for NoProcessing: On (Default: Off) DoBombHeaderRe -- Use BombHeader Regular Expressions on Header Part: disabled (Default: block) bombError -- Spam Bomb Error: 500 Your message was rejected because it appears to be part of a spam bomb -- rephrase your message and try sending it again. Please forward this email to: [email protected] or phone (61 3) 9212 7012. REASON (Default: 554 5.7.1 Delivery not authorized, message refused -- .) DoBlackRe -- Use Black Regular Expression to Identify Spam Strictly: block (Default: disabled) DoScriptRe -- Use Regular Expression to Identify Mobile Scripts: block (Default: disabled) scriptError -- Script Error: 500 Your email contains html scripting code -- please resend as plain text. (Default: 554 5.7.1 Your email contains html scripting code -- please resend as plain text.) # Bayesian Options # DoBayesian -- Bayesian Check <a href="http://apps.sourceforge.net/mediawiki/assp/General_ASSP_Questions#Theory_of_Operation " target=wiki><img height=12 width=12 src="get? file=images/info.png" alt="Theory of Operation" / ></a>: block (Default: disabled) AddSpamProbHeader -- Add Bayes Probability Header: On (Default: Off) AddConfidenceHeader -- Add Bayes Confidence Header: On (Default: Off) # Backscatter Detection # # TestModes # spamTag -- Prepend Spam Tag: On (Default: Off) baysTestMode -- Bayesian Test Mode: Off (Default: On) # Email Interface # EmailSenderOK -- Accept Mails (Reports) from these external addresses*: 127.0.0.1 (Default: ) EmailErrorsReply -- Reply to Spam/Not-Spam Reports: REPLY TO BOTH (Default: REPLY TO SENDER) EmailRedlistReply -- Reply to Add to/Remove from Redlist: REPLY TO BOTH (Default: REPLY TO SENDER) # File Paths and Database # adminusersdbpass -- Admin Users Database PassPhrase: 45WPcXBk5dhLo (Default: ) # Collecting # DoNotCollectRedRe -- Do Not Collect RedRe Matching Mails: Off (Default: On) MaxFiles -- Max Files: 20309 (Default: 14000) MaxBytes -- Max Bytes: 3000 (Default: 8000) StoreCompleteMail -- Store the Complete Mail: disabled (Default: 1) baysNonSpamLog -- OK Mail: okmail folder (Default: no collection) npAttachLog -- NoProcessing rejected Attachments: attachment folder (Default: discard folder & sendAllSpam) wlAttachLog -- Whitelisted rejected Attachments: attachment folder (Default: discard folder & sendAllSpam) extAttachLog -- External rejected Attachments: attachment folder (Default: discard folder & sendAllSpam) SpamVirusLog -- Virus Infected: no collection (Default: discard folder) spamHeloLog -- Blacklisted Helos: spam folder & sendAllSpam (Default: discard folder & sendAllSpam) forgedHeloLog -- Forged Helos: spam folder (Default: no collection) invalidHeloLog -- Invalid Helos: spam folder (Default: discard folder) baysSpamLog -- Bayesian Spams: spam folder & sendAllSpam (Default: discard folder & sendAllSpam) spamISLog -- Invalid Local Sender: spam folder (Default: no collection) spamSBLog -- Blocked Country: discard folder & sendAllSpam (Default: spam folder & sendAllSpam) spamPBLog -- PenaltyBox Blocks: spam folder (Default: spam folder & sendAllSpam) DKIMLog -- DKIM failed: spam folder (Default: spamfolder & ccallspam) BackLog -- Backscatter check failed: spam folder (Default: discard folder) freqNonSpam -- Non Spam Collection Frequency: 100 (Default: 1) # Logging # fileLogging -- File name logging: On (Default: Off) AddRegexHeader -- Add RegEx Match Header: On (Default: Off) replyLogging -- SMTP Status Code Reply Logging: disabled (Default: enabled - exclude 250 OK) LogRollDays -- Roll the Logfile How Often?: 28 (Default: 7) ConnectionLog -- Connections Logging: standard (Default: nolog) SessionLog -- Session Limit Logging: nolog (Default: standard) denySMTPLog -- Enables Logging for Deny SMTP Connections From: nolog (Default: standard) RWLLog -- Enable RWL logging: nolog (Default: standard) LDAPLog -- Enable LDAP logging: nolog (Default: standard) SPFLog -- Enable SPF logging: nolog (Default: standard) RBLLog -- Enable DNSBL logging: nolog (Default: standard) URIBLLog -- Enable URIBL logging: nolog (Default: standard) ScanLog -- Enable ClamAV logging: nolog (Default: standard) ConvLog -- Enable Conversion logging: verbose (Default: standard) MaintenanceLog -- Enable Maintenance logging: verbose (Default: standard) RegExLength -- RegEx Length in Log: 55 (Default: 32) # LDAP Setup # # DNS Setup # DNSServers -- DNS Name Servers: (Default: 208.67.222.222| 208.67.220.220) DNStimeout -- DNS Query Timeout: 10 (Default: 5) # Server Setup # AsADaemon -- Run ASSP as a Daemon: On (Default: Off) asspCfgVersion -- assp.cfg version: 2.0.0(17.15) (Default: ) webAdminPassword -- Web Admin Password - Masterpassword (root): 45WPcXBk5dhLo (Default: nospam4me) SaveStatsEvery -- Statistics Save Interval: 5 (Default: ) EnableFloatingMenu -- Enable Floating Menu Panel in GUI: On (Default: Off) MaillogTailJump -- Jump to the End of the Maillog: On (Default: Off) MaillogTailBytes -- Maillog Tail Bytes: 100000 (Default: 10000) MaillogTailWrapColumn -- Maillog Tail Wrap Column: 95 (Default: 80) NumComWorkers -- Number of SMTP-Threads: 10 (Default: 5) # Rebuild Spamdb # DoRebuildSpamdb -- Interval for RebuildSpamdb: 12 (Default: ) # Char Conversions / TNEF # doInFixTNEF -- convert inbound MS-TNEF attachments to MIME: On (Default: Off) TNEFDEBUG -- TNEFDEBUG (only in dev): On (Default: Off) # SSL Proxy and TLS support # SSLDEBUG -- Debug Level for SSL/TLS: level 3 (Default: no Debug) # Global PenaltyBox # globalClientPass -- client registration password: 4G#sS5608DoB9T1 (Default: ) globalClientLicDate -- client subscription expiration date: 30.09.2008 (Default: ) DoGlobalBlack -- Enable the Global-Black-Penalty: On (Default: Off) DoGlobalWhite -- Enable the Global-White-Penalty: On (Default: Off) # Block Reporting # QueueUserBlockReports -- Queue User Block Report Requests: run instantly (Default: run delayed) # Module Setup # useBerkeleyDB -- Use Module BerkeleyDB: Off (Default: On) # ASSP_AttachmentFullCheck-Plugin # # ASSP_SkeletonTest-Plugin # ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
