I'll try to respond to the latest questions and summarise my settings and my findings so far:
> Do you have multiple IPs? If you set listenport to 25 nothing will > pass ASSP regardless of IP. Yes, I have multiple IPs on the box, but only one IP is noted in their collective DNS records as being the MX server for all those domains/IPs. > I'm almost 100% sure (I never say 100%) that 2 apps can't run on the > same ip:port simultaneously.... So am I. Also, assp demonstrates this when it closes improperly: when restarting, sometimes it complains that the port is in use by another application (its older self). Restarting the box always gets things back to normal. >> ASSP writes a Receipt header. If you do not see an ASSP- Receipt, >> it did not pass ASSP. > hmm... yes, so there may be something else, running on that SAME box > and allowing access to the SMTP, but I don't think this is an ASSP > issue, more some system config one Which is why I need help, because, from what I can tell, my setup is fine. The mail misses assp, but I cannot figure out how it gets around the set up. My set up is as follows: 1) the firewall prevents access to ports that should be internal (i.e., the assp destination ports 125 and 2600, and port 10024 for amavisd and port 10025 mailman-through-postfix). The firewall is set up to deny all and then allow only ports I want open; 2) the firewall permits outside access to ports 25, 2500, 465, and 587 for clients/server to use to talk to assp (this is how assp is set up, and with IP:port set up); 3) postfix master.cf is set to respond on ports 125 and 2600 for SMTP and 10025 for smtp for mailman. It should not respond on ports 25, 2500, 465, nor 587; 4) The original header remains curious to me because in the bottom Received the receiving domain (5.mx.freenet.de) is listed in the Received above it, but the second-to-last receiving domain (mout3.freenet.de), while it is noted as the sending domain in the top Received, its IP is shown as localhost, not as its real IP. It's a discrepancy I cannot explain: > Received: from mout3.freenet.de (localhost [127.0.0.1]) > by mymxserver.com (Postfix) with ESMTP id 9868FB16D96 > for <u...@myvirtualdomain.com>; Tue, 28 Jul 2009 14:32:46 -0400 (EDT) > Received: from [195.4.92.15] (helo=5.mx.freenet.de) > by mout3.freenet.de with esmtpa (ID ngt5...@justmail.de) (port 25) > (Exim 4.69 #92) > id 1MVTzj-0002vQ-JV; Mon, 27 Jul 2009 19:28:15 +0200 > Received: from ml82.128.2.28.multilinks.com ([82.128.2.28]:3927 > helo=User) > by 5.mx.freenet.de with esmtpa (ID ngt5...@justmail.de) (port 25) > (Exim 4.69 #93) > id 1MVTzg-0004nD-SO; Mon, 27 Jul 2009 19:28:15 +0200 I don't know which server puts in the top Received, but I would expect that it's mine, since it is my Postfix that notes its receipt; 5) the assp log for the period apparently shows that the incoming mail did not go through assp. There's nothing in the period from 14:32:45 to 14:32:47 to indicate an assp restart or that assp ever saw the incoming mail (which makes me think that this mail is getting around assp. I just can't see how): Jul-28-09 14:32:45 [Main_Thread] Info: Main_Thread got connection request Jul-28-09 14:32:45 [Worker_2] Worker_2 wakes up Jul-28-09 14:32:45 [Worker_2] Info: Worker_2 got connection from MainThread Jul-28-09 14:32:45 [Worker_2] Connected: 195.4.92.93:53592 -> my.dotted.quad.ip:25 -> 127.0.0.1:125 Jul-28-09 14:32:45 [Main_Thread] Info: Main_Thread freed by idle Worker_2 in 0.008 seconds Jul-28-09 14:32:45 [Worker_2] 195.4.92.93 info: got STARTTLS request from 195.4.92.93 Jul-28-09 14:32:45 [Main_Thread] Info: Main_Thread got connection request Jul-28-09 14:32:45 [Worker_3] Worker_3 wakes up Jul-28-09 14:32:45 [Worker_3] Info: Worker_3 got connection from MainThread Jul-28-09 14:32:45 [Worker_3] Connected: 189.114.129.58:1779 -> my.dotted.quad.ip:25 -> 127.0.0.1:125 Jul-28-09 14:32:45 [Main_Thread] Info: Main_Thread freed by idle Worker_3 in 0.012 seconds Jul-28-09 14:32:47 id-05966-14121 [Worker_3] 189.114.129.58 to: eli...@myvirtualdomain.com Message-Score: added 10 for No CountryCode/Organization, total score for this message is now 10 Jul-28-09 14:32:47 id-05966-14121 [Worker_3] 189.114.129.58 to: eli...@myvirtualdomain.com Message-Score: added 100 for DNSBL: failed, 189.114.129.58 listed in dnsbl-1.uceprotect.net safe.dnsbl.sorbs.net, total score for this message is now 110 Jul-28-09 14:32:47 id-05966-14121 [Worker_3] [DNSBL] 189.114.129.58 to: eli...@myvirtualdomain.com [spam found] (DNSBL, 189.114.129.58 listed in dnsbl-1.uceprotect.net safe.dnsbl.sorbs.net); Jul-28-09 14:32:47 [Worker_3] Disconnected: 189.114.129.58 Jul-28-09 14:32:47 [Worker_3] Worker_3 will sleep now Jul-28-09 14:32:49 [Worker_2] Info: closed TLS connection for 127.0.0.1:125 and 195.4.92.93:53592 All told, the set up seems to be correct, yet occasional mail does slip past without assp noticing. If the mail gets past assp by using another port, which could it be? The amavisd ports are blocked at the firewall, assp is the process that monitors ports 25, 2500, 465, and 587, and that ports 125 and 2600 are blocked to traffic from the outside by the firewall.... I remain stumped. I certainly cannot think of any other place to look for an opening that this mail might have used. T. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
