ASSP 1.6.1.3(0.0.11) A spam seems to cause a loop, ASSP stops answering to the admin interface. After a few minutes it restarts.
It happens once or twice per week. But today it already happened twice. In both instances ASSP was processing the same spam. It may also be related to bombs. But I do not find any indication of broken regex in the log files. Note that it logs a BlackRe (at 2009-11-27 09:29:08), sends the 554 5.7.14 Mail (id-21344-16311) but then continues with the bombs in a loop. This repeats for some 65 times during the next 7 minutes and is followed by an ASSP restart. Please let me know if there is a way to trace what is causing this. Regards, Hilario Fochi Silveira The following lines are the complete log: 2009-11-27 09:29:04 Connected: 11.11.11.11:61412 -> 33.33.33.33:25 -> 127.0.0.1:125; 2009-11-27 09:29:04 m...@mydomain.com matches m...@mydomain.com in LocalAddresses_Flat; 2009-11-27 09:29:04 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> accepting triplet: (201.76.50.0,per...@ecopv.com.br,m...@mydomain.com) waited: 10m 1s; 2009-11-27 09:29:04 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com recipient accepted: m...@mydomain.com; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 7 (Extreme Bad History for 11.11.11.11), total score for this message is now 7; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com SenderBase(Cache) -- country:BR orgname:LocaWeb Ltda domain:hospedagemdesites.ws; 2009-11-27 09:29:05 id-21344-16311 [DNSBL] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com [scoring] -- 11.11.11.11 listed in DNSBLcache by blackholes.five-ten-sg.com, dnsbl-1.uceprotect.net, l2.apews.org -- [MARQUE UMA REUNI O P FALAR SOBRE PORTABILIDADE NUMERICA COM os PLANOS DA VIVO EMPRESAS CORPORATIVOS PARA S O PAULO]; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 29 (DNSBLcache: neutral, 11.11.11.11 listed in blackholes.five-ten-sg.com, dnsbl-1.uceprotect.net, l2.apews.org), total score for this message is now 36; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com deleting spamming safelisted tuplet: (201.76.50.0,ecopv.com.br) age: 1s; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 29 (DNSBLcache: neutral, 11.11.11.11 listed in blackholes.five-ten-sg.com, dnsbl-1.uceprotect.net, l2.apews.org), total score for IP '11.11.11.11' is now 705; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added -3 (SPF pass), total score for this message is now 33; 2009-11-27 09:29:05 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added -3 (SPF pass), total score for IP '11.11.11.11' is now 702; 2009-11-27 09:29:08 id-21344-16311 [blackRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 20 for 'Se voc=EA deseja ser removido de nossa lista', total 20 for blackRe; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 20 Regex:blackRe 'Se voc=EA deseja ser removido de nossa lista'; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombBlack 'Se voc=EA deseja ser removido de nossa lista'), total score for this message is now 53; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombBlack 'Se voc=EA deseja ser removido de nossa lista'), total score for IP '11.11.11.11' is now 722; 2009-11-27 09:29:08 id-21344-16311 [BombBlack] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com [spam found] -- BombBlack 'Se voc=EA deseja ser removido de nossa lista' -- [MARQUE UMA REUNI O P FALAR SOBRE PORTABILIDADE NUMERICA COM os PLANOS DA VIVO EMPRESAS CORPORATIVOS PARA S O PAULO] -> discarded/MARQUE_UMA_REUNI_O_P_FALAR_SOB--3.eml; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com [SMTP Error] 554 5.7.14 Mail (id-21344-16311) appears to be unsolicited - (BombBlack 'Se voc=EA deseja ser removido de nossa lista') - send your error reports to postmas...@mydomain.com and inform us by telephone (bombError).; 2009-11-27 09:29:08 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'hospedagemdesites.ws', total 5 for bombSuspiciousRe; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'hospedagemdesites.ws'; 2009-11-27 09:29:08 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'terra.com', total 10 for bombSuspiciousRe; 2009-11-27 09:29:08 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'terra.com'; 2009-11-27 09:29:09 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for this message is now 63; 2009-11-27 09:29:09 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for IP '11.11.11.11' is now 732; 2009-11-27 09:29:09 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'n=E3o poder=E1 ser considerado SPAM', total 10 for bombDataRe; 2009-11-27 09:29:09 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'n=E3o poder=E1 ser considerado SPAM'; 2009-11-27 09:29:09 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'Se voc=EA deseja ser removido de nossa lista', total 20 for bombDataRe; 2009-11-27 09:29:09 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'Se voc=EA deseja ser removido de nossa lista'; 2009-11-27 09:29:13 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com [scoring] -- BombData: 'Se voc=EA deseja ser removido de nossa lista' -- [MARQUE UMA REUNI O P FALAR SOBRE PORTABILIDADE NUMERICA COM os PLANOS DA VIVO EMPRESAS CORPORATIVOS PARA S O PAULO]; 2009-11-27 09:29:13 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombData: 'Se voc=EA deseja ser removido de nossa lista'), total score for this message is now 83; 2009-11-27 09:29:13 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombData: 'Se voc=EA deseja ser removido de nossa lista'), total score for IP '11.11.11.11' is now 752; 2009-11-27 09:29:15 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'hospedagemdesites.ws', total 5 for bombSuspiciousRe; 2009-11-27 09:29:15 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'hospedagemdesites.ws'; 2009-11-27 09:29:15 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'terra.com', total 10 for bombSuspiciousRe; ........ ........ ........ ........ repeats the same WHITOUT the BombBlack for 65times and then restarts ........ ........ ........ ........ 2009-11-27 09:35:54 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'hospedagemdesites.ws', total 5 for bombSuspiciousRe; 2009-11-27 09:35:54 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'hospedagemdesites.ws'; 2009-11-27 09:35:54 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'terra.com', total 10 for bombSuspiciousRe; 2009-11-27 09:35:54 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'terra.com'; 2009-11-27 09:35:54 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for this message is now 1983; 2009-11-27 09:35:54 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for IP '11.11.11.11' is now 2652; 2009-11-27 09:35:54 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'n=E3o poder=E1 ser considerado SPAM', total 10 for bombDataRe; 2009-11-27 09:35:54 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'n=E3o poder=E1 ser considerado SPAM'; 2009-11-27 09:35:55 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'Se voc=EA deseja ser removido de nossa lista', total 20 for bombDataRe; 2009-11-27 09:35:55 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'Se voc=EA deseja ser removido de nossa lista'; 2009-11-27 09:35:59 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com [scoring] -- BombData: 'Se voc=EA deseja ser removido de nossa lista' -- [MARQUE UMA REUNI O P FALAR SOBRE PORTABILIDADE NUMERICA COM os PLANOS DA VIVO EMPRESAS CORPORATIVOS PARA S O PAULO]; 2009-11-27 09:35:59 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombData: 'Se voc=EA deseja ser removido de nossa lista'), total score for this message is now 2003; 2009-11-27 09:35:59 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 20 (BombData: 'Se voc=EA deseja ser removido de nossa lista'), total score for IP '11.11.11.11' is now 2672; 2009-11-27 09:36:00 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'hospedagemdesites.ws', total 5 for bombSuspiciousRe; 2009-11-27 09:36:00 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'hospedagemdesites.ws'; 2009-11-27 09:36:00 id-21344-16311 [bombSuspiciousRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 for 'terra.com', total 10 for bombSuspiciousRe; 2009-11-27 09:36:00 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 5 Regex:bombSuspiciousRe 'terra.com'; 2009-11-27 09:36:01 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for this message is now 2013; 2009-11-27 09:36:01 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com added 10 (BombSuspiciousMailFrom 'terra.com'), total score for IP '11.11.11.11' is now 2682; 2009-11-27 09:36:01 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'n=E3o poder=E1 ser considerado SPAM', total 10 for bombDataRe; 2009-11-27 09:36:01 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'n=E3o poder=E1 ser considerado SPAM'; 2009-11-27 09:36:01 id-21344-16311 [bombDataRe] 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 for 'Se voc=EA deseja ser removido de nossa lista', total 20 for bombDataRe; 2009-11-27 09:36:01 id-21344-16311 11.11.11.11 <per...@ecopv.com.br> to: m...@mydomain.com score 10 Regex:bombDataRe 'Se voc=EA deseja ser removido de nossa lista'; 2009-11-27 09:36:03 Sig USR1 -- saving concurrent session stats; 2009-11-27 09:37:55 /usr/local/assp/assp.pl version 1.6.1.3(0.0.11) (Perl 5.008008) initializing ; 2009-11-27 09:37:55 File ::Scan::ClamAV module version 1.91 installed and available; 2009-11-27 09:37:55 /usr/local/assp/assp.pl running on server: alfa.mydomain.com (33.33.33.33); 2009-11-27 09:37:55 Net::LDAP module version 0.39 installed and available; 2009-11-27 09:37:55 Net::DNS module installed; 2009-11-27 09:37:55 Email::Valid module version 0.182 installed and available; 2009-11-27 09:37:55 Email::Send module version 2.198 installed - resending blocked messages available; 2009-11-27 09:37:55 Mail::SPF module version 2.006 installed and available; 2009-11-27 09:37:55 Mail::SRS module version 0.31 installed - Sender Rewriting Scheme available; 2009-11-27 09:37:55 Compress::Zlib module version 2.019 installed - HTTP compression available; 2009-11-27 09:37:55 Digest::MD5 module version 2.36 installed - delaying can use MD5 keys for hashes; 2009-11-27 09:37:55 File ::ReadBackwards module version 1.04 installed - searching of log files enabled; ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
