I would appreciate your comments on the following weird case: Today I received an e-mail that pretended it was sent from me to myself !!! As far as I remember, this is the first time ASSP accepted a fake mail pretending to be from our own server !!! The following lines are all the logs I could take followed by the mail headers.
12289215-2010-03-01 15:33:31 Connected: 109.96.36.161:55521 -> 67.19.188.154:25 -> 127.0.0.1:125; 12289304-2010-03-01 15:33:32 [email protected] matches [email protected] in LocalAddresses_Flat; 12289402:2010-03-01 15:33:32 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] recipient accepted: [email protected]; 12289547-2010-03-01 15:33:33 [email protected] matches [email protected] in LocalAddresses_Flat; 12289645:2010-03-01 15:33:33 id-68412-16005 [bombSubjectRe] 109.96.36.161 <[email protected]> to: [email protected] score 5 for '80%', total 5 for bombSubjectRe; 12289808:2010-03-01 15:33:33 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] score 5 Regex:bombSubjectRe '80%'; 12289944:2010-03-01 15:33:33 id-68412-16005 [BombSubject] 109.96.36.161 <[email protected]> to: [email protected] [scoring] -- bombSubjectRe: '80%' -- [80 OFF For hilario]; 12290119:2010-03-01 15:33:33 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] added 5 (bombSubjectRe: '80%'), total score for this message is now 5; 12290291:2010-03-01 15:33:33 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] added 5 (bombSubjectRe: '80%'), total score for IP '109.96.36.161' is now 5; 12290469:2010-03-01 15:33:33 id-68412-16005 [BombSubject] 109.96.36.161 <[email protected]> to: [email protected] [Scoring:5] -- bombSubjectRe: '80%' -- [80 OFF For hilario]; 12290646:2010-03-01 15:33:33 id-68412-16005 [URIBL] 109.96.36.161 <[email protected]> to: [email protected] info: URI ensurefood.ru found in text; 12290794-2010-03-01 15:33:33 Sending DNS-query to 67.19.1.10 on multi.surbl.org for URIBL checks on ensurefood.ru; 12290900-2010-03-01 15:33:33 Sending DNS-query to 67.19.1.10 on black.uribl.com for URIBL checks on ensurefood.ru; 12291006-2010-03-01 15:33:33 Sending DNS-query to 67.19.1.10 on sc.surbl.org for URIBL checks on ensurefood.ru; 12291109-2010-03-01 15:33:33 Sending DNS-query to 67.19.1.10 on jp.surbl.org for URIBL checks on ensurefood.ru; 12291212-2010-03-01 15:33:33 Sending DNS-query to 67.19.1.10 on ab.surbl.org for URIBL checks on ensurefood.ru; 12291315-2010-03-01 15:33:33 Commencing URIBL checks on ensurefood.ru; 12291377-2010-03-01 15:33:33 Completed URIBL checks after 0 seconds on ensurefood.ru; 12291454:2010-03-01 15:33:34 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] [scoring] Bayesian Check - Prob: 1.00000 => spam; 12291605:2010-03-01 15:33:34 id-68412-16005 109.96.36.161 <[email protected]> to: [email protected] added 31 (Bayesian Probability: 1.0000), total score for this message is now 36; 12291787:2010-03-01 15:33:34 id-68412-16005 [MessageOK] 109.96.36.161 <[email protected]> to: [email protected] -- Message OK -- [80 OFF For hilario] -> /usr/local/assp/okmail/80_OFF_For_hilario--462.eml; 12291994-2010-03-01 15:33:34 Disconnected: 109.96.36.161; Message headers: Received: from localhost ([127.0.0.1] helo=alfa.soliton.com.br) by alfa.soliton.com.br with esmtp (Exim 4.69) (envelope-from <[email protected]>) id 1NmAQu-00038K-TV for [email protected]; Mon, 01 Mar 2010 15:33:34 -0300 Received: from [109.96.36.161] ([109.96.36.161] helo=[109.96.36.161]) with IPv4:25 by alfa.soliton.com.br; 1 Mar 2010 15:33:31 -0300 From: "ED Treating Products" <[email protected]> To: [email protected] Subject: *** 80% OFF For hilario *** Date: Mon, 1 Mar 2010 20:33:35 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-Assp-Re-bombSubjectRe: 80% X-Assp-Score: 5 (bombSubjectRe: '80%') X-Assp-Score: 31 (Bayesian Probability: 1.0000) X-Assp-ID: alfa.soliton.com.br (id-68412-16005) X-Assp-Version: 1.7.0.0(0.0.10) Best Regards, Hilario Fochi Silveira Soliton Controles Industriais Ltda. Rua Alfredo Pujol, 1010 - Sao Paulo - SP - BRAZIL ZIP: 02017-002 ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
