Hello Spyros, 1) I think, you should enter the mail address, that is used to pollute the db, to the following two fields in the assp- interface.
Not Authorized Addresses* (EmailSenderNotOK) and Ignore Not Authorized Addresses* (EmailSenderIgnore) The second options is important, so it doesn't inform the sending user that it's action (every whitelist addition) has been denied, which would lead to excessive mailing to whatever address is used to connect to assp. 2) Don't know, depends on how old, accurate, etc you db was prior to this accident. If you really need the db ,you could try to use a good texteditor that can handle regexes to remove all the bad stuff, based on the timestamp and maybe the personal whitelist address. 3) see answer 1) Also you could tell assp or even better your firewall on the server to deny connections on the smtp port from the client that is infected, until the issue is resolved. Best regards, Frank Mayer IT Consultant - Analyst - Programmer FRANKMAYER.NET <http://www.frankmayer.net/> Avast <http://www.frankmayer.net/products/avast/> Silver Reseller BackupAssist <http://www.frankmayer.net/products/backupassist/> Gold Reseller Visit FRANKMAYER.NET on Facebook <http://www.facebook.com/frankmayer.net> FRANKMAYER.NET Esperou 10 17561 Paleo Faliro Tel. +30 210 8665780 Mob. +30 697 2606373 Spyros Tsiolis wrote: > > Hello people, > > What the subject says. > Well, once again, the users managed to get their pc infected with > various s**t from the web. > > As a result at a clients' office (branch office actually, not the main > offices), there's a bot on a pc and is adding crap addresses on its own ! > > (@!#$@$##$#%) I am so pissed off ! > > Three questions : > > 1. How can I stop this m***er-f***er stop polluting my assp database > (steps to be taken etc.) > 2. Is the assp db worth saving ? or should I start from scratch ? > 3. How can I say to assp to stop receiving any reports for "spam" "notspam" > from specific users (like the mail user who is doing this, but it's not > the actual user its the f****ing bot) ? > > Here's an axtract : > -------------------------------------------------------------------------- > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 945928...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 492809...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 494507...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 94637...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 469090...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 <kappav...@kappavita.gr> to: > 945928...@qq.com whitelist addition: 907508...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com whitelist addition: > 295465...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com whitelist addition: > 946536...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com whitelist addition: > 564674...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com whitelist addition: > 9463...@qq.com; > Feb-21-11 07:21:44 65692-05803 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com whitelist addition: > 278668...@qq.com; > Feb-21-11 07:21:45 65692-05803 [Local] 220.121.151.14 > <clients_branch_off...@address.gr> to: 945928...@qq.com local -- > authenticated -- [11] -> notspam/5803.eml; > Feb-21-11 07:26:57 66015-06273 182.52.210.32 > <clients_branch_off...@address.gr> to: <clients_branch_off...@address.gr> > [scoring:10] -- HELO contains IP: '[182.52.210.32]' -- [airport VIAGRA 64 > discount]; > -------------------------------------------------------------------------- > > > Thank you all for your time , > > spyros > > > > > > ---- > "I merely function as a channel that filters > music through the chaos of noise" > - Vangelis > > > > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
