1. No, 2. No and 3. No !
The files are there because assp has crashed on them in any default check-
no body knows why and where - doing any default check inside the CA could
crash assp.
whitelisting, noprocessing nor any other state is a garantie, that a mail
has not crashed assp.
The CA works nearly (it tries to get the subject for logging) complete
independend from the rest of assp. It does not make sense to change that.
At least - remember the change log - it is even better to use the default
features of assp to detect and block such mails early (early
blackIP/droplist, preheaderRe , early helo, fakeHelo ...)
The CA takes place directly after the mail header is received. After that,
large regexes are following - which could be a reason for a crash.
I would say:
- CA is not useable by 'assp newbees' - it is too complex.
- CA is not useable by 'assp high profs' - they know the better way or
they use the CA to get a more easy life
And the CA could never be perfect - the reason is simple - CA tries to
detect bad mails on there header content and the used handshake protocol,
but in 99.99% of all cases the body was the reason for a crash.
Thomas
Von: "GrayHat" <[email protected]>
An: "ASSP development mailing list" <[email protected]>
Datum: 14.07.2011 12:34
Betreff: Re: [Assp-test] Antwort: Antwort: Re: changes in
2.0.2_3.2.02
> repo after crash 1:
>
> file1
> file2
> file3
[...]
Thomas... maybe I'm missing something here but... won't it
be possible to let the "rebuildspamdb" act on those files too
and (e.g. - just thinking loud) using the bayes DB to analyze
them and check if they're good or bad, so automagically
removing bad files while keeping good ones ?
As a note, I found that "bad behaviour" from the CA (crash
analyzer) while looking at the "live maillog"; I saw the CA
rejecting a couple of legit emails and checking them I also
found that the senders were whitelisted... is the CA kicking
in even before some "formal checks" (e.g. whitelisting for
IP or sender and all the other stuff ?)
If so, may it be possible to move the CA checks at a later
point so that some of the checks (e.g.) black/white IP lists,
SPF, senderbase.... and in general the checks performed
on the envelope data may work and possibly help in
classifying the mail as good or bad ?
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
