Hi All, I'm currently running ASSP 2.1.1 (11355) on five Linux boxes and I'm currently observing a strange behavior from ASSP. Well, a few days back, my MTA queue got filled by spam messages from spoofed sender that are usually blocked by ASSP. After some hours spent investigating this issue (and cleaning the notspam corpus), I've found that the spammers where able to bypass most (if not all) IP/sender/content validation tests by sending an RSET command right after the HELO command, thus turning my five ASSP boxes into openrelays. I was running version 11354 when I saw this for the first time. I upgraded to 11355 and the issue is still there.
Example: 22-Dec-2011 14:37:43 m3-82663-01738 187.14.220.166 <red...@somelocaldomain.ca> to: valid...@yahoo.com.br recipient accepted: valid...@yahoo.com.br 22-Dec-2011 14:37:44 m3-82663-01738 [MessageOK] 187.14.220.166 <red...@somelocaldomain.ca> to: valid...@yahoo.com.br message ok [smtp.somelocaldomain.ca:587] -> /opt/assp/notspam/smtp_somelocaldomain_ca_587--151296.eml 22-Dec-2011 14:37:44 m3-82663-01738 187.14.220.166 <red...@somelocaldomain.ca> to: valid...@yahoo.com.br info: no (more) data readable from 187.14.220.166 (connection closed by peer) - last command was 'QUIT' 22-Dec-2011 14:37:44 m3-82663-01738 187.14.220.166 <red...@somelocaldomain.ca> to: valid...@yahoo.com.br finished message - received DATA size: 0 Byte - sent DATA size: 465 Byte 22-Dec-2011 14:37:44 Disconnected: 187.14.220.166 - command list was 'EHLO,RSET,MAIL FROM,RCPT TO,DATA,QUIT' - used 9 SocketCalls I'm I the only one with this issue? Thanks Eric ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
