Hi, I don't see this behaviour (11356). I tested the commands through telnet and got the expected authentication required message.
Regards, Colin. On 23/12/2011 19:30, Administrateur des Sytèmes wrote: > > Hi All, > > I'm currently running ASSP 2.1.1 (11355) on five Linux boxes and I'm > currently observing a strange behavior from ASSP. Well, a few > days back, my MTA queue got filled by spam messages from spoofed sender that > are usually blocked by ASSP. After some hours spent > investigating this issue (and cleaning the notspam corpus), I've found that > the spammers where able to bypass most (if not all) > IP/sender/content validation tests by sending an RSET command right after the > HELO command, thus turning my five ASSP boxes into > openrelays. I was running version 11354 when I saw this for the first time. > I upgraded to 11355 and the issue is still there. > > Example: > > 22-Dec-2011 14:37:43 m3-82663-01738 187.14.220.166<red...@somelocaldomain.ca> > to: valid...@yahoo.com.br recipient accepted: > valid...@yahoo.com.br > 22-Dec-2011 14:37:44 m3-82663-01738 [MessageOK] > 187.14.220.166<red...@somelocaldomain.ca> to: valid...@yahoo.com.br message > ok > [smtp.somelocaldomain.ca:587] -> > /opt/assp/notspam/smtp_somelocaldomain_ca_587--151296.eml > 22-Dec-2011 14:37:44 m3-82663-01738 187.14.220.166<red...@somelocaldomain.ca> > to: valid...@yahoo.com.br info: no (more) data > readable from 187.14.220.166 (connection closed by peer) - last command was > 'QUIT' > 22-Dec-2011 14:37:44 m3-82663-01738 187.14.220.166<red...@somelocaldomain.ca> > to: valid...@yahoo.com.br finished message - received > DATA size: 0 Byte - sent DATA size: 465 Byte > 22-Dec-2011 14:37:44 Disconnected: 187.14.220.166 - command list was > 'EHLO,RSET,MAIL FROM,RCPT TO,DATA,QUIT' - used 9 SocketCalls > > > I'm I the only one with this issue? > > Thanks > > Eric > > > ------------------------------------------------------------------------------ > Write once. Port to many. > Get the SDK and tools to simplify cross-platform app development. Create > new or port existing apps to sell to consumers worldwide. Explore the > Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join > http://p.sf.net/sfu/intel-appdev > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
