Hi, I recently set up a client with Block Reporting and since then they have started trying to use the whitelist, resend and report spam addresses.
They immediately had to stop using the whitelist address because every report sent would jam up a worker. Oddly this only happens with this one particular client however there is nothing unusual about their setup. They are running a Windows SBS 2008 Server using a smarthost configured into Exchange using the SBS wizard. Unfortunately no matter how many times I tell them to stop sending whitelist requests and just email direct to the address they want whitelisting they keep doing it. The end result is that all the threads get stuck and my monitoring script restarts ASSP. Unfortunately the session never completes with the sending server so they just jam up again. Example log from this morning below: 2012-04-28 08:34:44 [Worker_1] Connected: 1.1.1.1:58543 > 2.2.2.2:25 > 127.0.0.1:125 2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 220 my.servername.tld ESMTP Exim 4.76 Sat, 28 Apr 2012 08:34:44 +0100 2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 250 HELP 2012-04-28 08:34:44 [Worker_1] 1.1.1.1 info: got STARTTLS request from 1.1.1.1 2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 220 TLS go ahead 2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply] 250 HELP 2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 info: authentication - login is used 2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply] 334 ------------ 2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply] 334 ------------ 2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply] 235 Authentication succeeded 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> info: found message size announcement: 1.93 kByte 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> [SMTP Reply] 250 OK 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> email whitelist addition report 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> [SMTP Reply] 250 OK 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> [SMTP Reply] 354 OK Send body 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-header: found address '[email protected] in header tag 2012-04-28 08:34:44 [Worker_1] Report-header: found addresses in MIME-header of header - addresses in body are ignored! 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: no addresses found in header tags 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 <[email protected]> report-body: found address [email protected] in raw mail text 2012-04-28 08:34:45 [Worker_1] Email: [email protected] already on whitelist 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], 2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record [email protected], ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
