Colin,
please have a look in to the Personal Black table - PersBlack - is there a
key '[email protected],' ? - If so - remove all entries that don't have
a character after the comma or only have spaces after the comma.
Thomas
Von: Colin <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 28.04.2012 11:29
Betreff: [Assp-test] Workers getting stuck on whitelist/blacklist
requests
Hi,
I recently set up a client with Block Reporting and since then they have
started trying to use the whitelist, resend and report spam addresses.
They immediately had to stop using the whitelist address because every
report sent would jam up a worker. Oddly this only happens with this one
particular client however there is nothing unusual about their setup.
They are running a Windows SBS 2008 Server using a smarthost configured
into Exchange using the SBS wizard.
Unfortunately no matter how many times I tell them to stop sending
whitelist requests and just email direct to the address they want
whitelisting they keep doing it. The end result is that all the threads
get stuck and my monitoring script restarts ASSP. Unfortunately the
session never completes with the sending server so they just jam up again.
Example log from this morning below:
2012-04-28 08:34:44 [Worker_1] Connected: 1.1.1.1:58543 > 2.2.2.2:25 >
127.0.0.1:125
2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 220
my.servername.tld ESMTP Exim 4.76 Sat, 28 Apr 2012 08:34:44 +0100
2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 250 HELP
2012-04-28 08:34:44 [Worker_1] 1.1.1.1 info: got STARTTLS request from
1.1.1.1
2012-04-28 08:34:44 [Worker_1] 1.1.1.1 [SMTP Reply] 220 TLS go ahead
2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply]
250 HELP
2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 info:
authentication - login is used
2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply]
334 ------------
2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply]
334 ------------
2012-04-28 08:34:44 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1 [SMTP Reply]
235 Authentication succeeded
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> info: found message size announcement: 1.93 kByte
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> [SMTP Reply] 250 OK
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> email whitelist addition report
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> [SMTP Reply] 250 OK
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> [SMTP Reply] 354 OK Send body
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-header: found address
'[email protected] in header tag
2012-04-28 08:34:44 [Worker_1] Report-header: found addresses in
MIME-header of header - addresses in body are ignored!
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: no addresses found in header tags
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:44 m1-98484-00991 [Worker_1] [TLS-in] [TLS-out] 1.1.1.1
<[email protected]> report-body: found address [email protected] in raw
mail text
2012-04-28 08:34:45 [Worker_1] Email: [email protected] already on
whitelist
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
2012-04-28 08:34:45 [Worker_1] Info: removed personalblack record
[email protected],
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
