I killed the WhiteRe completely since most of them are old.
I've restarted, and so far so good, BUT it seems to take a while after
restart for the warnings to start, which I further don't understand.
What's really strange is that the WhiteRe hasn't changed for a really long
time. No idea why this suddenly started happening, but hopefully just
ditching them altogether will fiz the errors/warnings. When I saw this
last night, what I'm really baffled by is that things would be okay for a
while after restart, say an hour or two, and then the warnings / stuck will
start and continue.
FYI
The \from \to came from you years ago as a suggestion. It was well before
SPF handling and was for a very specific email. Now, I'm looking more
generally:
Might there be a negative scoring that I could add to bombre for a specific
subdomain of ours here that i could use to give a bonus couple of points to
any mail from whatever@[domain].ext that comes to [domain]@
oursub.ourdomain.org?
For example, if mail is from *RedCross*.org to 249058619899@
sub.ourdomain.org give it -10 to help it eek by as Mail OK when it might
have had a score that would have otherwise made it scored as spam. Most of
the erroneously rejected mails are mails like this. That's sort of what
the cnn filter in the whitere was intended for, but I don't need it to be
white, just reduce the score. I don't want something if you think it'll be
too cpu intensive though.
The key here is that this subdomain is setup as a wildcard alias. It goes
to a group of users and those users are free to use the [whatever]@
sub.ourdomain.org online with whomever they see fit. That lets us track
email usage and know when a specific email address has been sold to another
entity or stolen (and then set a rule to reject those messages).
Is there a trick
On Sun, Feb 21, 2016 at 10:31 AM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
> Google Alert - victim(?:s)(?:')? help
> Google Alert - human trafficing
> #
> # from cnn to our cnn@ourdomain account
> \nfrom:[^\r\n]+?\@cnn\.com.+?\nto:[^\r\n]+?c\@ourdomain
> \nto:[^\r\n]+?cnn\@ourdomain.+?\nfrom:[^\r\n]+?\@cnn\.com
> #
> HelpDaily
>
> ......
>
> Google Alert - victim(?:s)(?:')? help
> better use
> Google Alert - victims'? help
>
> both lines '\nfrom....' and '\nto...' can be very cpu and memory consuming
> and will run over the complete mail. I would try to whitelist @cnn.com an
> to remove both lines.
>
> Because CNN seem to be a grocer - they don't provide a SPF record - you
> should try to build one for there domain and override (+ strict).
> Your logs contain the CNN IP addresses.
> And write them a bitterly angry email - that they should provide an SPF
> record.
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 21.02.2016 15:57
> Betreff: Re: [Assp-test] Unexpected SEGV - v16036, Line 38599
>
>
>
> I've got WhiteRe in a file.
>
> It's:
>
> Google Alert - victim(?:s)(?:')? help
> Google Alert - human trafficing
> #
> # from cnn to our cnn@ourdomain account
> \nfrom:[^\r\n]+?\@cnn\.com.+?\nto:[^\r\n]+?c\@ourdomain
> \nto:[^\r\n]+?cnn\@ourdomain.+?\nfrom:[^\r\n]+?\@cnn\.com
> #
> HelpDaily
>
> That hasn't changed. Looking back at logs, I see this happening with the
> previous 16013 version, just not as frequently, so it's not a version
> specific problem. Some sort of corruption in my data???
>
> Suggestion to fix?
>
> On Sun, Feb 21, 2016 at 12:48 AM, Thomas Eckardt
> <thomas.ecka...@thockar.com
> > wrote:
>
> > line 38599 is checking the mail body against 'whiteRe' - so what is your
> > config value for this?
> >
> > Thomas
> >
> >
> >
> >
> > Von: K Post <nntp.p...@gmail.com>
> > An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> > Datum: 21.02.2016 02:45
> > Betreff: [Assp-test] Unexpected SEGV - v16036, Line 38599
> >
> >
> >
> > My 16036 installation, windows, all modules up to date is throwing this
> > warning over and over:
> >
> > Warning: got unexpected signal SEGV in Worker_2: package - main, file -
> > c:\ASSP\assp.pl, line - 38599!
> > (many of them)
> >
> > followed by a
> >
> > Warning: try to terminate inactive/stucking Worker_2
> >
> >
> >
> > [ fyi, "stucking" isn't a word. Replace with "stuck" if you are so
> > inclined ]
> >
> >
>
> ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
> >
>
> ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
