Fritz, I have also implemented a bombRe Regular Expression that should have blocked these messages, but the bombRe is also not being performed as well as the HELO check that I previously mentioned. HELO and bombRe checks both indicate matches in the Analyzer.
If this is an appropriate way for the whitelisted tuplets to operate (to allow the bypassing of checks such as HELO and bombRe), then this is a serious issue. If its not, then we have a serious bug in processing logic that a spammer is (or perhaps has) figured out. Micheal Espinola Jr wrote: > Fritz Borgstedt wrote: > >> the firstmessage was not delayed (whitelisting triplet) - therefore >> helocheck->Spam -> therefore second message delayed - therefore no >> helocheck. >> > > I'm afraid I'm lost. This is what I read from the log (please correct > me if I misinterpreted something), but it looks to me that both the > first and the second messages were initially added as triplets and delayed: > > The first messages was added as a whitelisted triplet after waiting ~15 > minutes for the delay. The first message then failed the HELO check, > had its whitelisted tuplet verified to be deleted, and the messages was > rejected. > > The second message was added as a whitelisted triplet after waiting ~15 > minutes for the delay. The second did not receive a HELO check, and the > messages was accepted because of Bayesian test-mode. > > Both messages were spam, and both messages should have failed HELO > checks. Why would the second message go through without the HELO > check? If there is something procedural that allowed this to happen > because both came from the same IP, then surely something must be amiss > with how repetitive spam is processed? > > > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
