I dug through my spam collections and found a smattering (5) messages
that were blocked by ASSP in the past days. Of the 5, 4 of them were
blocked for ForgedHELO. In my logs, I also see that Virus emails are
being blocked. It seems that it's an issue with Scoring Mode. The only
test I have not on scoring more is ForgedHELO.
What happened to option 3 in Penalty Box? If we want to score messages
and also block bad IPs, what would we set?
Oddly enough, one email did get blocked by scoring mode:
The log:
Jul-22-07 04:28:46 Connected: 124.106.216.151:62713 ->
206.123.116.200:25 -> 127.0.0.1:125
Jul-22-07 04:28:47 [DNSBLCache][scoring] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> scoring - 124.106.216.151 rejected by
combined.njabl.org (07-07-22/04:28)
Jul-22-07 04:28:47 [DNSBLCache][scoring] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> Message-Score: 0+35 (DNSBLCache)
Jul-22-07 04:28:47 [DNSBLCache][scoring] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> PB: 124.106.216.151 score: 145+35 => 180
reason:DNSBLCache
Jul-22-07 04:28:47 [DNSBLCache][scoring] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] recipient accepted:
[EMAIL PROTECTED]
Jul-22-07 04:28:47 Commencing DNSBL checks on 124.106.216.151
Jul-22-07 04:28:47 Completed DNSBL checks on 124.106.216.151
Jul-22-07 04:28:47 [DNSBLCache][scoring] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Received-RWL: not listed
(yams.urigubu.com: local policy) rwl=none; client-ip=124.106.216.151
Jul-22-07 04:28:47 id-6527c14413 124.106.216.151 <[EMAIL PROTECTED]>
to: [EMAIL PROTECTED] scoring Regex:BombHeader ''
Jul-22-07 04:28:47 [BombHeader] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Message-Score: 35+18
(BombHeaderRe)
Jul-22-07 04:28:48 [MessageLimit] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Message Limit
Be_careful_of_cheap_imitations_Naw_Rz_in_the_Bah_c ->
/usr/local/assp/spam/14413.eml
Jul-22-07 04:28:48 [MessageLimit] id-6527c14413 124.106.216.151
<[EMAIL PROTECTED]> to: [EMAIL PROTECTED] is disconnected
The header:
From - Sun Jul 22 09:23:22 2007
X-Account-Key: account9
X-UIDL: UID1882-1184735017
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
>From [EMAIL PROTECTED] Sun Jul 22 04:28:46 2007
Received: from localhost ([127.0.0.1]:51009 helo=yams.urigubu.com)
by yams.urigubu.com with smtp (Exim 4.66)
(envelope-from <[EMAIL PROTECTED]>)
id 1ICXk2-0003be-SM
for [EMAIL PROTECTED]; Sun, 22 Jul 2007 04:28:43 -0500
Received: from sceneteknikk.no ([124.106.216.151] helo=sceneteknikk.no) by
yams.urigubu.com; 22 Jul 2007 04:28:34 -0500
Received: from 12.172.244.19 (HELO mailgate2.hanoverdirect.com)
by norelid.com with esmtp (DRFTINVCYEW RTSEWS)
id 6MtiE-YtXsZ5-2A
for [EMAIL PROTECTED]; Sun, 22 Jul 2007 17:29:00 +0800
Message-ID: <[EMAIL PROTECTED]>
From: "Gale B. Hackett" <[EMAIL PROTECTED]>
To: "Selma S. Granger" <[EMAIL PROTECTED]>
Subject: No more embarrassment!. attempting to obtain interviews with
members of the
Date: Sun, 22 Jul 2007 17:29:00 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_006B_01C7CC85.CAA11720"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2527
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
X-Assp-Score: 35 (DNSBLCache)
X-Assp-Received-RWL: not listed (yams.urigubu.com: local policy) rwl=none;
client-ip=124.106.216.151
X-Assp-Re-BombHeader:
X-Assp-Score: 18 (BombHeaderRe)
X-Assp-Tag: MessageLimit
X-Assp-Version: 1.3.4(8)
X-Assp-Spam: YES
X-SMSMSE-SCL: 9
X-Assp-ID: id-6518c4688
X-Assp-Spam-Reason: Message Limit
X-Assp-Totalscore: 53
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
