Kevin wrote:
> Daniel L. Miller wrote:
>
>> Daniel L. Miller wrote:
>>
>>> Daniel L. Miller wrote:
>>>
>>>
>>>>>> I may have perhaps found the answer. My exportExtremeFileAppend was
>>>>>> checked, and the exportextreme file was ... a trifle large. A "sort -u"
>>>>>> shrunk it to a manageable size, and ASSP is blocking connections again.
>>>>>>
>>>>>> May I recommend a warning message in the GUI, and possibly an overflow
>>>>>> error should be reported for larger files for when a idiot like me tries
>>>>>> to shoot himself in the foot?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Could you be more specific as to the size.
>>>>>
>>>>>
>>>>>
>>>> Of course I already deleted the file without taking note of the size -
>>>> but it think it was over 10M. Took a while to load ASSP each time too!
>>>>
>>>>
>>>>
>>> I'm still blocking lots of others - but this particular site is still
>>> able to get past the IP blocks. Mail analyzer states that the IP is in
>>> both the exportextreme and the denysmtp.
>>>
>>> How are they getting through?!?
>>>
>> I see the message DOES have a valid SPF - does a valid SPF bypass the
>> penalty box blocks? Abbreviated headers follow:
>>
>
> But what does the maillog say?
>
Right under my nose!!! The $#$!$#! got a spam in right while I was
watching the log!!! Here's a straight stream from the log - I see
absolutely no evidence of a penalty box check....but ... twenty minutes
previous I show a successful block!! How is the IP block being
bypassed? How? How? <crying> How!
***
Jul-30-07 15:52:30 Connection from 66.63.185.238:54232 rejected by
denySMTPConnectionsFrom: 66.63.185.
***
Jul-30-07 16:12:30 Connected: 66.63.185.238:65091 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-30-07 16:12:30 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> accepting
triplet: (66.63.185.0,
[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 50m 28s
Jul-30-07 16:12:30 Commencing DNSBL checks on 66.63.185.238
Jul-30-07 16:12:36 Completed DNSBL checks on 66.63.185.238
Jul-30-07 16:12:36 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Received-RWL:
not listed (foxy.amfes.com: local policy) rwl=none;
client-ip=66.63.185.238
Jul-30-07 16:12:49 [SPF] M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-SPF: pass (foxy.amfes.com: domain of [EMAIL
PROTECTED] designates
66.63.185.238 as permitted sender) client-ip=66.63.185.238;
envelope-from=
[EMAIL PROTECTED]; helo=mail.enerwrite.com;
Jul-30-07 16:12:49 Commencing DNSBL checks on 66.63.185.238
Jul-30-07 16:12:51 Completed DNSBL checks on 66.63.185.238
Jul-30-07 16:12:51 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] DNSBL
Received-DNSBL: pass
Jul-30-07 16:12:51 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Regex:Red
'unsubscribe'
Jul-30-07 16:12:51 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] URIBL
Received-URIBL: pass
Jul-30-07 16:12:51 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] ClamAV:
scanning 5574 bytes done OK
Jul-30-07 16:12:52 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Bayesian
Check Prob: 1.00000 => spam
Jul-30-07 16:12:52 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] deleting
spamming whitelisted tuplet: (66.63.185.0,enerwrite.com)
age: 22s
Jul-30-07 16:12:52 [Bayesian] M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Bayesian Spam Find_the_top_5_online_schools_
Jul-30-07 16:12:52 M7150c3179 66.63.185.238 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] is
disconnected
--
Daniel
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
