Yes Fritz, all would be OK if bombCharSets would do its job. But it does not
work, nor does bombRe or bombHeaderRe. See my other posting "Upgrade from 1.3.3
to ASSP 1.3.3.8 bombHeaderReProblem".
DoBombRe is set to '1' = active,
bombCharSets is set to
"BIG5|CHINESEBIG|GB2312|KS_C_5601|KOI8-R|EUC-KR|ISO-2022-JP|ISO-2022-KR|ISO-2022-CN"
bombHeaderRe is set to "X-RBL-Warning:"
bombRe is now set to "X-RBL-Warning:", as you suggested
The following mail goes to ccSpam, despite it should be blocked by bombHeaderRe
or bombRe:
Received: from ASSP-nospam ([192.168.0.102]) by mail.mydomain.de with Microsoft
SMTPSVC(5.0.2195.6713);
Tue, 23 Oct 2007 17:34:29 +0200
Received: from mail.space.net ([195.30.0.8] helo=mail.space.net) by
ASSP-nospam; 23 Oct 2007 17:34:18 +0200
Received: (qmail 39171 invoked from network); 23 Oct 2007 15:34:17 -0000
Received: from pool-71-110-22-159.lsanca.dsl-w.verizon.net (HELO
?71.110.22.159?) (71.110.22.159)
by mail.space.net with SMTP; 23 Oct 2007 15:34:17 -0000
X-RBL-Check: dul.dnsbl.sorbs.net
X-RBL-Warning: (pool-71-110-22-159.lsanca.dsl-w.verizon.net:71.110.22.159)
dul.dnsbl.sorbs.net
Received: from mgn-jc33ad3hrlb ([124.195.87.178] helo=mgn-jc33ad3hrlb)
by [71.110.22.159] ( sendmail 8.13.3/8.13.1) with esmtpa id
1CqvGE-000JOJ-un
for [EMAIL PROTECTED]; Tue, 23 Oct 2007 08:34:57 -0700
Date: Tue, 23 Oct 2007 08:34:26 -0700
From: "Aakash jacobsoohn" <[EMAIL PROTECTED]>
Reply-To: "Aakash jacobsoohn" <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [Bayesian] {hteekin
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
X-Assp-Received-URIBL: pass
X-Assp-Spam-Prob: 1.00000
X-Assp-Tag: Bayesian
X-Assp-Envelope-From: [EMAIL PROTECTED]
X-Assp-Version: 1.3.3.8()
X-Assp-Spam: YES
X-Assp-ID: id-3658c840
X-Assp-Spam-Reason: Bayesian Spam
X-Assp-Intended-For: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 23 Oct 2007 15:34:29.0497 (UTC)
FILETIME=[33928690:01C8158A]
and the next one is red mail AND AS YOU SAID should be blocked by bombCharSets:
Microsoft Mail Internet Headers Version 2.0
Received: from mail.space.net ([192.168.0.102]) by mail.mydomain.de with
Microsoft SMTPSVC(5.0.2195.6713);
Tue, 23 Oct 2007 12:46:02 +0200
Received: from mail.space.net ([195.30.0.8] helo=mail.space.net) by
ASSP-nospam; 23 Oct 2007 12:46:01 +0200
Received: (qmail 69357 invoked from network); 23 Oct 2007 05:18:15 -0000
Received: from unknown (HELO 61.184.59.138) (61.184.59.138)
by mail.space.net with SMTP; 23 Oct 2007 05:18:15 -0000
Received: from [61.184.59.138] by ns5.yahoo.com; Tue, 23 Oct 2007 05:12:49 +0000
Message-ID: <[EMAIL PROTECTED]>
From: "Soomekh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: =?koi8-r?B?Rnc6IPDSz8bF09PJz87BzNjOz8UgwdXEyc8t18nExc8gz8LP0tXEzw==?=
=?koi8-r?B?18HOycUgySDJztTFx9LJ0s/Xwc7O2cUg08nT1MXN2SA=?=
Date: Tue, 23 Oct 2007 03:25:27 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C81533.04C59CBC"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
X-Assp-Re-Red: koi8-r
X-Assp-Received-URIBL: pass
X-Assp-Spam-Prob: 0.01400
X-Assp-Envelope-From: [EMAIL PROTECTED]
X-Assp-Intended-For: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 23 Oct 2007 10:46:05.0546 (UTC)
FILETIME=[E99D24A0:01C81561]
Thilo
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Fritz Borgstedt
Gesendet: Dienstag, 23. Oktober 2007 18:36
An: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
Betreff: Re: [Assp-user] Redre.txt question!
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
<[email protected]> schreibt:
>Fritz,
>
>the problem in my opinion is that this is no red mail, it is spam in
>Cyrillic character set, aka unreadable and unwanted! So why is KOIR8-R
>to redre.txt? This is my question.
I repeat, it is in the redre because it is "unreadable and unwanted".
Redre does not influence the spam detection, however if eg. bombre detects it
and is set to 3(collecting and copying) these type of spam is not poisioning
the spam-db because of redre.
To stop these type Regular Expression to Identify Spam in Header Part*
(bombCharSets) is used
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
