you don't like reading - I'm right?
>Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [PenaltyBox] 119.254.105.202
><dhl.internatio...@pisem.net> to: u...@domain.com [monitoring]
Why should do the PenaltyBox anything other than monitoring, if it is
setup this way?
It is useless in production mode to score for all checks and set the
PenaltyBox to monitor.
Thomas
Von: Brian <bstringfel...@bobcad.com>
An: For Users of ASSP <assp-user@lists.sourceforge.net>
Datum: 12.09.2014 16:23
Betreff: Re: [Assp-user] Spam marked but not blocked
Thank you. I've disabled the testmode but he just got another one. Here
are the details:
p-12-14 10:04:31 m-30667-01599 [Worker_1] [BombCharSets] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com [scoring]
(BombCharSets 'charset=cp1251')
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com Message-Score: added
42 for BombCharSets 'charset=cp1251', total score for this message is
now 188
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [BombCharSets]
119.254.105.202 <dhl.internatio...@pisem.net> to: u...@domain.com
[scoring] (BombCharSets 'charset=cp1251')
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com Message-Score: added
25 for Regex:BombCharSets 'PB 25: for charset=cp1251' BombCharSets:
'charset=cp1251', total score for this message is now 213
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com FileScan: scanned 2147
bytes in message
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com Bayesian Check
[scoring] - Prob: 0.00000 => ham
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [PenaltyBox] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com [monitoring]
totalscore for 119.254.105.202 is 72, last bad penalty was 'BombCharSets'
Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com spam found and passing
() [URGENT] -> discarded/URGENT--1497048.eml
Sep-12-14 10:04:31 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com FileScan: scanned 5373
bytes in message
Sep-12-14 10:04:31 [Worker_1] 119.254.105.202
<dhl.internatio...@pisem.net> to: u...@domain.com info: message
forwarded to monitors...@domain.com
From Mail analyzer:
• SPF-check returned OK for 119.254.105.202 ->
dhl.internatio...@pisem.net, mail.t3.com.cn
• SPF: neutral (cache) ip=119.254.105.202
mailfrom=dhl.internatio...@pisem.net helo=mail.t3.com.cn
• BombSubject RE: 'highest match: "URGENT" with valence: 17 - PB value =
17'
• matching bombSubjectRe(file:files/bombsubjectre.txt[line 1]):
'(?-i)^[A-Zs!:.,/ ]+$'
• BombCharsets RE: 'highest match: "charset=cp1251" with valence: 25 -
PB value = 25'
• matching bombCharSets(file:files/charsets.txt[line 8]):
'charset=.?CP1251'
• URIBL check: 'OK'
• Valid Format of HELO: 'mail.t3.com.cn'
• IP in Helo check: 'OK'
• 92.79.164.51 is in PB Black: score:141, last event - DNSBLfailed
• 119.254.105.202 is in PB Black: score:72, last event - BombCharSets
• RBLCacheCheck returned OK for 92.79.164.51: inserted as not ok at
2014-09-12 10:04:31 , listed by bb.barracudacentral.org{127.0.0.2}
bl.spamcop.net{127.0.0.2} - message score: 141
• RBLScore: bl.spamcop.net -> 127.0.0.2 -> 91
• RBLScore: bb.barracudacentral.org -> 127.0.0.2 -> 50
• RBLCheck returned OK for 119.254.105.202: DNSBL: failed,
119.254.105.202 listed in bb.barracudacentral.org dnsbl-1.uceprotect.net
- message score: 117
• RBLScore: bb.barracudacentral.org -> 127.0.0.2 -> 50
• RBLScore: dnsbl-1.uceprotect.net -> 127.0.0.2 -> 67
On 9/12/2014 9:55 AM, Thomas Eckardt wrote:
> - switch off all testmodes - looks like the penaltybox is running in
> testmode - if you want, you could have read it in the maillog (while
copy
> and paste - for example)
>
>> Sep-12-14 07:35:28 m-21721-03024 [Worker_2]
>> [MessageLimit][tagging][testmode] 100.43.187.172 <nore...@esurgas.us>
>> to: u...@domain.com [spam found] and possibly passing because testmode,
>> otherwise blocked (MessageScore 79, limit 50) [Pure Garcinia Cambogia
>> Extract] -> spam/Pure_Garcinia_Cambogia_Extract--1496652.eml
>
>> 100.43.187.172 <nore...@esurgas.us> to: u...@domain.com [scoring]
>> (BombHeaderRe '2 Sep 2014 04:03:20 -0700')
> remove the related regular expression from BomHeaderRe - or replace it
> with
>
>
\d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\d
>
> in normal cases this entry is not required, because it catches MIME
> timestamps with wrong GMT offset like:
> 2 Sep 2014 04:03:20 -0760
> ...
> 2 Sep 2014 04:03:20 -0790
>
>
> Thomas
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
>
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
