Hi guys, I have a system running ASSP version 2.4.3(14349).
Everything works 100% except I have configured content blocking and it seems attachment matches are getting through. DoBlockExes:=1 BlockExes:=1 BlockWLExes:=2 BlockNPExes:=2 BadAttachL1:=\.(ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]|zip) Mail is set to tagging with message score on end. DoPenaltyMessage:=4 MsgScoreOnEnd:=1 Here is the logs... Jan 20 12:00:18 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Message-Score: added -10 (spfpValencePB) for SPF pass, total score for this message is now -10 Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Message-Score: added 150 for DNSBL: failed, 79.182.x.y listed in bl.spameatingmonkey.net dnsbl.sorbs.net zen.spamhaus.org, total score for this message is now 140 Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] [scoring] (DNSBL: failed, 79.182.x.y listed in (bl.spameatingmonkey.net<-127.0.0.3; dnsbl.sorbs.net<-127.0.0.14; zen.spamhaus.org<-127.0.0.10; )) Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Regex:BombHeaderRe 'PB 40: for 0 Jan 2015 14:00:13 +' Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] [BombHeaderRe] 79.182.x.y <[redacted]> to: [redacted]@[redacted] [scoring] (BombHeaderRe '0 Jan 2015 14:00:13 +0200') Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Message-Score: added 40 for BombHeaderRe '0 Jan 2015 14:00:13 +0200', total score for this message is now 180 Jan 20 12:00:19 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] info: 1 attachment found for Level-1 This is what is odd. Even though its detected, the message is set to tagging and the attachment level 1 is set to block, its passing below. Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] HMM-Check has given less than 6 results - using monitoring mode only Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] HMM Check [monitoring] - Prob: 1.00000 => spam Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Bayesian Check [scoring] - Prob: 1.00000 => spam Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] Message-Score: added 30 for Bayesian Probability: 1.00000, total score for this message is now 210 Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] [MessageLimit][lowlimit] 79.182.x.y <[redacted]> to: [redacted]@[redacted] [spam found] and possibly passing because messagescore(210) low [] -> /opt/assp/discarded/5067--632373.eml Jan 20 12:00:20 [redacted]-inboundmx assp[22740]: id-55214-05067 [Worker_3] 79.182.x.y <[redacted]> to: [redacted]@[redacted] spam found and passing () [] Have I possibly missed something? I am delaying the scoring until the entire mail is received. -N ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
