Jay,
Just a general suggestion. The defaults in ASSP are a good general guide
of what the settings should start out as in my experience. If you want to
tweak later, fine, but start our using defaults. Grow the database and
correct it. If you don't fully understand a setting, don't change it from
the default until you completely understand it. And don't forget about
test mode when starting out.
On Thu, Apr 28, 2016 at 1:46 PM, Jay <h...@herodata.com> wrote:
> Thank you for the suggestions. I will implement the changes you suggested.
> I appreciate it.
>
>
>
> On 4/28/2016 5:04 AM, aquilinux wrote:
>
>> Hi Jay, you really need to adjust your scores because they seem way too
>> permissive...
>>
>> X-Assp-Message-Score:-10 (SSL-TLS-connection-OK)
>>> X-Assp-IP-Score:-10 (SSL-TLS-connection-OK)
>>>
>> this is nonsense imho.
>> everyone now uses ssl/tls to connect so giving a -10 bonus here means
>> lowering a lot the assp effectiveness.
>> set *tlsValencePB* to *0*
>>
>> X-Assp-Message-Score:-15 (In Penalty White Box)
>>>
>> it happens... some new spammers manage to get to the White Box. not a big
>> problem, just teach assp this is spam. you can even add the ip to PB Black
>> if you find out that it is crap (whois is your friend).
>> Fool me once, shame on you... fool me twice, shame on me.
>>
>> X-Assp-Message-Score:25 (Bayesian Probability: 1.00000)
>>> X-Assp-IP-Score:25 (Bayesian Probability: 1.00000)
>>>
>> why not sticking with the default (49)? any good reason?
>>
>> PenaltyMessageLow set to 40 and the PenaltyMessageLimit set to 65.
>>>
>> again, why not sticking with the default (50)? any good reason?
>> i had to admit that, over many years, default scoring values turned out to
>> be the best choice except.
>> same considerations for tlsValencePB apply for *spfpValencePB*. Set it to
>> *0
>> *since most of the spam/ube nowadays comes from very well configured
>> servers (SPF, DKIM).
>>
>> Regards,
>> aqx
>>
>>
>>
>>
>> On Wed, Apr 27, 2016 at 8:31 PM, Jay <h...@herodata.com> wrote:
>>
>> Good day.
>>>
>>> I have a question that I am hoping isn't too complicated to answer. When
>>> an email hits ASSP, what is the procedure ASSP follows in the process of
>>> determining if an email should be allowed or not? More specifically,
>>> does the email get scored by the Penalty Box, then passed along to the
>>> Bayesian and HMM database? I am still trying to figure out why some of
>>> the emails we are seeing get through ASSP shouldn't be allowed through.
>>> For example, I submit a analyze report to ASSP for a particular email
>>> that continues to get through, Bayesian and HMM analysis label the email
>>> as confident spam but emails like this still get through. I have the
>>> PenaltyMessageLow set to 40 and the PenaltyMessageLimit set to 65. Is
>>> the PenaltyMessageLimit set too high? I saw that 50 is the default.
>>>
>>> Here's an example of what is in the header information in case you
>>> needed to see this:
>>>
>>> X-Assp-Version:2.5.1(16100) on mail.somemailserver.com
>>> X-Assp-ID:mail.somemailserver.com
>>> X-Assp-Session:3DD721F0 (mail 1)
>>> X-Assp-Detected-RIP:223.176.172.29
>>> X-Assp-Source-IP:223.176.172.29
>>> X-Assp-Envelope-From:sen...@gmail.com
>>> X-Assp-Intended-For:recipi...@somewhere.com
>>> X-Assp-Client-TLS:yes
>>> X-Assp-Message-Score:-10 (SSL-TLS-connection-OK)
>>> X-Assp-IP-Score:-10 (SSL-TLS-connection-OK)
>>> X-Assp-Delay:not delayed (209.85.192.193 in whitebox (PBWhite)); 27 Apr
>>> 2016 10:34:39 -0400
>>> X-Assp-Message-Score:-15 (In Penalty White Box)
>>> X-Assp-Message-Score:49 (HMM Probability: 1.00000)
>>> X-Assp-IP-Score:49 (HMM Probability: 1.00000)
>>> X-Assp-Message-Score:25 (Bayesian Probability: 1.00000)
>>> X-Assp-IP-Score:25 (Bayesian Probability: 1.00000)
>>> X-Assp-Tag:MessageLimit
>>> X-Assp-Spam:YES (Probably)
>>> X-Spam-Status:yes
>>> X-Assp-Spam-Reason:MessageScore passed low limit
>>> X-Assp-Message-Totalscore:49
>>> X-Assp-Spam-Level:**********
>>> X-Assp-DKIM:not verified
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Find and fix application performance issues faster with Applications
>>> Manager
>>> Applications Manager provides deep performance insights into multiple
>>> tiers of
>>> your business applications. It resolves application problems quickly and
>>> reduces your MTTR. Get your free trial!
>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Find and fix application performance issues faster with Applications
>> Manager
>> Applications Manager provides deep performance insights into multiple
>> tiers of
>> your business applications. It resolves application problems quickly and
>> reduces your MTTR. Get your free trial!
>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>
>>
>> _______________________________________________
>> Assp-user mailing list
>> Assp-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
>>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2016.0.7539 / Virus Database: 4563/12122 - Release Date: 04/28/16
>>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
