I received a spam mail spoofing Intuit. While I have Intuit whitelisted
I don't understand how it passed SPF check.
Sep-22-23 11:15:20 06519-09846 [Worker_1] [TLS-in] 81.17.120.110
to: dmil...@amfes.com info: enhanced
Originated IP detection found IP's: 81.17.120.4
Sep-22-23 11:15:20
More confusion.
Just because - I tried changing EmailBlockReport to "stopme" (my old address was
"assp-block"). Because that's a sync'ed parameter it took effect on both hosts (I saw it happen
in the logs and verified by reloading the GUI). Then, on host 1, I changed the blank BlockRepForwHost
>I see no log activity
set
connectionLog
reportLog
to the highest level
It does help to turn on logging - since my "reportlog" was disabled.
It does help to turn on logging - since my "reportlog" was disabled. I
also manually re-started both ASSP's after changing the settings.
Having
Thank you - that clarifies some things. I had tried using my VPN IP's -
due to the source-NAT IP changes ASSP couldn't properly identiy the
connection. I've changed to using the external IP's and modified my
firewalls accordingly to open the relay ports. Eventually I'll re-write
my firewalls
With two running ASSP's, are both servers supposed to have each other's
IP:relayport set in BlockRepForwHost? When I do that they keep bouncing
the messages between them.
--
Daniel___
Assp-test mailing list
Assp-test@lists.sourceforge.net
Anyone else experienced this? Current operation:
1. A customer/vendor tries to send me an email - ASSP blocks it for
what would otherwise be good reason.
2. Badly configured remote immediately tries to resend multiple times -
ASSP places in Penalty Blacklist.
3. Office staff complain unable
Daniel L. Miller, VP - Engineering, SET
AM Fire Electronic Services, Inc. [AMFES]
dmil...@amfes.com 702-312-5276
--- Forwarded message ---
From: Colin Waring co...@dolphinict.co.uk
Date: June 30, 2014 7:35:58 AM
Subject: RE: [Assp-test] Unsupported bDat
To: dmil...@amfes.com dmil...@amfes.com
I've got an ASSP, Postfix, Dovecot setup that's been working fine for a
while - but now I'm having an issue where external clients are unable to
send.
To be clear, I have ASSP listening for both internal external clients,
forwarding to Postfix for processing. Postfix has been setup to allow
On 5/15/2014 3:07 PM, Daniel L. Miller wrote:
I've got an ASSP, Postfix, Dovecot setup that's been working fine for a
while - but now I'm having an issue where external clients are unable to
send.
To be clear, I have ASSP listening for both internal external clients,
forwarding to Postfix
I think part of it may have to do with highlighting. I just did a
search for a domain, and the log search brought up the relevant lines.
Many of the lines had clickable links - but there were some that
appeared to have identical information that did not have full links.
To try to be clearer
, it could be possible that the module is unable to convert a
specific file.
Thomas
Von:Daniel L. Miller dmil...@amfes.com
An: assp-test@lists.sourceforge.net,
Datum: 23.10.2013 10:24
Betreff:Re: [Assp-test] TNEF
On 10/20/2013 11:24 PM, Daniel Miller wrote:
On 10/20
On 10/20/2013 11:24 PM, Daniel Miller wrote:
On 10/20/2013 9:34 PM, Thomas Eckardt wrote:
noProcessing - do not process !!!
no conversion will be done on such mails
Thomas
But I have selected convertNP - doesn't that override?
Not meaning to be a pest, Thomas, but should having convertNP
Got a new one I can't figure out.
An external address that I've previously sent/received without issue is
now being rejected (as of two days ago). Somehow, this external address
is being interpreted as a local sender.
Oct-23-13 14:26:04 63564-04480 [Worker_1] 74.125.82.173
...@externaldomain.com listed as a
contact in your AD? That bit us not too long ago.
...Tim
-Original Message-
From: Daniel L. Miller [mailto:dmil...@amfes.com]
Sent: Wednesday, October 23, 2013 2:49 PM
To: ASSP development mailing list
Subject: [Assp-test] Invalid Local Sender
On 10/23/2013 2:55 PM, Daniel L. Miller wrote:
Not using exchange.
I do have a different user, same domain, in a contact. But so far I
haven't been able to come with an LDAP search that would reveal that
contact using the LDAP filters setup in ASSP.
Ok. I THINK I got it killed
I've been using ASSP's recipient-rewrite-based-on-destination feature.
This has been working wonderfully to allow me to use a email-to-fax
service that only accepted emails from a single sender address.
Now...I'm using a new service with new requirements.
This new service requires my to have
On 6/28/2013 1:15 PM, Daniel L. Miller wrote:
I've been using ASSP's recipient-rewrite-based-on-destination feature.
Let me rephrase that - sender-rewrite-based-on-recipient feature!
This has been working wonderfully to allow me to use a email-to-fax
service that only accepted emails from
On 6/11/2013 3:39 PM, Gary Sunderland wrote:
Do you have DoNoSpoofing and DoDomainIP both set to block? And
SRSValidateBounce to score?
-Original Message-
I'm starting to see a bunch of crap coming to my postmaster address.
Technically - this address shouldn't be terribly
I'm starting to see a bunch of crap coming to my postmaster address.
Technically - this address shouldn't be terribly restrictive...but the
damn spammers are starting to use it. Any suggestions to block the
garbage and still keep the communication lines open?
--
Daniel
Is there a way of manually triggering an update check - in a similar
fashion to manually performing a rebuild? If not, can that be added?
--
Daniel
--
Introducing AppDynamics Lite, a free troubleshooting tool for
was May 10, 2013. I don't know what version was running at the
time.
--
Daniel
On 5/28/2013 9:58 PM, Thomas Eckardt wrote:
Don't change your setup. Upgrade to 2.3.4_13149 will fix this. I'm sorry.
Thomas
Von:Daniel L. Miller dmil...@amfes.com
An: assp-test@lists.sourceforge.net
I've started playing with OpenNMS to monitor our network. I've noticed
that periodically it will complain of a SMTP outage. Looking at my ASSP
log, I see:
May-29-13 10:44:07 [Worker_2] 192.168.0.7 IP 192.168.0.7 matches
acceptAllMail - with 192.168.0.0/24
May-29-13 10:44:07 [Worker_2]
On 5/29/2013 11:17 AM, Thomas Eckardt wrote:
'AutoUpdateASSP'
.
If this value is changed to 'download and install', the autoupdate
procedure will be scheduled immediatly.
Just think about!
I already have that set. Do I need to toggle it - change it to no auto
update,
On 5/29/2013 12:01 PM, Thomas Eckardt wrote:
Don't use the SMTP listeners to monitor assp. Use the STATS interface or
SNMP.
Thank you - I learned how to reconfigure OpenNMS to watch the statistics
interface - hopefully that will be more stable.
--
Daniel
I was trying to enable SNMP - but I can't get the module to compile -
it's complaining about a version mismatch with my system.
From within CPAN -
ERROR:
Net-SNMP installed version: 5.4.3 = 5.0403
Perl Module Version:5.0401
I have libsnmp installed as a package via Ubuntu, and it is
Just updated to the latest (2.3.4-13148). I was doing some maintenance
and noticed the following:
May-28-13 21:08:08 [init] Warning: the current Spamdb is possibly
incompatible to this version of ASSP. Please run a rebuildspamdb.
current: n/a - required: 2_13136_5.014002_UAX#29_WordStem
On 3/21/2013 2:32 PM, Thomas Eckardt wrote:
I don't think that this will be possible in V2. It is planed to have full
recipient/domain based lists (addresses/domains/IP's) in V3.
How ever:
- the user does not know anything about IP's
- IP's are global for all recipients and domains - ones
The auto-whitelist solves almost all my needs. Almost.
The penalty blacklisting works wonders at killing all kinds of
misbehaving spammers - but sometimes I'll have a bonehead remote sender
trying to send us something, and when they get rejected they just keep
sending until they're on the
My heavily loaded server - average 1000 messages per day according to
ASSP - doesn't seem to need much. Will I harm anything by reducing
NumComWorkers to 2? Will that prevent more than 2 messages in/out being
processed at a time?
--
Daniel
I've been seeing errors in dmesg similar to:
[1055005.391799] perl[12344]: segfault at 7fee76d52080 ip
7fee79874a89 sp 7fee74889930 error 4 in
libdb-5.1.so[7fee79854000+16d000]
When this condition occurs ASSP is in a failed state - no connections
can be made. I'm running under
On 2/25/2013 3:57 AM, Thomas Eckardt wrote:
This is an SEGV in the BerkeleyDB shared library. At the first restart
ASSP will try to repair possibly fault databases.If multiple tables are
faulty, it could require several restarts to repair them.
If you want to force assp to load the databases
On 1/25/2013 10:04 AM, Geoff Varney wrote:
Hello,
I am working on transitioning from V1 over to V2. I have installed 2.2.1
(13020) and am testing OUTGOING only at this point. I have set up and
additional 2 IPs on the box (Windows), one for the relaying smtp and one for
the relay port for
On 10/1/2012 4:48 AM, Thomas Eckardt wrote:
added:
- ASSP is now able to validate DMARC (Domain-based Message Authentication,
Reporting Conformance) and to
send agregate and forensic DMARC reports.
- DMARC-reports could be only sent, if the rua- and ruf-DMARC policy of
a domain
On 9/27/2012 10:53 AM, Daniel L. Miller wrote:
On 9/27/2012 5:58 AM, Thomas Eckardt wrote:
Nice James,
just answer me to my privat email - SF removes the DKIM signature - and
the list mails are noprocessing.
I just added DKIM DMARC DNS records, and ASSP is generating DKIM
signatures just
On 9/29/2012 8:54 AM, Steve Moffat wrote:
Arfhhh. My bandwidth.
Steve Moffat
LOL.
With DMARC now implemented (in monitor mode) I'm now getting reports -
it looks like SF list messages are failing the checks. Is there a way
of accommodating SF in my DMARC record?
--
Daniel
How do I generate the dkim-pub.txt file?
--
Daniel
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
On 9/27/2012 5:58 AM, Thomas Eckardt wrote:
Nice James,
just answer me to my privat email - SF removes the DKIM signature - and
the list mails are noprocessing.
I just added DKIM DMARC DNS records, and ASSP is generating DKIM
signatures just fine. Let me know if there's anything else I
On 8/21/2012 11:52 AM, Daniel L. Miller wrote:
I haven't seen any more of the spoofed efax messages reach my printer -
and I'm seeing SPFerrors, fails, neutrals, softfails, and
softfail-stricts in my scoring statistics. Has anyone else seen the
spoofed efax messages blocked as a result
Here's mine:
Sep-12-12 01:57:25 RebuildSpamDB-thread rebuildspamdb-version 6.01
started in ASSP version 2.2.2(12255)
Sep-12-12 01:57:25 RebuildSpamDB will create a Hidden Markov Model!
Sep-12-12 01:57:25 RebuildSpamDB will create unicode enabled databases.
Sep-12-12 01:57:25 RebuildSpamDB
On 9/12/2012 12:15 PM, Colin wrote:
I'm not sure there is a need to go to old backups.
Run the steps that were suggested:
Upgrade
Enable Test Mode
Run rebuildspamdb
Disable Test Mdoe
Rerun rebuildspamdb
I have done this and am now getting:
2012-09-12 20:09:44 Corpus norm: 1. -
On 9/8/2012 1:46 AM, Thomas Eckardt wrote:
short very simple example : s/\S+// and s/\d+// will some times
produce different results on unicode encoded text in every dfferent
Perl version Running the rebuildspamdb in V2 against the same corpus,
each time using another Perl version - will
On 9/5/2012 4:02 PM, Doug Lytle wrote:
Daniel L. Miller wrote:
ASSP server log shows a connection to Postfix - nothing else.
What does telnet show when connecting? My server shows (Notice the
250-STARTTLS):
telnet assp.drdos.info 587
Trying 10.10.10.247...
Connected to assp.drdos.info
On 9/6/2012 3:57 PM, Daniel L. Miller wrote:
On 9/5/2012 4:02 PM, Doug Lytle wrote:
Daniel L. Miller wrote:
ASSP server log shows a connection to Postfix - nothing else.
What does telnet show when connecting? My server shows (Notice the
250-STARTTLS):
telnet 127.0.0.1 587
Trying 127.0.0.1
Is Unicode::GCString a new dependency?
--
Daniel
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond.
Operating under the assumption I'm doing something wrong...
I believe I have Postfix configured for TLS operation. Theoretically
relevant parameters:
in main.cf:
smtpd_tls_CAfile = /etc/postfix/tls/cakey.pem
smtpd_tls_cert_file = /etc/postfix/tls/cert.pem
smtpd_tls_key_file =
On 9/4/2012 7:44 AM, Grayhat wrote:
I've been reading some stuff and found that there are pros and cons to
what I'm suggesting... let me go straight to the ball; at the moment,
if ASSP uses DNS blacklists (or URIBLs for that) and if an IP (or URL
or domain) is listed (or at least the list
On 8/17/2012 11:54 PM, Thomas Eckardt wrote:
Yes, I saw it - there seems to be a call stack level and error handling
problem with Error.pm.
I'm just working on that.
I haven't seen any more of the spoofed efax messages reach my printer -
and I'm seeing SPFerrors, fails, neutrals, softfails,
On 8/18/2012 12:45 AM, Thomas Eckardt wrote:
Hi all,
fixed in assp 2.2.2 build 12231:
- If because of 'SPFlocalRecord' , 'SPFoverride' or 'LocalPolicySPF' a
SPF-fail was detected - the thrown error
was not correct handled and the SPF routine has returned OK.
changed:
- The analyzer
On 8/17/2012 1:44 AM, Colin wrote:
You're not the only one.
As of the last day or two we've seen a number of fake efax.com messages
getting through.
Does anyone have a legitimate subscription to efax.com so that we can
compare headers and see if there is an obvious regex for this?
I first
On 8/17/2012 5:16 AM, Thomas Eckardt wrote:
efax.com=v=spf1 mx/24 -all
This record in 'SPFoverride' may help.
It is possible that you have to expand or to change the entry, if efax.com
sends email not from the same class C network were there MX is located.
If the record contains the right
On 8/17/2012 8:26 AM, Thomas Eckardt wrote:
so the following SPF record in 'SPFoverride' will solve the problem.
Why use SPFoverride instead of SPFfallback - that way if efax actually
publishes a SPF record it can take effect.
--
Daniel
On 8/17/2012 8:26 AM, Thomas Eckardt wrote:
so the following SPF record in 'SPFoverride' will solve the problem.
efax.com=v=spf1 ip4:66.52.2.3 to be extended.. -all
I'm getting the same nothing to parse error for this.
--
Daniel
On 8/17/2012 9:27 AM, Daniel L. Miller wrote:
On 8/17/2012 8:26 AM, Thomas Eckardt wrote:
so the following SPF record in 'SPFoverride' will solve the problem.
efax.com=v=spf1 ip4:66.52.2.3 to be extended.. -all
I'm getting the same nothing to parse error for this.
I'm using Perl
On 8/17/2012 9:32 AM, Thomas Eckardt wrote:
So it seems there is a change in 2.008 that prevents assp from accessing
the record - will have a look.
Thomas
Looks like SPF is starting to process again - I'll see when the next
efax.com mail hits how it processes. In the meantime...here's a
On 8/17/2012 3:10 PM, Daniel L. Miller wrote:
On 8/17/2012 9:32 AM, Thomas Eckardt wrote:
So it seems there is a change in 2.008 that prevents assp from accessing
the record - will have a look.
Thomas
Looks like SPF is starting to process again - I'll see when the next
efax.com mail hits
I'm starting to get some messages from someone spoofing efax.com. As I
actually use their service, I do need to receive their messages. How
can I block these?
The spoofed messages show a valid efax.com sender address, a garbage
HELO, are actually sending to a spamtrap address (unfortunately
On 8/14/2012 1:25 AM, Thomas Eckardt wrote:
Or what about changing the color of the GUI to a 'nice' yellow after
some time of no update and later to a dazzlingly 'deafening :)' red.
Or another way would be to popup in the GUI - 'man - do an upgrade' -
more often than later the time (mean
On 8/15/2012 11:00 AM, Thomas Eckardt wrote:
In fact, having a manual update button could be a good thing.
Here it is (I can't remember how long):
(AutoUpdateASSP)
If this value is changed to 'download and install', the autoupdate
procedure will be scheduled immediatly.
...
I see
On 8/15/2012 12:22 PM, Thomas Eckardt wrote:
so admins can't read the changelog BEFORE installing
Oh ... admins who expects to find information at the 'Info and Stats'
screen would be able to read the current installed and the last available
change log :):):)
(Server Information)
Every day
On 8/13/2012 1:02 AM, Thomas Eckardt wrote:
Hi all,
fixed in assp 2.2.2 build 12226:
added:
- There is a new GUI option beside 'manage users' /
'change password', which allows an user to switch between the full GUI and
a mobile version of the GUI.
The mobile GUI version reduces the
On 8/13/2012 12:26 PM, Thomas Eckardt wrote:
The auto-restart is working for manual updates
So the restart works.
Check the permissions for the 'version.txt' file. We need to overwrite
this file!
change 'AutoUpdateASSP' to 'no auto update' and than back - watch the log.
Permissions are
On 8/10/2012 4:52 AM, Thomas Eckardt wrote:
ASSP should be able to detect every mobile device browser - if such a
browser is detected, ASSP uses the mobile view as default.
The 'autodetect' is switched of, if a user has selected any of the both
versions inside the opened session using the link
On 8/10/2012 4:52 AM, Thomas Eckardt wrote:
Hi all,
at
http://assp.cvs.sourceforge.net/viewvc/assp/assp2/test/
I've released a test version 2.2.2 build 1. This version is identical
to build 12221 except there is an GUI option beside 'manage users' /
'change password', which allows an
On 8/7/2012 11:34 PM, Thomas Eckardt wrote:
If these could be split to separate pages
This is case since the GUI exists.
Yes, the main page of the GUI contains alot of code. But you don't need to
use it. Every (separate) subpage could be requested using the right URL.
for example:
to
I run assp using a simple upstart script:
# assp - Anti-Spam Service Proxy
#
# assp
description ASSP
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 3 10
chdir /opt/assp2
exec /usr/bin/perl /opt/assp2/assp.pl /opt/assp2
I had no problems with this previously. Since
On 8/1/2012 10:04 AM, Thomas Eckardt wrote:
Hi all,
fixed in assp 2.2.2 build 12214:
Are these versions something I would auto-update to? Or is there a
separate download process? My system is still on 2.2.2 build 12196.
--
Daniel
At this time, unless I misunderstand, the statistics shown under
Message Statistics are for messages that are specifically blocked by
each category. So those tests that are specifically set to block will
show in these counters. However, all tests that are set to score have
no representation
performed
in a table and a counter incremented. That part is easy - generating
the hash seems like quite a bit of work. There are probably ways to do
so that are easier than others - but going back to my question above -
does anyone see value in this information?
--
Daniel L. Miller, VP
On 7/25/2012 10:54 AM, Charles Marcus wrote:
Ok, well...
Can you point me to documentation that explains how to setup ASSP such
that it totally bypasses/disables all of the 'SMTP Proxy' functionality,
so that it works only as a post-queue Content Filter?
Did my last ASSP list-post provide
On 7/25/2012 10:54 AM, Charles Marcus wrote:
On 2012-07-25 1:33 PM, Fritz Borgstedt f...@iworld.de wrote:
ASSP development mailing listassp-test@lists.sourceforge.net schrei
bt:
Could you (or Thomas) at least comment on the possibility/viability
of splitting ASSP's functionality into pre and
On 7/24/2012 8:58 AM, Thomas Eckardt wrote:
Where are the files stored?
IHMO it is only possible that a blocked noprocessing mail is stored in the
spam folder.
Thomas
Von:Wim Borghs wim.bor...@gmail.com
An: ASSP development mailing list assp-test@lists.sourceforge.net,
Datum:
On 7/18/2012 11:34 AM, Daniel L. Miller wrote:
On 7/18/2012 8:33 AM, Thomas Eckardt wrote:
The connection are held until assp stopps. They are checked every 120
seconds and renewed if not available. Firefox should have a connection
timeout of more than 3600 seconds.
I don't recommend
On 7/19/2012 6:00 AM, Daniel L. Miller wrote:
I've found something that may or may not be an issue. Reviewing DBI
traces, I see regular SQL statements of the form:
select * from table where pkey=''
I apologize for impugning ASSP - these statements are coming from the
Tie::RDBM module
On 7/14/2012 11:25 AM, Thomas Eckardt wrote:
- The Firebird is now supported (not recommended) by assp. To use this
database, the new released
file assp_db_import.cfg has to be used or the following line must be
added to this file.
Firebird|*|NOOP|NOOP|$sql_sm=execute block as begin
When ASSP does a cold start, my log contains entries such as:
Jul-17-12 23:17:32 [init] Using table spamdb in mysql
Database assp instead of file /opt/assp2/spamdb
Jul-17-12 23:17:32 [init] Using table spamdbhelo in mysql
Database assp instead of file /opt/assp2/spamdb.helo
I notice that on a cold start, ASSP doesn't appear to be fully
functional. Messages sent from local clients aren't sent - the client
connects, and then times out. Later attempts after a few minutes are
accepted without error.
Looking in the Worker/DB/Regex Status page, I see worker 1
On 7/18/2012 4:56 AM, Thomas Eckardt wrote:
remove and recreate the database
That did it! Thank you!
On first run, ASSP's startup time and performance seems markedly
increased, and cpu usage from Firebird is significantly decreased when
compared with Mysql.
--
Daniel
Can the values for griplist or droplist be set to DB: (the
interface doesn't explicitly say they CAN be)?
--
Daniel
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
Everything still working, but I see intermittent entries such as:
Jul-18-12 06:19:34 [Worker_1] Warning: Worker_1 - check the
database connections has taken 1.580 seconds (max=1.000s)
Jul-18-12 06:19:37 [Main_Thread] Warning: Main_Thread - check the
database connections has taken 1.968
On 7/18/2012 6:20 AM, Daniel L. Miller wrote:
Everything still working, but I see intermittent entries such as:
Jul-18-12 06:19:34 [Worker_1] Warning: Worker_1 - check the
database connections has taken 1.580 seconds (max=1.000s)
Jul-18-12 06:19:37 [Main_Thread] Warning: Main_Thread
Watching the Worker/DB/Regex Status screen, I will occasionally see
entries such as, ASSP::Senderbase::Query::results - 79.234.165.81
(stuck).
These can take an extended period of time to resolve.
--
Daniel
--
Live
On 7/18/2012 6:33 AM, Daniel L. Miller wrote:
Watching the Worker/DB/Regex Status screen, I will occasionally see
entries such as, ASSP::Senderbase::Query::results - 79.234.165.81
(stuck).
These can take an extended period of time to resolve.
Found these log entries:
Jul-18-12 07:21:44
On 7/18/2012 8:33 AM, Thomas Eckardt wrote:
The connection are held until assp stopps. They are checked every 120
seconds and renewed if not available. Firefox should have a connection
timeout of more than 3600 seconds.
I don't recommend the Firebird DB. The Perl DBD driver is incomplete
On 7/14/2012 11:25 AM, Thomas Eckardt wrote:
Hi all,
fixed in assp 2.2.2 build 12196:
- ASSP is now able to handle the different and buggy versions of
Win32::Unicode
all version from 0.33 to 0.36 will be ignored and all unicode features
will be disabled
changed:
- The Firebird is
On 7/11/2012 10:32 PM, Thomas Eckardt wrote:
Is there
something else I need to set to be able to find the problem?
Is there a different setting I need to use to be able to see database
error messages besides DatabaseDebug? Do I also need to turn on debug?
- you need to know how Tie::RDBM
I'm trying to use Firebird instead of Mysql. I've installed the perl
driver, and ASSP lists it as available in the possibilities for
DBDriver. I'm seeing ASSP errors on startup relating to illegal tokens
- which I think means ASSP is talking to Firebird just using improper
syntax.
I've set
I recently updated my Perl, and compiled the modules necessary to
implement the OCR plugin. Now, on receipt of a PDF, the email is
received with some standard headers, followed by:
CHECK_PDF flag is on.. at /usr/local/share/perl/5.14.2/PDF/OCR2/Base.pm
line 40. CHECK_PDF flag is on.. at
I keep having a permission problem with the griplist. Running on Linux,
via a simple upstart script. Just executes,
exec /usr/bin/perl /opt/assp2/assp.pl /opt/assp2
runAsUser:=vmail
runAsGroup:=mail
If I manually chown vmail.mail *, it works for a time - until the
griplist is built via a
Watching the Work/DB/Regex Status page, it looks like the rebuild is
processing 100 files every 5 seconds. Is this typical speed?
This is on an Opteron 4180, 8GB RAM, currently showing 2.5GB allocated
to cache, and tmpDB is mounted as a 512M RAM drive.
--
Daniel
This is an extract from my last rebuild:
Jun-22-12 06:28:24 generating Spamdb.helo records from 3,070 collected
HELO's
Jun-22-12 06:28:24 cleaning old Spamdb.helo records
Jun-22-12 06:28:24 done - cleaning old Spamdb.helo records
Jun-22-12 06:28:24 HELO Blacklist: 8 new, 11 now in list
Is it
On 6/22/2012 1:22 PM, Colin wrote:
I have twice as many collected HELOs and 60 times the number in the
blacklist..
2012-06-21 23:13:33 generating Spamdb.helo records from 7,043 collected HELO's
2012-06-21 23:13:55 cleaning old Spamdb.helo records
2012-06-21 23:13:58 done - cleaning old
I don't understand the sequence I'm seeing in the logfile. I've
interjected my questions.
Apr-12-12 16:14:03 [Worker_1] Connected: 173.232.144.15:51331
192.168.0.2:25 127.0.0.1:125
Apr-12-12 16:14:06 [Worker_1] 173.232.144.15 info: injected STARTTLS
request to 127.0.0.1
Apr-12-12 16:14:08
For a relatively low-volume single server, given that I have both
berkeleydb and mysql available and in use for other programs - which is
better for ASSP?
--
Daniel
--
Better than sec? Nothing is better than sec when
On 4/4/2012 6:14 PM, Daniel L. Miller wrote:
I'm getting hit with a lot of failed auth attempts. I believe an
account got hacked - and I'm seeing an huge amount of traffic trying to
log in using it. I've disabled the account - but of course they keep
trying.
ASSP is blocking the failed
I'm getting hit with a lot of failed auth attempts. I believe an
account got hacked - and I'm seeing an huge amount of traffic trying to
log in using it. I've disabled the account - but of course they keep
trying.
ASSP is blocking the failed attempts quite nicely - but my mail server
On 4/3/2012 9:32 PM, Thomas Eckardt wrote:
ASSP supports the replacement of the envelope recipient address
('ReplaceRcpt') based on the sender address but not vice versa.
Use the top menu link 'Recipient Replacement Test' to check/test your
settings.
Thanks! This works beautifully! I found
Is there an option to enable a X-Assp- header to show the confidence
value? I'm seeing Bayesian Probability entries scores - but no
confidence values.
--
Daniel
--
Better than sec? Nothing is better than sec when it
I have a need to re-write the sender address based on the recipient -
and vice versa. Does anyone know of a tool that can be used for this?
I'm currently using Postfix + ASSP - but I don't believe either of these
directly support such transformations.
--
Daniel
I see the following log line appear more than once - but no other
entries associated with the given connection. No indication of
acceptance or rejection. What happened
I'm seeing emails appear in my ASSP logs, such as:
Sep-23-11 14:40:38 31681-00885 [SSL-in] [SSL-out] [Whitelisted]
209.132.99.229 jwor...@helixelectric.com to: dmil...@amfes.com
whitelisted -- jwor...@helixelectric.com in whitelistdb -- [FW Wigwam
Apts] -*notspam/31681-00885.eml*;
That - to
1 - 100 of 208 matches
Mail list logo