[Assp-test] TLS connection from spammer - spam got through

Thu, 21 Aug 2008 16:54:08 -0700 

Version 2, 5.10.
This morning I got a phishing spam email. The headers had no mention of ASSP, so I was puzzled as to how this could be. 

Looking at the log I could only find:


Aug-22-08 09:22:29 [Worker_2] Info: got STARTTLS request from  
62.213.74.114


Looking at the postfix logs:


Aug 22 09:22:28 mail-bordo-com-au postfix/smtpd[3531]: connect from  
localhost[127.0.0.1]
Aug 22 09:22:29 mail-bordo-com-au postfix/smtpd[3531]: setting up TLS  
connection from localhost[127.0.0.1]
Aug 22 09:22:30 mail-bordo-com-au postfix/smtpd[3531]: TLS connection  
established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA- 
AES256-SHA (256/256 bits)
Aug 22 09:22:31 mail-bordo-com-au postfix/smtpd[3531]: 3FFC03658E6D:  
client=localhost[127.0.0.1]
Aug 22 09:22:31 mail-bordo-com-au postfix/cleanup[3461]: 3FFC03658E6D:  
message-id=<[EMAIL PROTECTED]>
Aug 22 09:22:31 mail-bordo-com-au postfix/qmgr[440]: 3FFC03658E6D:  
from=<[EMAIL PROTECTED]>, size=2934, nrcpt=1 (queue active)
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: connect from  
localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: 6CC703658E75:  
client=localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/cleanup[3461]: 6CC703658E75:  
message-id=<[EMAIL PROTECTED]>
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 6CC703658E75:  
from=<[EMAIL PROTECTED]>, size=3416, nrcpt=1 (queue active)
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: disconnect from  
localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/virtual[3529]: 6CC703658E75:  
to=<[EMAIL PROTECTED]>, relay=virtual, delay=0.03,  
delays=0.03/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 6CC703658E75:  
removed
Aug 22 09:22:34 mail-bordo-com-au amavis[3149]: (03149-07) Passed  
CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1]  
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED] 
>, mail_id: jtQBvOq2Cfjm, Hits: -, size: 2928, queued_as:  
6CC703658E75, 2700 ms
Aug 22 09:22:34 mail-bordo-com-au postfix/smtp[3525]: 3FFC03658E6D:  
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024,  
delay=3.2, delays=0.54/0/0/2.7, dsn=2.0.0, status=sent (250 2.0.0 Ok:  
queued as 6CC703658E75)
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 3FFC03658E6D:  
removed


The email's header:

        Reply-To:       [EMAIL PROTECTED]
        Return-Path:    <[EMAIL PROTECTED]>
        X-Original-To:  [EMAIL PROTECTED]
        Delivered-To:   [EMAIL PROTECTED]

	Received: 	from localhost (localhost [127.0.0.1]) by  
mail.bordo.com.au (Postfix) with ESMTP id 6CC703658E75 for <[EMAIL PROTECTED] 
>; Fri, 22 Aug 2008 09:22:34 +1000 (EST)
	Received: 	from mail.bordo.com.au ([127.0.0.1]) by localhost  
(mail.bordo.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP  
id jtQBvOq2Cfjm for <[EMAIL PROTECTED]>; Fri, 22 Aug 2008 09:22:31  
+1000 (EST)
	Received: 	from www.bizonplusmc.ru (localhost [127.0.0.1]) by  
mail.bordo.com.au (Postfix) with ESMTP id 3FFC03658E6D for <[EMAIL PROTECTED] 
>; Fri, 22 Aug 2008 09:22:31 +1000 (EST)
	Received: 	from bizonplusmc by www.bizonplusmc.ru with local (Exim  
4.66) (envelope-from <[EMAIL PROTECTED]>) id 1KWJUW-0004vQ-Mm  
for [EMAIL PROTECTED]; Fri, 22 Aug 2008 03:22:56 +0400
	X-Virus-Scanned: 	by amavisd-new by Sophos Anti-Virus for Macintosh  
at bordo.com.au

        Mime-Version:   1.0
        Content-Type:   text/html
        Content-Transfer-Encoding:      8bit
        Message-Id:     <[EMAIL PROTECTED]>



I have left the "SSL Proxy and TLS support" section unchanged in my  
settings.



Any reason why ASSP ignores spam sent via a TLS connection? Have I set  
something up incorrectly or is it a bug?


Thanks,

James.



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






















					Reply via email to