Version 2, 5.10.
This morning I got a phishing spam email. The headers had no mention
of ASSP, so I was puzzled as to how this could be.
Looking at the log I could only find:
Aug-22-08 09:22:29 [Worker_2] Info: got STARTTLS request from
62.213.74.114
Looking at the postfix logs:
Aug 22 09:22:28 mail-bordo-com-au postfix/smtpd[3531]: connect from
localhost[127.0.0.1]
Aug 22 09:22:29 mail-bordo-com-au postfix/smtpd[3531]: setting up TLS
connection from localhost[127.0.0.1]
Aug 22 09:22:30 mail-bordo-com-au postfix/smtpd[3531]: TLS connection
established from localhost[127.0.0.1]: TLSv1 with cipher DHE-RSA-
AES256-SHA (256/256 bits)
Aug 22 09:22:31 mail-bordo-com-au postfix/smtpd[3531]: 3FFC03658E6D:
client=localhost[127.0.0.1]
Aug 22 09:22:31 mail-bordo-com-au postfix/cleanup[3461]: 3FFC03658E6D:
message-id=<[EMAIL PROTECTED]>
Aug 22 09:22:31 mail-bordo-com-au postfix/qmgr[440]: 3FFC03658E6D:
from=<[EMAIL PROTECTED]>, size=2934, nrcpt=1 (queue active)
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: connect from
localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: 6CC703658E75:
client=localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/cleanup[3461]: 6CC703658E75:
message-id=<[EMAIL PROTECTED]>
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 6CC703658E75:
from=<[EMAIL PROTECTED]>, size=3416, nrcpt=1 (queue active)
Aug 22 09:22:34 mail-bordo-com-au postfix/smtpd[3528]: disconnect from
localhost[127.0.0.1]
Aug 22 09:22:34 mail-bordo-com-au postfix/virtual[3529]: 6CC703658E75:
to=<[EMAIL PROTECTED]>, relay=virtual, delay=0.03,
delays=0.03/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 6CC703658E75:
removed
Aug 22 09:22:34 mail-bordo-com-au amavis[3149]: (03149-07) Passed
CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1]
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]
>, mail_id: jtQBvOq2Cfjm, Hits: -, size: 2928, queued_as:
6CC703658E75, 2700 ms
Aug 22 09:22:34 mail-bordo-com-au postfix/smtp[3525]: 3FFC03658E6D:
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024,
delay=3.2, delays=0.54/0/0/2.7, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 6CC703658E75)
Aug 22 09:22:34 mail-bordo-com-au postfix/qmgr[440]: 3FFC03658E6D:
removed
The email's header:
Reply-To: [EMAIL PROTECTED]
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1]) by
mail.bordo.com.au (Postfix) with ESMTP id 6CC703658E75 for <[EMAIL PROTECTED]
>; Fri, 22 Aug 2008 09:22:34 +1000 (EST)
Received: from mail.bordo.com.au ([127.0.0.1]) by localhost
(mail.bordo.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id jtQBvOq2Cfjm for <[EMAIL PROTECTED]>; Fri, 22 Aug 2008 09:22:31
+1000 (EST)
Received: from www.bizonplusmc.ru (localhost [127.0.0.1]) by
mail.bordo.com.au (Postfix) with ESMTP id 3FFC03658E6D for <[EMAIL PROTECTED]
>; Fri, 22 Aug 2008 09:22:31 +1000 (EST)
Received: from bizonplusmc by www.bizonplusmc.ru with local (Exim
4.66) (envelope-from <[EMAIL PROTECTED]>) id 1KWJUW-0004vQ-Mm
for [EMAIL PROTECTED]; Fri, 22 Aug 2008 03:22:56 +0400
X-Virus-Scanned: by amavisd-new by Sophos Anti-Virus for Macintosh
at bordo.com.au
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[EMAIL PROTECTED]>
I have left the "SSL Proxy and TLS support" section unchanged in my
settings.
Any reason why ASSP ignores spam sent via a TLS connection? Have I set
something up incorrectly or is it a bug?
Thanks,
James.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test