No,
The MTA rejected the message and terminated the session between ASSP and
the MTA.
ASSP then sat idle and did not pass the 552 on to the client so the
connection between ASSP and the client timed out on both ends.
Had ASSP passed the 552 onto the client then the client would have
generated an
Thanks for the reply,
I was mainly asking about tracking down why connections are going
unanswered by ASSP when the OS has already seen them and iptables has
logged them. I have connection debug set to highest and nothing shows up
relating to these connections.
Is there any condition under which
Do you need to use country code scoring? If not, turn off DoSenderBase. You
could at least do that for testing or set it to monitor to ensure that is
the issue.
With many large companies using distributed networks you'll need quite a
large list of accepted countries.
On 6 Feb 2015 06:14, "Spyros T
Hi James,
My immediate thought with this is you are getting a clash of filenames in
the corpus.
Depending on your settings, the numbers in the filename of the collected
mail may not be unique and may be getting overwritten.
Resend requests match by filename and it will deliver the current file w
Hi,
I’ve noticed for a long time that we get a massive number of failed login
attempts from numerous different IP addresses.
There is one thing in common, the EHLO is ylmf-pc so I finally got around
to looking it up with Google and it turns out that it is the default
setting of a botnet calle
rieved via the
> Web-STATS-Interface. This makes it
> possible for firewalls or IP-filters to download and implement the file
> frequently.
> The URL to download the file looks like:
> http://assp.domain:3/extremeblack
> notice the appended '/extremeblack
wall?
>
> >so we don’t waste any more bandwidth on them
>220 geeting
> HELO ylmf-pc
>
> this seems to be not really much
>
> DelayIP:=150
> DelayIPTime:=5
>
> using these settings should do the tick
>
> Thomas
>
>
>
> Von:cw
> An: ASSP d
Hi,
We're struggling with a significant issue that impacts quite heavily on the
system. The issue is that a sender will start delivering a message with an
attachment above the noprocessing limit and also whitelisted.
The attachment comes in very slowly and the current example I have takes
about 9
at it
takes 9 hours to deliver a 5MB email and how can we troubleshoot that?
On Thu, Jan 21, 2016 at 11:20 AM, cw wrote:
> Hi,
>
> We're struggling with a significant issue that impacts quite heavily on
> the system. The issue is that a sender will start delivering a message with
happens, if there are only 1-5 TLS connection active at the same time.
> Or if this happens only, if multiple TLS connections from an IP are
> handled in the same worker at the same time?
> Maybe any module component gets somehow overloaded - Net::SSLeay for
> example. Who knows?
>
&g
> meanwhile the sender has closed the connection.
> There was something very very slow.
>
> Thomas
>
>
>
>
>
> Von:Grayhat
> An: assp-test@lists.sourceforge.net
> Datum: 21.01.2016 17:36
> Betreff: Re: [Assp-test] Connection issues
>
>
Hi Scott,
You beat me to it today. I've been trying to figure out why one of our
mailservers keeps crashing. It is the only one running up to date. The
others are running 16025 without crashing.
I get the following:
2016-02-10 15:21:39 [Main_Thread] Info: Main_Thread got connection request
2016-
Hi Scott,
I too have got perl modules up to date although I am running on Ubuntu LTS
14.04 64 bit.
I only have the rebuild running once per day and only running from on of my
ASSP instances as they have a shared corpus.
The instance that was locking up was not running the rebuild at all and I'm
I have:
UseSubjectsAsMaillogNames - ticked
MaxAllowedDups - 5
MaintBayesCollection - ticked
MaxBayesFileAge - 21
I was actually surprised by this, I could have sworn that in the past ASSP
used to check when saving messages. I would see lines in the logs during
message receipt saying something lik
Hi,
I’m not an expert at Regexs otherwise I’d look at this myself.
I’ve had someone emailing me about problems getting mail through and at
first glance it was due to an invalid HELO. At second glance, the HELO is
actually valid and points to a domain that has a valid DNS record. The HELO
is s
ange at the begin of this year (I think) - the default is
>
> file:files/validhelo.txt
>
> validhelo.txt:
>
> ^(?:\w[\w\.\-]*\.\w{2,64})$
> ^[a-fA-F0-9]{1,4}:([a-fA-F0-9:]{1,4}){1,}(?:(?:\.\d+){3})?$
>
>
> Thomas
>
>
>
>
> Von:cw
> An: ASSP
Howdy,
So I’ve been working on getting ASSP up and running on Ubuntu 16.04. I
upgraded one of our servers and have had a few minor issues. By and large
it has been fine.
For some reason, ASSP is logging “Mail::SPF::Query module is not
installed.” at startup when it is (Mail::SPF::Query is up
Hi Thomas,
I moved up to 16270 following this thread of discussion but then had a day
working away. I've come back to huge issues with delays, mails not going
through and many, many of these in the logs:
Info: unable to detect any running worker for a new connection - wait (max
30 seconds)
When I
Hi,
For a while now I've had stability problems with ASSP. It has generally
been one or two restarts a day. When I upgraded to 16270 I had huge
problems with delayed mail, mail not getting through at all and ASSP
continually shutting down each time there were thousands of "unable to
detect any run
I wish I'd spotted this before writing out the other message. I'll give it
a test now for you.
On Fri, Sep 30, 2016 at 2:17 PM, Thomas Eckardt
wrote:
> Collin, this should no longer happen using the updated 2.5.2 16274_1 at
> CVS /test
>
> Thomas
>
>
>
> Von:
o leave it running or whether this is
evidence of the same kind of unresponsiveness that cause me to have to roll
back earlier this week.
On Fri, Sep 30, 2016 at 3:29 PM, cw wrote:
> I wish I'd spotted this before writing out the other message. I'll give it
> a test now for you.
>
&
I've had to roll back now unfortunately as I'm getting email problems again
:(
On Fri, Sep 30, 2016 at 3:50 PM, cw wrote:
> Mixed results on this. So far no problems with running workers being
> logged but the GUI has become incredibly unresponsive. By unresponsive I
> m
Re: [Assp-test] Inbound TLS from gmail.com addresses /
> > > servers
> > >
> > >
> > >
> > > 70 and 71 is fine here (Windows).73 was SUPER fast with SSL
> messages
> > > from gmail, but then we got the idle / delay issues and had to
ttachment check, done in the body check of assp.pl or the ASSP_AFC plugin
>
> Thomas
>
>
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 30.09.2016 17:02
> Betreff:Re: [Assp-test] Inbound TLS from gmail.com addresses /
> servers
>
&
Hi Thomas,
After upgrading to this build ASSP was only listening on my internal
private subnet and was not accepting connections from the outside world.
I've had to go straight back down to 16275.
On Mon, Oct 3, 2016 at 1:44 PM, Thomas Eckardt
wrote:
> Hi all,
>
> fixed in assp 2.5.4 build 162
n can cause this.
>
> Thomas
>
>
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 03.10.2016 15:39
> Betreff:Re: [Assp-test] fixes in assp 2.5.4 build 16277
>
>
>
> Hi Thomas,
>
> After upgrading to this build ASSP was o
be affected by this that I need to
> clear?
>
> Nothing else changed other than stopping assp, downloading the latest from
> sourceforge and then starting up ASSP.
>
> On Mon, Oct 3, 2016 at 3:19 PM, Thomas Eckardt > wrote:
>
>> I'm sure, there is no chang
e and
I've had it on and off the past week.
All the best,
Colin.
On Mon, Oct 3, 2016 at 4:13 PM, cw wrote:
> I've been watching what the process is doing. It seems to be writing to
> the logfiles, or failing to. I have this:
>
> write(63, "2016-10-03 15:41:31 [Work
and explain a lot of the delays that people have
complained about.
Have I understood correctly or have I missed something obvious?
On Fri, Sep 30, 2016 at 3:25 PM, cw wrote:
> Hi,
>
> For a while now I've had stability problems with ASSP. It has generally
> been one or two re
Further development on this today, very little.
I have moved both servers onto Ubuntu 16.04 LTS which means going from perl
5.18 to 5.22 and rebuilding all perl modules from scratch.
The admin user db did not work after the upgrade so I had to empty the
tables before it would come back online.
I'
s if necessary, manually replace whitelist etc.
>
>
> On Tue, Oct 4, 2016 at 5:48 PM, cw wrote:
>
> > Further development on this today, very little.
> > I have moved both servers onto Ubuntu 16.04 LTS which means going from
> perl
> > 5.18 to 5.22 and rebuilding
the SF download
> page, before you started the new assp instance?
>
> https://sourceforge.net/projects/assp/files/ASSP%20V2%
> 20multithreading/ASSP%20V2%20module%20installation/Crypt-GOST/
>
> Thomas
>
>
>
>
>
> Von:cw
> An: ASSP development mailin
;ve provided an updated assp.pl (2.5.4 16279) in CVS /test. This version
> shows some more information, if 'WorkerLog' is set to diagnostic.
>
> Thomas
>
>
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 05.10.2016 10:10
> Betreff:
cally. Nothing external is involved in the shutdown
either, I do have an external script that will start ASSP back up when it
stops but that will take a minimum of 5 minutes to kick in to be sure it
isn't a temporary error or a shut down command is still running.
On Wed, Oct 5, 2016 at 10:47 AM,
e
> it
> hasn't made its way live yet.
>
> Sorry, my background CVS sync was not running - update is done.
>
> Thomas
>
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 05.10.2016 11:48
> Betreff:Re: [Assp-test] unable to detect
terminated.
On Wed, Oct 5, 2016 at 12:14 PM, cw wrote:
> Thanks.
>
> I've had both servers come up against unable to detect any running worker
> since clearing out all the files suggested. So I'm getting 16279 running
> now.
>
> I noticed the startup with those file
before so these have nothing to do with
it I'm afraid.
All the best,
Colin.
On Wed, Oct 5, 2016 at 12:38 PM, cw wrote:
> Hi Thomas,
>
> The init scripts and start/stop scripts must be hanging around from an
> earlier version. The start script pretty much calls /usr/bin/per
t; - no Razor2
>
> >2016-10-05 11:48:13 [Main_Thread] Info: Main_Thread freed by interrupted
> Worker_3 in 31.940 seconds - got (ok)
>
> This time value is near the end of the line. At this time a small count of
> additionally connections can lead in to an assp shutdown, bec
ction
and it still says 75. This server is firewalled and the only messages it
ever sees are from known Office 365 IP addresses along with the internal
test server that sends 1 message every 60 seconds.
On Wed, Oct 5, 2016 at 2:33 PM, cw wrote:
> Hi Thomas,
>
> Thank you for the rundow
PM, Thomas Eckardt
wrote:
> What are your setting for :
>
> ThreadCycleTime
> EnableHighPerformance
>
> Thomas
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 05.10.2016 15:51
> Betreff:Re: [Assp-test] unable to detect any runn
set 'EnableHighPerformance' back to the default - 'OFF'
>
>
> please run the following small perl script and tell me the output,
> Possibly run it multiple times. Is the sleep time very different?
> I expect to see a sleep time of 0.003 to 0.005 seconds
>
>
1 [Main_Thread] Info: Main_Thread can't interrupt
Worker_2 (1) at the moment - try next worker
On Wed, Oct 5, 2016 at 4:03 PM, cw wrote:
> I specifically checked netstat for established connections and didn't
> include any in the wait state or part open state. According to the O
tail' the maillog.txt on a console session
>
> tail -fn 30 /usr./maillog.txt
>
> do not use the shutdown_list (connection screen)!
>
> How it works now?
>
> Thomas
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 05.10.2016 1
worker".
Presumably with high performance set to off ASSP has enough time to recover
when the issue occurs. Hopefully this will buy me some leeway from having
to find an alternative and find the root cause of the issue.
On Wed, Oct 5, 2016 at 4:40 PM, cw wrote:
> Unfortunately not. Most
s. I'm wondering if the Ubuntu
implementation just starts at the number 70 for some reason.
On Wed, Oct 5, 2016 at 5:52 PM, Thomas Eckardt
wrote:
> 2.5.4 16279_1 is available at CVS /test.
>
> I tried to optimize the worker lookup process.
>
> Thomas
>
>
>
>
&g
> is STDOUT on every OS.
> Don't care about as long as the process runs well.
>
> >I believe this is caused by ASSP outputting some raw SMTP data to the
> logfile.
>
> maillog.txt is an UTF-8 file (contains the UTF-8 BOM at its start).
>
> If there everyting is
is enabled.
>
> Thomas
>
>
>
>
> Von:cw
> An: ASSP development mailing list
> Datum: 06.10.2016 11:47
> Betreff:Re: [Assp-test] unable to detect any running worker
>
>
>
> WorkerLog is reduced now thanks.
>
> Re the logging, something furth
It is released so in the main folder not test.
On 6 Oct 2016 21:40, "Jose A. Dias" wrote:
> Hmm... where can I find this version? The file on
> http://assp.cvs.sourceforge.net/viewvc/assp/assp2/test still claims to
> be 16279.
>
> --
> Jose Dias
>
> > -Original Message-
> > From: Thomas
Hi James,
You said IO::Socket::INET is 2.72 - are you sure this isn't
IO::Socket::INET6? The current IO::Socket::INET for me is 1.35
You've an admin connection opening during those logs indicating that in
fact ASSP is not completely losing its network connection. Can you confirm
this? Are you jus
Turn it off. As I found you shouldn't enable the high performance setting
unless you have a very good reason.
If you want to see the troubleshooting that led to it just look back at my
posts over the past week!
On 8 Oct 2016 13:51, "Vaibhav Jaiman" wrote:
> seeing assp worker thread getting stu
There's not much to go on there - looks like you're on Windows. What is
dying? Anything in the event logs? Perl core dumps? Have you been through
the usual make sure everything is up to date and checked your settings for
anything that may have been fiddled with?
On Sun, Oct 9, 2016 at 3:20 PM, vj
Can you stick it in bombRe for now to deal with it?
On Tue, Oct 18, 2016 at 3:50 PM, K Post wrote:
> We're getting slammed with these now. All of the files have
> uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password";> in
> them. Can we block based on content of a file??
>
> I
Look further back in the logs. The last activity maybe threads cleaning up
but you'll generally find earlier messages when the shut down was initiated.
Search specifically for "shutdown". Failing that check your server logs for
errors outside the application.
On 27 Oct 2016 08:43, "vj" wrote:
>
Hi,
I was under the impression that the email interface was for authenticated
connections from local domains only.
We had a problem customer that was "evicted" a few months back and I've
just got an email notifcation about them reporting a spam message
successfully to the email interface.
They a
Hi Thomas,
For my setup I would be fine with the the most strict setting. More
security is walkways better. However, it can be standard practice to have
monitoring or maintenance scripts access things with a different user in
the same group.
We keep talking about having a web interface to things
Have you updated all files or just assp.pl? The recent interface change
requires a lot of files to be replaced as described in the release notes.
Make sure everything is updated then clear your cache and try again.
All the best,
Colin
On 10 Feb 2017 10:11 a.m., "Renaud" wrote:
> Hi,
>
> I've l
I had a query yesterday relating to an email from Tuesday that was blocked.
The only check it failed was HMM & this should have been collected but it
was not.
I also had another query last week regarding the reasons for emails being
collected versus not. I didn't think too much at the time but may
Hi folks,
I've picked up two issues overnight.
One of my servers died last night with no obvious reason.
2017-07-25 21:43:08 [Main_Thread] Sig TERM
2017-07-25 21:43:08 [Main_Thread] Initializing shutdown sequence
There were still active threads, no lost connections or anything so I'm not
sure w
Hi,
I've just had a problem with my serves shutting down due to no running
workers.
Whilst they were off I took the opportunity to upgrade from 17261 to 17268.
The main mailserver was only up for a few minutes before it started
outputting:
2017-09-26 09:57:42 [Worker_1] Info: in resend_mail
Hi again,
I have one mailserver that occassionally decides it will not start properly.
It gets as far as the first "Listening for SMTP connections on 0.0.0:25 and
then the perl process exits.
However, if I set asDeamon to 0 and run:
/usr/bin/perl /usr/local/assp/assp.pl /usr/local/assp/
Then it
Hi Thomas,
Looks like a good feature. I'll have to double check the headers for this
message. I think the domains in all three from headers actually exist but
have no relation to the recipient.
As the smtp address & from headers are a legitimate but compromised account
the only header that would
Since last night’s rebuild I’m seeing the following in the rebuild logs:
2019-03-14 11:13:25 error: can't create HMM because of Storable errors
(/usr/local/assp/tmpDB/rebuildDB) - - e: Can't take log of 0 at sub
ASSP::MarkovChain::new line 57.
tmpDB is:
tmpfs /usr/local/assp/tmpDB tmpfs
.
On Fri, 15 Mar 2019, 06:37 Thomas Eckardt,
wrote:
> There seems to be exactly one record in HMMdb - this causes the error.
> Clean the HMMdb and run the rebuild.
>
> This is a bug and will be fixed in the next release.
>
> Thomas
>
>
>
>
>
> Von:
I've come across a problem a few times where entries in the whitelisted
domains file seem to be ignored.
This has happened again today. Both live filtering & the analyser make no
mention of whitelisted domains. They detect the mail as spam & remove the
entry from the personal whitelist.
These ema
64 matches
Mail list logo