[Assp-test] ASSP version 2.8.2 *SPAM-Eliminator* build 24031

[Doug Lytle via Assp-test]

Thomas,

I'm seeing the below log entries in assp:


    Encountered a 500 error
    
    An error has been encountered in accessing this page.
    1. Server: assp.sourceforge.net
    2. URL path: /cgi-bin/assp_griplist
    3. Error notes: End of script output before 
headers: assp_griplist

    4. Error type: 500
    5. Request method: POST
    6. Request query string: binary
    7. Time: 2024-02-25 12:59:28 UTC (1708865968)
    Reporting this problem: The problem you have 
encountered is with a project web site hosted by SourceForge.net.  This 
issue should be reported to the SourceForge.net-hosted project (not to 
SourceForge.net).
    If this is a severe or recurring/persistent problem, 
please do one of the following, and provide the error text (numbered 1 
through 7, above):
    Contact the project via their href="https://sourceforge.net/support/prweb-lookup.php?host=assp.sourceforge.net=1;>designated 
support resources.
    Contact the project administrators of this project via 
email (see the upper right-hand corner of the href="https://sourceforge.net/support/prweb-lookup.php?host=assp.sourceforge.net;>Project 
Summary page for their usernames) at 
user-name@users.sourceforge.net


    If you are a maintainer of this web content, please refer to 
the href="https://sourceforge.net/p/forge/documentation/Project%20Web%20Services/;>Site 
Documentation regarding web services for further assistance.


    NOTE: As of 2008-10-23 directory index display has been 
disabled by default. This option may be re-enabled by the project by 
placing a file with the name ".htaccess" with this line:

    
    Options +Indexes
    

    


Doug
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] TLDlist download failed

[Doug Lytle via Assp-test]

Thomas,

I've started seeing the below errors in my logs today.  Reviewing 
further back, it started on the 23rd.


26-04-2023 04:47:40 [Worker_1] AdminInfo: level-2-TLDlist download 
failed: HTTP/1.1 404 Not Found


26-04-2023 04:47:40 [Worker_1] AdminInfo: level-3-TLDlist download 
failed: HTTP/1.1 404 Not Found


ASSP version 2.8.2  *SPAM-Eliminator*  build 23089

lsb_release -a

No LSB modules are available.
Distributor ID: Devuan
Description:    Devuan GNU/Linux 3 (beowulf)
Release:    3
Codename:   beowulf

Doug
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Timeout for 3rd DNS?

[Doug Lytle]

On 12/31/21 9:24 AM, Dirk Kulmsee wrote:

sourceforge.net and got an answer, thus DNS not failing.


Now I understand!

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Timeout for 3rd DNS?

[Doug Lytle]

On 12/31/21 7:25 AM, Dirk Kulmsee wrote:

sourceforge.net.146 IN  A   204.68.111.105


Dirk,

As far as I an aware, sourceforge.net does not provide a public DNS.

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] No more update to the "http" repository ?

[Doug Lytle]

>>> Sorry to bother you but it seems that the http repository on sourceforge 
>>> for assp.pl is not updated (18 Aug 2021)

Davide,

I belive Thomas uses Sourceforge for stable releases and only gets updated 
periodically.

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Rebuild SpamDB worker thread at startup hangs

[Doug Lytle]

On 10/3/21 7:53 PM, K Post wrote:
Thanks Doug.  How long does it take to start the rebuild SpamDB worker 
though?  Mine also runs 11, and seemingly fine, it just takes a 
long time to start.  I don't know why it starts before the GUI or 
SMTP, but suspect that it needs to be running if it's going to track 
mail for the rebuild as it arrives.


Looks like Thomas may have fixed your startup problem,

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Rebuild SpamDB worker thread at startup hangs

[Doug Lytle]

>>> I've been messing around (I don't think I broke anything), but at command 
>>> line "starting rebuild SpamDB worker thread" sits for 3+ minutes. 

Kevin,

Restarting my install shows

Starting rebuild SpamDB worker thread [10001] - ThreadCycleTime is set to 30 
microseconds

I'm running under Devuan 3 Linux

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP auth errors - block only on main port?

[Doug Lytle]

>> Summary question: is there a way to immediately ban IP's that try SMTP auth 
>> on a specific port, but not on other ports?  Allow SMTP auth on listenPort2, 
>> but immediately ban any IP that fails SMTP auth on port 25? 

I don't think that is currently an option with ASSP, but I currently do that 
with fail2ban, since I only auth on 587

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ResendMail folder

[Doug Lytle]

I tested this under Linux.

Copied an old email to resend at 11:54am
It was resent at 11:56am

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SPF Override issue

[Doug Lytle]

Thanks Thomas, none of their DNS entries show the incoming IP Address.  

I went back to keeping a list of addresses.  On a positive note, it appears 
they only have 2 addresses.  Once I cleared the SPFCache, the inbound checks 
passed.

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] SPF Override issue

[Doug Lytle]

First about my system:

lsb_release -a
No LSB modules are available.
Distributor ID: Devuan
Description:    Devuan GNU/Linux 2.1 (ascii)


perl -v

This is perl 5, version 24, subversion 1 (v5.24.1) built for 
x86_64-linux-gnu-thread-multi

(with 90 registered patches, see perl -V for more detail)

ASSP version 2.6.4 **SPAM-Evaporator**  build 20224

It would appear that SPF Override is no longer functioning.

My bank has a horribly broken SPF Record and I've maintained a large 
group of IP Addresses with SPF Override to get around this. They've 
recently changed email providers and again messed up their SPF Record.


So, reading the instructions on the SPF Override page, I decided to go 
with the:


"If you specify only domains the Local SPF Record ( SPFlocalRecord 
 ) below will be used as 
default"


So, I only add the domain name of the provider to the spfoverride.txt.  
I also verified the the SPFlocalRecord is at it's default of


v=spf1 a/24 mx/24 ptr -all

The email was blocked this morning with an SPF failure.  Am I 
misunderstanding the instructions?


Also, several links on that page are dead.

It appears senderbase was purchased by Talosintelligence

And the spfgenerator link leads to a Not found error.

Thanks!

Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP version 2.6.4 *SPAM-Evaporator* build 20182

[Doug Lytle]

Running under Devuan ascii.

I have a user that is getting falsified fedex.com email.  The ASSP 
analyzer is throwing red flags everywhere.


User is a SPAMLOVER, but with filter rules that move anything tagged 
with spam to move to the junk folder, but this version of ASSP is not 
tagging as spam and is moving the email to the notspam folder.


Any suggestions on what I have incorrectly set?

Thanks!

Doug


Analyzer logs below:


*General Hints:*

analyze is restricted to a maximum length of 6438 bytes
attachments will be fully scanned for viruses
text processing uses unicode normalization
regular expression matches and results are truncated to 32 (RegExLength) 
 characters

ASSP-ID: assp.drdos.info m1-46908-00904
ASSP-Session: 56447D709E38 (mail 1)
removed all local X-ASSP- header lines for analysis
Connecting IP: '80.20.79.130'
Connecting HELO: host-80-20-79-130.business.telecomitalia.it

*host and sender authentications:*
host ' (68.125.64.65)' authenticated to 
'host-80-20-79-130.business.telecomitalia.it' using 'ESMTPA'


*sender and reply addresses:*
MAIL FROM: hardeners...@pvma9.prod.fedex.com
From: dion.ke...@fedex.com

*recipient addresses:*
RCPT TO: hiddenaddr...@drdos.info
To: hiddenaddr...@drdos.info
*using enhanced Originated IP detection for all except the most origin 
IP addresses*
•detected IP's on the mail routing way: 
68.125.64.65(adsl-68-125-64-65.dsl.pltn13.pacbell.net)

•detected source IP: 68.125.64.65

*Subject: *awb 754738349582
*Feature Matching:*

*• Whitelisted Domains*: '@fedex.com'
*• DoNoFrom *: OK - mode is scoring
*• 80.20.79.130 is in SPFCache*: status=none with 
helo=host-80-20-79-130.business.telecomitalia.it
*• SPF-check returned OK* for 80.20.79.130 -> 
hardeners...@pvma9.prod.fedex.com, 
host-80-20-79-130.business.telecomitalia.it
 • SPF: none (cache) ip=80.20.79.130 
mailfrom=hardeners...@pvma9.prod.fedex.com 
helo=host-80-20-79-130.business.telecomitalia.it
*• DMARC-check returned OK - results:* dmarc: pass , spf: pass , dkim: 
neutral

*• URIBL check *: 'OK'
*• † • virus detected: 'Sanesecurity.Badmacro.Xls.spcshell3.UNOFFICIAL'*
*• Valid Format of HELO 
*: 
'host-80-20-79-130.business.telecomitalia.it'
*• Invalid Format of HELO*: 'highest match: "80-20-79" with valence: 5 - 
PB value = 5'
 • matching invalidFormatHeloRe(file:files/invalidhelo.txt[line 4]): 
'\d{1,3}[-x.]\d{1,3}[-x.]\d{1,3}'

*• IP in Helo check *: 'failed'
 • IP in Helo result: 'Suspicious HELO - contains IP: 
'host-80-20-79-130.business.telecomitalia.it''

*• AUTH would be disabled*
*• RBLCheck returned OK for 68.125.64.65*: DNSBL: neutral, 68.125.64.65 
listed in l2.apews.org - message score: 17

• RBLScore: l2.apews.org -> 127.0.0.2 -> 17
*• RBLCheck returned FAILED for 80.20.79.130*: DNSBL: failed, 
80.20.79.130 listed in dnsbl-1.uceprotect.net zen.spamhaus.org - message 
score: 75

• RBLScore: zen.spamhaus.org -> 127.0.0.4 -> 50
• RBLScore: dnsbl-1.uceprotect.net -> 127.0.0.2 -> 25
*• domain pvma9.prod.fedex.com (in Mail From:) has no valid MX record*
*• domainMX has a valid A record*: 204.135.242.200
*• domain fedex.com (in From) has a valid MX record*: mapper.gslb.fedex.com
*• domainMX mapper.gslb.fedex.com has a valid A record*: 204.135.242.198
*• 80.20.79.130 is in PTRCache*: status=PTR NOTOK - 
host-80-20-79-130.business.telecomitalia.it





___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] 20161 - relay auth failures after update - no auth used

[Doug Lytle]

On 6/27/20 8:17 AM, K Post wrote:
Is anyone else seeing this? 


I'm not, all 535 messages are from outside my home network.

Searching for unauthenticated results in no hits.

This, though is only a small setup for my home mail server.

Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Missing MX, A, and FROM for specific sender. Unicode problem?

[Doug Lytle]

>>> Interesting idea Doug.  Do any of your users happen to get any SurveyMonkey 
>>> notifications?  These are sent to the owners of surveys.  I'm curious if 
>>> you're seeing the same malformed info in the headers.

I'm no longer with that company and do not recall,

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Missing MX, A, and FROM for specific sender. Unicode problem?

[Doug Lytle]

This is not a necessarily resolution, but possibly a workaround for you.

In a past life, I've had some mail servers that just caused more issues then 
they were worth, so I ended up identifying their mail server(S) range of IP 
Addresses and placed those in an alias on the firewall and did a NAT directly 
to the mail server instead of ASSP If they were destined for port 25.

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Put user ID in warning message of failed smtp auth

[Doug Lytle]

On 12/8/19 7:11 AM, Thomas Eckardt wrote:
Is there anyone else, who needs permanently to show authentication 
information multiple times in unsecured plain text?


At a previous employer and currently on my home mail server, I generate 
Authentication Failure reports daily.  And like Mr. Post, I am using 
$main::AUTHLogUser = 1; as a driver for those reports.


I don't necessarily need username logged though, but I wouldn't complain.

This gives me and my previous employer visibility as to what type of 
passwords that the current generation of bots are using and to be 
proactive on changing passwords of end users if things are getting a bit 
to close to real passwords (Case was incorrect or there was a number 
missing, etc).


My previous employer made the statement that, we wouldn't be in the IT 
position if we couldn't be trusted with sensitive information.


Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Testing new server - everybody timeout with TLS

[Doug Lytle]

Daniel,

The contents that are marked REDACTED are strings that look to be internally 
generated by ASSP.  Sorta like an MD5SUM.

Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Testing new server - everybody timeout with TLS

[Doug Lytle]

On 4/22/19 12:07 AM, Daniel Miller via Assp-test wrote:
Do I need to add anything to smtpDestinationSSL - even though I'm not 
using listenPortSSL? 


My TLS and SSL settings below.  Just to also make sure, that your DNS 
destination matches your certificate.  For example, smtp.yourdomain.com 
would match what you have your users outgoing SMTP settings set to.


I'm also running this on Devuan GNU/Linux 1.0 (jessie)

Doug

TLS Settings:

AUTHrequireTLS:=0
enableTLS4VRFY:=
tlsValencePB:=0
DoTLS:=2
NoTLSlistenPorts:=
TLStoProxyListenPorts:=
noTLSIP:=REDACTED


SSL Settings:

syncUsesSSL:=
listenPortSSL:=
smtpDestinationSSL:=
DoLDAPSSL:=0
enableWebAdminSSL:=1
enableWebStatSSL:=
SSL_version:=REDACTED
SSL_cipher_list:=
SSLPKPassword:=
SSLKeyFile:=REDACTED
SSLCaFile:=REDACTED
SSLCertFile:=REDACTED
SSLAdvancedServerConfigFile:=
banFailedSSLIP:=0
noBanFailedSSLIP:=192.168.0.0/16
SSLRetryOnError:=1
SSLtimeout:=5
maxSSLRenegotiations:=10
SSLDEBUG:=0
webSSLRequireClientCert:=
SSLWEBCertVerifyCB:=
SSLWEBConfigure:=
statSSLRequireClientCert:=
SSLSTATCertVerifyCB:=
SSLSTATConfigure:=
smtpSSLRequireClientCert:=
SSLSMTPCertVerifyCB:=
SSLSMTPConfigure:=
useIOSocketSSL:=1
useNetSMTPSSL:=1




___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Testing new server - everybody timeout with TLS

[Doug Lytle]

On 4/21/19 10:51 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:

cert.pem is used for SSLCertFile
privkey.pem is used for SSLKeyFile
fullchain.pem is used for SSLCAFile 


I am doing this as well.

Since moving to LetsEncrypt, I haven't had issues with SSL/TLS on ASSP

Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Help blocking images of text spam

[Doug Lytle]

On 4/4/19 12:13 PM, K Post wrote:

Hi Doug,
Haven't heard from in a while  Hope all is well!


I've been around, lurking, but no longer manage an ASSP installation, 
other then my home system.


I don't think that'll work for our environment.  We see tons of jpgs 
as attachments / embedded in legitimate email like with people sending 
charts, meeting room floor plans, screen shots, photos of their kids, 
logos in signatures.


Then OCR is probably the way forward.  But, I've never used it, so do 
not know how difficult it is to set up.


Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Help blocking images of text spam

[Doug Lytle]

Depending on the size of the client,

I temporarily would ban jpg and jpeg.  I would announce company wide as to why.

I'd have them stored in the quarantine folder for daily review
On a valid blocked email, I would discuss with the recipient


Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP filtering EHLO responses?

[Doug Lytle]

On 4/1/19 4:42 PM, James Moe via Assp-test wrote:

   Two EHLO responses are show below. The first is the response through
ASSP from port 587. The second is the response directly from port 587.
STARTTLS is missing from the response through ASSP!
   Why are they different?
   What settings affect this?
   How do I correct it?


If there is a failure to establish an TLS/SSL connection (Typically 
internet communication hiccups), that IP Address will be placed in the 
SSL-Failed Cache.


You can clear the cache manually, or it will eventually be purged by the 
ASSP maintenance.


Doug



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP and Perl 5.28?

[Doug Lytle]

>>> starting 5 communication worker threads .Thread 6 terminated 
>>> abnormally: error: AsspSelfLoader is unable to load code from file 
>>> /opt/assp/sl-cache/main-ThreadStart.sl - Too many open files

>>> After that assp.cfg is scrambled again, containing values like 
>>> „runAsUser:=5c13dfe7a63b36ed00061f028b“.

I think username isn't scrambled, but is done as a security precaution.

To fix the too many open files, I had to modify

/etc/security/limits.conf

I added:

*   softnofile  65535
*   hardnofile  65535

And then rebooted

To view your current maximum open files limit type, as root

ulimit -a

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fail2ban ASSP filter

[Doug Lytle]

On 07/01/2018 07:08 AM, James Brown via Assp-test wrote:

Does any have a good fail2ban filter for ASSP?

I have this filter:

/# Fail2Ban filter for Anti-Spam SMTP Proxy Server also known as ASSP/


I had to change the logging format in ASSP to get fail2ban to work, 
please modify to your environment,


Doug



Date/Time Format in LogDate /(LogDateFormat)/

Use this option to set the logdate. The default value is 'MMM-DD-YY 
hh:mm:ss'. The following (case sensitive !) replacements will be done:



And then my filter is


cat assp_auth_failure.conf

# Fail2Ban configuration file
#
# Author: Viktor Ferenczi (python  cx  hu)
#

[Definition]


# Example: Nov-13-12 02:35:08 [Worker_5] Connected: 89.231.202.192:3500 
> 10.0.0.10:587 > 10.0.0.12:25
#  Nov-13-12 02:35:11 [Worker_5] 89.231.202.192 info: injected 
STARTTLS request to 10.0.0.12
#  Nov-13-12 02:35:11 [Worker_5] [TLS-out] 89.231.202.192 info: 
authentication - login is used
#  Nov-13-12 02:35:13 [Worker_5] [TLS-out] 89.231.202.192 
warning: SMTP authentication failed
#          Nov-13-12 02:35:13 [Worker_5] [TLS-out] 89.231.202.192 [SMTP 
Error] 535 5.7.8 Error: authentication failed: authentication failure



failregex = \[TLS-out\]  .*?535 5.7.8

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fail2ban ASSP filter

[Doug Lytle]

On 07/01/2018 07:31 AM, Doug Lytle wrote:
Date/Time Format in LogDate /(LogDateFormat)/ 


That didn't work well. The format for date:

DD-MM- hh:mm:ss

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP Downloads

[Doug Lytle]

I currently have ASSP to download new versions, but I manually install them.  
Reviewing the download directory today shows the current assp.pl of 652 bytes? 
The time stamp was Feb 13, 20:40 EST; examining the contents show:


SourceForge

https://code.jquery.com/jquery-1.11.0.min.js";>
https://sourceforge.net/js/mirrors.js";>


var DR_loc = DR_parse_hash_url();
if (DR_loc) {
DR_sf_main(DR_loc);
} else {
window.location.href = 'https://sourceforge.net/home.html';
}



We're sorry -- the Sourceforge site is currently in Disaster Recovery mode, and 
currently requires
the use of javascript to function.  Please check back later.




I wonder what havoc this has caused others that auto-install?

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Postfix (or probably any SMTP server) logs

[Doug Lytle via Assp-test]

>>> Is there something I can adjust to have the "true" external sender IP 
>>> and the attempt login name exposed in my mail server logs?

I run fail2ban on the ASSP server and it drops the connections

Doug


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP SPF Failures

[Doug Lytle via Assp-test]

I'm receiving reports of email failures from rackspace.com.  Their SPF record 
is HUGE, but passes testing from mxtoolbox.com and kitterman.com testing tools, 
I've temporarily had to use SPF override to accept all mail from them.  Is this 
a bug?

The logs are showing:


19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 Message-Score: added -10 (tlsValencePB) for 
SSL-TLS-connection-OK, total score for this message is now -10
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED Whitelisted sender Domain: 
@rackspace.com
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED DKIM-Signature found
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED info: detected IP's on the mail 
routing way: 50.56.229.13, 216.32.180.54
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED info: detected source IP: 
50.56.229.13
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED info: domain rackspace.com has 
published a DMARC record
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED SPF: found SPAMMER SPF 
record/mechanism 'mechanism 'ip4:192.237.132.24/31' matched' for domain 
rackspace.com - SPF result is set to 'fail'
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED Message-Score: added 10 
(spfValencePB) for SPF fail, total score for this message is now 0
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] [SPF] 
192.237.132.24  to: leesa@REDACTED [spam found] (SPF 
fail) [FW Associates Rackspace] -> 
/assp/spam/FW_TMP_Associates_Inc_Rackspace--4160149.eml;
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [TLS-out] 192.237.132.24 
 to: leesa@REDACTED [SMTP Error] 554 5.7.1 failed SPF: 
rackspace.com: 192.237.132.24 is authorized to use 
'prvs=0369bdad92=redac...@rackspace.com' in 'mfrom' identity (mechanism 
'ip4:192.237.132.24/31' matched)
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 
 to: leesa@REDACTED finished message - received DATA 
size: 3.58 kByte - sent DATA size: 0 Byte
19-07-2017 14:37:47 m1-89467-06286 [Worker_7] [TLS-in] [SSL-out] 192.237.132.24 
 to: leesa@REDACTED disconnected: session:7FB97C4C7410 
192.237.132.24 - processing time 1 seconds

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Possible feature requests

[Doug Lytle via Assp-test]

>>> but I don't know how to implement immediate blocking after multiple 
>>> different IPs fail.

I should elaborate a little.

I don't track ASSP logs for failures of any particular email address, I look 
for any auth failures on a per IP Address basis and ban accordingly

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Possible feature requests

[Doug Lytle via Assp-test]

[assp_auth_failure]


# Ignore failures on our local networks
ignoreip = 127.0.0.1 172.21.0.0/16 192.168.0.0/16 10.0.0.0/24

enabled  = true
port = smtp,ssmtp
filter   = assp_auth_failure

action   = iptables-multiport[name=ASSP_AUTH, port="25,587", protocol=tcp]
   sendmail-whois[name=ASSP_AUTH, dest=supportemailaddress]
logpath  = /assp/logs/maillog.txt

# Monitor failures within a 7 day period
findtime = 10080

# Ban for 7 days
bantime  = 10080

# 5 failures from a single IP address within $findtime will cause the ban
maxretry = 5


Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Possible feature requests

[Doug Lytle via Assp-test]

>>> My initial reaction to this was "cool idea!", but then I thought about the 
>>> implications to valid users. 

I currently do this with Fail2Ban with an expire time.

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP Timeouts [SOLVED]

[Doug Lytle]

>>> On Dec 19, 2015, at 2:39 PM, support supp...@drdos.info wrote:

Thomas Eckardt wrote:
>> Would setting it to 2, 3 or even 4 be of help?
> At least 3 would be required. So we can see, if there is a renegotiating
> problem.


> Thomas,

> I have a Postfix loglevel 3 on a TLS timeout, would you like me to send 
> the archive directly to you?  It's 165KB compressed.


Just following up on this old thread.  

My problem went away when I started using valid SSL Certificates from 
LetsEncrypt.

It's been 3 months without failure.

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.5.6 build 17036

[Doug Lytle]

On 02/05/2017 09:50 AM, Thomas Eckardt wrote:
> At the end - is this really a problem?

Yes; non-executable file type should not have it's execute bit set.  
Scripts and programs, yes, but not the .bak nor .txt or even the .db

Code accidentally or maliciously being entered would run.

Just my opinion,

Doug


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.5.6 build 17036

[Doug Lytle]

On 02/05/2017 06:34 AM, Thomas Eckardt wrote:
> Hi all,
>
> fixed in assp 2.5.6 build 17036:

Thomas,

I've just noted that in build 2.5.6(17026) under Linux, ASSP is setting 
the execute bit on all files in the ASSP directory.

Doug


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] LetsEncrypt SSL Certs with ASSP

[Doug Lytle]

On 01/22/2017 08:06 AM, Thomas Eckardt wrote:
> As long as you provide the certificate(s) and privat key(s) in PEM 
> format, this should be possible.
>
> Thomas
>

Indeed it does,

Thanks Thomas!

Doug

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] LetsEncrypt SSL Certs with ASSP

[Doug Lytle]

Hey guys,

I just followed and setup LetsEncrypt SSL Certificates for my Zimbra 
mail server following the below link:

https://forums.zimbra.org/viewtopic.php?f=15=60781

I wanted to know if this could also be used for SSL/TLS communications 
with ASSP?

We have problems with our MACs not liking to use self-signed 
certificates and was hoping that using a valid certificate, we could get 
around that issue.

Doug


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.5.4 build 16358

[Doug Lytle]

On 12/23/2016 07:49 AM, Thomas Eckardt wrote:
> The GUI got a new design. ASSP will try to download and to install the 
> updates contained in the images folder.

Thomas,

I've just installed the new version of ASSP on my home system and I just 
LOVE the re-designed GUI!

Thanks for all you do for us!

Doug


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Password Protected "RTF" Files Slipping Through

[Doug Lytle]

>>> On Oct 18, 2016, at 11:20 AM, K Post nntp.p...@gmail.com wrote:
>>> Doug,
>>> So you're seeing this too!  Did it just start this morning?

Yes and that it did.

Doug


--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Password Protected "RTF" Files Slipping Through

[Doug Lytle]

>>> On Oct 18, 2016, at 11:12 AM, K Post nntp.p...@gmail.com wrote:

>>> organizations (some really big ones too) are seeing this on their mail
>>> systems this morning too.

I took the hammer approach and temporarily put it in the blocked attachment 
list.

Doug

--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

Thomas Eckardt wrote:
> Doug,
>
> please download and test ass.pl from
>
> http://assp.cvs.sourceforge.net/viewvc/assp/assp2/test/
>
> tell me if it works.

Thomas,

This fixed the issue.

Doug


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

Thomas,

I'll have to do that after hours.  I'll put it into place tonight and report 
then.

Thank for looking into this!

Doug

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

>> Do you use any symlink, hardlink or network filesystem for the 'logs' 
>> folder or the files?

No sir.

And,

Reverting back to 16080 fixes the issue.


--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

I guess it does not.

Just a side note, to be able to get Fail2Ban to work, I've changed the default 
log format to:

DD-MM- hh:mm:ss

Doug

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

Yes.

Hopefully the list supports small images:

--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Blockreports still not working

[Doug Lytle]

Thomas Eckardt wrote:
> set 'ReportLog' to diagnostic - post the log the request.
>
>


11-04-2016 05:12:09 [Main_Thread] Admin connection from user root on 
host 192.168.200.2:51415; page:/; 
session-ID:149029aec879d1ac7fb25f35c1720f67;
11-04-2016 05:12:09 [Main_Thread] AdminUpdate: [root 192.168.200.2] 
ReportLog changed from 'standard (1)' to 'diagnostic (3)'
11-04-2016 05:12:09 [Main_Thread] Saving config
11-04-2016 05:12:09 [Main_Thread] Info: saved config to 
/assp/assp.cfg.tmp - which is now renamed to /assp/assp.cfg
11-04-2016 05:12:09 [Main_Thread] Finished saving config
11-04-2016 05:12:20 [Worker_1] Connected: session:181BD4A0 
127.0.0.1:42019 > 127.0.0.1:25 > 10.0.0.12:25
11-04-2016 05:12:20 [Worker_1] Disconnected: session:181BD4A0 127.0.0.1 
- processing time 0 seconds
Info: BlockReport::modify::modify called (suppressed 2 concurrent equal 
'Info' loglines from all Workers)
11-04-2016 05:12:23 [Worker_1] Info: processing queued blocked mail 
request from bsqui...@ourdomain.com
11-04-2016 05:12:23 [Worker_1] Info: BlockReport::modify::modify called
11-04-2016 05:12:23 [Worker_1] Info: BlockReport will call the 
module BlockReport::modify to make your custom changes
11-04-2016 05:12:23 [Worker_1] Info: search dates are: '11-04-2016', 
'10-04-2016', '09-04-2016', '08-04-2016', '07-04-2016', '06-04-2016'
11-04-2016 05:12:23 [Worker_1] Info: BlockReport global filter:
11-04-2016 05:12:23 [Worker_1] Info: BlockReport::modify::modify called
11-04-2016 05:12:23 [Worker_1] BlockReport-send: will try to use 
STARTTLS on connection to 10.0.0.12:25
11-04-2016 05:12:24 [Worker_1] Info: sent block report for 
bsqui...@ourdomain.com to bsqui...@ourdomain.com at 10.0.0.12:25(STARTTLS)
11-04-2016 05:12:23 [Worker_1] Connected: session:18456118 
10.0.0.12:34754 > 10.0.0.10:25 > 10.0.0.12:25
11-04-2016 05:12:23 [Worker_1] 10.0.0.12 info: injected STARTTLS request 
to 10.0.0.12
11-04-2016 05:12:23 m1-65943-13486 [Worker_1] [TLS-out] 10.0.0.12 
 to: blockreport@assp.local blocked email report
11-04-2016 05:12:23 [Worker_1] Info: queued blocked mail request from 
bsqui...@ourdomain.com
11-04-2016 05:12:23 [Worker_1] Disconnected: session:18456118 10.0.0.12 
- processing time 0 seconds


And here is our current log list:

-rw-r--r-- 1 root root   4324584 Mar 31 23:59 16-03-31.bmaillog.txt
-rw-r--r-- 1 root root 104149361 Apr  1 00:00 16-03-31.maillog.txt
-rw-r--r-- 1 root root   3141539 Apr  2 23:55 16-04-02.bmaillog.txt
-rw-r--r-- 1 root root  61970123 Apr  3 00:00 16-04-02.maillog.txt
-rw-r--r-- 1 root root   3202244 Apr  4 23:59 16-04-04.bmaillog.txt
-rw-r--r-- 1 root root  60418609 Apr  5 00:00 16-04-04.maillog.txt
-rw-r--r-- 1 root root   3398621 Apr  6 23:59 16-04-06.bmaillog.txt
-rw-r--r-- 1 root root  78973807 Apr  7 00:00 16-04-06.maillog.txt
-rw-r--r-- 1 root root   2991716 Apr  8 23:59 16-04-08.bmaillog.txt
-rw-r--r-- 1 root root  71872355 Apr  9 00:00 16-04-08.maillog.txt
-rw-r--r-- 1 root root   1195568 Apr 10 23:59 16-04-10.bmaillog.txt
-rw-r--r-- 1 root root  22713744 Apr 11 00:00 16-04-10.maillog.txt
-rw-r--r-- 1 root root142293 Apr 11 05:19 bmaillog.txt
-rw-r--r-- 1 root root   2391272 Apr 11 05:19 maillog.txt




--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Blockreports still not working

[Doug Lytle]

I had time to upgrade ASSP from 16080 to ASSP version 2.5.2(16100) 
today, running on Debian Wheezy.

When I send an email to blockreport@assp.local requesting a report for 
the last 5 days, from an account that I know has blocked email I get:

no blocked email found in the last 5 day(s)

lines with 0.0B analysed in logfiles on host assp.epiinc.inet in 0 
seconds - running ASSP version 2.5.2(16100)

Suggestions on how I can diagnose this?

Doug




--
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
gampad/clk?id=1444514301=/ca-pub-7940484522588532
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] MySQL Database question

[Doug Lytle]

Thomas,

I'm currently running ASSP on a Debian Virtual Machine using flat files.

I've got scripts in place that, when I do a snapshot for backups, I TERM 
the assp process, get the snapshot and then restart ASSP.

This morning, I've moved this to MySQL for my databases.

My questions is, Does ASSP still need to be ended before my snapshot, or 
can I just do a service mysql stop/start?

Thanks,

Doug


--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.5.2 build 16083

[Doug Lytle]

>>> On Mar 23, 2016, at 11:25 AM, Thomas Eckardt thomas.ecka...@thockar.com 
>>> wrote:

>>> Hi all,
>>> fixed in assp 2.5.2 build 16083:

Block reports are still broken under this build, returning to 16080 brings them 
back.

Doug

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] urgent: after assp 16081 all mails older than 1 day are deleted from spam folder

[Doug Lytle]

>> It would also appear that block reports are broken.

Reverting back to 16080 fixed this.

Doug

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] urgent: after assp 16081 all mails older than 1 day are deleted from spam folder

[Doug Lytle]

>> my mistake - what else!?

It would also appear that block reports are broken.

Ran a report for someone that I saw had several spams in the last 2 days and 
the report came back as:


no blocked email found in the last 2 day(s)

lines with 0.0B analysed in logfiles on host assp.ourdomain.inet in 0 seconds - 
running ASSP version 2.5.2(16081)

Doug

--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Stopping repeated auth logon connection attempts

[Doug Lytle]

>>> On Jan 26, 2016, at 7:14 AM, Charles Marcus cmar...@media-brokers.com wrote:
>>> Use the right tool for the job...
>>> In this case, fail2ban (or something like it) is what you need.


I agree with Charles here and I use fail2ban for these occurrences.

Doug

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.6 build 15362

[Doug Lytle]

>>> On Dec 29, 2015, at 8:21 AM, Thomas Eckardt thomas.ecka...@thockar.com 
>>> wrote:

>>> Doug, what is your setting of  'OutgoingBufSizeNew' ?

>>> Thomas


The default:  1024

Doug



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP Timeouts

[Doug Lytle]

Thomas Eckardt wrote:
>> Would setting it to 2, 3 or even 4 be of help?
> At least 3 would be required. So we can see, if there is a renegotiating
> problem.


Thomas,

I have a Postfix loglevel 3 on a TLS timeout, would you like me to send 
the archive directly to you?  It's 165KB compressed.

Doug


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP Timeouts

[Doug Lytle]

Thomas Eckardt wrote:
> Doug, please upgrade IO::Socket::SSL to the latest version (possibly also
> Net::SSLeay) and tryout the latest assp v2 dev build.
> Tell me if the issue (timeouts) is gone.

Thanks Thomas,

I'm on vacation starting Monday and will put those into place and let 
you know.



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP Timeouts

[Doug Lytle]

I found some time this AM to upgrade our work ASSP:

ASSP version 2.4.6(15351)

IO::Socket::SSL 2.022 / 2.020
Net::SSLeay 1.72 / 1.72

I've had 30 timeouts in the last hour

I'm planning on doing a TCP dump on my home mail server this upcoming Monday 
(running Zimbra at work and at home) to see if I can get a decent idea what's 
going on.

Doug

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] SMTP Timeouts

[Doug Lytle]

>>> On Dec 18, 2015, at 8:22 AM, Thomas Eckardt thomas.ecka...@thockar.com 
>>> wrote:

>>>I've had 30 timeouts in the last hour

 bad news! Thank you for testing.


Postfix manual for TLS logging gives:

Server-side TLS activity logging

To get additional information about Postfix SMTP server TLS activity you can 
increase the log level from 0..4. Each logging level also includes the 
information that is logged at a lower logging level.

Level   Postfix 2.9 and later   Earlier releases.
0   Disable logging of TLS activity.

1   Log only a summary message on TLS handshake completion — no logging of 
client certificate trust-chain verification errors if client certificate 
verification is not required.   Log the summary message, peer certificate 
summary information and unconditionally log trust-chain verification errors.

2   Also log levels during TLS negotiation.

3   Also log hexadecimal and ASCII dump of TLS negotiation process.

4   Also log hexadecimal and ASCII dump of complete transmission after 
STARTTLS. 

It's currently set to 1.

Would setting it to 2, 3 or even 4 be of help?

Doug

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] SMTP Timeouts

[Doug Lytle]

I am running ASSP version 2.4.6(15334) on Debian GNU/Linux 7.9 (wheezy), 
Perl version:

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for 
x86_64-linux-thread-multi

I've noted that when ASSP's 'do TLS' module is enabled on port 25, I get 
lots of SMTP timeouts, when it's only available on port 587, I get 
almost none.  Is there a fix for this?

IO::Socket::SSL version: 1.02

Thanks,

Doug


--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Perl's path

[Doug Lytle]

Thomas Eckardt wrote:
> What about making a symlink in /usr/bin/perl to  /usr/local/bin/perl ?

This makes more sense,

Thank you for the suggestion, I'll do that.

Doug


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] blacklisted domin/address

[Doug Lytle]

>>> On Nov 5, 2015, at 9:39 AM, anders westin anders.wes...@dometic.com wrote:

>>> is it possible to "lock" a incoming mail address to a certain ip address

What I would probably do is to verify if they have a valid SPF record and if 
so, set their domain to SPF Strict.  

If they do not, then I'd create a SPF record in the SPFoverride option and 
still put them on the Strict SPF Processing regex and then I would remove that 
domain from the black list.

Doug


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP version 2.4.6(15283)

[Doug Lytle]

>>> On Oct 15, 2015, at 8:19 AM, Thomas Eckardt thomas.ecka...@thockar.com 
>>> wrote:

>>> Switch on debugging for such mails.

>>> debugRe: automated_email\@dell\.com


Debugging turned on and test quote sent.  The email address and domain name 
have been modified to prevent spam.

http://pastebin.com/1u8B1suQ

Thanks for your insite!

Doug

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP version 2.4.6(15283)

[Doug Lytle]

Maybe someone can suggest a way for me to diagnose the below problem.

I've noted for a few months now, that when receiving an automated confirmation 
email from Dell, that I don't receive them on our Zimbra mail server.  

Reviewing the logs show that the email was received, the email domain was white 
listed and saved in the ASSP notspam corpus.  But, was never passed to the mail 
server.  So, within ASSP, though the admin portal, click on the link that shows 
that it was stored in notspam, select the menu item to resend now and then I 
get the email.

As far as I know, this is only happening with Dell's automated responses.  Any 
suggestions on how to diagnose?  Systems specs and Logs below:

SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux

This is perl 5, version 14, subversion 2 (v5.14.2) built for 
x86_64-linux-gnu-thread-multi
(with 89 registered patches, see perl -V for more detail)

14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  info: found message size 
announcement: 61.04 kByte
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  Message-Score: added -10 
(tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now 
-10
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com Whitelisted 
sender Domain: automated_em...@dell.com
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com Whitelisted 
sender Domain: automated_em...@dell.com
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com Whitelisted 
sender Domain: automated_em...@dell.com
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com Whitelisted 
sender Domain: automated_em...@dell.com
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com info: domain 
dell.com has published a DMARC record
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com Message-Score: 
added -10 (spfpValencePB) for SPF pass, total score for this message is now -20
14-10-2015 16:33:09 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com DMARC: this mail 
breakes the DKIM policies defined in the DMARC record for domain dell.com - 
there is no DKIM-signature found in this mail for domain dell.com
14-10-2015 16:33:10 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] 
143.166.224.190  to: dly...@inc.com ClamAV: scanned 
62699 bytes in whitelisted message - OK 
14-10-2015 16:33:10 m1-54789-02947 [Worker_6] [TLS-in] [TLS-out] [MessageOK] 
143.166.224.190  to: dly...@inc.com message ok - 
(whitelistdb) - [Dell Order Has Been Confirmed for Order Number 9054778887 for 
Dell Purchase ID 20033234237927] -> 
/assp/notspam/Dell_Order_Has_Been_Confirmed_for_Order_Number_903--9711289.eml

Doug


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP version 2.4.6(15283)

[Doug Lytle]

Thanks for taking the time to Look Thomas, I'll look into the Zimbra side of 
things.

Doug

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Logging of Failed SMTP Auth?

[Doug Lytle]

 On Jul 22, 2015, at 1:00 PM, K Post nntp.p...@gmail.com wrote:
 Would it be possible to have Log RE email the full line in the log which

I just turned this on the other day.  Edit the /assp/lib/CorrectASSPcfg.pm 
file.  Uncomment:

$main::AUTHLogUser = 1;# (0/1) write the username for AUTH 
(PLAIN/LOGIN) to maillog.txt
$main::AUTHLogPWD = 1; # (0/1) write the userpassword for 
AUTH (PLAIN/LOGIN) to maillog.txt

I wanted to log passwords as well (Home system) to see what crackers were using 
for passwords.

Doug



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Some mail not being passed

[Doug Lytle]

I'm currently running ASSP version 2.4.6(15162) under Debian GNU/Linux 7.8 
(wheezy) with Perl:

perl -v

This is perl 5, version 14, subversion 2 (v5.14.2) built for 
x86_64-linux-gnu-thread-multi
(with 89 registered patches, see perl -V for more detail)


I've noted problems with email coming in from Dell's automated quoting system 
not being passed on to our Zimbra mail server.  ASSP shows the email came in as 
white listed, saved a copy to the notspam folder and then nothing.  

Email is never found on the mail server, nor is there a copy in mailarchiva.

Zimbra's postfix logs show only the below:

cat mail.info|grep AE8C5833BBC3

Jun 24 09:40:59 wm postfix/smtpd[22378]: AE8C5833BBC3: 
client=assp.ourdomain.inet[10.0.0.10]
Jun 24 09:41:01 wm postfix/cleanup[31598]: AE8C5833BBC3: 
message-id=dffd4e$8sv...@ausxipmktps31.us.dell.com

ASSP logs below:

cat maillog.txt |grep m1-53259-07493

24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com info: found message size 
announcement: 76.42 kByte
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com Message-Score: added -10 
(tlsValencePB) for SSL-TLS-connection-OK, total score for this message is now 
-10
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com 
Whitelisted sender address: dell_automated_em...@dell.com for recipient 
d_ly...@ourdomain.com
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com 
Whitelisted sender address: dell_automated_em...@dell.com for recipient 
b_dr...@ourdomain.com
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com info: 
domain dell.com has published a DMARC record
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com 
Message-Score: added -10 (spfpValencePB) for SPF pass, total score for this 
message is now -20
24-06-2015 09:40:59 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com DMARC: 
this mail breakes the DKIM policies defined in the DMARC record for domain 
dell.com - there is no DKIM-signature found in this mail for domain dell.com
24-06-2015 09:41:01 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com ClamAV: 
scanned 78452 bytes in whitelisted message - OK 
24-06-2015 09:41:01 m1-53259-07493 [Worker_1] [TLS-in] [TLS-out] [MessageOK] 
143.166.224.190 automated_em...@dell.com to: d_ly...@ourdomain.com message ok 
[Dell Computer Saved Quote Information 1020249920296] - 
/assp/notspam/Dell_Computer_Saved_Quote_Information_102024992029--8302958.eml

Debug file at pastebin

http://pastebin.com/cs7gYuZ6

Any suggestions?  This is consistent.  

Thanks!

Doug

--
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical  virtual servers, alerts via email  sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Sourceforge problem?

[Doug Lytle]

I just checked my ASSP download folder to find an assp.pl file that 
contained the below:

We're sorry -- the Sourceforge site is currently in Disaster Recovery 
mode, and currently requires
the use of javascript to function.  Please check back later.

Interesting,

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Attachment blocking

[Doug Lytle]

K Post wrote:
 I can't figure this out to save my life.  Is there something wrong with the
 regex?  If external is set to level 2 and block, how would mails like this


I didn't have reg in my list, but added it just for a test and it was 
blocked.  My setup below:

ASSP version 2.4.4(15004)

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 7.8 (wheezy)
Release:7.8
Codename:   wheezy

Level 1 rejected File Extensions (BadAttachL1)
reg|wmv|mov|mpg|mp4|msf|avi|mp3|m4a|wma|wav|exe|pif|vb[es]|ba[st]|cpl|in[fs]|ms[cipt]|reg|wms|cmd

External Attachment Blocking (DoBlockExes)
Block

External Attachment Blocking Level (BlockExes)
Level 1

Whitelisted  Local Attachment Blocking (BlockWLExes)
Level 2

NoProcessing Attachment Blocking (BlockNPExes)
Level 1

Log shows:

17-02-2015 19:28:29 m1-19309-08919 [Worker_1] [TLS-in] [TLS-out] 
[Attachment] 192.168.145.252 supp...@drdos.info to: work.email.address 
[spam found] (bad attachment 'test.reg') [test] - 
/assp/discarded/test--182025.eml;
17-02-2015 19:28:29 m1-19309-08919 [Worker_1] [TLS-in] [TLS-out] 
192.168.145.252 supp...@drdos.info to: work.email.address [SMTP Error] 
550 5.7.1 These attachments are not allowed


Hope that helps,

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Gmail is blocking Emails from my (ASSP) Server

[Doug Lytle]

 On Feb 12, 2015, at 12:31 PM, Christian Leicht use...@schani.com wrote:
 Yes, but from Gmail you cant get a answer (since 14 Days) ;-((

Check to see if you're on a blacklist:

http://multirbl.valli.org/lookup/

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.

--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] sending mails seems to be blocked

[Doug Lytle]

 I am in the same internal lan as my ASSP and Mailserver.

And that's where we differ.

Internal to our network, I've not experienced this, only when connected 
remotely.

Doug

--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] sending mails seems to be blocked

[Doug Lytle]

 Hi,

 since a few weeks I have to restart assp two times a day.

 Sending mails seems to be blocked by assp.

I've had the same issue, the only way I've worked around it is to either:

1.)  Restart ASSP (Only works for a few hours)

2.)  Run OpenVPN and point the outgoing SMTP directly to the internal address 
of the ASSP sever

3.)  Try a different email client that isn't based off of Mozilla's code base.  
We use Seamonkey and Thunderbird has the same issues.  The only thing is, I 
haven't found a mail client, that is cross platform that I like.

And, since 2 is what I've done on my clients, I haven't gone any further.

Doug

--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

Thomas Eckardt wrote:
 Doug,

 there is no code in the current assp.pl that calls 'matchSL' with the
 parameter 'noScanIP'. This was the case in some versions before assp 2.2.2
 build 12218.

Thomas,

I created a new Virtual Machine (Copy of the original ASSP), I deleted 
the contents of the /assp folder, leaving only the:

spam
notspam

And reloaded.  I now get the below debug:

 25-01-2015 18:16:35 [Worker_1] Maillog
 25-01-2015 18:16:35 [Worker_1] bodyWrap
 25-01-2015 18:16:35 [Worker_1] bodyWrap
 25-01-2015 18:16:35 [Worker_1] getbody - done:1 maillength:8402
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] CheckAttachments
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] BombOK
 25-01-2015 18:16:35 [Worker_1] matchSL - supp...@drdos.info - 
noBombScript
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] BombBlackOK
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] matchSL - supp...@drdos.info - noScan
 25-01-2015 18:16:35 [Worker_1] matchIP - 10.10.10.250 - noScanIP
 25-01-2015 18:16:35 [Worker_1] matchSL - supp...@drdos.info - noScan
 25-01-2015 18:16:35 [Worker_1] matchIP - 10.10.10.250 - noScanIP
 25-01-2015 18:16:35 [Worker_1] ClamAV
 25-01-2015 18:16:35 [Worker_1] ClamScanPing - maxwait 10 seconds
 25-01-2015 18:16:35 [Worker_1] ClamScanScan - maxwait 15 seconds
 25-01-2015 18:16:35 m1-27795-02791 [Worker_1] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info ClamAV: scanned 8400 bytes 
in local message - OK
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh
 25-01-2015 18:16:35 [Worker_1] MsgScoreTooHigh

Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Virus detected

[Doug Lytle]

 Does anyone know if this headers are written by ASSP?

 *Virus Detected:*  'Sanesecurity.Jurlbl.6890.UNOFFICIAL'
 *Full Header:*

ClamAV with the SaneSecurity signatures reports back to ASSP and ASSP adds it 
to the headers.

Doug

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

 this was a bug in 2.2.2 and was solve in  assp 2.2.2 build 12218 and
 ASSP_AFC version 2.05 

Thanks Thomas!

Doug

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

 this was a bug in 2.2.2 and was solve in  assp 2.2.2 build 12218 and
 ASSP_AFC version 2.05 

I guess I'm lost, I just noted the version number.

I'm on 2.4.4 (15004)

Doug

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

 Does this mean the senders in question are still in NoProcessingDomains?

In this particular case, the 'sender' was my mail server.  It was sending the 
nightly postfix report to me.  For some reason, it would randomly match against 
either lists.digium.com or mythtv.org.

Those domains are still in my white listed domains, but no longer in the 
NoProcessing.

Doug

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

 If you feel more comfortable, change the option back to (
 file:files/noscanav.txt) :):)

It wasn't effecting anybody but me.  I'll revert my changes when I get home 
tonight.

Doug

--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

Thomas Eckardt wrote:
 After moving the 2 IP addresses out of the web interface and into a file
 configuration - following these steps:

 1 - look in to the folder: files/optRE and find the file 'noScanIPs.txt'
 2 - make a backup of this file
 3 - now change the config back to plain IP - take care: use the same order
 for the IP's like in the file noscanav.txt - and apply - this will update
 the file files/optRE/noScanIPs.txt

I did the above and ran md5sum on both files.  It shows they are both 
identical.

Now, reviewing the logs from this morning shows that I was incorrect.  
ClamAV is still scanning 10.10.10.250, but didn't hit a SaneSecurity 
signature.  So, what I did was set a debug on the subject Daily mail 
report.  The debug captured the below.  If you'd like the whole .dbg 
file, I'll zip it up and send it to you off list:

 20-01-2015 13:43:46 [Worker_1] Maillog
 20-01-2015 13:43:46 [Worker_1] SMTPTraffic - read OK
 20-01-2015 13:43:46 [Worker_1] SMTPTraffic - process read
 20-01-2015 13:43:46 [Worker_1] doing line .[CR][LF]
 
 20-01-2015 13:43:46 [Worker_1] Maillog
 20-01-2015 13:43:46 [Worker_1] bodyWrap
 20-01-2015 13:43:46 [Worker_1] bodyWrap
 20-01-2015 13:43:46 [Worker_1] getbody - done:1 maillength:11189
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] CheckAttachments
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] BombOK
 20-01-2015 13:43:46 [Worker_1] matchSL - supp...@drdos.info - 
noBombScript
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] BombBlackOK
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] matchSL - 10.10.10.250 - noScanIP
 20-01-2015 13:43:46 [Worker_1] matchSL - 10.10.10.250 - noScanIP
 20-01-2015 13:43:46 [Worker_1] ClamAV
 20-01-2015 13:43:46 [Worker_1] ClamScanPing - maxwait 10 seconds
 20-01-2015 13:43:46 [Worker_1] ClamScanScan - maxwait 15 seconds
 20-01-2015 13:43:46 m1-79426-10118 [Worker_1] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info ClamAV: scanned 11187 bytes 
in local message - OK
20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] URIBLok
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh
 20-01-2015 13:43:46 [Worker_1] MsgScoreTooHigh


Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

Thomas Eckardt wrote:
 noScanIP
 I can't reproduce this issue - it works for me.


After moving the 2 IP addresses out of the web interface and into a file 
(file:files/noscanav.txt), this problem went away.

After removing @lists.digium.com|@mythtv.org from No Processing 
Addresses (NoProcessing) and No Processing Address From 
(NoProcessingFrom), the problem went away.

Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ClamAV - ASSP version 2.4.4(15004)

[Doug Lytle]

I'm running ASSP on Debian 7.7 (wheezy) on the current ASSP release.

I've specified that IP address 10.10.10.250 should not be scanned 
because some times the SaneSecurity signatures are triggered on my daily 
reports.  Today, I just noted that I haven't seen a report in a couple 
days and reviewed the ASSP logs.

They show that ClamAV is still scanning the excluded IP address.

09-01-2015 23:30:09 m1-64209-07507 [Worker_1] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info Regex:Noprocessing 
'@lists.digium.com'
09-01-2015 23:30:09 m1-64209-07507 [Worker_1] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info ClamAV: scanned 12159 bytes 
in local message - FOUND 
Sanesecurity.Jurlbl.5698.UNOFFICIAL(dd164f7548721d3945ba20d3bd690427:12159)
09-01-2015 23:30:09 m1-64209-07507 [Worker_1] [TLS-out] [VIRUS] 
10.10.10.250 supp...@drdos.info to: supp...@drdos.info [spam found] 
(virus detected: 
'Sanesecurity.Jurlbl.5698.UNOFFICIAL(dd164f7548721d3945ba20d3bd690427:12159)') 
[Daily mail report for 2015 01 09] - /assp/quarantine/--159007.eml;
09-01-2015 23:30:09 m1-64209-07507 [Worker_1] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info [SMTP Error] 554 5.7.1 Mail 
appears infected with 
\[Sanesecurity.Jurlbl.5698.UNOFFICIAL(dd164f7548721d3945ba20d3bd690427:12159)\].


ASSP config:

Do Not Scan Messages from these IP's* (noScanIP)

10.10.10.250|192.168.145.10

I am also trying to figure out why it would hit a Noprocessing rule for 
lists.digium.com?  In fact, I see different entries matching different 
Noprocessing rules:

16-01-2015 23:30:09 m1-69009-08961 [Worker_2] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info Regex:Noprocessing '@mythtv.org'
16-01-2015 23:30:09 m1-69009-08961 [Worker_2] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info ClamAV: scanned 12013 bytes 
in local message - FOUND 
Sanesecurity.Jurlbl.6418.UNOFFICIAL(737417455cdbdc73f8034fdabb8fb028:12013)
16-01-2015 23:30:09 m1-69009-08961 [Worker_2] [TLS-out] [VIRUS] 
10.10.10.250 supp...@drdos.info to: supp...@drdos.info [spam found] 
(virus detected: 
'Sanesecurity.Jurlbl.6418.UNOFFICIAL(737417455cdbdc73f8034fdabb8fb028:12013)') 
[Daily mail report for 2015 01 16] - /assp/quarantine/--160579.eml;
16-01-2015 23:30:09 m1-69009-08961 [Worker_2] [TLS-out] 10.10.10.250 
supp...@drdos.info to: supp...@drdos.info [SMTP Error] 554 5.7.1 Mail 
appears infected with 
\[Sanesecurity.Jurlbl.6418.UNOFFICIAL(737417455cdbdc73f8034fdabb8fb028:12013)\].


Is there something I missing?


Thanks,

Doug

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Remote SMTP issues with TLS

[Doug Lytle]

Mr. Courtney Creighton wrote:
 I haven't yet devised how to properly test the software theory, but
 anecdotally, I've only heard complaints about this from my Thunderbird
 users, and not Outlook/OE/Mail users.

 Can I ask what MTA you're using behind ASSP?


I'm using Zimbra Version 8.6.0_GA_1153.FOSS.

It uses Postfix as it's MTA

I'm also considering that it may be a Thunderbird/Seamonkey issue. They 
both have the similar code bases.

But I just find it strange that for me, behind the firewall, I never 
have this issue.  But, it's repeatable from remote (Including me testing 
from a laptop)

Changing the host table on the Linux and Windows machines to point to 
the ASSP system over the VPN eliminates the problem.

Doug



-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] I'm sending messages from Yahoo?

[Doug Lytle]

James Brown wrote:
 Dec-11-14 10:23:53 [Worker_2] Connected: session:7FAD1B6519F8 127.0.0.1:51769 
  127.0.0.1:25  127.0.0.1:10026
 Dec-11-14 10:23:56 [Worker_2] 127.0.0.1 info: authentication - plain is used

You've got a compromised account on your system.  The sender authenticated.

A failed authentication would be similar to the below:

07-12-2014 05:15:00 [Worker_1] Connected: session:7F3F0DB2AF98 
5.189.129.101:61808  10.10.10.247:587  10.10.10.250:25
07-12-2014 05:15:01 [Worker_1] 5.189.129.101 info: got STARTTLS request 
from 5.189.129.101
07-12-2014 05:15:01 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 info: 
authentication - plain is used
07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 warning: 
SMTP authentication failed on 10.10.10.250
07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 [SMTP 
Error] 535 5.7.8 Error: authentication failed: authentication failure
07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 info: 
authentication - login is used
07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 warning: 
SMTP authentication failed on 10.10.10.250
07-12-2014 05:15:02 [Worker_1] [TLS-in] [TLS-out] 5.189.129.101 [SMTP 
Error] 535 5.7.8 Error: authentication failed: authentication failure
07-12-2014 05:15:02 [Worker_1] Disconnected: session:7F3F0DB2AF98 
5.189.129.101 - processing time 2 seconds


Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Remote SMTP issues with TLS

[Doug Lytle]

Mr. Courtney Creighton wrote:
 If you come up with anything better, I'd love to hear it. Soon, I want
 to disable all user logins via unencrypted protocols, and it would be
 really nice to have more reliable secure connections to go with that.

I'm not 100% sure it isn't the ISP causing the issue.

All my remote clients are using OpenVPN.  I've modified their host 
tables to point to the private IP address of ASSP and the problem has 
gone away.  I've read a couple articles that state that ISPs are fooling 
around with TLS to prevent users from encryption.

I'm also not sure it's not a pfSense bug.  The next release is coming up 
soon and I'll test again once my firewall has been upgraded.

And as a test, I'll review a few other, non Mozilla clients, to see if 
it's a Mozilla based bug.

Thanks,

Doug






-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Messages getting lost?

[Doug Lytle]

James Brown wrote:
 [spam found] (HMM) [New Arrival Love Get Your Summer Eyewear] - 
 /Applications/assp/spam/1073.eml;

 Running ASSP 2.4.4(14336), Perl is 5.018002

 Am I missing something, or is there a bug that was introduced in 14336?


I've seen this as well, but before 14336.


Doug




-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.4 build 14334

[Doug Lytle]

Thomas Eckardt wrote:
 - fixes a thrown exception
Prototype mismatch: sub Net::SMTP::assp_starttls (-1) vs none at sub
 Net::SMTP::assp_starttls line 28.

I was hoping this would address my SMTP STARTTLS problem, unfortunately 
it did not.

Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Remote SMTP issues with TLS

[Doug Lytle]

  On Dec 1, 2014, at 9:15 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote:

 your MTA does not answer after it got the

The MTA (Postfix) shows:

Dec  1 07:45:13 web postfix/smtpd[31547]: 72E162008D7CD: 
client=assp.drdos.info[10.10.10.247], sasl_method=PLAIN, 
sasl_username=hid...@drkathie.com
Dec  1 07:45:25 web postfix/smtpd[31547]: lost connection after DATA (5571 
bytes) from assp.drdos.info[10.10.10.247]
Dec  1 07:45:25 web postfix/smtpd[31547]: disconnect from 
assp.drdos.info[10.10.10.247]

Again, restarting ASSP fixes this for a short period of time.

I'm just struggling to find out why.  Maybe I need to read up on tcpdump.

Doug



--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Remote SMTP issues with TLS

[Doug Lytle]

 Maybe I need to read up on tcpdump.

 trace the connection between the client and assp.

The client being the end user or the Mail Server?  

If the end user, this is happening on all of them, including my test laptop on 
a MiFi wireless service.  If that's the case, maybe it's my firewall.  I'm 
currently using pfSense 2.1.5

Doug

--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Remote SMTP issues with TLS

[Doug Lytle]

Everybody,

I've been having issues with remote users not being able to send email 
using STARTTLS with SeaMonkey as the MUA on port 587, for the last 
couple months.

The symptoms are:

User goes to send email

SeaMonkey's status bar indicates email is in the process of being sent.  
It then just sits there with the status bar at 99%.  Two minutes later, 
SeaMonkey times out stating the email could not be sent.
Restarting ASSP and trying again, succeeds.

Once ASSP has been restarted, email will flow fine for 2 or 3 hours, 
before the process needs to be restarted again.

I did download and put into place the SSL.pm from the SourceForge page, 
hoping the bump would fix the issue, but it has not.  I placed it into 
/assp/lib/Net/SMTP.  The version number is showing correct in the ASSP 
admin page.

I've set a debug on the test IP address for a success and failure that 
I've attached via pastebin.

Any suggestions on what may be the cause?

Failed attempt debug:  http://pastebin.com/U5dYMNNR
Succeed attempt debug: http://pastebin.com/7LJTdZgB

I've upgraded to the latest ASSP today:

ASSP version 2.4.4(14331)

It made no difference

System specs:

root@assp2:/assp/debug# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 7.7 (wheezy)
Release:7.7
Codename:   wheezy

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for 
x86_64-linux-thread-multi

The mail server is Zimbra (Backend is Postfix)

Thanks!

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Strange SPF failure

[Doug Lytle]

Little bit about my system:

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 7.6 (wheezy)
Release:7.6
Codename:   wheezy

perl -v

This is perl 5, version 18, subversion 0 (v5.18.0) built for 
x86_64-linux-thread-mult


SPF module version:

Mail::SPF 2.009 / 2.007

I've just noted that inbound mail from my employer is showing SPF 
failures, even though all tools that I've used comes back as passing.  
Turning on SPF debugging, I get:

18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info  spf_result:permerror
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info identity:testi...@epiinc.com
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info scope:mfrom
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info spf_record:
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info local_exp:epiinc.com: 
Unknown mechanism type 'll' in 'v=spf1' record
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info 
received_spf:Received-SPF: permerror (epiinc.com: Unknown mechanism type 
'll' in 'v=spf1' record) receiver=ASSP.nospam; identity=mailfrom; 
envelope-from=testi...@epiinc.com; helo=wm.epiinc.com; 
client-ip=64.136.253.70
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info Message-Score: added 5 
(spfeValencePB) for SPF permerror, total score for this message is now -35
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] 64.136.253.70 
testi...@epiinc.com to: receiv...@drdos.info ClamAV: scanned 1050 
bytes in whitelisted message - OK
18-10-2014 08:26:25 m1-35185-12255 [Worker_1] [TLS-out] [MessageOK] 
64.136.253.70 testi...@epiinc.com to: receiv...@drdos.info message ok 
- (whitelistdb) - [test 4]

Any suggestions would be welcome.

Thanks,

Doug


--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Strange SPF failure

[Doug Lytle]

Doug Lytle wrote:
 Little bit about my system: 

Missed the most important part:

ASSP version 2.4.4(14273)



--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Strange SPF failure

[Doug Lytle]

Doug Lytle wrote:
 Missed the most important part:

 ASSP version 2.4.4(14273)


Please ignore, we've tracked down the failure.

Thanks,

Doug



--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Trying to upgrade ASSPv2

[Doug Lytle]

Colin wrote:
 Do you recall what you did to resolve it then?

I never did.

People were starting to get the perception that our mail server was 
having issues, having it down so much trying to figure this out, so I 
left it alone for almost 8 months.  Figured I'd give it another try.

I'll be playing around with the ciphers you've listed again, this 
upcoming Sunday morning.  Thanks for the input!



--
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] very bad news

[Doug Lytle]

 Fritz Borgstedt (15. April 1945 - 8. Mai 2014) is no longer with us

Oh my gosh!  I didn't even know he was ill!

Doug

--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] MaxErrors question

[Doug Lytle]

Alessandro Cattani wrote:
 MaxAuthErrors is set to 10
 My MTA is Mailenable v. 8.01
 So, how can I block these connections?

I would suggest you contact Mailenable's support and have them fix their
response, it looks to be broken:

https://www.mailenable.com/support/step1.asp

Doug


-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis  security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Forged spam from btinternet.com

[Doug Lytle]

 I'm not sure how to block these as btinternet.com publishes no SPF 

You can use spf override and create them a SPF record in ASSP, then use SPF 
strict.

I believe there are examples in the ASSP GUI.

Doug

--
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Links in log

[Doug Lytle]

 What determines if a link is supposed to be generated vs just text?

Good question!  I've noted this as well.


--
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments  Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] triggering Redlist reload

[Doug Lytle]

 Is it possible to reload redlist upon file change (automatically, or by 
 triggering a command)

killall -HUP assp.pl

Doug

--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register 
http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] assp dying

[Doug Lytle]

Spyros Tsiolis wrote:
 Is there a way to check if assp is running and if its not start
 automatically.

I use monit to watch ASSP.

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] assp dying

[Doug Lytle]

 However, I will have a thorough look at monit.

If you go that route, here is my config:

set mail-format { 
from: assp.monit AT somedomain.com
 subject: [Monit] $SERVICE $EVENT at $DATE
 message: Monit $ACTION $SERVICE 
  at $DATE on $HOST: 
  $DESCRIPTION.
}

check process assp with pidfile /assp/pid

start program = /etc/init.d/assp start
stop program = /etc/init.d/assp stop

if failed host 127.0.0.1 port 25 protocol smtp
with timeout 10 seconds
for 1 times within 1 cycles
then restart

Doug

--
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Wrong Whitelist detection?

[Doug Lytle]

 Now you see in the header that the ASSP said the eMail is Whitelisted 
 because of the hp.com, but the (mhp.com) is in all

You need to make sure you have a @ in front of the hp.com, i.e. @hp.com

Doug

--
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Spoofing

[Doug Lytle]

Tim Evans wrote:
 Neither one of these is in my local domains

 ...Tim

I'd suggest searching on one of those addresses in the ASSP 'View Mailog 
Tail' option. Once it's highlighted, you can click on the entry and have 
option to act on it.

Also, paste the address into the White/Redlist/Tuplets to get more info 
on that address.

FYI, I'm currently running 13236 under Debian.

Doug

-- 
Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary 
Safety, deserve neither Liberty nor Safety.


--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Spoofing

[Doug Lytle]

 Aug-26-13 11:12:58 40778-13666 [Worker_1] [InvalidLocalSender] 8.31.233.118 
 xx...@sasco.com [spam found] Spoofing Sender in Local Domain

This would indicate that the domain(s) in question is/are listed in your Local 
Domains config file.

Doug

--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test