Re: [Assp-test] Moving to 3rd party email archiving service - What settings sh
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Thursday, January 10, 2013 10:54 PM To: ASSP development mailing list Subject: Re: [Assp-test] Moving to 3rd party email archiving service - What settings sh The frontend IP must be listed in ispip for ISPHostNames to work. Let me clarify once more. If I put my 3rd party in ISPIP, it will allow emails to pass through, but they won't be checked for anything? If I put my 3rd party in ISPIP and ISPHostNames, it will check things? In order to use ISPHostNames, I have to look at the headers of emails coming through and find it out correct? They have given me 3 /24 ranges from which emails could come from. Thanks, Brett -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Moving to 3rd party email archiving service - What settings should I change?
-Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: Friday, January 11, 2013 9:11 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] Moving to 3rd party email archiving service - What settings should I change? My company is moving to a 3rd party email archiving service. Our MX records will be changed to point to that service. They will run their anti-spam checks on incoming email and then pass through the emails that pass the checks (sounds like a store and forward type service). Hmm... from the above description it resembles a lot this service http://www.exchangedefender.com/ now, it isn't all that bad, especially if your bosses want a set and forget solution, but it also means that you'll totally loose control over the filtering; not just that, due to the general approach, you will get more junk mail since such a service can't perform fine tuned filtering or they'll risk FPs or face the my spam is your ham issue so, if the whole thing works as above (see URL) you may still make use of ASSP; keep it running as it is but ensure to add the external MX IPs to your ISP IP at that point, you may use ASSP to perform the fine filtering while the upstream filters will run the coarse one It is similar to Exchangedefender. I've got it set in ispip now. It seems to be working well so far. However, I don't know that it's caught any spam yet. I'm trying to clear out my ccspam mailbox so I can get a good idea of what's going on. Thanks, Brett -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Moving to 3rd party email archiving service - What settings sh
Are you not able to access the GUI of ASSP and read Maillog Tail? Yes, I read it, all the ones coming in where all whitelisted. Looks like they're not doing such a bad job so far blocking spam. Is the ISP sending the mails towards ASSP so that ASSP can listen at listenPort? Yes, emails are flowing through. -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Moving to 3rd party email archiving service - What settings shoul
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] The server of the ISP should be put into your ispip. So, if I understand correctly, I need to put the 3rd party's IP info into ISPIP? But I also need to put the IP info into ISPHostNames if I want SPF checking to happen (because otherwise, it says by using ISPIP SPF checking won't happen)? Did I understand that correctly? Thanks, Brett -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Moving to 3rd party email archiving service - Whatsettings should I change?
-Original Message- From: TR Shaw [mailto:ts...@oitc.com] Sent: Thursday, January 10, 2013 5:18 PM To: ASSP development mailing list Subject: Re: [Assp-test] Moving to 3rd party email archiving service - Whatsettings should I change? I don't think that I would move to a service that didn't do SPF, DKIM and DMARC. What I would do is keep your MX pointed at ASSP. Configure ASSP to connect to the service (thus putting ASSP and your control in front of the service and then point the service to your MailServer. Yeah, well, as much as I'd like to do that, it wouldn't work. We're using this service also as part of our DR plan. If we go down our end users can still access their emails. If the MX record is pointing to us and not the service and we go down, it can cause problems, not to mention an incredible waste of bandwidth. Though I suppose it could be debated, we're passed that now. Thanks, Brett -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.9 (13002) Header in body
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Saturday, January 05, 2013 3:08 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.9 (13002) Header in body -Original Message- From: [@zones.com] Sent: Friday, January 04, 2013 3:59 PM Subject: RE: LENOVO SERVICES REGISTRATION REQUIRED ( LENOVO SERVICES REGISTRATION REQUIRED ( Thread-Index: Ac3qvjJaDQLI/aGNRlivynS30FNyfaqQ References: ECAFFEDE0408E749B152BF2AD3D21FA9133D2AE7@nts8.zones.internal 15EE2AAA8D90CF449983494481233CFC08F5D5C1@12345 From: @zones.com To: me There is a empty line in subject:. Is this similar in all cases? I apologize if it looks like it is an empty subject line. It is not. I simply forwarded the email (removing all the FW: stuff and leaving the FROM, Sent, and Subject) and so the body starts at the second LENOVO SERVICES REGISTRATION line. Kind Regards, Brett -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.9 (13002) Header in body
Just received an email with some of the header moved to the body (2 emails actually). Details below (some info removed to protect the innocent) (Actual header at bottom): -Original Message- From: [@zones.com] Sent: Friday, January 04, 2013 3:59 PM Subject: RE: LENOVO SERVICES REGISTRATION REQUIRED ( LENOVO SERVICES REGISTRATION REQUIRED ( Thread-Index: Ac3qvjJaDQLI/aGNRlivynS30FNyfaqQ References: ECAFFEDE0408E749B152BF2AD3D21FA9133D2AE7@nts8.zones.internal 15EE2AAA8D90CF449983494481233CFC08F5D5C1@12345 From: @zones.com To: me X-Assp-Delay: not delayed (whitelistdb '@zones.com'); 4 Jan 2013 15:59:31 -0500 X-Assp-Whitelisted: Yes (whitelistdb '@zones.com') X-Assp-Envelope-From: @zones.com X-Assp-Intended-For: me X-Assp-Passing: whitelistdb '@zones.com' X-Assp-ID: ASSP.nospam (id-35733-02134) X-Assp-Version: 1.9.9(13002) X-SEF-C78C3B4C-7293-4950-A8F1-D32B88106FB4: 1 X-SEF-Processed: 5_5_0_210__2013_01_04_15_59_32 body This is all that's in the actual header (stuff removed quickly, leaving the office): Microsoft Mail Internet Headers Version 2.0 Received: from 123 by 1234 with Microsoft SMTPSVC(5.0.2195.6713); Fri, 4 Jan 2013 15:59:32 -0500 Received: from ASSP [1.1.1.1] by 1234 - SurfControl E-mail Filter (5.5.0); Fri, 04 Jan 2013 15:59:32 -0500 Received: from mailgate.zones.com ([209.191.166.193] helo=mailgate.zones.com) by ASSP.nospam with ESMTP (ASSP 1.9); 4 Jan 2013 15:59:31 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate.zones.com (Postfix) with ESMTP id EDE6ABD0002 for me; Fri, 4 Jan 2013 12:58:43 -0800 (PST) Received: from mailgate.zones.com ([127.0.0.1]) by localhost (mailgate.zones.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRJp5qgV4-tK for me; Fri, 4 Jan 2013 12:58:43 -0800 (PST) Received: from nts8.zones.internal (nts8.zones.internal [10.1.20.8]) by mailgate.zones.com (Postfix) with ESMTP id D50A9BD0031 for me; Fri, 4 Jan 2013 12:58:43 -0800 (PST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: RE: LENOVO SERVICES REGISTRATION REQUIRED ( Date: Fri, 4 Jan 2013 12:58:42 -0800 Message-ID: ECAFFEDE0408E749B152BF2AD3D21FA91341932F@nts8.zones.internal In-Reply-To: 15EE2AAA8D90CF449983494481233CFC08F5D5C1@12345 X-MS-Has-Attach: X-MS-TNEF-Correlator: From: @zones.com Bcc: Return-Path: @zones.com X-OriginalArrivalTime: 04 Jan 2013 20:59:32.0708 (UTC) FILETIME=[65415A40:01CDEABE] -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.9(12350) Bayesian Check
Three identical emails come in within a time span of 2 seconds from the same sending server to three different addresses. Only the first one gets a Bayesian score of 40. The other two get no Bayesian score. The second email gets a Questionable reputation score of 8 and nothing else. The third gets no score at all. Why is this? Here's the log for them: Dec-20-12 07:23:04 id-35600-19031 [VIRUS] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com ClamAV: scanned 4865 bytes in message - OK ; Dec-20-12 07:23:05 id-35600-19031 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com Bayesian Check [scoring:40] - Prob: 1.0 / Confidence: 0.0 = doubtful.spam; Dec-20-12 07:23:05 id-35600-19031 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com Message-Score: added 40 for Bayesian Probability: 1.0, total score for this message is now 40; Dec-20-12 07:23:05 id-35600-19031 [MessageScore] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com [spam found] and passing because messagescore(40) is in warning range ( 39 - 49) -- [Fast 2 min approval application for extra funds] - discarded/id-35600-19031.eml; Dec-20-12 07:23:05 id-35600-19032 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com Message-Score: added 8 for Questionable Reputation for 75.75.244.36, total score for this message is now 8; Dec-20-12 07:23:05 id-35600-19032 [VIRUS] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com ClamAV: scanned 4873 bytes in message - OK ; Dec-20-12 07:23:05 id-35600-19032 [MessageOK] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com message ok [Fast 2 min approval application for extra funds] - okmail/Fast_2_min_approval_applicatio__678.eml; Dec-20-12 07:23:06 id-35600-19034 [VIRUS] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com ClamAV: scanned 4873 bytes in message - OK ; Dec-20-12 07:23:06 id-35600-19034 [MessageOK] 75.75.244.36 mol...@dumatice.info to: us...@mydomain.com message ok [Fast 2 min approval application for extra funds] - okmail/Fast_2_min_approval_applicatio__678.eml; Thanks, Brett -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP resend error on the ASSP-Block report
I suspect that ASSP trying to find the mail based on the subject, but due to of the rebuildspam (and move2num) ASSP seems to be lost ... What's the best approach to manage this kind of issues ? That is most definitely the reason if UseSubjectsAsMaillogNames is enabled. Assuming you're done with the process of building up your corpus, I think you can safely disable that option. Any future requests to future emails will work as it should. Use the reporting options to more fine tune your mailbox. You may also want to make use of the sendAllSpam option to have a copy of the spammy emails sent to a specific email account where you can monitor the emails (if you really need subject names). Kind Regards, Brett -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.9(12346) No Processing/Blacklisting
Fritz, I don't know if this was fixed since 12346, but the trick you taught us for domains that have non-existent SPF records I don't think is working. Verizonwireless.com, for example, has IP's listed in my no processing file, as well in blacklisted domains. However, it is still being blocked (at least it was on and prior to December 8, 2012. I'm thinking something perhaps isn't in the right order? Here's the header: http://pastebin.com/U1VySK5q Here's the log: http://pastebin.com/WTntQeRe Kind Regards, Brett -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] 1.9.9(12349) Bayesian Score
Not sure if this is purely cosmetic or what, but saw this in the header of one email: http://pastebin.com/Cuyezwfa Kind Regards, Brett -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.9(12346) No Processing/Blacklisting
Great, Thanks! -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, December 14, 2012 3:24 PM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.9(12346) No Processing/Blacklisting ASSP development mailing list assp-test@lists.sourceforge.net schreibt: Verizonwireless.com, for example, has IP's listed in my no processing file, as well in blacklisted domains. However, it is still being blocked (at least it was on and prior to December 8, 2012. I'm thinking something perhaps isn't in the right order? Make sure that Blacklisting Addresses/Domains will overwrite NoProcessing (DoBlackDomainNP) is not set -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Whitelist domain from uribl?
Is there any way to tell ASSP to ignore that URIBL for yahoo.com? I can't seem to figure out a configuration that will do this. URIBLwhitelist should do it! Just put yahoo.com in it. Kind Regards, Brett -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] LDAPLIST 1.9.9(12333.1)
Persblackdb also has this problem. Thanks, Brett -Original Message- From: Hill, Brett [mailto:brett.h...@nlbusa.com] Sent: Wednesday, November 28, 2012 12:36 PM To: assp-test@lists.sourceforge.net Subject: [Assp-test] LDAPLIST 1.9.9(12333.1) I'm just trying to figure out which ldaplist file is being used. There are two: ldaplist and ldaplist.db The value for ldaplistdb is ldaplist, but it looks like the file ldaplist.db is the one being written to. The same applies to ldapnotfounddb. Kind Regards, Brett -- Keep yourself connected to Go Parallel: VERIFY Test and improve your parallel project with help from experts and peers. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] LDAPLIST 1.9.9(12333.1)
In addition, missing the show persblack addresses button. -Original Message- From: Hill, Brett [mailto:brett.h...@nlbusa.com] Sent: Thursday, November 29, 2012 7:42 AM To: ASSP development mailing list Subject: Re: [Assp-test] LDAPLIST 1.9.9(12333.1) Persblackdb also has this problem. Thanks, Brett -- Keep yourself connected to Go Parallel: VERIFY Test and improve your parallel project with help from experts and peers. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] LDAPLIST 1.9.9(12333.1)
I'm just trying to figure out which ldaplist file is being used. There are two: ldaplist and ldaplist.db The value for ldaplistdb is ldaplist, but it looks like the file ldaplist.db is the one being written to. The same applies to ldapnotfounddb. Kind Regards, Brett -- Keep yourself connected to Go Parallel: INSIGHTS What's next for parallel hardware, programming and related areas? Interviews and blogs by thought leaders keep you ahead of the curve. http://goparallel.sourceforge.net ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.8.4(12.323) SMTP Error
I'm seeing several of these errors: [SMTP Error] 501 Syntax: helo needs hostname; Is that to be expected? Kind Regards, Brett -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.8.4(12.319) MX and A Records Missing
I'm seeing several legit emails being blocked because of MX and A records are supposedly missing. I don't think that's the case. For example, Linkedin has both MX and A records, but ASSP says it has neither. X-Assp-Message-Score: 40 (MX A record missing: bounce.linkedin.com) X-Assp-Whitelisted: Yes (whitelistdb 'm-3hz1kj5nutjknqmj3hoyy2adt1-3v_v0pvabwhljueig7mfww4t4cca6@bounce.linke din.com') Kind Regards, Brett -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.8.4(12.319) Wrong IP?
The email I'm looking at says it was received from this IP Address: 172.21.194.240 But the log file says it was received from this IP Address: 167.138.224.192 I tried searching for 172.21.194.240, but it was to be found nowhere in the logs. It arrived this morning. Here's the Email Header: http://pastebin.com/RPDi07tU Here's the Log file: http://pastebin.com/5Qx1Q7XS The MX A bug is also logged in both places (but only the MX is missing this time). Kind Regards, Brett -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.x SPF Check
I'm using 1.9.8.4(1.0.02). Two questions regarding SPF checking. Question 1: In blockstrictSPFRe I've got @chase.com One of my users got an email from Chase Bank (a valid email) that was blocked by the blockstrictSPFRE rule. The email came from helo=sf3.jpmchase.com. The from address is chase.commercial.onl...@chase.com and because of this the email was blocked because of @chase.com. The spf IP list for chase.com is different from sf3.jpmchase.com. Other than putting the ranges of IP's for chase.com and jpmchase.com in noprocessing and blocking the @chase.com domain, is there a way to make it work? Here's the email header: http://pastebin.com/VuADkfb7 Question 2: In the above header it says: X-Assp-Message-Score: -35 (SPF pass) And then: X-Assp-Spam-Found: SPF pass - strictblock What does it mean? To me, SPF pass means that it passed the SPF check, not failed it. Thanks, Brett -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.8.3(0.0.02)
Upgraded from 1.9.8.2(0.0.04) to 1.9.8.3(0.0.02) (the latest available). It loads up and works for a couple minutes. It then stops receiving connections. I have rolled back to 1.9.8.2(0.0.04) and all is well again. There were no error messages in the log. I also noticed that you removed the droplist since 1.9.8.3(0.0.01). Is it coming back? Thanks, Brett -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.8.3(0.0.02)
Yes it is back in 1.9.8.4 1.9.8.4 is the last of my ASSP V1 development versions. So, you just rolled back to 1.9.8.2(0.0.04) (that's what it says, not 1.9.8.4)? 1.9.4.8 is the last stable version. Is this the same as the latest development version? Thanks! Brett -- The Windows 8 Center In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.8.3(0.0.02)
1.9.4.8 is the last stable version. Looks like you published 1.9.8.3(0.0.02) as the stable version. I wouldn't consider it stable since it stopped accepting connections for me. Kind Regards, Brett -- The Windows 8 Center In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.x - Body Header Size
Hello, I'm seeing tons of emails coming in that have oversize headers in the body. Is there a way to set a character limit for headers in the body of the email (not the actual header of the emails)? The reason I ask is because a good majority are full of words that go a long ways to corrupt a Bayesian database. Here's an example of the full body of an email, but look at how large (and full of mostly good words) the head section is: http://pastebin.com/xCJQy0N8 It would be great if such a limit were detected that the email was redRe'd or something like that so it wouldn't add to the spam folder. Or that the head /head section was removed and the rest of the email added like normal to the spam folder. Thanks, Brett -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: ASSP 1.9.x - Body Header Size
what shows the analyzer about such a mail ? Spam Probability 1.0 These messages will not compromize your spamdb, if they are detected and stored as spam and your corpus is large enough. My MaxFiles is set to 14500. It's enough to keep a little less than 2 weeks' worth of spam and a little more than 2 weeks' worth of notspam. Today's spamdb rebuild has a corpus norm of 1.0972. It's been slowly inching up probably from all the spam I have been reporting (and my users). Two weeks ago, it was 1.0434. My errors/spam folder has 4,447 files and my errors/notspam only has 1,286 files. If they are detected and stored as ham - this could become a problem in future. Not to my knowledge. Lastly, these types of emails are mostly being detected as spam probability 1.0, but they're only scoring 40 which is the lowest of the low end of my scoring (49 would be the highest before it doesn't reach the end user). So, the end users keep getting the emails regardless if they report it as spam (because there usually isn't anything else detected wrong like URIBL, DNS, etc...). How can I stop this or do we just deal with it? Obviously, I could raise the Bayesian score, but I don't think I should do that. Thanks, Brett -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: ASSP 1.9.x - Body Header Size
Is this the newest rebuildspamdb.pl 2.9.4.0, it should produce a norm of 1.0 Please try to reduce th maxsize to 1 or even 8000. It is 2.9.4.0 It's been pretty close to a norm of 1.0 Maxbytes is set to 4000 MaxBayesValues is 20 Bombre and Bombdatare both use the same file. I never separated them, but it seems to do a good job still. Kind Regards, Brett -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.8.2 (0.0.01) Authentication Limiting
I happened to open my ASSP GUI while an attempted harvest was going on. I blocked the address and all is fine now. But, it got me wondering if there is a feature of ASSP that will auto-blacklist an IP address for trying too many times unsuccessfully (more than 10 for example). Here's a sample of what I was seeing: Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:58 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:58 188.176.145.22 [SMTP Error] 500 Command not recognized; Thanks, Brett -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.8.2 (0.0.01) Authentication Limiting
Thanks! It was blank for whatever reason. -Original Message- From: Rusty Nejdl [mailto:rne...@ringofsaturn.com] Sent: Tuesday, October 16, 2012 9:54 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] ASSP 1.9.8.2 (0.0.01) Authentication Limiting See: Max Number of AUTHentication Errors (MaxAUTHErrors, default=5) Rusty Nejdl On 2012-10-16 08:42, Hill, Brett wrote: I happened to open my ASSP GUI while an attempted harvest was going on. I blocked the address and all is fine now. But, it got me wondering if there is a feature of ASSP that will auto-blacklist an IP address for trying too many times unsuccessfully (more than 10 for example). Here's a sample of what I was seeing: Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:57 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:57 188.176.145.22 [SMTP Error] 500 Command not recognized; Oct-16-12 08:42:58 188.176.145.22 info: authentication - login is used; Oct-16-12 08:42:58 188.176.145.22 [SMTP Error] 500 Command not recognized; Thanks, Brett -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.8.2 (0.0.01) Authentication Limiting
Thanks! I changed it per Rusty's recommendation. -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Tuesday, October 16, 2012 10:14 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.8.2 (0.0.01) Authentication Limiting ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: I happened to open my ASSP GUI while an attempted harvest was going on . I blocked the address and all is fine now. But, it got me wondering i f there is a feature of ASSP that will auto-blacklist an IP address for trying too many times unsuccessfully (more than 10 for example). Max Number of AUTHentication Errors (MaxAUTHErrors, default=5) If an IP exceeds this number of authentication errors (535) the transm ission of the current message will be canceled and any new connection from that IP will be blocked for 5-10 minutes. Every 5 Minutes the 'AUTHError' -counter of the IP will be decreased b y one. autValencePB is used for the penalty box. No limit is imposed by ASSP if the field is left blank or set to 0. Th is option allows admins to prevent external bruteforce or dictionary a ttacks via AUTH command. Whitelisted and NoProcessing IP's and IP's in npPB are ignored like any relayed connection. -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Spam Detection
I've noticed several emails coming in with text in the header like in the following link: http://pastebin.com/zwDeFN7H Is there a reason why I shouldn't add [[varstr:5,10]] to bombheaderre? If not, what would be the best regex for it? Thanks, Brett -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.2.2 build 12265
Hello Thomas, I use the latest ASSP 1.9.x version. I haven't used Griplist in probably two years. I stopped using it because I found that there were way too many false-positives causing legit emails to score higher and get blocked. Is that still the case or is it working any better now? Thanks, Brett -Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Friday, September 21, 2012 9:26 AM To: ASSP development mailing list Subject: [Assp-test] fixes in assp 2.2.2 build 12265 Hi all, The GRIPLIST scripts on sourceforge are updated and all databases are moved to MySQL for a week now. This improves the speed of the stats and griplist uploads. The number of records available for the griplist download has been increased. -- Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.7.8(0.0.05) Block Reports
I've noticed that for the last several days I've not received any block reports for myself or another mail account. I know that my account only received two spams on Sunday (nothing on Friday, Saturday, Monday, or Tuesday). And I'm fine with that. Obviously, I should have only received a block report Monday morning (for Sunday's two messages). However, I didn't. The other email account that I get block reports for has received at least 20-40 messages per day, but the last time an email was received for that account was Friday. The last received for ANY account was Friday. ASSP has, to my knowledge, been working fine since then. There are no files in the resendmail folder. I looked in ASSP's log and noticed that it says it's running the block report every day for the six email accounts I've indicated (in blockreportfile). The users just are not getting the block report emails. For example, here's the log that ran this morning (emails changed): Sep-19-12 06:06:12 Info: hourly scheduler running after 6:00; Sep-19-12 06:06:13 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; Sep-19-12 06:06:14 Info: search dates are: 'Sep-19-12', 'Sep-18-12'; Sep-19-12 06:06:14 Info: finished generating block reports (1) for someo...@mydomain.com to send it to someo...@mydomain.com; -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] FW: RebuildSpamDB - report from assp.isp.bm
Hopefully you keep backups of your corpse to restore it back to near perfect... -Original Message- From: Steve Moffat [mailto:st...@optimum.bm] Sent: Wednesday, September 12, 2012 12:51 PM To: 'assp-test@lists.sourceforge.net' Subject: [Assp-test] FW: RebuildSpamDB - report from assp.isp.bm Hi, Just ran rebuildspamdb with the new release. The results are even worse.before this I had a perfect corpus Steve -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] FW: RebuildSpamDB - report from assp.isp.bm
I learned that a long time ago when my corpus was massacred due to some bad code in rebuildspamdb. Been backing up ever since. I've just got a batch file that backs it up into .7z and keeps a rolling history. -Original Message- From: Steve Moffat [mailto:st...@optimum.bm] Sent: Wednesday, September 12, 2012 1:02 PM To: ASSP development mailing list Cc: ASSP development mailing list Subject: Re: [Assp-test] FW: RebuildSpamDB - report from assp.isp.bm Nope. but I will be from now on. Steve Moffat Operations Director Optimum IT Solutions Tel 441-292-8849 -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSPV1 and Perl 5.8
-Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Paying three years maintenance results in the same price like new hardware. I'd like to know your hardware vendors, especially for the SAN. In my experience, HP and Dell aren't that cheap for the servers/switches and SAN's that we buy. :-) -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug
We're getting all these emails from @newegg.com today. The domain @newegg.com is a whiteListedDomain. I've also got @newegg.com in spfstrict, but the emails are not being blocked. SPFWL is turned on as well. X-Assp-Regex: WhiteDomain, '@newegg.com' X-Assp-Delay: not delayed (whiteListedDomains '@newegg.com');22 Aug 2012 14:39:37 -0400 X-Assp-Whitelisted: Yes (whiteListedDomains '@newegg.com') X-Assp-Envelope-From: i...@newegg.com Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug
Nevermind, I had @newegg.com in both strictSPFRE and blockstrictSPFRe. I've removed it from strictSPFRe. We'll see how it goes. (Below I meant to say I had @newegg.com in blockstrictspfre, not spfstrict). -Original Message- From: Hill, Brett [mailto:hil...@nlbusa.com] Sent: Wednesday, August 22, 2012 2:50 PM To: assp-test@lists.sourceforge.net Subject: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug We're getting all these emails from @newegg.com today. The domain @newegg.com is a whiteListedDomain. I've also got @newegg.com in spfstrict, but the emails are not being blocked. SPFWL is turned on as well. X-Assp-Regex: WhiteDomain, '@newegg.com' X-Assp-Delay: not delayed (whiteListedDomains '@newegg.com');22 Aug 2012 14:39:37 -0400 X-Assp-Whitelisted: Yes (whiteListedDomains '@newegg.com') X-Assp-Envelope-From: i...@newegg.com Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug
Well, actually, this is still a problem even after correcting the entries. -Original Message- From: Hill, Brett [mailto:hil...@nlbusa.com] Sent: Wednesday, August 22, 2012 2:55 PM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug Nevermind, I had @newegg.com in both strictSPFRE and blockstrictSPFRe. I've removed it from strictSPFRe. We'll see how it goes. (Below I meant to say I had @newegg.com in blockstrictspfre, not spfstrict). -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Wednesday, August 22, 2012 3:17 PM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug Just to say it again: SPF records are not good Spam fighting tools. Why are SPF records not good spam fighting tools (assuming that the spam isn't actually coming from the addresses in the records)? Don't those records define the addresses that the domain owner wants you to be able to trust? Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Wednesday, August 22, 2012 3:06 PM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.5(0.0.02) SPFSTRICT Bug why should spfstrict block this mail? There is an SPF record: v=spf1 ip4:216.52.208.0/24 ip4:204.14.213.0/24 ip4:210.14.67.0/24 ip4: 204.89.152.0/24 ptr ~all I thought I had corrected myself. I was in a hurry and my fingers weren't typing what I was thinking. I meant blockstrictSPFRe. So, if an email says it comes from @newegg.com, but it doesn't really, then blockstrictSPFRe is supposed to kill it before it is scored so I don't have to worry about it getting any further, right? That's what I want to happen. Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: Re: Block spoofed addresses
Thanks Fritz. I completely forgot about that. -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Saturday, August 18, 2012 2:28 AM To: ASSP development mailing list Subject: Re: [Assp-test] Antwort: Re: Block spoofed addresses Furthermore I recommended some years back a simple method for handling this type of spam. noProcessingIPs were introduced to support the meth od: - http://www.senderbase.org - http://www.senderbase.org/senderbase_queries/detaildomain?search_st ring=efax.com - http://www.senderbase.org/export put the result - noProcessingIPs put efax.com into blackListedDomains. uncheck DoBlackDomainNP. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: Re: Block spoofed addresses
Before, you said to put the domain into bombsenderre. I only know because I made a special entry in there for verizonwireless.com. Is blacklistedDomains a better place to put these domains then? Thanks, Brett -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Saturday, August 18, 2012 2:28 AM To: ASSP development mailing list Subject: Re: [Assp-test] Antwort: Re: Block spoofed addresses put efax.com into blackListedDomains. uncheck DoBlackDomainNP. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: Re: Block spoofed addresses
How would I do that in ASSP 1.9.x or am I SOL? I know SPFoverride used to be in there, but was removed a little while back. Thanks, Brett -Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Friday, August 17, 2012 8:17 AM To: ASSP development mailing list Subject: [Assp-test] Antwort: Re: Block spoofed addresses efax.com=v=spf1 mx/24 -all This record in 'SPFoverride' may help. It is possible that you have to expand or to change the entry, if efax.com sends email not from the same class C network were there MX is located. If the record contains the right information, put '@efax..com' in to 'blockstrictSPFRe'. Thomas -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports
Yes, she did. It looks the same (also missing the attached pictures). It is configured to be in HTML format only. Also, to only show the link on the left. It's always worked for us that way. I'm looking in her mailbox and I don't see a report for today (which already ran for the day). I'm pretty sure there should be a report as the account she receives mail for gets tons of spam. Also, she's not in the office yet. So, I know she hasn't deleted it. By chance, did blockreport.css get updated? The modified date on mine is 3-9-2012. Kind Regards, Brett -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Tuesday, August 14, 2012 6:30 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: Attached is a screenshot of how it looks. Did he try to click to see the mail in a browser? -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports
Well, It was working in at least 1.9.7.3(0.0.01). See pictures: http://imgur.com/QkrCR (Top of email) http://imgur.com/uvDrd (Bottom of email) Kind Regards, Brett -Original Message- From: Steve Moffat [mailto:st...@optimum.bm] Sent: Tuesday, August 14, 2012 7:48 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports Ive seen this since it was introduced but was told it was my mail client. Well since then i have tried all mail clients i can get my hands on for mac or windows and they all show these exact same symtoms since day one. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports
Will do! -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Tuesday, August 14, 2012 8:03 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: By chance, did blockreport.css get updated? The modified date on mine is 3-9-2012. Download ASSP_1.9.4.0-Install.zip, there should be the newst image fol der. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug
Isn't blockstrictSPFRe independent of whether or not SPFWL is checked (meaning it will always check)? I don't know why, but I thought it was. Thanks, Brett -Original Message- From: Nicholas Hickman [mailto:nhick...@dtechlabs.com] Sent: Thursday, August 09, 2012 8:57 AM To: ASSP development mailing list Subject: Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug Do you have SPFWL unchecked? If not, enable it. Since the address is whitelisted it is skipping the SPF check. -Nick -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports
Well, it didn't include my print screen. You can find it here: http://imgur.com/CQM2q -Original Message- From: Hill, Brett [mailto:hil...@nlbusa.com] Sent: Monday, August 13, 2012 10:08 AM To: assp-test@lists.sourceforge.net Subject: [Assp-test] ASSP 1.9.7.3(0.0.04) Block Reports I have an end user who just notified me that the block report is not as it should be. She says that this is the first one like it that she's received. So, I'm going to assume that 1.9.7.3(0.0.04) has somehow broken it (last working in 0.0.01). Attached is a screenshot of how it looks. Also, I've set myself up in Send Copy of Block-Reports TO (EmailBlockTo). I'm assuming that it means I should receive a copy of any blockreport that is generated by ASSP. However, I have not received these emails for a long time. Lastly, (merely a cosmetic improvement) in the BlockReportFile, after each entry that has been run, it says # next run: 2012-8-13. I don't know what you want it to say there, whether it's next run or last run. If you're going to keep today's date there, it should read # last run: 2012-8-13 (because it has already run). If you want to say it's going to run again, it should read # next run: 2012-8-14. Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug
I just noticed that SPF checks aren't working quite right. I have UPS.com listed in blockstrictSPFre and ASSP didn't check for it. UPS does have an SPF record. The email example below contains postmas...@mydomain.com in the CC field. However, I have several other emails like this one that do not contain postmaster in them that are also getting through simply because of being whitelisted. Here's the log: Aug-09-12 08:27:34 id-34451-38938 89.122.25.44 upsbillingcen...@ups.com to: some...@mydomain.com [scoring:5] -- Suspicious HELO - contains IP: '[89.122.25.44]'; Aug-09-12 08:27:35 id-34451-38938 [VIRUS] 89.122.25.44 upsbillingcen...@ups.com to: some...@mydomain.com ClamAV: scanned 7945 bytes in whitelisted message - OK ; Aug-09-12 08:27:35 id-34451-38938 [WhitelistedOK] 89.122.25.44 upsbillingcen...@ups.com to: some...@mydomain.com whitelisted - whitelistdb 'upsbillingcen...@ups.com' - [Your UPS Invoice is Ready] - notspam/34451-38938.eml; Header: From upsbillingcen...@ups.com Thu, 09 Aug 2012 08:27:35 -0400 X-Connect-IP: 10.0.50.150 X-Envelope-To: some...@mydomain.com X-SEF-MessageID: 0FC6C51C-6F2A-4C31-834A-B42FAA659D45 Return-Path: upsbillingcen...@ups.com Received: from ASSP [192.168.5.12] by mail.mydomain.com - SurfControl E-mail Filter (5.5.0); Thu, 09 Aug 2012 08:27:35 -0400 Received: from [89.122.25.44] ([89.122.25.44] helo=[89.122.25.44]) by ASSP.nospam with ESMTP (ASSP 1.9); 9 Aug 2012 08:27:33 -0400 Received: from [120.190.174.191] (account upsbillingcen...@ups.com HELO wgjgwpnjgxaoen.hjtqw.org) by (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 075723868 for some...@mydomain.com; Thu, 9 Aug 2012 14:27:38 +0200 From: upsbillingcen...@ups.com upsbillingcen...@ups.com To: some...@mydomain.com Cc: postmas...@mydomain.com Subject: Your UPS Invoice is Ready. Date: Thu, 9 Aug 2012 14:27:38 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_qnmdrdoz_48_66_25 X-Priority: 3 X-Mailer: havbyp.90 Message-ID: 1240512465.23efy98m491...@cdfqixjjfvkzu.awocamgrzlrwc.net X-Assp-Delay: not delayed (whitelistdb 'upsbillingcen...@ups.com'); 9 Aug 2012 08:27:34 -0400 X-Assp-Whitelisted: Yes (whitelistdb 'upsbillingcen...@ups.com') X-Assp-Envelope-From: upsbillingcen...@ups.com X-Assp-Intended-For: some...@mydomain.com X-Assp-Passing: whitelistdb 'upsbillingcen...@ups.com' X-Assp-ID: ASSP.nospam (id-34451-38938) X-Assp-Version: 1.9.7.3(0.0.01) X-SEF-C78C3B4C-7293-4950-A8F1-D32B88106FB4: 1 X-SEF-NDR-C78C3B4C-7293-4950-A8F1-D32B88106FB4: 1 X-SEF-Processed: 5_5_0_210__2012_08_09_08_27_35 -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug
That doesn't seem to do anything for it. Messages still coming in. -Original Message- From: Nicholas Hickman [mailto:nhick...@dtechlabs.com] Sent: Thursday, August 09, 2012 8:57 AM To: ASSP development mailing list Subject: Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug Do you have SPFWL unchecked? If not, enable it. Since the address is whitelisted it is skipping the SPF check. -Nick -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug
Fritz, yes, I do. I was a little lazy I suppose when I said I had ups.com in my block file. Contents of my blockstrictSPFRe.txt file: @ebay.com @email.citimortgage.com @facebook.com @info.paypal.com @new.itunes.com @newegg.com @orders.apple.com @paypal.com @site.careerbuilder.com @ups.com @usps.com @usbank.com @wellsfargo.com -Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Thursday, August 09, 2012 10:49 AM To: ASSP development mailing list Subject: Re: [Assp-test] assp 1.9.7.3(0.0.01) SPF Check Bug ASSP development mailing list assp-test@lists.sourceforge.net schrei bt: I have UPS.com listed in blockstrictSPFre and ASSP didn't check for it. UPS does have an SPF record. Did you try @ups.com? -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.7.2 Scoring
Are emails supposed to get scored if their whitelisted? I've noticed this for a while now. X-Assp-Message-Score: 15 (Bad IP History for 206.132.3.142) X-Assp-Message-Totalscore: 15 X-Assp-Spam-Level: *** X-Assp-Whitelisted: Yes () -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.7.2 Scoring
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, July 27, 2012 8:21 AM May be there is a bug. The empty () after Yes looks suspicious. (should be the reason) Is ist possible to get the log for it? Here's all I have from the log: Jul-27-12 05:57:20 id-34338-03651 206.132.3.142 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com to: u...@mydomain.com Message-Score: added 15 for Bad IP History for 206.132.3.142, total score for this message is now 15; Jul-27-12 05:57:20 id-34338-03651 [VIRUS] 206.132.3.142 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com to: u...@mydomain.com ClamAV: scanned 9998 bytes in whitelisted message - OK ; Jul-27-12 05:57:20 id-34338-03651 [WhitelistedOK] 206.132.3.142 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com to: u...@mydomain.com whitelisted [Great offers to earn cash back with your Chase Debit Card] - notspam/34338-03651.eml; The email header is attached to this email. Is it really whitelisted for a good reason? I suppose so. It's a typical advertisement email from Chase Bank (not really spam, but want to make sure it gets through). But, this was just one example. There are others where this also happens. I do not have another example of this type presently. I have attached an example of another whitelisted email that didn't get the penalty though Email 2 Log and Header.txt. And it has the same empty (). Lastly, this isn't new, it's been happening for at least the last few versions you've put out. Kind Regards, Brett X-Assp-Version: 1.9.7.2(0.0.01) on ASSP.nospam X-Assp-Delay: u...@mydomain.com not delayed (auto accepted); 27 Jul 2012 05:57:20 -0400 X-Assp-Message-Score: 15 (Bad IP History for 206.132.3.142) X-Assp-Message-Totalscore: 15 X-Assp-Whitelisted: Yes () X-Assp-Envelope-From: 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com X-Assp-Intended-For: u...@mydomain.com X-Assp-ID: ASSP.nospam id-34338-03651 Received: from bigfootinteractive.com ([206.132.3.142] helo=bigfootinteractive.com) by ASSP.nospam with ESMTP (ASSP 1.9); 27 Jul 2012 05:57:20 -0400 Return-Path: 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com DKIM-Signature: v=1; a=rsa-sha1; d=email.chase.com; s=ei; c=simple/simple; q=dns/txt; i=@email.chase.com; t=1343383048; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=DmoF1hF5qP3z6cHrmD7Ir1uOROE=; b=YglqPP7ruc2CqAWTnWB2RJNnscAwqvoHmdidmLd+dk1dw6YV+6Re5fzz037eKK4w 7Cj+vQO6qoGsaY7bTMvj2npU5gvmRLfHeCv5QKhbKqTmq+R33FEPkOjDUzfw56S1 l/7KtLacpNArjjvnjT6tuXctwXli6PqOZVI+G2aAHAc=; DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws; s=ei; d=email.chase.com; h=Received:Reply-To:Bounces_to:Message-ID:X-SS:X-BFI:Date:From:Subject:To:MIME-Version:Content-Type; b=qafRW8NswjeVKprSeE8EbWt1+iCQG1Cg7PYkOq6y9fHhUdsu8DB4nzRfJrAGSGCP sydf4rLsvnL7T5kbjavFMyLPXLdTgkm9g99xTrC/kB6JCuenPSVUzwihPt4QcyIH P5bNF4BoyNeNXBhR5amx4IW9VIHe2STzFEJ4WSRgFok= Received: from [192.168.3.36] ([192.168.3.36:43419] helo=unjdrmmailerpv11) by pimta08.epsiloninteractive.com (envelope-from 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com) (ecelerity 2.2.2.45 r(34222M)) with ESMTP id AF/C6-04770-80662105; Fri, 27 Jul 2012 05:57:28 -0400 Reply-To: =?iso-8859-1?B?IkNoYXNlIg==?= 1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@email.chase.com Bounces_to: void.1a39d2c90layfovciariahhaaac2suztcwiutiyyaa...@epsilon.com Message-ID: 1a39d2c90layfovciariahhaaac2suztcwiutiyya.5582.3630.unjdrmmailerpv11.dumpsho...@email.chase.com X-SS: 1-1-11480280-723686214 X-BFI: 1a39d2c90layfovciariahhaaac2suztcwiutiyya Date: Fri, 27 Jul 2012 05:56:10 EDT From: =?iso-8859-1?B?Q2hhc2U=?= ch...@email.chase.com Subject: Great offers to earn cash back with your Chase Debit Card! To: u...@mydomain.com MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=ABCD-1a39d2c90layfovciariahhaaac2suztcwiutiyya-EFGH Log: Jul-27-12 08:35:37 id-34339-04214 [VIRUS] 188.138.4.200 cli11...@server110.akfastpass.com.br to: us...@mydomain.com ClamAV: scanned 9496 bytes in whitelisted message - OK ; Jul-27-12 08:35:38 id-34339-04214 [WhitelistedOK] 188.138.4.200 cli11...@server110.akfastpass.com.br to: us...@mydomain.com whitelisted [ltima chance para participar do Concrete Show virada de tabela hoje] - notspam/34339-04214.eml; Header: From cli11...@server110.akfastpass.com.br Fri, 27 Jul 2012 08:35:38 -0400 X-Connect-IP: 192.168.5.11 X-Envelope-To: us...@mydomain.com X-SEF-MessageID: 5315C91E-B8CF-41E5-8FA6-CAAA7A8E8AE2 Return-Path: cli11...@server110.akfastpass.com.br Received: from ASSP [192.168.5.11] by mail.mydomain.com - SurfControl E-mail Filter ; Fri, 27 Jul 2012 08:35:38 -0400 Received: from server110.akfastpass.com.br by ASSP.nospam with SMTP ; 27 Jul 2012 08:35:36 -0400 Received: ; 27 Jul 2012 12:35:45 - DKIM-Signature: v=1;
Re: [Assp-test] ASSP 1.9.7.2 Scoring
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, July 27, 2012 10:32 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.7.2 Scoring It seems to be cosmetic. I'm glad that's the case! So it is in whitelistdb? Yes! In all 3 cases it is, however, not usually the first from address, but the second one (ie: ch...@email.chase.com, jbellang...@ubmsienna.com.br, and supp...@keepersecurity.com ) Thanks, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.7.2(0.0.0.0) Windows Service Won't Start
Fritz, I just tried loading the latest version of ASSP, but it won't start as a Windows service. Rolled back to 1.9.7.1(0.0.04) and all is fine again. Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP Version: 1.9.7.1(0.0.04)
Fritz, I don't know what you did to it, but the interface responds so much faster now (ie. page loads, saves, etc...)! Thanks! -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] MX and A Lookup Missing
I'm running ASSP 1.9.7.0. I noticed several emails scoring like this: X-Assp-Message-Score: 15 (MX A missing for 'eetevents.com') Just out of curiosity, I went and looked for the MX and A records manually and they are available. Why would ASSP say they are missing? I'm running Windows Server 2003 DNS (dedicated just to ASSP) to run the checks. The only thing I can see is that the originating address in the header is 205.162.44.170 instead of 205.162.44.5. Would that cause it to have the message score above? nslookup set type=ANY eetevents.com Server: dns.mydomain.com Address: any old address Non-authoritative answer: eetevents.com internet address = 205.162.44.170 eetevents.com nameserver = namesrv.omeda.com eetevents.com nameserver = namesrv2.omeda.com eetevents.com MX preference = 1, mail exchanger = mx.omessage.com namesrv.omeda.com internet address = 204.180.130.33 namesrv2.omeda.com internet address = 204.180.130.35 mx.omessage.com internet address = 205.162.41.5 Thanks, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: Re: Antwort: Ham-heavy corpus
Try to change your collection settings - possibly you collect spams to the corpus where it is better to store mails in to 'discarded' (eg SPF, PTR, HELO ...). So, you recommend that emails blocked because of SPF, PTR, and HELO go into 'discarded' instead of the 'SPAM' folder? Or was that just throwing something out there for him to try? Kind Regards, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Whitelisted Addresses ASSP 1.9.7.x
Just wanted to get some clarification on a couple different entries I've seen in my whitelist. 1.Two entries like below. The first entry is obvious. At some point I requested it to be there. Is the second entry there because some...@mydomain.com requested it, or sent an email to it? some...@yahoo.com some...@yahoo.com,some...@mydomain.com[1]173307 2.Why would there be references (two different kinds) to my exchange mail server here? I thought local addresses shouldn't be whitelisted. 15ee2aaa8d90cf449983494481233cfc04d39...@exchange.mydomain.com[1]1257537 820 exchange0gplrwanekvgk0...@echange.mydomain.com[1]1328298961 Thanks for an explanation! Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Personal Blacklist Blocking Bug?
Pretend an email is addressed to one person and CC'd to 1,2,3,4, or 5 others. The person that the email was sent directly to has already reported a previous email with the same address as spam and the address was added to his personal blacklist. Looking at my log, it looks like because the address was personal blacklisted by the person in the TO: field, that person's blacklist is keeping the other people that were CC'd from receiving the email also. Fortunately, the email is spam anyways and it doesn't matter (and it should ultimately be blocked because of the SPF workaround that you showed me Fritz for verizonwireless.com). But there could be times when the email is only spam to one person and not the rest (playing Devil's Advocate). Barring any other circumstances that might block the email, shouldn't it still be allowed through to the addresses that were CC'd? Here's the log entry (there were three other addresses CC'd in this email): Apr-30-12 10:08:28 id-33579-06879 [PersonalBlack] 187.35.155.244 waccountnot...@verizonwireless.com to: some...@mydomain.com [spam found][blocked] -- rejected by personal blacklist: 'some...@mydomain.com,accountnot...@verizonwireless.com' -- [Your Bill Is Now Available] - spam/33579-06879.eml; Apr-30-12 10:08:28 id-33579-06879 187.35.155.244 waccountnot...@verizonwireless.com to: some...@mydomain.com [SMTP Error] 554 5.7.1 Mail (id-33579-06879) appears to be unsolicited - mailbox some...@mydomain.com unavailable - contact postmas...@mydomain.com for resolution; Thanks, Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.x Denied by PenaltyExtremeStrict
How do I erase IP addresses from PenaltyExtremeStrict? I've tried emptying the following: Files\exportedextreme.txt Pb\pbdb.black.db Addresses removed from those files continue to be blocked. Thanks! Brett -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.x Adding to Personal Black List Manually
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, April 20, 2012 12:38 PM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.x Adding to Personal Black List Manually ASSP development mailing list assp-test@lists.sourceforge.net schreibt: Is it necessary for those entries to also have time next to them? I can't think of a reason why it would be of benefit. the format of the db-entry is key13date What I meant was I don't see any reason for the digits at all since they're not date dependent (IE. They're not going to be automatically removed at some point in time are they?). Kind Regards, Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.6.7(0.0.08) Scoring
Just wondering why the softfail SPF was not scored even though it is set to score mode? It should have scored 40 for Bayesian and another 5 for spfsValencePB for a total of 45 right? Thanks, Brett Apr-18-12 11:46:34 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com [monitoring] -- suspicious country 'TW' -- [Dear One]; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com [scoring] spf_result:softfail; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com identity:naomi_johnson...@hotmail.fr; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com scope:mfrom; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com spf_record:v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com local_exp:hotmail.fr: Sender is not authorized by default to use 'naomi_johnson...@hotmail.fr' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched); Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com authority_exp:; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com received_spf:Received-SPF: softfail (hotmail.fr: Sender is not authorized by default to use 'naomi_johnson...@hotmail.fr' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=ASSP.nospam; identity=mailfrom; envelope-from=naomi_johnson...@hotmail.fr; helo=nm15-vm9.bullet.mail.tp2.yahoo.com; client-ip=203.188.200.215; Apr-18-12 11:46:35 id-33476-15049 [VIRUS] 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com ClamAV: scanned 3755 bytes in message - OK ; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com Bayesian Check [scoring:40] - Prob: 1.0 = spam; Apr-18-12 11:46:35 id-33476-15049 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com Message-Score: added 40 for Bayesian Probability: 1.0, total score for this message is now 40; Apr-18-12 11:46:35 id-33476-15049 [MessageScore] 203.188.200.215 naomi_johnson...@hotmail.fr to: u...@mydomain.com [spam found] and passing because messagescore(40) is in warning range ( 39 - 49) -- [Dear One] - discarded/33476-15049.eml; -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.x Adding to Personal Black List Manually
We have some email addresses that are departmental and cannot be used as from: addresses (just used for receiving) by the users that receive emails from those addresses. How can I manually add such an address to the personal black list as an admin? The email address that doesn't want emails from a certain domain: departmen...@mydomain.com The address to block is: @professionaltraining2.com I tried creating an email and adding this to the body (but it didn't work): departmen...@mydomain.com,*@professionaltraining2.com Or do I simply add the above into the persblack file via the gui (without the trailing numbers)? I only ask because I don't know what all the trailing numbers are all about (ie. departmen...@mydomain.com,*@professionaltraining2.com[1]1334299069) or if they're important to the way ASSP works. Thanks, Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.x Adding to Personal Black List Manually
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, April 13, 2012 9:20 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.x Adding to Personal Black List Manually The above is only possible by using the file. The numbers are the time in seconds. So copy a entry and change to your liking. I did not understand the first question. Admins can be set with EmailA dmins. To rephrase my question... So, I'm setup as an EmailAdmin. Is there a way I can send an email to the email interface to be able to create the appropriate personal blacklist entry? To answer that myself, it appears I cannot do it that way, but I can do it via the gui (per your recommendation) by copying another entry and changing it to my liking. Is it necessary for those entries to also have time next to them? I can't think of a reason why it would be of benefit. Thanks! -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: SPF lookup timed out
-Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Thursday, April 12, 2012 2:39 AM To: ASSP development mailing list Subject: [Assp-test] Antwort: SPF lookup timed out This DNS runtime penalty issue belongs to all DNS querys inside V1 since IPv6 was implemented - or better explained, since the Perl-IPv6 modules are installed, except the querys for RWL,RBL and URIBL - because they don't use Net::DNS. To prevent this, uninstall IO::Socket::INET6 and Socket6 or enable and configure and use IPv6 on all systems. I do not have IO::Socket::INET6 installed. Thanks, Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: Re: Antwort: Re: Antwort: SPF lookup timed out
-Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Thursday, April 12, 2012 8:24 AM To: ASSP development mailing list Subject: [Assp-test] Antwort: Re: Antwort: Re: Antwort: SPF lookup timed out Oh , windows - use double quotes; perl -e use IO::Socket::INET6; So, it appears that I did have it installed, but was not using it. I've uninstalled the Perl modules. Thanks for the assistance! Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SPF lookup timed out
-Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: Wednesday, April 11, 2012 11:40 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] SPF lookup timed out Hm... probably slow resolvers, by the way, it could be useful to also see the HELO string used by that host; anyhow... helo=aten-09.ovea.com (assuming that's what you wanted to see) so, maybe one of those includes causes the SPF checker to slowdown a bit (just guessing) but even in this case, the issue is due to the DNS resolver(s) you're using Just using M$ 2003 Server DNS. All it does is provide DNS lookup for ASSP, nothing more (1000-2000 messages per day). It doesn't seem (to me) that that many lookups per day would be more than it could handle. Thanks, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SPF Cache ASSP 1.9.6.7 (0.0.02)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Monday, April 09, 2012 4:16 PM To: ASSP development mailing list Subject: Re: [Assp-test] SPF Cache ASSP 1.9.6.7 (0.0.02) clean them all out Done. I'll keep a watch on them to see if they continue to grow big. Thanks, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] How to block certain emails?
My company has received several emails from @verizonwireless.com (but they're not really from there). Normally, I would block them via SPFstrict. However, @verizonwireless.com does not have a valid SPF record. I'm having brain block right now. Any idea how I would block emails claiming to be from there, but not ones that actually are from there? The emails come from several different IP's, so just blocking the IP's wouldn't be of any real benefit. Thanks, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: How to block certain emails?
-Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Tuesday, April 10, 2012 9:39 AM To: ASSP development mailing list Subject: [Assp-test] Antwort: How to block certain emails? If you use V2 : Thanks for the advice everyone. Yeah, I forgot to mention I'm using V1. In V1 you can define the same record(s) but (IMHO) you must disable 'SPF2' to force assp to use the SPFv1 module. Doesn't the SPF2 module also support reading SPF1? It appears that ASSP v1 also has SPFoverride and SPFfallback. I didn't see those before (looked over them). It would appear that I can follow your suggestion of creating my own SPF record for that domain. I'll give it a try and see if it works. Thanks, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: How to block certain emails?
-Original Message- From: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] Sent: Tuesday, April 10, 2012 1:33 PM To: ASSP development mailing list Subject: [Assp-test] Antwort: How to block certain emails? SPFoverride and SPFfallback are default buildins in the Mail::SPF::Query module (1.9xx - SPF module version 1) - these functions are wipped out of the SPF version 2 modules. Sorry for the confusion. Fritz told me, that he has removed the usage of the SPF version 1 modules from assp V1. ASSP V2 has a 'hack' to (re)implement SPFoverride and SPFfallback in to the SPF version 2 modules - but as long as I know this 'hack' does not work in assp V1. This 'module-hack-in' works but is not very well tested and it will possibly produce some memory leaks over a long runtime. Can I assume that, since the two features (SPFoverride and SPFfallback) are available to use in ASSP v1, Fritz has hacked the SPF1 checks into ASSP's base code? Or are they just there for good looks :-) ? If so, should we not be using them? Thanks again for the explanation, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Antwort: How to block certain emails?
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Tuesday, April 10, 2012 3:52 PM To: ASSP development mailing list Subject: Re: [Assp-test] Antwort: How to block certain emails? I removed them, but will introduce something similar in the next versions. Thanks! I look forward to them then. -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] SPF Cache ASSP 1.9.6.7 (0.0.02)
I was just looking through ASSP and decided to click on the show cache button beside SPFCacheExp. The setting is set to 72 hours, but I've got 69,927 rows in the file. I know I don't receive that many communication attempts in 3 days. Could it be that ASSP is not clearing the entries out properly when they expire? Kind Regards, Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SPF Cache ASSP 1.9.6.7 (0.0.02)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Monday, April 09, 2012 1:01 PM To: ASSP development mailing list Subject: Re: [Assp-test] SPF Cache ASSP 1.9.6.7 (0.0.02) I cannot reproduce this. Clear the cache completely and look what is h appening. Will do. I've noticed that there are several files in the PB directory that are rather large (more than 1MB and up to 4,754 KB). For example: pbdb.black.db, pbdb.mxa.db, pbddb.rbl.db, pbdb.sb.db, and pbdb.uribl.db. Do you suppose I should clean them out as well? My ASSP analyzes, on average, 2000 emails per day. Thanks, Brett -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Latest ASSP version 1.x Dev Versions
I've been seeing some version numbers changing unexpectedly from higher to lower and lower to higher through the last week. I just want to make sure I'm on the correct versions. These are what ASSP downloaded automatically. assp.pl: version 1.9.6.6(0.0.03) rebuildspamdb.pl: version 2.9.3.0(1.0.00) Thanks, Brett -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Latest ASSP version 1.x Dev Versions
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Wednesday, April 04, 2012 9:52 AM To: ASSP development mailing list Subject: Re: [Assp-test] Latest ASSP version 1.x Dev Versions That is the newest. Thanks! -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] assp-notpersblack 1.9.6.3(0.0.02)
I've got my email address setup as an emailadmin. I received an email from an end-user to remove an email address from their personal blacklist (because I haven't shown them how to do it yet). I followed the GUI instructions and sent an email to assp-notpersbl...@myspamdomain.com with the appropriate address in the body of the email; like this: somebodiesaddr...@theirdomain.com,* . However, I received an empty email back from ASSP. The address wasn't removed from their personal blacklist. Am I missing something? Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 3:59 PM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) The forced rerun will not update the dates. Waiit for the standard runs. I see that it appears to be updated the date now. However, it ran this morning and it says it will next run with today's date. Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 12:48 AM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) ASSP development mailing list assp-test@lists.sourceforge.net schreibt: Also, in the admin report email, second option/link (to open the mail use: ), it appears that the address is being mangled. The GUI says: Which Link Should be included (BlockResendLink) If HTML is enabled in inclResendLink, two links (one on the left and one on the right site) will be included in the report email by default. Depending on the used email clients it could be possible, that one of the two links will not work for you. Try out what link is working and disable the other one, if you want. Ahh, I figured out where I messed up. I had ASSP configured to only send the block report in Text format. The emailadmin link (the one that lets you see the source info right from the ASSP GUI), is where the address is mangled. Here's the body of a text-only block report: -- ASSP-Block-Report for the last 5 day(s) on host ASSP.nospam for m...@mydomain.com Mar-08-12 01:27:32 [MessageScore] 178.63.20.146 m...@reboot.pro [spam found] and passing because messagescore(47) is in warning range ( 39 - 49) -- [Tutorials available please help] To get this email, send an email to - mailto:rsbm_discardedx2fx33118x2dx09928@myspamdomain.com -- to open the mail use : http://MyIPAddress:5/edit?file=scarded%2F33118%2D09928%2Eemlnote=sh owlogout= 84806 lines with 12.3MB analysed in 2 logfiles on host ASSP.nospam in 3 seconds - running ASSP version 1.9.6.3(0.0.00) - Do you see how Di is missing from scarded (discarded) in the address above? The same happens if it's in the spam folder. It doesn't appear to do this in HTML format. Also, I noticed that, according to the help text in blockreport_html.txt, the USERS section is supposed to be added to the ALL section, but it is not being done. All I see in the HTML email is just the text from the ALL section. Lastly, in the BlockReportFile, I've listed myself and a couple others. After the blockreport has run, it adds # next run: 2012-3-9 at the end of each line. I noticed that it never changes. I have been using it for over a year now for just myself and noticed that the date was probably the date that it first ran. Is it supposed to update itself only the first time or each time. Next Run implies it will be run again and be updated with a new date. Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 1:41 PM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) Clear the dates out and see what happens. It will re-add the date the next time it runs, but then doesn't change it after that. Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 1:50 PM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) User section is for non-admins. I cannot reproduce you problem. Well, I removed my address from EmailAdmins prior to running. Does ASSP require a restart to recognize that? -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 2:09 PM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) No. But you can see if that is a report for admins: there is a show-file link then. I found the answer. If I remove my email address from emailadmins, but still have it in EmailBlockto, it still thinks I'm an admin. Removed it from EmailBlockTo and it thought I was a standard user. Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Friday, March 09, 2012 2:05 PM To: ASSP development mailing list Subject: Re: [Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00) no, do not add manually, make the date empty I deleted the date from the line. I forced it to re-run the report (from the gui). The date is still missing and the rest is there. -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] How to unblock messages ?
-Original Message- From: Gary Sunderland [mailto:ga...@carolinageeks.com] Sent: Wednesday, March 07, 2012 7:21 PM To: 'Spyros Tsiolis'; 'ASSP development mailing list' Subject: Re: [Assp-test] How to unblock messages ? I use assp toolbar for outlook As a side note, If you've got Outlook 2010, you can use the Quick Steps feature in place of the ASSP Toolbar (I used to use the toolbar also). -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] How to unblock messages ?
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Thursday, March 08, 2012 7:28 AM To: ASSP development mailing list Subject: Re: [Assp-test] How to unblock messages ? I do not quite understand why do you need to do that, you can resend a mail with one click using view maillog tail or inclResendLink in BlockReport. My reply was a little off-topic, sorry. I was referring to using it for the menial tasks such as spam reporting, whitelisting, not whitelisting, etc... -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] EmailBlockReport ASSP 1.9.6.3(0.0.00)
I'm attempting to customize the EmailBlockReport using the customization button (ie. Edit blockreport_html.txt file). No matter what I put in there, content of the received report email is that of what's built into the ASSP perl code. What is the point of having the edit buttons if your custom edits aren't used? Also, in the admin report email, second option/link (to open the mail use: ), it appears that the address is being mangled. For example: http://MyIPAddress:5/edit?file=scarded%2F33118%2D09928%2Eemlnote=sh owlogout= It's leaving off the first few letters of Discarded. It also does it for Spam. Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP and spamtraps
-Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: Tuesday, February 28, 2012 6:55 AM To: assp-test@lists.sourceforge.net Subject: [Assp-test] ASSP and spamtraps I was rereading the description related to DoPenaltyMakeTraps and spamtrapaddresses now, I wonder why ASSP only uses the traps to score IPs instead of also using them to improve the bayes/hmm corpus; I mean, given that those addresses *are* traps so they don't belong to any human and, by definition, they only receive junk; why not using them to ALSO improve the bayes spam corpus ? I wouldn't say that they only receive junk. In a business environment previous employees' addresses could eventually make it on that list and not everything they receive is bad and could potentially cause Bayesian corruption right? Kind Regards, Brett -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP and spamtraps
-Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: Tuesday, February 28, 2012 8:35 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] ASSP and spamtraps I wouldn't say that they only receive junk. In a business environment previous employees' addresses could eventually make it on that list No, that list isn't there for such a purpose; there's another one which deals with the above that is RejectTheseLocalAddresses; the spamtraps on the other hands are either manually populated with addresses NEVER assigned to users or, if you enable it, with addresses automatically collected Perhaps I misunderstood your question or I took it out of context. My comment was for the last part of your statement, I mean, given that those addresses *are* traps so they don't belong to any human and, by definition, they only receive junk; why not using them to ALSO improve the bayes spam corpus If you have DoPenaltyMakeTraps set to use for spamaddresses, then in any corporate situation where an employee no longer exists with a valid email address, it doesn't mean that, by definition, they only receive junk. They may still be receiving newsletters that other employees in the company are also receiving. By considering, as you're saying, then those newsletters may end up being considered junk by bayes as well. I know I'm reaching a little bit, but that's all I was saying. Kind Regards, Brett -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP and spamtraps
-Original Message- From: Grayhat [mailto:gray...@gmx.net] Sent: Tuesday, February 28, 2012 9:19 AM To: assp-test@lists.sourceforge.net Subject: Re: [Assp-test] ASSP and spamtraps Perhaps I misunderstood your question or I took it out of context. No, I think you got it right If you have DoPenaltyMakeTraps set to use for spamaddresses, then in any corporate situation where an employee no longer exists with a valid email address the address should be added to the RejectTheseLocalAddresses list so that emails directed to such an address will just be rejected and won't contribute to spamtraps/spam-corpus ... see it now :D ? The idea is that spamtraps are *really* addresses which even if not existing are targeted by spammers; so those addresses will always get junk and be good sources of material for the spam corpus hope to have been clear now :) Ahh yes, now I see. Kind Regards, Brett -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP Wiki
From: Grayhat [mailto:gray...@gmx.net] Sent: Sat 2/25/2012 6:04 AM To: ASSP development mailing list Subject: [Assp-test] ASSP Wiki I was looking at the browse all articles here http://www.asspsmtp.org/mw/index.php?title=Special:AllPages and found this http://www.asspsmtp.org/mw/index.php?title=Car_insurance now, maybe I'm just dumb; could someone please explain me what's the relation between ASSP and car insurance :) ? It's an easter egg! :-) -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.6.1(0.0.08) Not Spam Reports
In the confirmation email I receive after forwarding to NotSpam, I see that the address for the email I forwarded is now whitelisted. I also see a whole bunch of addresses (that aren't part of the original email that I forwarded) saying: *,18puevw2v5lkpdzk7gl...@sanmarketing.net: is on the personal blacklist of * *,1webmas...@vrbo.com: is on the personal blacklist of * *,20120...@googlemail.com: is on the personal blacklist of * *,337187.36102...@omp1062.mail.sp2.yahoo.com: is on the personal blacklist of * *,338741.94385...@omp1003.mail.sp2.yahoo.com: is on the personal blacklist of * *,352324.23447...@omp1022.access.mail.mud.yahoo.com: is on the personal blacklist of * *,371648.12280...@omp1007.mail.ne1.yahoo.com: is on the personal blacklist of * *,3988e7e6.ab068...@ups.com: is on the personal blacklist of * *,436421.52566...@omp1011.mail.ne1.yahoo.com: is on the personal blacklist of * *,4millerb...@embarqmail.com: is on the personal blacklist of * *,502152.61493...@omp1022.mail.ac4.yahoo.com: is on the personal blacklist of * *,508419.87945...@smtp212.mail.gq1.yahoo.com: is on the personal blacklist of * *,58489.1631...@omp1045.mail.ac4.yahoo.com: is on the personal blacklist of * *,6781not...@ups.com: is on the personal blacklist of * That's just a very small part of the list of addresses that show. Why is this showing now? It seems that you would only want to list the addresses in the email and not the whole blacklist (or wherever these addresses are being pulled from). Kind Regards, Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.6.1(0.0.08) Not Spam Reports
-Original Message- From: Fritz Borgstedt [mailto:f...@iworld.de] Sent: Thursday, February 23, 2012 11:14 AM To: ASSP development mailing list Subject: Re: [Assp-test] ASSP 1.9.6.1(0.0.08) Not Spam Reports It is shown only to email-admins. -EmailAdmins will block for all Recipients (EmailAdminsModifyGlobalBlack, default=on) EmailAdmins will automatically add/remove to Personal Blacklist in a special way (from,*), which blocks an address for all recipients. Whitelisted is done because EmailErrorsModifyWhite is enabled. Ahh, ok, thanks for the explanation! Brett -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.5.9(0.0.05) Bayesian Scoring
The log says one thing and the analyzer says another.
Here's what the log says (Prob:0.11941 = ham):
---
Jan-19-12 11:26:01 id-32699-00984 176.53.113.168
hae_jin0...@coursereal.info to: some...@mydomain.com [monitoring] --
Blocked Country TR -- [RE Meet Beautiful Adoring Russian Women Today];
Jan-19-12 11:26:08 id-32699-00984 [DNSBL] 176.53.113.168
hae_jin0...@coursereal.info to: some...@mydomain.com [scoring] (DNSBL:
neutral, 176.53.113.168 listed in
(blackholes.five-ten-sg.com-127.0.0.9; ));
Jan-19-12 11:26:08 id-32699-00984 176.53.113.168
hae_jin0...@coursereal.info to: some...@mydomain.com ClamAV: scanned
8424 bytes in message - OK ;
Jan-19-12 11:26:08 id-32699-00984 176.53.113.168
hae_jin0...@coursereal.info to: some...@mydomain.com Bayesian
[scoring] - Prob: 0.11941 = ham;
Jan-19-12 11:26:09 id-32699-00984 [MessageOK] 176.53.113.168
hae_jin0...@coursereal.info to: some...@mydomain.com message ok [RE
Meet Beautiful Adoring Russian Women Today];
--
I pasted the full email (header and body) into the analyzer. Here's
what the Analyzer says (Spam probability:0.9766):
---
General Hints:
analyze is restricted to a maximum length of 4954 bytes
Connecting IP: '176.53.113.168'
Connecting HELO: ervu168.coursereal.info
sender and reply addresses:
From: hae_jin0...@coursereal.info
recipient addresses:
To: some...@mydomain.com
Feature Matching:
* SPF-check returned OK for 176.53.113.168 - , ervu168.coursereal.info
* URIBL check: 'failed'
* URIBL result: 'URIBL failed: 'coursereal.info'(multi.surbl.org )'
* 176.53.113.168 is in PB Black: score:6, last event - DNSBLneutral
* 176.53.113.168 is in RBLCache: inserted as not ok at 202012-01-19
11:26:08:00 , listed by blackholes.five-ten-sg.com{127.0.0.9}
* 176.53.113.168 is in CountryCache: status=changed to black country,
data=TR, ,
* 176.53.113 has a Griplist value of 0.8
Bayesian Analysis:
Bad Words Bad ProbGood Words Good Prob
Totals: 0.0011 0.9457 0.9317 0.8846 0.8458 0.7178 0.7178 0.3564 0.6320
0.3810 0.6036 0.4040
Spam Probability:
probability:0.9766
-
So, why is it reported as ham in the log, but spam in the analyze?
Kind Regards,
Brett
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.5.9 cosmetic glitch
When I click Shutdown/Restart, the following window is a little shorter than it should be. After Proceed Shutdown, Abort and View, it either says there are active sessions or not. For example, If there are no active sessions, all I see is There are no active SMTP ses Kind Regards, Brett -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] ASSP 1.9.5.9 cosmetic glitch
-Original Message- From: Grayhat [mailto:gray...@gmx.net] hmmm... I see, so are you suggesting to change that to There is no active SMTP sex :) ? ROFL!!! Good one! -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] SuspiciousVirus RE invalid
From: Robert M. Münch [mailto:robert.mue...@saphirion.com]
Sent: Sun 12/11/2011 4:55 PM
To: ASSP development mailing list
Subject: [Assp-test] SuspiciousVirus RE invalid
Hi, not sure why, but I get a config error that the RE is invalid. I haven't
changed anything in the file, so it should be the default used by ASSP. The
content looks like this:
Phishing\.=4.6
Email.Spam\d{1,4}-SecuriteInfo=4.1
(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.i=4.6
Sanesecurity\.(Hdr|Img|ImgO|Junk|Doc|Casino)\.x=6.1
Sanesecurity\.(Lott|Fake|SpamImg|Job|Stk)\.x=6.1
Sanesecurity\.(Loan|Porn|Bou|Dipl|Cred)\.x=6.1
Sanesecurity\.Jurlbl\.Auto\.x=1.6
Sanesecurity\.Jurlbl\.x=2.6
winnow\.phish\.x=6.1
winnow\.spam\.x=2.1
INetMsg\.SpamDomain-2w\.=2.0
INetMsg\.=1.0
MSRBL-Images\.=2.1
MSRBL-SPAM\.=5.1
Safebrowsing=1.25
Heuristics=1.25
Any idea, what the problem could be?
--
Robert M. Münch
--
Any line using pipe's ( | ) needs a tilde ( ~ ) at the beginning and end for
the regex to be read properly. It is explained in the (SuspiciousVirus)
field.
For example:
~(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.i~=4.6
Kind Regards,
Brett
--
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.5.0(0.0.15) Not Working Correctly
For whatever reason it's backlogging connections really quickly. I limit my max connections to 20 (which I rarely ever reach). It wasn't long before ASSP was at its 20 connection limit. Looking at the log it does appear to be seeing whitelisted addresses better, but it's not working right. Here's a sample from the log file: http://pastebin.com/yKw6tUUZ Kind Regards, Brett -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] ASSP 1.9.5.0(0.0.15) Not Working Correctly
For whatever reason it's backlogging connections really quickly. I limit my max connections to 20 (which I rarely ever reach). It wasn't long before ASSP was at its 20 connection limit. Looking at the log it does appear to be seeing whitelisted addresses better, but it's not working right. Here's a sample from the log file: http://pastebin.com/yKw6tUUZ Kind Regards, Brett -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Whitelisted Addresses Revisited - ASSP 1.9.x
Ok, it's still happening. I'm going to attempt to give you everything that I can think of to help troubleshoot this. Bare in mind that do-not-re...@email.globalspec.com is already whitelisted. Also, names and IP's have been changed. 1. ASSP Log here: http://pastebin.com/t2DC3cvM 2. ASSP Discarded Email (From clicking link in GUI): http://pastebin.com/5dMsetpb 3. Header and Body after email is CCSPAM'd to my admin spam account: http://pastebin.com/xp22TWSK 4. ASSP Analyzer (I've noticed that if ASSP recognizes an address as whitelisted, it will add it to the Feature Matching section of the Analyzer output as Whitelisted, but here it doesn't even though the address is whitelisted): http://pastebin.com/rkLHzcWe 5. NotSpam Submission Report (received after forwarding the email to Notspam - notice two addresses are already whitelisted, but ASSP did not treat the email as such): http://pastebin.com/8YFgCwur Lastly, if I find in the GUI log where the email was processed and click the email address, it gives me the option to remove from the whitelist, not add. Let me know if there's anything else you need. Kind Regards, Brett -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
