There is such whitelisting bug when using DoInvalidFormatHelo. I did
use it to recreate DoIPinHelo functionality and disabled DoIPinHelo,
so I managed to walk around this bug for now.
2014-12-11 6:58 GMT+01:00 krz...@gmail.com krz...@gmail.com:
DoFakedWL = 1
Dec-05-14 10:33:26 72006-2995428
what is your setting for 'ForceValidateHelo' ?
Thomas
Von:krz...@gmail.com krz...@gmail.com
An: ASSP development mailing list assp-test@lists.sourceforge.net
Datum: 11.12.2014 09:42
Betreff:Re: [Assp-test] [bug] DoIPinHelo catches also whitelisted
There is such
James Brown wrote:
Dec-11-14 10:23:53 [Worker_2] Connected: session:7FAD1B6519F8 127.0.0.1:51769
127.0.0.1:25 127.0.0.1:10026
Dec-11-14 10:23:56 [Worker_2] 127.0.0.1 info: authentication - plain is used
You've got a compromised account on your system. The sender authenticated.
A failed
Done some more looking at logs.
One thing I didn’t mention is that we use stunnel to TLS SMTP. Looking at its
log at this time I see:
2014.12.11 10:23:51 LOG7[140735150184800]: Service [ssmtp] accepted (FD=10)
from 41.43.219.15:3693
2014.12.11 10:23:51 LOG7[4403986432]: Service [ssmtp] started
Ahh, then I went into far too much detail! You need to find out the
credentials being used because it looks like someone has gotten hold of
a password. Authenticated email bypasses a lot of checks that ASSP does.
On 11/12/2014 10:15, James Brown wrote:
Done some more looking at logs.
One
I’ll start changing everyone’s email passwords tomorrow.
Have also turned on outbound checking of mail on the Sophos UTM, which is
stopping these emails leaving. So at least I won’t get on an RBL.
Will also have a look at other examples in logs.
Thanks everyone for your help.
James.
On 11
On 11 Dec 2014, at 8:48 pm, Doug Lytle supp...@drdos.info wrote:
James Brown wrote:
Dec-11-14 10:23:53 [Worker_2] Connected: session:7FAD1B6519F8
127.0.0.1:51769 127.0.0.1:25 127.0.0.1:10026
Dec-11-14 10:23:56 [Worker_2] 127.0.0.1 info: authentication - plain is used
You've got a
Is there anyway to get it to show any more authentication info - eg which
username was used? Any debug setting?
James, add the following lines (case sensitive) to the 'sub set' in the
file 'assp/lib/CorrectASSPcfg.pm'
$main::AUTHLogUser = 1; # shows the login user
$main::AUTHLogPWD =
I’ll start changing everyone’s email passwords tomorrow.
James,
When this happened to me, I changed the user's password, but it
continued happening. If I remember right, I had to restart Postfix
because the old credentials had been cached or something.
- Bob
The SMTP error is from your MTA. Neither Google nor ASSP dropped this
message. Your MTA rejected it with 502 command not implemented.
Have a look at those logs to see why.
All the best,
Colin Waring.
On 11/12/2014 13:55, Pontus Hellgren wrote:
Hi there!
Got some people complaining about not
:: On Thu, 11 Dec 2014 14:55:31 +0100
:: 028501d0154a$210e68a0$632b39e0$@scandinavianhosting.se
:: Pontus Hellgren pon...@scandinavianhosting.se wrote:
Hi there!
Got some people complaining about not getting mail from domains
hosted at googles mailservers.
Dec-11-14 14:44:24 [Worker_1]
let's suppose the backend SMTP server is configured to do TLS
and offers a 250-STARTTLS to the EHLO command, now, let's also say
that ASSP doTLS is set to drop TLS; in such a case, the sender will
see a Hey, I support TLS message but when it tries to use TLS,
ASSP deals right with the STARTTLS
Thanx for all info!
ASSP was set to proxy TLS but I guess I have some work to do on the MTA and
ASSP because the chain of delivery is not working as I would like it to do.
I do want assp to check all mail so I will try and make assp make use of the
MTAs certificate.
For now I will have to live
Thanks heaps Thomas!
There was a bit missing in that code - main:: before the mlog line. Figured it
out.
I didn’t bother with the password line, as long as I knew which account it was,
I could just change that account’s password.
So I made the change at home, drove to work and looked at logs
Saw this in the log when a user requested a blocked email:
Dec-12-14 15:15:13 [Worker_1] Info: got command 'BlockReportFromQ' from
command queue - 0 commands pending
Dec-12-14 15:15:13 [Worker_1] Info: processing queued blocked mail request
from p...@bordo.com.au
Dec-12-14 15:15:13
:: On Thu, 11 Dec 2014 22:50:05 +0100
:: 009a01d0158c$6ce8b860$46ba2920$@scandinavianhosting.se
:: Pontus Hellgren pon...@scandinavianhosting.se wrote:
Thanx for all info!
ASSP was set to proxy TLS but I guess I have some work to do on the
MTA and ASSP because the chain of delivery is not
16 matches
Mail list logo
