I just realized I've had MaintBayesCollection set to off for some time -
but the rebuildspamdb log shows deletion of files at each execution.
--
Daniel
--
vRanger cuts backup time in half-while increasing security.
The Mail Analyzer, View Maillog Tail, and Shutdown Secondary have the
secondary port in the links - while the White/Redlist/Tuplets, SMTP
Connections, and Info Stats have the primary port. Is this intentional?
--
Daniel
On 5/20/2011 9:58 AM, Michelle Dupuis wrote:
We have an MTA on the edge through which all mail flows (and ASSP is behind
it).
Is there a way for Assp to strip off the last MTA IP/Hostname for bad host
checks, etc?
(I posted this a month ago to the -test list but got no response...sorry to
My apologies for any typos - doing this from my phone.
I just had an instance where my office was complaining about blocked senders
while I was out. I tried to remotely access assp via my phone vpn, but
couldn't get the page to load.
Falling back to ssh, I found in the log that aol had been
Working great! Thanks!
Sent from my Samsung Epic™ 4G Touch
Daniel
Original message
Subject: Antwort: Re: [Assp-test] Antwort: Feature Request: Scoring Stats
From: Thomas Eckardt thomas.ecka...@thockar.com
To: dmil...@amfes.com,ASSP development mailing list
I believe TNEF conversions were working - but I just received an email
with a winmail.dat that appears unconverted. I see the mail in ASSP's
log, messages include good HELO, Whitelisted Sender Domain, and
noProcessing.
My settings include doInFixTNEF and convertNP, while keepInTNEF is
On 10/20/2013 9:34 PM, Thomas Eckardt wrote:
noProcessing - do not process !!!
no conversion will be done on such mails
Thomas
But I have selected convertNP - doesn't that override?
--
Daniel
--
October Webinars:
I notice that sometimes in my log the IP's and email addresses are
clickable links - and sometimes they are not. What determines if a link
is supposed to be generated vs just text?
--
Daniel
--
CenturyLink Cloud:
Is there any option that would let me strip a header (in particular, the
return-receipt request) from outgoing mails based on the recipient?
--
Daniel
--
Is your legacy SCM system holding you back? Join Perforce May 7
I just saw a popup - coding error: config value is not equal config
hash in ReplaceRecpt - please report to development!
--
Daniel
--
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
#149;
I just realized, that apparently for some time now I'm not seeing
external IP's in my ASSP logs - just the IP of my router. Suggestions on
where I should look to find the problem?
--
Daniel
--
Time is money. Stop
Having trouble sending an attachment - never seen this error before:
Jun-30-1407:14:3837678-11881[Worker_1][TLS-in][TLS-out]*98.167.72.49**dmil...@amfes.com*info:foundmessagesizeannouncement:3.26MByte
I've been having ongoing problems this past month with bomb matches.
Previously it was against remote senders - now it hit me trying to send
a valid email. I had disabled the header regex checks previously - now
I've disabled all the regex blocks.
I'm a valid authenticated sender.
It
Does this mean the senders in question are still in NoProcessingDomains?
Daniel
On 1/19/2015 2:17 AM, Doug Lytle wrote:
Thomas Eckardt wrote:
noScanIP
I can't reproduce this issue - it works for me.
After moving the 2 IP addresses out of the web interface and into a file
requiring constant firewall access.
--
Daniel
-- Original Message --
From: K Post nntp.p...@gmail.com
To: Daniel Miller dmil...@amfes.com; ASSP development mailing list
assp-test@lists.sourceforge.net
Sent: 2/10/2015 2:21:31 PM
Subject: Re: [Assp-test] Huh? Remote Support option
Thanks Daniel
Thank you - I never read that section before. I've added
!!!N-W-LI-!!!
To the top of all my regex files. Hopefully this gives me the results I
want.
--
Daniel
On 1/11/2015 12:07 AM, Thomas Eckardt wrote:
Hi Daniel,
files/suspiciousre.txt[line 1]):
What is the content of line 1 of this
Or did I get that wrong...should have been
!!!N-W-L-I-!!!
--
Daniel
On 1/11/2015 12:29 AM, Daniel Miller wrote:
Thank you - I never read that section before. I've added
!!!N-W-LI-!!!
To the top of all my regex files. Hopefully this gives me the results
I want.
--
Daniel
On 1/11
, every mail
will be blocked - regardeless any setting
Thomas
Von: Daniel Miller dmil...@amfes.com
An: Thomas Eckardt thomas.ecka...@thockar.com
Datum: 11.01.2015 09:44
Betreff: Re: [Assp-test] BombHeaderRe/BombSuspiciousRe matching
against Noprocessing Whitelist
Remote support is for temporary admin access.
--
Daniel
-- Original Message --
From: K Post nntp.p...@gmail.com
To: ASSP development mailing list assp-test@lists.sourceforge.net
Sent: 2/10/2015 7:51:03 AM
Subject: [Assp-test] Huh? Remote Support option
How does the Remote Support
Not sure why - I sender I used to receive from regularly is now being
blocked by regexes. They are in NoProcessing, sometimes also
Whitelist. I can see the noprocessing whitelist matches in the log -
and then the regex scores it high enough to block it.
bombReNP, bombReWL, bombReLocal are
The question is can you define a static list of sending IP's for a
domain? If you can then ASSP can be told only to accept email for a
domain from those IP's. There are several options for this. One option
is use SPFoverride, and define a strict policy for the domain(s) in
question -
I have a whitelisted sender, an internal account, that was recently
compromised. As a result, quite a few garbage mails got sent out - I found out
when my own messages were getting blocked by DNSBL checks and found 5000+
messages in the queue.
So...changed the password, deleted the queue,
Is there a way to strip headers from outgoing messages based on recipient? In
particular, I want to be able to remove return-receipt requests sent to a
particular external recipient even from whitelisted senders.
--
Daniel
Is there an existing test that will detect "false labels" in URL's?
Where there's a link like:
http://bad.com/tracking=12345;>https://good.com
--
Daniel
--
Check out the vibrant tech community on one of the world's
--
Daniel L. Miller, VP - Engineering, SET
AM Fire & Electronic Services, Inc. [AMFES]
dmil...@amfes.com 702-312-5276
--
Check out the vibrant tech community on one of the world's most
engaging tech sites,
wrote:
:: On Wed, 28 Jun 2017 08:38:34 -0700
::
<amfes.93522e7ae3.15cef5aa0a8.27fe.f870105bb83edc7531c2ac44777e3...@amfes.com>
::
Daniel Miller <dmil...@amfes.com> wrote:
Again, my request is to auto-block *IPs* of *failed* auths. Not lock
the account. Not block valid auths. Regular use
I'm not saying either of these are good ideas - just wondering.
Like everybody I see a lot of hack attempts. One possibility I'm
considering is when a given local account name is tried - but with wrong
passwords - that account is flagged and all further invalid logins are
added to a
if it
is valid.
- Bob
On 6/27/2017 3:21 PM, Daniel Miller wrote:
I'm suggesting having settings MaxAUTHErrorsAllIPs (number of bad
logins for a given user across ALL IP's)
--
Check out the vibrant tech community on one
on so that users didn't enable it blindly.
Just my thoughts.
Peter
-Original Message-----
From: Daniel Miller [mailto:dmil...@amfes.com]
Sent: Tuesday, June 27, 2017 2:10 PM
To: ASSP development mailing list <assp-test@lists.sourceforge.net>
Subject: Re: [Assp-test] Possible feature requests
Exactly. Just opening a discussion on whether such might be beneficial
integrated in ASSP.
Daniel
On June 28, 2017 8:32:52 AM Doug Lytle via Assp-test
wrote:
My initial reaction to this was "cool idea!", but then I thought about the
implications to valid
On June 28, 2017 8:40:31 AM Daniel Miller <dmil...@amfes.com> wrote:
Exactly. Just opening a discussion on whether such might be beneficial
integrated in ASSP.
Daniel
On June 28, 2017 8:32:52 AM Doug Lytle via Assp-test
<assp-test@lists.sourceforge.net> wrote:
My init
I'm having problems with some iPhone clients. I do see the following
message in my logs:
warning: got an unexpected SSLv3/TLS handshake Client-Helo-Frame of
version (03.01) from IP '192.168.0.114' at local IP '192.168.0.4' and
Port '25' - this frame is ignored
Does this mean anything?
--
Having enabled DMARC checking I receive a number of failed delivery
responses from (I assume) badly configured servers. Is there an another
way of dealing with this besides manually adding such domains to
noDMARCReportDomain?
--
Daniel
On 7/26/2017 11:25 AM, Doug Lytle via Assp-test wrote:
Is there something I can adjust to have the "true" external sender IP
and the attempt login name exposed in my mail server logs?
I run fail2ban on the ASSP server and it drops the connections
That's actually where I'm going - I just wanted
Looking in my mail server's logs, I see a lot of entries similar to:
Jul 23 06:34:34 daisy assp/smtpd[20956]: connect from localhost[127.0.0.1]
Jul 23 06:34:38 daisy assp/smtpd[20956]: warning: localhost[127.0.0.1]:
SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jul 23 06:34:38 daisy
I apologize for the spam send - obviously the wrong reporting address
was used!
Daniel
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Forwarded Message
Subject:DCAA/FAR Gov't Accnting/Audit Seminar-August 22-23 2017
Date: Wed, 12 Jul 2017 10:24:37 -0400
From: Gov-Con Solutions
Reply-To: agehr...@gov-con.com
To: dmil...@amfes.com
DCAA/FAR Government Compliance
--
Daniel L. Miller, VP - Engineering, SET
AM Fire & Electronic Services, Inc. [AMFES]
dmil...@amfes.com 702-312-5276
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
It seems there are more than a few sites with bad DMARC implementations
- they define a reporting address and then reject mail sent to it. At
the moment, the only options I know of are either to turn off "DoDMARC"
or manually update "noDMARCReportDomain".
Is there a way to enable DMARC
What else can I check or post to try to fix this? I still do not have
DKIM signatures.
--
Daniel
On 1/17/2018 2:06 PM, Daniel Miller via Assp-test wrote:
Nope. Looks like a clean startup.
--
Daniel
On 1/17/2018 1:37 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:
Daniel - any module
ple:
Algorithm=rsa-sha1
Method=relaxed/relaxed
Headers=Message-ID:From:Subject:To:MIME-Version:Content-Type
KeyFile=full_path_to_your_privat_key.pem
Mode=DKIM
that's all - really simple
Thomas
Von: "Daniel Miller via Assp-test" <assp-test@lists.sourceforge.net>
An: "
Nope. Looks like a clean startup.
--
Daniel
On 1/17/2018 1:37 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:
Daniel - any module load errors in moduleLoadErrors.txt?
- Bob
On 1/16/2018 2:36 PM, Daniel Miller via Assp-test wrote:
I thought I had DKIM configured & enabled - obvio
I thought I had DKIM configured & enabled - obviously that's not the
case as my messages aren't being signed. Mail::DKIM is installed (both
Ubuntu Xenial package and local CPAN compiled install). I have a
DKIMgenConfig defined, genDKIM is enabled, and a key has been generated
and saved.
In
I'm sure this works - but I don't understand how. Where did you come up
with that single IP address?
---
Daniel
On 2018-09-26 22:14, Thomas Eckardt wrote:
I use
efax.com=>v=spf1 ip4:66.52.2.3 -all
in 'SPFoverride'
Thomas
Von: "Daniel Miller via Assp-test"
An:
We've received a quantity of junk impersonating good domains - not sure
how to handle it.
An example: efax.com SPF record
v=spf1 mx include:_spf.salesforce.com -all
So they're depending on salesforce. Ok...what do they have?
v=spf1 include:_spf.google.com include:_spf.salesforce.com
On 12/10/2018 5:06 AM, James Brown via Assp-test wrote:
I’m trying to properly setup Postfix, ASSP, and Dovecot are on the
same machine. My problem is with users submitting emails.
I think Postfix needs to listen on port 465 and send to ASSP on port
25. ASSP then sends back to Postfix on
On 12/10/2018 2:59 PM, James Brown via Assp-test wrote:
On 11 Dec 2018, at 8:55 am, Daniel Miller via Assp-test
<mailto:assp-test@lists.sourceforge.net>> wrote:
On 12/10/2018 5:06 AM, James Brown via Assp-test wrote:
I’m trying to properly setup Postfix, ASSP, and Dovecot are on
Based on your ASSP log it seems it's not reaching Postfix. First, verify
Postfix is listening.
lsof -i :126
You're showing your master.cf has port 126 open for all IP's - I'd
suggest explicitly declaring it for the localhost:
127.0.0.1:126 inet n etc.
But regardless - make
, Daniel Miller <mailto:dmil...@amfes.com>> wrote:
Ok - so you have Postfix listening. There's a few different choices
available to have Postfix forward to ASSP. I would recommend using
Postfix's before-queue content filter method.
The entries you've setup in master.cf already are
Um...where's your port 125 listener?
Daniel
On 12/16/2018 3:56 PM, James Brown wrote:
master.cf (non-commented out stuff only):
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300
0025 & 10026 - but let's
leave that for later when everything else is working if you really want it.
Daniel
On 12/14/2018 8:28 AM, Daniel Miller via Assp-test wrote:
Ok - so you have Postfix listening. There's a few different choices
available to have Postfix forward to ASSP. I wo
I just setup a new server with the latest ASSP, Postfix, Dovecot on
Ubuntu 18.04 Bionic. It's been a while since I had to adjust parameters
since things have Just Worked for quite a while. But now...
TLS really gave me a headache - I believe some default behaviors changed
in Postfix that
On 1/24/2019 6:20 AM, K Post wrote:
Daniel,
What value do you have for DoNoFromSelect?
I use 61, exactly for the reasons you mentioned. 63 is the default in
your version. Thomas changed this default in 19015
- the default value for 'DoNoFromSelect' is changed from 63 to 59
Version 2.6.4b19019. I've set ccSpamNeverRe to
"file:files/ccSpamNeverRe" which now contains:
bad attachment
DNSBL
Blocked IP-Country
.*DNSBL.*
Yet my sendAllSpam recipient continues to receive messages. Am I using
them incorrectly?
--
Daniel
This is an historic issue. The log parser shows the matches via html -
those tags confuse the log parser which generates the address links.
Some significant work would be required to avoid this - which I imagine
is why the authors haven't implemented it.
The workaround is after a successful
On 12/27/2018 5:56 AM, Thomas Eckardt wrote:
- 'DoNoFromRemovesNPWL' is now moved to the GUI
'DoNoFromRemovesNPWL','DoNoFrom Removes NP, WL
Flag','0:disabled|1:whitelisted|2:noprocessing|3:both'
'If the combination of DoNoFrom , DoNoFromSelect , DoNoFromWL and
DoNoFromNP gives more than one
The following userAttach isn't quite doing what I need:
~opendocument => odt|ods
*@mydomain.com => block-out => ~opendocument
*@mydomain.com => good-in => .*
This blocks any outgoing opendocuments - but doesn't allow sending
within my domain. Is that possible?
--
Daniel
On 6/6/2019 6:53 AM, K Post wrote:
Now that DKIMpassAction is no longer just a hidden option, can you
explain use scenarios again? I understand what the GUI is saying, I
just can think of reasons why anyone would want anything other than the
(newly) 0 default.
DKIMWL and DKIMNP has been
rote:
it means:
don't do VRFY definitions in LocalAddresses_Flat - do them in localDomains
If both parameters contain a VRFY definition for the same domain, the
one in localDomains has a higher priority (and is used).
Thomas
Von: "Daniel Miller via Assp-test"
An: "assp-te
I'm confused by the help text for LocalAddresses_Flat - "NOTICE: The
VRFY definition described below is deprecated in this configuration
parameter - use localDomains instead!"
Does this mean when using VRFY only localDomains is required? Or does it
mean the help text for LocalAddresses_Flat
Even though I'm probably way off - can I ask you to clarify a couple items?
Is the problem a specific domain, i.e. spopessentials2.com? Because I
can't find that domain, or any of the hosts you've listed, via my own
lookups. Host/Dig/Nslookup return immediately (with no result).
What are
I'm now more confused than usual.
I've setup a new server - and it *was* working fine...but then I
actually really truly enabled TLS in ASSP (Note to all - if you're going
to use certbot's "live" certs directly from any other program make sure
you have proper read/enter access to the "live"
On 4/19/2019 9:11 PM, MK wrote:
Are you using fullchain.pem or cert.pem? It sounds like you’re missing
an intermediate certificate which fullchain.pem includes.
“fullchain.pem: All certificates, *including* server certificate (aka
leaf certificate or end-entity certificate). The server
On 4/20/2019 12:25 AM, Daniel Miller via Assp-test wrote:
Part of my confusion comes from the fact that some senders were able to
communicate - including my primary server. I just figured out that by
default - Postfix does not *send* via tls. That has to be explicitly
enabled by a settings
On 4/20/2019 1:39 PM, Daniel Miller via Assp-test wrote:
On 4/20/2019 12:25 AM, Daniel Miller via Assp-test wrote:
Some more digging...
Shutting down ASSP and setting Postfix to listen directly to port 25 (by
simply editing the listener formerly on port 125 for ASSP's
smtpDestination
information is thin here. *Thoughts appreciated*.
DNSretrans: 1
also DNSReuseSocket is checked.
On Fri, May 3, 2019 at 12:00 PM Daniel Miller via Assp-test
<mailto:assp-test@lists.sourceforge.net>> wrote:
What are your settings for:
UseLocalDNS
DNSServers (obfuscate i
On 4/21/2019 8:29 AM, Doug Lytle wrote:
On 4/21/19 10:51 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
cert.pem is used for SSLCertFile
privkey.pem is used for SSLKeyFile
fullchain.pem is used for SSLCAFile
I am doing this as well.
I've tried this - no different. So there's
I'm now officially as confused as I can get.
I *thought* the problem was related to SSL_version - and I *thought* I
had it fixed. Nope.
As I write this - TLS is working. With the default SSL_version &
SSL_cipher_list. And it was working yesterday. Test sites like
Hardenize.com and
On 4/22/2019 1:46 AM, Doug Lytle wrote:
On 4/22/19 12:07 AM, Daniel Miller via Assp-test wrote:
Do I need to add anything to smtpDestinationSSL - even though I'm not
using listenPortSSL?
My TLS and SSL settings below. Just to also make sure, that your DNS
destination matches your
On 4/22/2019 1:46 AM, Doug Lytle wrote:
On 4/22/19 12:07 AM, Daniel Miller via Assp-test wrote:
Do I need to add anything to smtpDestinationSSL - even though I'm not
using listenPortSSL?
My TLS and SSL settings below. Just to also make sure, that your DNS
destination matches your
I use the unofficial clamav signature update script from:
https://github.com/extremeshok/clamav-unofficial-sigs
And the resulting databases have been catching a few more spams.
However, recently I had an issue with false positives. Using the
block-report feature I'm able to allow
On 9/14/2019 2:26 PM, K Post wrote:
Daniel,
I don't think that using only the MX records (inbound addresses) for
yahoo is going to cut it, plus yahoo uses different IP's for the same
hostname based on geolocation.
Ok...but (here's another opportunity to display my ignorance) what's the
-users can't possibly implement.
Is there presently any hook where an external program can be called via
the email interface?
Daniel
On 9/13/2019 2:49 AM, Thomas Eckardt wrote:
use SuspiciousVirus
Thomas
Von: "Daniel Miller via Assp-test"
An: "ASSP development maili
On 9/13/2019 9:31 AM, K Post wrote:
This hit us again yesterday. Lot's of yahoo spam, from Yahoo mail
servers, slipping through because of pbWhite.
Quick summary:
I want to be able to block any yahoo mail based on HMM /bayes alone, and
I don't want a PB white listing for the sending IP to
moval syntax since the introduction
of the personal whitelists all those years ago Maybe so and I
never noticed because the gui seems to say I was successful on submit.
Verify says otherwise.
On Tue, Sep 24, 2019 at 7:49 PM Daniel Miller via Assp-test
<_assp-test@lists.sourceforge.n
On 9/24/2019 9:25 AM, K Post wrote:
Our users got a CEO spoofing email from a Gmail address. One user
replied, whitelisting the gmail address. All is reported, now I just
want to remove the address from the whitelist.
I can't get the address out of the whitelist. I've got no idea why.
On 11/24/2021 5:08:00 AM, "Thomas Eckardt"
wrote:
changed:
- In rare cases it was possible to overload assp by sending a large
mail to many recipients.
This can now prevented by configuring the hidden parameter
'maxSMTPipRelaySessions' - if used, it should be set one less than the
Is a subscription to the global penalty box service required for
auto-updates of the ASSP plugins?
--
Daniel___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
At some point soon after ASSP starts a folder is created in the main
assp folder. It's named "dbe254..." looks like it's over 60 characters
long. It's empty - I never see anything in it. I can remove the folder
but it's always re-created. What is this?
--
encrypted folder name.
Thomas
Von: "Daniel Miller via Assp-test"
An:"ASSP development mailing list"
Kopie:"Daniel Miller"
Datum:09.03.2022 03:26
Betreff:[As
e:
Looks like your assp.cfg contains an invalid encrypted folder name.
Thomas
Von:"Daniel Miller via Assp-test"
An:"ASSP development mailing list"
Kopie:"Daniel Miller"
Datum:09.03.2022 03:26
81 matches
Mail list logo