Thomas, I don't use any regex's for white or black ip's. My Regex/Spambomb section is vanilla and just default. I have the preheaderre.txt to identify spam in handshake/header part. Do Bomb/Script Regular Expressions Checks for ISPIP checked. DoBombHeaderRe set to block. DoBombRe set to score. bombRe set to point to default file: bombre.txt DoBlackRe set to score.
Masood -----Original Message----- From: assp-test-requ...@lists.sourceforge.net [mailto:assp-test-requ...@lists.sourceforge.net] Sent: Monday, March 22, 2010 1:08 PM To: assp-test@lists.sourceforge.net Subject: Assp-test Digest, Vol 32, Issue 43 Send Assp-test mailing list submissions to assp-test@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/assp-test or, via email, send a message with subject or body 'help' to assp-test-requ...@lists.sourceforge.net You can reach the person managing the list at assp-test-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Assp-test digest..." Today's Topics: 1. RWL and Damping (Pascal Dreissen) 2. Re: RWL and Damping (Thomas Eckardt) 3. Re: Assp dying (Thomas Eckardt) ---------------------------------------------------------------------- Message: 1 Date: Mon, 22 Mar 2010 19:20:37 +0100 From: Pascal Dreissen <pas...@dreissen.nl> Subject: [Assp-test] RWL and Damping To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <0daa6dcc-29bb-4b58-a7a5-38a307fd2...@dreissen.nl> Content-Type: text/plain; charset=us-ascii Hi, A message which is RWL (Realtime White List), shouldn't this bypass the damping mechanism ? I think this make sense, however currently this is not happening: Mar-22-10 18:32:55 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: x...@domain.nl Received-RWL: whitelisted from (list.dnswl.org->127.0.5.0,trust=0; ) client-ip=212.247.155.33 Mar-22-10 18:33:18 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Mar-22-10 18:33:21 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Mar-22-10 18:33:23 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Grtz! ------------------------------ Message: 2 Date: Mon, 22 Mar 2010 19:58:04 +0100 From: Thomas Eckardt <thomas.ecka...@thockar.com> Subject: Re: [Assp-test] RWL and Damping To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <titc.769709d7c7.of6ccc071c.f9886918-onc12576ee.006734c2-c12576ee.00682...@t hockar.com> Content-Type: text/plain; charset="utf-8" Pascal, >(list.dnswl.org->127.0.5.0,trust=0; ) The trust is '0' - none - only avoid outright blocking (eg Hotmail, Yahoo mailservers...) ??? Categories (127.0.X.y): ?2 - Financial services ?3 - Email Service Providers ?4 - Organisations (both for-profit [ie companies] and non-profit) ?5 - Service/network providers ?6 - Personal/private servers ?7 - Travel/leisure industry ?8 - Public sector/governments ?9 - Media and Tech companies ?10 - some special cases ?11 - Education, academic ?12 - Healthcare ?13 - Manufacturing/Industrial ?14 - Retail/Wholesale/Services ?15 - Email Marketing Providers Trustworthiness / Score (127.0.x.Y): ?0 = none - only avoid outright blocking (eg Hotmail, Yahoo mailservers, -0.1) ?1 = low - reduce chance of false positives (-1.0) ?2 = medium - make sure to avoid false positives but allow override for clear cases (-10.0) ?3 = high - avoid override (-100.0). 2.0.2 1.0.07 will switch off damping for any RWL result. Thomas Von: Pascal Dreissen <pas...@dreissen.nl> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 22.03.2010 19:21 Betreff: [Assp-test] RWL and Damping Hi, A message which is RWL (Realtime White List), shouldn't this bypass the damping mechanism ? I think this make sense, however currently this is not happening: Mar-22-10 18:32:55 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: x...@domain.nl Received-RWL: whitelisted from (list.dnswl.org->127.0.5.0,trust=0; ) client-ip=212.247.155.33 Mar-22-10 18:33:18 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Mar-22-10 18:33:21 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Mar-22-10 18:33:23 lnxmail02-79175-14179 [Worker_1] [TLS-out] 212.247.155.33 <x...@tele2.nl> to: h...@domain.nl info: damping - stolen 1.7 seconds Grtz! ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------ Message: 3 Date: Mon, 22 Mar 2010 21:07:08 +0100 From: Thomas Eckardt <thomas.ecka...@thockar.com> Subject: Re: [Assp-test] Assp dying To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <titc.9697b23a3b.of06675d09.6484c7a1-onc12576ee.006e6ba5-c12576ee.006e8...@t hockar.com> Content-Type: text/plain; charset="us-ascii" Masood, do you use any large ip regex (whiteip's / blackip's) ? Thomas Von: "Masood Rahim" <mas...@intertune.com> An: <assp-test@lists.sourceforge.net> Datum: 22.03.2010 18:26 Betreff: Re: [Assp-test] Assp dying So after using the mysql db and tweaking some settings on 2 servers here are my findings on my problem: Both servers die complaining about the following line in the debugSignal.txt (I think this might be related to Scott's issue): while (time - $itime <= $maxBombSearchTime && $text =~ s/($regex)//) { I turned off all the regex/spam bomb stuff and that error went away. As a result one server has been online for almost 72 hours straight without having the assp process die. The other server still keeps dying at the following line (CIDR section) as per the debugSignal.txt file: ($ret) = ('4'.unpack 'B32', pack 'C4', split /\./xms, $ip)=~/($reRE)/xms; Masood -----Original Message----- From: assp-test-requ...@lists.sourceforge.net [mailto:assp-test-requ...@lists.sourceforge.net] Sent: Sunday, March 21, 2010 1:51 PM To: assp-test@lists.sourceforge.net Subject: Assp-test Digest, Vol 32, Issue 40 Send Assp-test mailing list submissions to assp-test@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/assp-test or, via email, send a message with subject or body 'help' to assp-test-requ...@lists.sourceforge.net You can reach the person managing the list at assp-test-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Assp-test digest..." Today's Topics: 1. Delay broken ? (Pascal Dreissen) 2. Re: Delay broken ? (Thomas Eckardt) 3. Re: Delay broken ? (Thomas Eckardt) 4. Re: Delay broken ? (Pascal Dreissen) 5. Re: Delay broken ? (Thomas Eckardt) 6. Assp 2.0.2 1.0.05 (admin) 7. Assp 2.0.2 1.0.05 error (admin) ---------------------------------------------------------------------- Message: 1 Date: Sun, 21 Mar 2010 17:29:54 +0100 From: Pascal Dreissen <pas...@dreissen.nl> Subject: [Assp-test] Delay broken ? To: development mailing list ASSP <assp-test@lists.sourceforge.net> Message-ID: <ca5adec0-f474-4da1-8a8c-06e55de7e...@dreissen.nl> Content-Type: text/plain; charset=us-ascii I am seeing these entries a lot since 1.0.0.3 (2.0.2) Mar-21-10 17:26:32 lnxmail01-88792-05243 [Worker_1] [TLS-in] [TLS-out] 194.48.214.21 <bounce-nl-708...@moneymiljonair.nl> late triplet encountered, deleting: (194.48.214.0,bounce-n...@moneymiljonair.nl,x...@xxxx.nl) waited: 14689d 16h 26m 32s Is the delay mechanism broken ? Because the above message repeats comming in (so the triplet is not removed from the db) I Tried: 1) Stopping ASSP and deleting delaydb, which did not help, still these message come in. Perl 5.10.1 ASSP 2.0.2 (1.0.03) Grtz, Pascal ------------------------------ Message: 2 Date: Sun, 21 Mar 2010 19:52:29 +0100 From: Thomas Eckardt <thomas.ecka...@thockar.com> Subject: Re: [Assp-test] Delay broken ? To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <titc.569621c0dd.ofbf1a0728.dfcddbcf-onc12576ed.006782d3-c12576ed.0067a...@t hockar.com> Content-Type: text/plain; charset="US-ASCII" >14689d 16h 26m 32s There is value of '0' returned - there must be a bug in the new fetch sub. Thomas Von: Pascal Dreissen <pas...@dreissen.nl> An: development mailing list ASSP <assp-test@lists.sourceforge.net> Datum: 21.03.2010 17:50 Betreff: [Assp-test] Delay broken ? I am seeing these entries a lot since 1.0.0.3 (2.0.2) Mar-21-10 17:26:32 lnxmail01-88792-05243 [Worker_1] [TLS-in] [TLS-out] 194.48.214.21 <bounce-nl-708...@moneymiljonair.nl> late triplet encountered, deleting: (194.48.214.0,bounce-n...@moneymiljonair.nl,x...@xxxx.nl) waited: 14689d 16h 26m 32s Is the delay mechanism broken ? Because the above message repeats comming in (so the triplet is not removed from the db) I Tried: 1) Stopping ASSP and deleting delaydb, which did not help, still these message come in. Perl 5.10.1 ASSP 2.0.2 (1.0.03) Grtz, Pascal ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------ Message: 3 Date: Sun, 21 Mar 2010 20:05:27 +0100 From: Thomas Eckardt <thomas.ecka...@thockar.com> Subject: Re: [Assp-test] Delay broken ? To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <titc.3696824936.of00996791.2334ecef-onc12576ed.0068c214-c12576ed.0068d...@t hockar.com> Content-Type: text/plain; charset="us-ascii" Pascal - please try 2.0.2 1.0.05 from CVS ! Thomas Von: Pascal Dreissen <pas...@dreissen.nl> An: development mailing list ASSP <assp-test@lists.sourceforge.net> Datum: 21.03.2010 17:50 Betreff: [Assp-test] Delay broken ? I am seeing these entries a lot since 1.0.0.3 (2.0.2) Mar-21-10 17:26:32 lnxmail01-88792-05243 [Worker_1] [TLS-in] [TLS-out] 194.48.214.21 <bounce-nl-708...@moneymiljonair.nl> late triplet encountered, deleting: (194.48.214.0,bounce-n...@moneymiljonair.nl,x...@xxxx.nl) waited: 14689d 16h 26m 32s Is the delay mechanism broken ? Because the above message repeats comming in (so the triplet is not removed from the db) I Tried: 1) Stopping ASSP and deleting delaydb, which did not help, still these message come in. Perl 5.10.1 ASSP 2.0.2 (1.0.03) Grtz, Pascal ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------ Message: 4 Date: Sun, 21 Mar 2010 20:13:54 +0100 From: Pascal Dreissen <pas...@dreissen.nl> Subject: Re: [Assp-test] Delay broken ? To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <e8ba38bd-9c1c-4aea-8dde-c01a1af43...@dreissen.nl> Content-Type: text/plain; charset=us-ascii I can confirm, is working again .. thanks! Op 21 mrt 2010, om 20:05 heeft Thomas Eckardt het volgende geschreven: > Pascal - please try 2.0.2 1.0.05 from CVS ! > > Thomas > > > > > Von: Pascal Dreissen <pas...@dreissen.nl> > An: development mailing list ASSP <assp-test@lists.sourceforge.net> > Datum: 21.03.2010 17:50 > Betreff: [Assp-test] Delay broken ? > > > > I am seeing these entries a lot since 1.0.0.3 (2.0.2) > > Mar-21-10 17:26:32 lnxmail01-88792-05243 [Worker_1] [TLS-in] [TLS-out] > 194.48.214.21 <bounce-nl-708...@moneymiljonair.nl> late triplet > encountered, deleting: > (194.48.214.0,bounce-n...@moneymiljonair.nl,x...@xxxx.nl) waited: 14689d > 16h 26m 32s > > Is the delay mechanism broken ? Because the above message repeats comming > in (so the triplet is not removed from the db) I Tried: > > 1) Stopping ASSP and deleting delaydb, which did not help, still these > message come in. > > Perl 5.10.1 > ASSP 2.0.2 (1.0.03) > > Grtz, > > Pascal > > > ---------------------------------------------------------------------------- -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ---------------------------------------------------------------------------- -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev____________________________________________ ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------ Message: 5 Date: Sun, 21 Mar 2010 20:33:05 +0100 From: Thomas Eckardt <thomas.ecka...@thockar.com> Subject: Re: [Assp-test] Delay broken ? To: ASSP development mailing list <assp-test@lists.sourceforge.net> Message-ID: <titc.9696e8771c.of19e055b6.b3861cf5-onc12576ed.006b39f0-c12576ed.006b6...@t hockar.com> Content-Type: text/plain; charset="us-ascii" I'm sorry. It was caused by a missing semicolon ';' - which was not (like expected) resulting in a syntax error. Thomas Von: Pascal Dreissen <pas...@dreissen.nl> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 21.03.2010 20:14 Betreff: Re: [Assp-test] Delay broken ? I can confirm, is working again .. thanks! Op 21 mrt 2010, om 20:05 heeft Thomas Eckardt het volgende geschreven: > Pascal - please try 2.0.2 1.0.05 from CVS ! > > Thomas > > > > > Von: Pascal Dreissen <pas...@dreissen.nl> > An: development mailing list ASSP <assp-test@lists.sourceforge.net> > Datum: 21.03.2010 17:50 > Betreff: [Assp-test] Delay broken ? > > > > I am seeing these entries a lot since 1.0.0.3 (2.0.2) > > Mar-21-10 17:26:32 lnxmail01-88792-05243 [Worker_1] [TLS-in] [TLS-out] > 194.48.214.21 <bounce-nl-708...@moneymiljonair.nl> late triplet > encountered, deleting: > (194.48.214.0,bounce-n...@moneymiljonair.nl,x...@xxxx.nl) waited: 14689d > 16h 26m 32s > > Is the delay mechanism broken ? Because the above message repeats comming > in (so the triplet is not removed from the db) I Tried: > > 1) Stopping ASSP and deleting delaydb, which did not help, still these > message come in. > > Perl 5.10.1 > ASSP 2.0.2 (1.0.03) > > Grtz, > > Pascal > > > ---------------------------------------------------------------------------- -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > ---------------------------------------------------------------------------- -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev____________________________________________ ___ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------ Message: 6 Date: Sun, 21 Mar 2010 21:38:01 +0100 From: "admin" <ad...@dc0dam.de> Subject: [Assp-test] Assp 2.0.2 1.0.05 To: <assp-test@lists.sourceforge.net> Message-ID: <4ba691b90200001300000...@mail.dc0dam.de> Content-Type: text/plain; charset=UTF-8 Hallo Thomas, here is an other mistake in that Version : M?r-21-10 to run line 60. line 1. line 1. Bye the way, have you an idea, why assp write "M?r" as month in the logfile ? Best regards Ralf ------------------------------ Message: 7 Date: Sun, 21 Mar 2010 21:46:25 +0100 From: "admin" <ad...@dc0dam.de> Subject: [Assp-test] Assp 2.0.2 1.0.05 error To: <assp-test@lists.sourceforge.net> Message-ID: <4ba693b10200001300000...@mail.dc0dam.de> Content-Type: text/plain; charset=UTF-8 Sorry but the Error-Message from my last mail is broken. M?r-21-10 21:27:27 [Worker_10001] Error: rebuildspamdb failed - Global symbol "$VerBerkeley" requires explicit package name at rebuildspamdbpm line 60. Compilation failed in require at (eval 846) line 1. BEGIN failed--compilation aborted at (eval 846) line 1. M?r-21-10 21:27:27 [Worker_10001] INFO: RebuildSpamdb removed from queue Best regards Ralf ------------------------------ ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test End of Assp-test Digest, Vol 32, Issue 40 ***************************************** ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------ ---------------------------------------------------------------------------- -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test End of Assp-test Digest, Vol 32, Issue 43 ***************************************** ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
