Hi Dirk,
>I use bombre.txt for ...
>bombHeaderRe:=file:files/bombre.txt
>bombSubjectRe:=file:files/bombre.txt
>bombRe:=file:files/bombre.txt
>bombDataRe:=file:files/bombre.txt
This config does not make sense, because the same regex is processed four
times. Only use bombre.txt for 'bombre' (this checks the complete mail),
leave the othes empty.
><dummyaddr...@gmx.de> to: recipi...@mydomain Regex:BlackRe 'PB 20: for
[!empty!]'
As you can see, 'blackRe' hits - not any of the above!
Try to find out where your regex for blackRe matches an empty string - if
you can not find it, send me the regex.
Thomas
Von: "Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'"
<assp-test@lists.sourceforge.net>
Datum: 08.07.2010 13:44
Betreff: Re: [Assp-test] BombBlack hits good mail
Hi all,
I am afraid I need to get back to this subject again. Long story short:
old
ASSP works fine - new ASSP bombs good mail with [!empty!] hits.
Currently I am running ASSP 2.0.2-1.0.07 and everything seems alright with
BombBlack. Here is some log info for test emails I sent from an gmx.de
account:
Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -4 for
213.165.64 in griplist (0.03), total score for this message is now -4
Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -10 for
Home Country Bonus DE (GMX GmbH), total score for this message is now -14
Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain PB-IP-Score for
'213.165.64.20'
is 10, added -10 for HomeCountry-DE
Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found in header
Jul-08-10 07:54:48 68487-01934 [Worker_3] [SPF] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain [scoring] SPF: pass (cache)
ip=213.165.64.20 mailfrom=dummyaddr...@gmx.de helo=mail.gmx.net
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -10 for
SPF pass, total score for this message is now -24
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found for
'bombSuspiciousRe'
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found for
'bombDataRe'
and 'bombRe'
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found for
'bombBlack'
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Bayesian Check [scoring] -
Prob: 0.00000 => ham
Jul-08-10 07:54:48 68487-01934 [Worker_3] [Bayesian][scoring]
213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain info: Bayesian-Check has
taken
0 seconds
Jul-08-10 07:54:48 68487-01934 [Worker_3] [Plugin] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain ASSP_OCR: Plugin successful
called for runlevel 'complete mail'!
Jul-08-10 07:54:48 68487-01934 [Worker_3] [MessageOK] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain message ok [Test7 nochn
Gedicht] -> /opt/assp/okmail/Test7_nochn_Gedicht--61958.eml
Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain info: no (more) data readable
from 213.165.64.20 (connection closed by peer) - last command was 'QUIT'
But whenever I run newer versions of ASSP (2.0.2-1.1.15 in this case)
BombBlack works differently, although I do not touch my assp.cfg or
bombre.txt:
Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -4 for
213.165.64 in griplist (0.03), total score for this message is now -4
Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -10 for
Home Country Bonus DE (GMX GmbH), total score for this message is now -14
Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain PB-IP-Score for
'213.165.64.20'
is 10, added -10 for HomeCountry-DE
Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found in header
Jul-08-10 07:40:48 67648-12664 [Worker_3] [SPF] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain [scoring] SPF: pass (cache)
ip=213.165.64.20 mailfrom=dummyaddr...@gmx.de helo=mail.gmx.net
Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added -10 for
SPF pass, total score for this message is now -24
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found for
'bombSuspiciousRe'
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain no Bomb found for
'bombDataRe', 'bombRe' and 'bombCharSets'
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Regex:BlackRe 'PB 20: for
[!empty!]'
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain [!empty!] : (l:0) 20 , count
:
1 , sum : 20 , time : 0 s
Jul-08-10 07:40:49 67648-12664 [Worker_3] [BombBlack] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain (BombBlack '(l:0) (l:0)
'[!empty!] (20)'')
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain Message-Score: added 20 for
BombBlack '(l:0) (l:0) '[!empty!] (20)'', total score for this message is
now -4
Jul-08-10 07:40:49 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain PB-IP-Score for
'213.165.64.20'
is 20, added 20 for BombBlack
Jul-08-10 07:40:49 67648-12664 [Worker_3] [BombBlack] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain [spam found] (BombBlack
'(l:0)
(l:0) '[!empty!] (20)'') [Test4 mit pdf] -> /opt/assp/discarded/12664.eml;
Jul-08-10 07:40:52 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain [SMTP Error] 554 5.7.1
Delivery
not authorized, message refused -- . (reason: BombBlack '(l:0) (l:0)
'[!empty!] (20)'')
Jul-08-10 07:40:52 67648-12664 [Worker_3] 213.165.64.20
<dummyaddr...@gmx.de> to: recipi...@mydomain finished message - received
size: 0 Byte - sent size: 2.26 MByte
I use bombre.txt for ...
bombHeaderRe:=file:files/bombre.txt
bombSubjectRe:=file:files/bombre.txt
bombRe:=file:files/bombre.txt
bombDataRe:=file:files/bombre.txt
Can anyone tell, what causes this difference in behavior? How can I find
out
why newer versions of ASSP get [!empty!] hits, where 2.0.2-1.0.07 does
not?
Any config variables I should look at?
TIA
Dirk
> -----Ursprüngliche Nachricht-----
> Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
> Gesendet: Montag, 14. Juni 2010 09:25
> An: ASSP development mailing list
> Betreff: Re: [Assp-test] BombBlack hits good mail
>
> >What does [!empty!]
> >mean here?
>
>
>
> [!empty!] meens - that you regex ist testing for an empty string. like
> ^$
>
> Thomas
>
>
>
> Von: "Dirk Kulmsee" <d.kulm...@netgroup.de>
> An: "'ASSP development mailing list'"
> <assp-test@lists.sourceforge.net>
> Datum: 09.06.2010 10:56
> Betreff: [Assp-test] BombBlack hits good mail
>
>
>
> Hi all,
> since I upgraded from 2.0.2-1.0.06 to 2.0.2-1.1.10 (same issue with
> 2.0.2-1.1.11) I see lots of log entries like these:
>
> Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
> <sen...@yahoo.de>
> to: recipi...@my.domain no Bomb found in header Jun-09-10 08:37:32
> 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
> to: recipi...@my.domain no Bomb found for 'bombSuspiciousRe'
> Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
> <sen...@yahoo.de>
> to: recipi...@my.domain no Bomb found for 'bombDataRe', 'bombRe' and
> 'bombCharSets'
> Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
> <sen...@yahoo.de>
> to: recipi...@my.domain Regex:BlackRe 'PB 20: for [!empty!]'
> Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
> <sen...@yahoo.de>
> to: recipi...@my.domain [!empty!] : (l:0) 20 , count : 1 , sum : 20 ,
> time
> :
> 0 s
> Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
> <sen...@yahoo.de> to: recipi...@my.domain (BombBlack '(l:0) (l:0)
> '[!empty!] (20)'') Jun-09-10 08:37:32 65451-05566 [Worker_1]
> 87.248.110.138 <sen...@yahoo.de>
> to: recipi...@my.domain Message-Score: added 20 for BombBlack '(l:0)
> (l:0) '[!empty!] (20)'', total score for this message is now 9 Jun-09-
> 10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 <sen...@yahoo.de>
> to: recipi...@my.domain PB-IP-Score for '87.248.110.138' is 20, added
> 20 for BombBlack Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack]
> 87.248.110.138 <sen...@yahoo.de> to: recipi...@my.domain [spam found]
> (BombBlack '(l:0)
> (l:0) '[!empty!] (20)'') [Alan Wake] -> /opt/assp/discarded/5566.eml;
> Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
> <sen...@yahoo.de>
> to: recipi...@my.domain [SMTP Error] 554 5.7.1 Delivery not authorized,
> message refused -- . (reason: BombBlack '(l:0) (l:0) '[!empty!] (20)'')
>
>
> The mail is not spam. I cannot see why it is discarded. What does
> [!empty!] mean here? Where does it come from? A bad regex somewhere?
> I use the bombre.txt from the cvs.
>
> Thanks for your hints.
>
> Regards
> Dirk Kulmsee
>
>
> -----------------------------------------------------------------------
> -------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's
> Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the
> prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
> legally privileged and protected in law and are intended solely for the
> use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
