Hello. Recently, I've experienced a considerable rise in the amount of a type of spam coming from/through Yahoo. It kills assp stone dead in the preHeader handshaking (please see appended snippets). I have also experienced other, legitimately forwarded spam (i.e. from a trusted server) that behaves the same way.
A great deal of this spam, but by no means all, comes from addresses spoofed as coming from accounts at att.net (even though the sending server is Yahoo or that server I trust). I can't put the IPs in the preHeader blocks, because the sending servers are legitimate, i.e. ham often comes from these servers. It's the individual messages that are the problem; they break assp at or before the header 'handshaking.' Thomas even added a preHeaderRe so that I can manually set assp to drop the bits of these messages on the floor. But, this is really only treating the symptom, not the cause, and it requires manual intervention almost every time a new problem message comes in and the sending server legitimately retries, given that it failed to send on the previous occasion because assp dropped the bits on the floor. The only means I've found of narrowing the blocking is to use the sender e-mail addresses and/or domains (for example, the problems below were caused by mail 'from' andr0id.org. Note the couple of quick retries, and then retries every three hours). (I COULD put the IP in the preHeaderRe, temporarily, but it's time-consuming, I have to remember to take the IP out of preHeaderRe after a couple of days (i.e. when the sending server gives up retrying), but this prevents legitimate mail with att.net in it and this procedure should be unnecessary.) I have to note that I have seen some, apparently real, mail with att.net in the header, so I can't completely block att.net (other than on a temporary basis, which requires tiresome manual interaction to block att.net for a couple of days and then unblocking of it). With these killer spams, I'm damned if I do and damned if I don't. While it's truly great that assp reliably restarts in about ten seconds (see below), this spam can rise to bothersome levels, as it can be perceived by my users as though my server is down (because there's no way that assp can be available from the instant it begins the startup process, or because real mail is blocked in this 'temporary' period). Has anyone else experienced this problem? I'd REALLY like this tiresome problem to stop (it's been happening to me for a year or so). Please post your experiences of unusual restarts to the list. I find it hard to believe that I'm the only one experiencing mysterious restarts like this; ones that can be sourced to particular e-mails coming in. Thanks, Trevor. assp 2.0.2(3.0.19) Mac OS X Leopard Server (10.5.8) perl 5.8.8 (there's no way to change this on my server, and I can't afford to upgrade the server to Snow Leopard, just to get an approved installation of perl) May-07-11 14:24:19 [Worker_1] Worker_1 wakes up May-07-11 14:24:19 [Worker_1] Info: Worker_1 got connection from MainThread May-07-11 14:24:19 [Worker_1] Connected: 98.138.91.153:40086 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 14:24:19 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.010 seconds May-07-11 14:24:33 [startup] Starting in console mode May-07-11 14:26:41 [Worker_2] Worker_2 wakes up May-07-11 14:26:41 [Worker_2] Info: Worker_2 got connection from MainThread May-07-11 14:26:41 [Main_Thread] Info: Main_Thread freed by idle Worker_2 in 0.017 seconds May-07-11 14:26:41 [Worker_2] Connected: 98.138.91.153:44551 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 14:26:48 [startup] Starting in console mode May-07-11 14:28:57 [Worker_1] Worker_1 wakes up May-07-11 14:28:57 [Worker_1] Info: Worker_1 got connection from MainThread May-07-11 14:28:57 [Worker_1] Connected: 98.138.91.153:48491 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 14:28:57 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.007 seconds May-07-11 14:29:03 [startup] Starting in console mode May-07-11 17:25:02 [Worker_1] Worker_1 wakes up May-07-11 17:25:02 [Worker_1] Info: Worker_1 got connection from MainThread May-07-11 17:25:02 [Worker_1] Connected: 98.138.91.153:24866 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 17:25:02 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.007 seconds May-07-11 17:25:13 [startup] Starting in console mode May-07-11 20:25:14 [Worker_1] Worker_1 wakes up May-07-11 20:25:14 [Worker_1] Info: Worker_1 got connection from MainThread May-07-11 20:25:14 [Worker_1] Connected: 98.138.91.153:37843 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 20:25:14 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.007 seconds May-07-11 20:25:25 [startup] Starting in console mode May-07-11 23:25:47 [Main_Thread] Info: Main_Thread got connection request May-07-11 23:25:47 [Worker_1] Worker_1 wakes up May-07-11 23:25:47 [Worker_1] Info: Worker_1 got connection from MainThread May-07-11 23:25:47 [Worker_1] Connected: 98.138.91.153:28219 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-07-11 23:25:47 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.008 seconds May-07-11 23:25:57 [startup] Starting in console mode May-08-11 02:26:31 [Worker_1] Worker_1 wakes up May-08-11 02:26:31 [Worker_1] Info: Worker_1 got connection from MainThread May-08-11 02:26:31 [Worker_1] Connected: 98.138.91.153:20733 > nnn.nnn.nnn.nnn:25 > 127.0.0.1:mmm May-08-11 02:26:31 [Main_Thread] Info: Main_Thread freed by idle Worker_1 in 0.007 seconds May-08-11 02:26:42 [startup] Starting in console mode ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
