I just upgradeded from 1.3.3.2() to 1.3.3.2(21). It appears to be checking REDRE's now. It must have been a problem with 1.3.3.2(). It is now correctly identifying Regex:Red (thank goodness! Thought I was going crazy!).
Brett -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hill, Brett Sent: Monday, August 13, 2007 3:46 PM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] BOMBRE and REDRE not doing anything for me As you can see, BombRaw is seeing the expression, but at what point does RedRe? Here's what I get: ---------------------------------------------------------------------- * BombRaw RE: 'Musical card' * Bomb Data RE: 'Musical card' * Valid Format of HELO: 'adsl-074-229-235-075.sip.bna.bellsouth.net' * Invalid Format of HELO: 'adsl-074-229-235-075.sip.bna.bellsouth.net' * 74.229.235.75 is in RBLCache: inserted at 07-08-13/14:08 by bl.spamcop.net * 74.229.235 has a Griplist value of 0.831246: (adds 0.831246 0.831246) Bayesian Analysis: Bad Words Bad Prob Good Words Good Prob hlo adsl 1.0000 partner has 0.9988 140 href 0.9979 hlo 235 0.9979 greeting card 0.9975 href 140 0.9961 hlo 229 0.9956 want by 0.9924 your custom 0.9923 Recipient Email 0.0126 rcpt Recipient Email 0.0139 hlo 075 0.9804 internet address 0.9736 visiting us 0.9695 address box 0.9651 card simply 0.9635 free greeting 0.9600 whenever you 0.9512 and hosted 0.9451 program doesn't 0.9451 your mail 0.0593 feature you 0.9322 Totals: 1.0000 0.9988 0.9979 0.9979 0.9979 0.9975 0.9975 0.9961 0.9961 0.9956 0.9924 0.9924 0.9923 0.0126 0.0139 0.9804 0.9736 0.9695 0.9695 0.9651 0.9635 0.9600 0.9600 0.9512 0.9512 0.9451 0.9451 0.9451 0.0593 0.9322 0.9279 Spam Probability: probability: 1.0000 helo: hlo adsl - hlo 074 - hlo 229 - hlo 235 - hlo 075 . hlo sip . hlo bna . hlo bellsouth . hlo net rcpt [EMAIL PROTECTED] rcpt [EMAIL PROTECTED] rcpt [EMAIL PROTECTED] ssub Musical ssub card ssub Partner() has created Musical card for you at marlo.com. To see your custom Musical card, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box): href 209 . href 164 . href 241 . href 140 /? href a1bebe91d0c859db0b985c5f7201c3ef820 Send a FREE greeting card from marlo.com whenever you want by visiting us at: href marlo . href com / This service is provided and hosted by marlo.com. href 209 . href 164 . href 241 . href 140 /? href a1bebe91d0c859db0b985c5f7201c3ef820 Send a FREE greeting card from marlo.com whenever you want by visiting us at: href marlo . href com / This service is provided and hosted by marlo.com. ------------------------------------------------------------------------ ------------ Below is the text from the email: ************************************************************************ *********** Microsoft Mail Internet Headers Version 2.0 Received: from MailServer ([10.0.0.1]) by MailServer2 with Microsoft SMTPSVC(5.0.2195.6713); Mon, 13 Aug 2007 14:08:44 -0400 Received: from ASSP [10.0.50.150] by Mailserver - SurfControl; Mon, 13 Aug 2007 14:08:45 -0400 Received: from adsl-074-229-235-075.sip.bna.bellsouth.net ([74.229.235.75] helo=adsl-074-229-235-075.sip.bna.bellsouth.net) by ASSP.nospam; 13 Aug 2007 14:08:44 -0400 Received: from jyd.kzl ([29.70.209.204]) by adsl-074-229-235-075.sip.bna.bellsouth.net with Microsoft SMTPSVC(5.0.2195.5329); Mon, 13 Aug 2007 13:08:46 -0500 Message-ID: <[EMAIL PROTECTED]> From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Musical card Date: Mon, 13 Aug 2007 13:08:46 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158 X-Assp-Delay: delayed for 10m 6s; 13 Aug 2007 14:08:45 -0400 X-Assp-Score: 100 (DNSBL-failed) X-Assp-Received-DNSBL: fail (bl.spamcop.net->127.0.0.2; zen.spamhaus.org->127.0.0.4; ) X-Assp-Tag: DNSBL X-Assp-Envelope-From: [EMAIL PROTECTED] X-Assp-Version: 1.3.3.2() X-Assp-Spam: YES X-Assp-ID: id-8524c4011 X-Assp-Spam-Reason: Failed DNSBL: bl.spamcop.net zen.spamhaus.org X-Assp-Totalscore: 100 X-Assp-Intended-For: [EMAIL PROTECTED] X-SEF-Processed: 5_5_0_210__2007_08_13_14_08_46 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 13 Aug 2007 18:08:44.0840 (UTC) FILETIME=[FCDB8A80:01C7DDD4] From: [EMAIL PROTECTED] Sent: Monday, August 13, 2007 2:09 PM To: Recipient Subject: Musical card Partner() has created Musical card for you at marlo.com. To see your custom Musical card, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box): http://209.164.241.140/?a1bebe91d0c859db0b985c5f7201c3ef820 Send a FREE greeting card from marlo.com whenever you want by visiting us at: http://marlo.com/ This service is provided and hosted by marlo.com. ************************************************************************ ******************* >From the maillog.txt: ------------------------------------------------------- Aug-13-07 14:08:45 id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]> accepting triplet: (74.229.235.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 10m 6s Aug-13-07 14:08:45 Commencing DNSBL checks on 74.229.235.75 Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] deleting spamming whitelisted tuplet: (74.229.235.0,dells.com) age: 0s Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] Message-Score: 0+100 (DNSBL-failed) Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] DNSBL Received-DNSBL: fail (bl.spamcop.net->127.0.0.2; zen.spamhaus.org->127.0.0.4; ) Aug-13-07 14:08:45 [DNSBL] id-8524c4011 74.229.235.75 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED] failed DNSBL: bl.spamcop.net zen.spamhaus.org Musical_card_ -> c:\assp/spam/4011.eml ------------------------------------------------------- It is being blocked by a Failed DNSBL. That's fine, but how I can get it to stop storing. Thanks! Brett -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Traylor Sent: Monday, August 13, 2007 3:09 PM To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Subject: Re: [Assp-user] BOMBRE and REDRE not doing anything for me Hill, Brett wrote: > I'm using Fritz's pre-populated bombre.txt and redre.txt. They're > configured to be used in ASSP. For the life of me, they don't work. > > I look in the log and I almost never see Bomb Regex entries. I never > see Red Regex entries. I've added all of these Regular Expressions, > but ASSP never uses them. My spam corpus continues to collect this > greeting card junk. > > What am I doing wrong? Any help would be most appreciated. Pick one that you think should be triggering bombre and redre and view the source with your email client. Copy and paste that test into the Mail Analyzer and see what the results are. Also, save that email source text to a text file, after obscuring your user's addresses and server's IP's if you want, and post the analyzer results and the text file here for further comment. We will see exactly what your ASSP thinks of the email. Doug ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
