you don't like reading - I'm right? >Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [PenaltyBox] 119.254.105.202 ><[email protected]> to: [email protected] [monitoring]
Why should do the PenaltyBox anything other than monitoring, if it is setup this way? It is useless in production mode to score for all checks and set the PenaltyBox to monitor. Thomas Von: Brian <[email protected]> An: For Users of ASSP <[email protected]> Datum: 12.09.2014 16:23 Betreff: Re: [Assp-user] Spam marked but not blocked Thank you. I've disabled the testmode but he just got another one. Here are the details: p-12-14 10:04:31 m-30667-01599 [Worker_1] [BombCharSets] 119.254.105.202 <[email protected]> to: [email protected] [scoring] (BombCharSets 'charset=cp1251') Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] Message-Score: added 42 for BombCharSets 'charset=cp1251', total score for this message is now 188 Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [BombCharSets] 119.254.105.202 <[email protected]> to: [email protected] [scoring] (BombCharSets 'charset=cp1251') Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] Message-Score: added 25 for Regex:BombCharSets 'PB 25: for charset=cp1251' BombCharSets: 'charset=cp1251', total score for this message is now 213 Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] FileScan: scanned 2147 bytes in message Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] Bayesian Check [scoring] - Prob: 0.00000 => ham Sep-12-14 10:04:31 m-30667-01599 [Worker_1] [PenaltyBox] 119.254.105.202 <[email protected]> to: [email protected] [monitoring] totalscore for 119.254.105.202 is 72, last bad penalty was 'BombCharSets' Sep-12-14 10:04:31 m-30667-01599 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] spam found and passing () [URGENT] -> discarded/URGENT--1497048.eml Sep-12-14 10:04:31 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] FileScan: scanned 5373 bytes in message Sep-12-14 10:04:31 [Worker_1] 119.254.105.202 <[email protected]> to: [email protected] info: message forwarded to [email protected] From Mail analyzer: • SPF-check returned OK for 119.254.105.202 -> [email protected], mail.t3.com.cn • SPF: neutral (cache) ip=119.254.105.202 [email protected] helo=mail.t3.com.cn • BombSubject RE: 'highest match: "URGENT" with valence: 17 - PB value = 17' • matching bombSubjectRe(file:files/bombsubjectre.txt[line 1]): '(?-i)^[A-Zs!:.,/ ]+$' • BombCharsets RE: 'highest match: "charset=cp1251" with valence: 25 - PB value = 25' • matching bombCharSets(file:files/charsets.txt[line 8]): 'charset=.?CP1251' • URIBL check: 'OK' • Valid Format of HELO: 'mail.t3.com.cn' • IP in Helo check: 'OK' • 92.79.164.51 is in PB Black: score:141, last event - DNSBLfailed • 119.254.105.202 is in PB Black: score:72, last event - BombCharSets • RBLCacheCheck returned OK for 92.79.164.51: inserted as not ok at 2014-09-12 10:04:31 , listed by bb.barracudacentral.org{127.0.0.2} bl.spamcop.net{127.0.0.2} - message score: 141 • RBLScore: bl.spamcop.net -> 127.0.0.2 -> 91 • RBLScore: bb.barracudacentral.org -> 127.0.0.2 -> 50 • RBLCheck returned OK for 119.254.105.202: DNSBL: failed, 119.254.105.202 listed in bb.barracudacentral.org dnsbl-1.uceprotect.net - message score: 117 • RBLScore: bb.barracudacentral.org -> 127.0.0.2 -> 50 • RBLScore: dnsbl-1.uceprotect.net -> 127.0.0.2 -> 67 On 9/12/2014 9:55 AM, Thomas Eckardt wrote: > - switch off all testmodes - looks like the penaltybox is running in > testmode - if you want, you could have read it in the maillog (while copy > and paste - for example) > >> Sep-12-14 07:35:28 m-21721-03024 [Worker_2] >> [MessageLimit][tagging][testmode] 100.43.187.172 <[email protected]> >> to: [email protected] [spam found] and possibly passing because testmode, >> otherwise blocked (MessageScore 79, limit 50) [Pure Garcinia Cambogia >> Extract] -> spam/Pure_Garcinia_Cambogia_Extract--1496652.eml > >> 100.43.187.172 <[email protected]> to: [email protected] [scoring] >> (BombHeaderRe '2 Sep 2014 04:03:20 -0700') > remove the related regular expression from BomHeaderRe - or replace it > with > > \d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\d > > in normal cases this entry is not required, because it catches MIME > timestamps with wrong GMT offset like: > 2 Sep 2014 04:03:20 -0760 > ... > 2 Sep 2014 04:03:20 -0790 > > > Thomas > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
