Re: [Assp-test] fixes in assp 2.4.4 build 15130
but also show the hostname SenderBase is used to identify orgs/domains/countries a hostname is the same like an IP - you may put the host name into white or black IP lists the advantage is - that is the hostname is resolved in to multiple IP's - all these IP's will be used in the list Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 04:06 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 15130 - if a SenderBase query does not return a valid domainname but returns a valid hostname for an IP - the domain part of the hostname is now used as detected domain Any chance of having the hostname ALSO checked against white and black org lists? This way, for records that return a domain name of a major ISP (which we really can'twhite/black list), but also show the hostname that we're trying to match against, we can use that. On Sun, May 10, 2015 at 5:41 PM, K Post nntp.p...@gmail.com wrote: Wow wee! Thanks for the hard work. On Sun, May 10, 2015 at 4:43 PM, Thomas Eckardt thomas.ecka...@thockar.com wrote: Hi all, fixed in assp 2.4.4 build 15130: - SPF records splitted in to multiple TXT-records caused an exception in the Mail::SPF module - attachments and charactersets were not detected, if the email MIME header was malformed (no Content-Type or no boundary in the email header, but MIME parts were defined) - outgoing and local bounced mails were not correctly detected and were possibly blocked if 'RelayOnlyLocalSender' and/or 'RelayOnlyLocalDomains' was set - the IPinHelo feature caused unexpected hits by accepting different separators in the same HELO like 1.1-2.2 or ab:cdef-0001::2 - under certain circumstances it was possible that a low confidence detection of the HMM engine was not reset, even if the Bayesian engine got a high confidence detection changed: - if a SenderBase query does not return a valid domainname but returns a valid hostname for an IP - the domain part of the hostname is now used as detected domain - for new detected SenderBase records - the hostname is appended - if 'BayesAfterHMM' is configured and the HMM check gets a low confidence, the Bayesian check will run in addition Thomas DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] baysConf invalid / and explanation please
Is there a practical difference between 0 and 0.001 Yes - from the mathematical point of view a practical 'baysConf' range is between 0.01 and 1 I'd think something like 0.1 would be a good starting point thought ? - calculated ? - this is a very very wild guess - with an ideal corpus norm of 1.00 a value of 0.1 for baysConf will lead in to over 90% low confidence detection The math (shown in the GUI) explains how the confidence value is calculated. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 04:28 Betreff:[Assp-test] baysConf invalid / and explanation please I'm starting to explore the possibilty of changing baysConf away from 0. First, I might have found a bug: I entered .001 to see what would happen, and also tried .005 but I get a javascript popup for both saying: Invalid 'baysConf' - unchanged I've read the gui description, but I'm confused as to why .001 would be a good starting point. Is there a practical difference between 0 and 0.001 I'd think something like 0.1 would be a good starting point, only 10% certain vs .001 which would be 0.1% confident if I understand correctly. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 15130
:: On Sun, 10 May 2015 22:54:08 -0400 :: CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: example: 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO, cruzio.com, , Y, 19, changedetection.com SO GREAT that it shows the changedetection.com hostname in the analyze gui now, but it's not matching my whitelist, because the domain of cruzio.com takes priority. If only ASSP would look to the hostname as well, regardless of if there's a domain listed, we'd be golden. the purpose for the senderbase queries is different, it's used to find the IP *owner* country (as opposed as the IP country, a big player may use IPs spread all over the globe but be based in country XX) and the owner informations; when it comes to IPs and domain/host names we have DNS lists and URI lists... and sincerely it seems to me that you are missing the inner working of ASSP, see, the code uses a layered check approach where each bit and piece contributes to the scoring; my humble suggestion is to try reading the archives of this list and/or looking at the ASSP source code -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] baysConf invalid / and explanation please
I guess I REALLY don't understand the math and I will heed to your advice and use 0.001 as a starting point. At some point I'll study up to better understand why that's a good idea. Thanks And I found the problem with the GUI. I was entering .001, not 0.001. THe gui apparently needs that leading zero. On Mon, May 11, 2015 at 4:36 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: Is there a practical difference between 0 and 0.001 Yes - from the mathematical point of view a practical 'baysConf' range is between 0.01 and 1 I'd think something like 0.1 would be a good starting point thought ? - calculated ? - this is a very very wild guess - with an ideal corpus norm of 1.00 a value of 0.1 for baysConf will lead in to over 90% low confidence detection The math (shown in the GUI) explains how the confidence value is calculated. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 04:28 Betreff:[Assp-test] baysConf invalid / and explanation please I'm starting to explore the possibilty of changing baysConf away from 0. First, I might have found a bug: I entered .001 to see what would happen, and also tried .005 but I get a javascript popup for both saying: Invalid 'baysConf' - unchanged I've read the gui description, but I'm confused as to why .001 would be a good starting point. Is there a practical difference between 0 and 0.001 I'd think something like 0.1 would be a good starting point, only 10% certain vs .001 which would be 0.1% confident if I understand correctly. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] Annoyance: Toggle view button in block report (not critical)
I use outlook to receive the nightly block report. In outlook, all looks normal (though there is no toggle view button visible). If I view the message in Internet Explorer by viewing the message in Outlook and section actions, view in browser, I see a search looking box at the top that says oggle. Viewing the source in IE, I see: input type=uttonquot; name=ogglequot; value=oggle view?onclick=how=show=none')?'inline':'none');changeview(show);return false;?= title=lick the= button= tosimplifyortoextendtheBlockReportview-requiresjavascripttobeenabledinyourmailclients= html= view?= I posted about this a couple weeks ago, and I know that it's supposed to be a toggle button. The problem is that it's not displaying like that because something is happening causing each html value to have its first letter clipped off. button-utton, toggle-oggle, etc. Any clue as to what could be going on?? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] baysConf invalid / and explanation please
And I found the problem with the GUI. I was entering .001, not 0.001. THe gui apparently needs that leading zero. This will be fixed. Your '0.1' guess was good (for me). While reviewing the code and checking the math, because I fiirst assumed your guess was well educated, I found a really nice debugging line, which caused assp to skip reading the corpus confidence at startup. This caused assp to use a too low corpus confidence from the startup to the first rebuildspamdb or the first reported mail. This will be also fixed. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 15:43 Betreff:Re: [Assp-test] baysConf invalid / and explanation please I guess I REALLY don't understand the math and I will heed to your advice and use 0.001 as a starting point. At some point I'll study up to better understand why that's a good idea. Thanks And I found the problem with the GUI. I was entering .001, not 0.001. THe gui apparently needs that leading zero. On Mon, May 11, 2015 at 4:36 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: Is there a practical difference between 0 and 0.001 Yes - from the mathematical point of view a practical 'baysConf' range is between 0.01 and 1 I'd think something like 0.1 would be a good starting point thought ? - calculated ? - this is a very very wild guess - with an ideal corpus norm of 1.00 a value of 0.1 for baysConf will lead in to over 90% low confidence detection The math (shown in the GUI) explains how the confidence value is calculated. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 04:28 Betreff:[Assp-test] baysConf invalid / and explanation please I'm starting to explore the possibilty of changing baysConf away from 0. First, I might have found a bug: I entered .001 to see what would happen, and also tried .005 but I get a javascript popup for both saying: Invalid 'baysConf' - unchanged I've read the gui description, but I'm confused as to why .001 would be a good starting point. Is there a practical difference between 0 and 0.001 I'd think something like 0.1 would be a good starting point, only 10% certain vs .001 which would be 0.1% confident if I understand correctly. -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ***
Re: [Assp-test] Annoyance: Toggle view button in block report (not critical)
Okay fine, no changes, but if it's hitting me, don't you think it's affecting all Outlook users? Like I said, it's not critical, or even that much of an annoyance, I'm just pointing it out - ASSP appears to be sending this message that is coming over the wire less than perfect. On Mon, May 11, 2015 at 10:19 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: The APPLE mail client had some similar problems - encoding the BlockReport in to BASE64 (with modify.pm) should solve the problem. There will be no changes to the related code! Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:13 Betreff:[Assp-test] Annoyance: Toggle view button in block report (notcritical) I use outlook to receive the nightly block report. In outlook, all looks normal (though there is no toggle view button visible). If I view the message in Internet Explorer by viewing the message in Outlook and section actions, view in browser, I see a search looking box at the top that says oggle. Viewing the source in IE, I see: input type=uttonquot; name=ogglequot; value=oggle view?onclick=how=show=none')?'inline':'none');changeview(show);return false;?= title=lick the= button= tosimplifyortoextendtheBlockReportview-requiresjavascripttobeenabledinyourmailclients= html= view?= I posted about this a couple weeks ago, and I know that it's supposed to be a toggle button. The problem is that it's not displaying like that because something is happening causing each html value to have its first letter clipped off. button-utton, toggle-oggle, etc. Any clue as to what could be going on?? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Annoyance: Toggle view button in block report (not critical)
The APPLE mail client had some similar problems - encoding the BlockReport in to BASE64 (with modify.pm) should solve the problem. There will be no changes to the related code! Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:13 Betreff:[Assp-test] Annoyance: Toggle view button in block report (notcritical) I use outlook to receive the nightly block report. In outlook, all looks normal (though there is no toggle view button visible). If I view the message in Internet Explorer by viewing the message in Outlook and section actions, view in browser, I see a search looking box at the top that says oggle. Viewing the source in IE, I see: input type=uttonquot; name=ogglequot; value=oggle view?onclick=how=show=none')?'inline':'none');changeview(show);return false;?= title=lick the= button= tosimplifyortoextendtheBlockReportview-requiresjavascripttobeenabledinyourmailclients= html= view?= I posted about this a couple weeks ago, and I know that it's supposed to be a toggle button. The problem is that it's not displaying like that because something is happening causing each html value to have its first letter clipped off. button-utton, toggle-oggle, etc. Any clue as to what could be going on?? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.4 build 15130
Thomas, When you said white and black IP lists, which lists (by name please) are you talking about? I see the whitelistedIP list, but I don't want these allowed emails to contribute to the whitelist or notspam corpus, I just want to give them a bonus score, like senderbase functionality allows. I know I can give a bonus using a bombheaderre, but why not have this also in Senderbase? It keeps this kind of thing in one place. You've already got the new code looking to the hostname, but, if I understand it correctly, that's only if the domain isn't returned by senderbase. What's the downside to just having an or match here to catch a given value in WhiteSenderBase if it appears in the neetwork name, domain name, OR the hostname? Greyhat- I've been using assp since 0.34, back in the John Hanna days. I'm not trying to use senderbase as a single layer. Quite to the contrary, I use senderbase, I believe how it is intended, to help insure that a single layer inaccuracy (say bayesian) will incorrectly block a message. I like that the data comes from Cisco's ironport network, vs simply a reverse DNS to global servers. I'm suggesting what I perceive as an improvement to ASSP for Thomas' consideration. Sometimes its those little things that can make a big difference. One of the things I'm battling is an inaccurate corpus. This isn't ASSP's fault - it's due to my job responsibility having changed several years back, no one else paying attention when there was supposed to be someone, using very old v2 code, and some lousy settings for about 3 years before now. Now that I've convinced the powers that be that this has gotten out of hand, we're back on track and the corpus is improving greatly. Giving senderbase the ability to look down to the hostname would help me - if there's another way, I'm all ears. On Mon, May 11, 2015 at 8:39 AM, Grayhat gray...@gmx.net wrote: :: On Sun, 10 May 2015 22:54:08 -0400 :: CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: example: 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO, cruzio.com, , Y, 19, changedetection.com SO GREAT that it shows the changedetection.com hostname in the analyze gui now, but it's not matching my whitelist, because the domain of cruzio.com takes priority. If only ASSP would look to the hostname as well, regardless of if there's a domain listed, we'd be golden. the purpose for the senderbase queries is different, it's used to find the IP *owner* country (as opposed as the IP country, a big player may use IPs spread all over the globe but be based in country XX) and the owner informations; when it comes to IPs and domain/host names we have DNS lists and URI lists... and sincerely it seems to me that you are missing the inner working of ASSP, see, the code uses a layered check approach where each bit and piece contributes to the scoring; my humble suggestion is to try reading the archives of this list and/or looking at the ASSP source code -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] Annoyance: Toggle view button in block report (not critical)
ASSP appears to be sending this message that is coming over the wire less than perfect. This is NOT the case! Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:55 Betreff:Re: [Assp-test] Annoyance: Toggle view button in block report (not critical) Okay fine, no changes, but if it's hitting me, don't you think it's affecting all Outlook users? Like I said, it's not critical, or even that much of an annoyance, I'm just pointing it out - ASSP appears to be sending this message that is coming over the wire less than perfect. On Mon, May 11, 2015 at 10:19 AM, Thomas Eckardt thomas.ecka...@thockar.com wrote: The APPLE mail client had some similar problems - encoding the BlockReport in to BASE64 (with modify.pm) should solve the problem. There will be no changes to the related code! Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:13 Betreff:[Assp-test] Annoyance: Toggle view button in block report (notcritical) I use outlook to receive the nightly block report. In outlook, all looks normal (though there is no toggle view button visible). If I view the message in Internet Explorer by viewing the message in Outlook and section actions, view in browser, I see a search looking box at the top that says oggle. Viewing the source in IE, I see: input type=uttonquot; name=ogglequot; value=oggle view?onclick=how=show=none')?'inline':'none');changeview(show);return false;?= title=lick the= button= tosimplifyortoextendtheBlockReportview-requiresjavascripttobeenabledinyourmailclients= html= view?= I posted about this a couple weeks ago, and I know that it's supposed to be a toggle button. The problem is that it's not displaying like that because something is happening causing each html value to have its first letter clipped off. button-utton, toggle-oggle, etc. Any clue as to what could be going on?? -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight.
Re: [Assp-test] fixes in assp 2.4.4 build 15130
SenderBase is build for orgs/domains/countries - that's it. I'll not put any host or IP related option in to the SenderBase feature. OK - I understand, you want to give messages coming from specified host's , IP's or IP ranges a positive or negative (let's say) prescore. If such a feature would be integrated, there are two places, where this makes sense. The PenaltyBox - or the IP blocking configuration. I think the PenaltyBox would be the right place. But - and you detected it right - we already have this functionalty in 'bombHeaderRe'. Hmm- bombHeaderRe will not resolve hostnames to IP's - but this is the only (IMHO a minor) disadvantage. The great advantage of bombHeaderRe is the 'NWLI' function, which offers alot of configuration options. This feature request is stored - I'll have to think about it some time. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:53 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 15130 Thomas, When you said white and black IP lists, which lists (by name please) are you talking about? I see the whitelistedIP list, but I don't want these allowed emails to contribute to the whitelist or notspam corpus, I just want to give them a bonus score, like senderbase functionality allows. I know I can give a bonus using a bombheaderre, but why not have this also in Senderbase? It keeps this kind of thing in one place. You've already got the new code looking to the hostname, but, if I understand it correctly, that's only if the domain isn't returned by senderbase. What's the downside to just having an or match here to catch a given value in WhiteSenderBase if it appears in the neetwork name, domain name, OR the hostname? Greyhat- I've been using assp since 0.34, back in the John Hanna days. I'm not trying to use senderbase as a single layer. Quite to the contrary, I use senderbase, I believe how it is intended, to help insure that a single layer inaccuracy (say bayesian) will incorrectly block a message. I like that the data comes from Cisco's ironport network, vs simply a reverse DNS to global servers. I'm suggesting what I perceive as an improvement to ASSP for Thomas' consideration. Sometimes its those little things that can make a big difference. One of the things I'm battling is an inaccurate corpus. This isn't ASSP's fault - it's due to my job responsibility having changed several years back, no one else paying attention when there was supposed to be someone, using very old v2 code, and some lousy settings for about 3 years before now. Now that I've convinced the powers that be that this has gotten out of hand, we're back on track and the corpus is improving greatly. Giving senderbase the ability to look down to the hostname would help me - if there's another way, I'm all ears. On Mon, May 11, 2015 at 8:39 AM, Grayhat gray...@gmx.net wrote: :: On Sun, 10 May 2015 22:54:08 -0400 :: CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: example: 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO, cruzio.com, , Y, 19, changedetection.com SO GREAT that it shows the changedetection.com hostname in the analyze gui now, but it's not matching my whitelist, because the domain of cruzio.com takes priority. If only ASSP would look to the hostname as well, regardless of if there's a domain listed, we'd be golden. the purpose for the senderbase queries is different, it's used to find the IP *owner* country (as opposed as the IP country, a big player may use IPs spread all over the globe but be based in country XX) and the owner informations; when it comes to IPs and domain/host names we have DNS lists and URI lists... and sincerely it seems to me that you are missing the inner working of ASSP, see, the code uses a layered check approach where each bit and piece contributes to the scoring; my humble suggestion is to try reading the archives of this list and/or looking at the ASSP source code -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with
Re: [Assp-test] fixes in assp 2.4.4 build 15130
I believe how it is intended, to help insure that a single layer inaccuracy (say bayesian) will incorrectly block a message. IMHO it is a wrong approch of an assp-admin, to try to manage the detection behavior of assp using the hundreds available exception lists. Exceptions should be set as general as possible - less could be more. It is better to spend some more time in corpus maintenance and enduser workshops (BlockReporting + reporting spam/ham + personal black/white). The self learning algorythm of assp V2 is one of the best. It learns just in time within some seconds or minutes, without the need of a complete rebuildspamdb. Inceasing the privacy level (Bayes,HMM, ...) increases the detection correctness to an amazing high level. It is better to let spam through - and give the decision in hand of the endusers, than try to manage hand made exceptions for them. As a admin prevent massive spam attacks , manage the well known WHITE and the well known BLACK - everything inbeween should be managed by the endusers. If endusers are not willing , include them in allSpamLovers ( ccSpam is also a nice feature :):):)) and let them feel what SPAM is. Thomas Von:K Post nntp.p...@gmail.com An: ASSP development mailing list assp-test@lists.sourceforge.net Datum: 11.05.2015 16:53 Betreff:Re: [Assp-test] fixes in assp 2.4.4 build 15130 Thomas, When you said white and black IP lists, which lists (by name please) are you talking about? I see the whitelistedIP list, but I don't want these allowed emails to contribute to the whitelist or notspam corpus, I just want to give them a bonus score, like senderbase functionality allows. I know I can give a bonus using a bombheaderre, but why not have this also in Senderbase? It keeps this kind of thing in one place. You've already got the new code looking to the hostname, but, if I understand it correctly, that's only if the domain isn't returned by senderbase. What's the downside to just having an or match here to catch a given value in WhiteSenderBase if it appears in the neetwork name, domain name, OR the hostname? Greyhat- I've been using assp since 0.34, back in the John Hanna days. I'm not trying to use senderbase as a single layer. Quite to the contrary, I use senderbase, I believe how it is intended, to help insure that a single layer inaccuracy (say bayesian) will incorrectly block a message. I like that the data comes from Cisco's ironport network, vs simply a reverse DNS to global servers. I'm suggesting what I perceive as an improvement to ASSP for Thomas' consideration. Sometimes its those little things that can make a big difference. One of the things I'm battling is an inaccurate corpus. This isn't ASSP's fault - it's due to my job responsibility having changed several years back, no one else paying attention when there was supposed to be someone, using very old v2 code, and some lousy settings for about 3 years before now. Now that I've convinced the powers that be that this has gotten out of hand, we're back on track and the corpus is improving greatly. Giving senderbase the ability to look down to the hostname would help me - if there's another way, I'm all ears. On Mon, May 11, 2015 at 8:39 AM, Grayhat gray...@gmx.net wrote: :: On Sun, 10 May 2015 22:54:08 -0400 :: CALhpkAkJ83fODX8sO9h8EHYrs6Ev=oozgitp7zngrqqznkb...@mail.gmail.com :: K Post nntp.p...@gmail.com wrote: example: 63.249.66.210 SenderBase: status=not classified, data=US, CRUZIO, cruzio.com, , Y, 19, changedetection.com SO GREAT that it shows the changedetection.com hostname in the analyze gui now, but it's not matching my whitelist, because the domain of cruzio.com takes priority. If only ASSP would look to the hostname as well, regardless of if there's a domain listed, we'd be golden. the purpose for the senderbase queries is different, it's used to find the IP *owner* country (as opposed as the IP country, a big player may use IPs spread all over the globe but be based in country XX) and the owner informations; when it comes to IPs and domain/host names we have DNS lists and URI lists... and sincerely it seems to me that you are missing the inner working of ASSP, see, the code uses a layered check approach where each bit and piece contributes to the scoring; my humble suggestion is to try reading the archives of this list and/or looking at the ASSP source code -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Assp-test mailing list Assp-test@lists.sourceforge.net
