[Assp-test] Ver 24615313
Started the latest version up, didn't change anything, and I couldn't receive outside mail. Looked like the connection was made and then it just sat there doing nothing. Had to go back to 24615303 and it's fine. Not sure whats up. Nov-09-2015 09:24:27 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:27 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:27 Connected: session:4018E7B4 195.245.231.135:19028 > 66.116.62.136:25 > 66.116.62.136:2140 > 66.116.62.136:125 , 47-48 Nov-09-2015 09:24:27 195.245.231.135 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:27 -0600 Nov-09-2015 09:24:28 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:28 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:28 Connected: session:40A530B4 193.109.254.103:54543 > 66.116.62.136:25 > 66.116.62.136:2141 > 66.116.62.136:125 , 53-54 Nov-09-2015 09:24:28 193.109.254.103 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:28 -0600 Nov-09-2015 09:24:31 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:31 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:31 Connected: session:404F129C 195.245.231.135:18126 > 66.116.62.136:25 > 66.116.62.136:2142 > 66.116.62.136:125 , 55-56 Nov-09-2015 09:24:31 195.245.231.135 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:31 -0600 Nov-09-2015 09:24:36 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:36 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:36 Connected: session:4086B3D4 195.245.230.39:8765 > 66.116.62.136:25 > 66.116.62.136:2143 > 66.116.62.136:125 , 57-58 Nov-09-2015 09:24:36 195.245.230.39 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:36 -0600 Nov-09-2015 09:24:36 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:36 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:36 Connected: session:362CC154 195.245.230.39:47340 > 66.116.62.136:25 > 66.116.62.136:2144 > 66.116.62.136:125 , 59-60 Nov-09-2015 09:24:36 195.245.230.39 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:36 -0600 Nov-09-2015 09:24:37 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:37 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:37 Connected: session:4052820C 193.109.254.103:35584 > 66.116.62.136:25 > 66.116.62.136:2145 > 66.116.62.136:125 , 61-62 Nov-09-2015 09:24:37 193.109.254.103 [SMTP Reply] 220 mail2.grainsystems.com ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:37 -0600 Nov-09-2015 09:24:40 Info: try to connect to server at 66.116.62.136:125 Nov-09-2015 09:24:40 Info: connected to server at 66.116.62.136:125 Nov-09-2015 09:24:40 Connected: session:40A5339C 195.245.230.39:31816 > 66.116.62.136:25 > 66.116.62.136:2146 > 66.116.62.136:125 , 63-64 -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.3...@gmx.net> :: Grayhatwrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) hmmm... maybe I'm wrong, but after a quick eyeball at the code it sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts while, to be effective it should work with *successful* ones so that, if a given user account gets successful authentication from a number of different IPs in less than a given time T, then we could assume that the account got compromised and is being abused by bots, but the above makes sense only if the check is performed on *valid* auth not on errors -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
[Assp-test] fixes in assp 2.4.6 build 15314
Hi all fixed in assp 2.4.6 build 15314: - a typo caused an exception "unknown subroutine cleancacheAUTHIP" in worker 1 Thomas DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
>sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts No - the frequency is checked after the user name is known. Thomas Von:GrayhatAn: assp-test@lists.sourceforge.net Datum: 09.11.2015 16:57 Betreff:Re: [Assp-test] fixes in assp 2.4.6 build 15312 :: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.3...@gmx.net> :: Grayhat wrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) hmmm... maybe I'm wrong, but after a quick eyeball at the code it sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth attempts while, to be effective it should work with *successful* ones so that, if a given user account gets successful authentication from a number of different IPs in less than a given time T, then we could assume that the account got compromised and is being abused by bots, but the above makes sense only if the check is performed on *valid* auth not on errors -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: *** This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *** -- ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Sun, 8 Nov 2015 12:09:34 -0500 :::: Scott MacLean wrote: > This sounds like a great feature, but as soon as I turned it on (I > used 3 600), EVERY user attempting to send email, even those > connecting for the first time (including myself) were blocked with a > 4.7.1, and subsequent attempts got them added to PBBlack as well. I > had to turn it off and clean out recent entries to PBBlack to get > things back on track. well, at least it works, doesn't it :D ? No, ok, seriously, sounds like Thomas fixed it with #15313; as for the feature, the idea is to attempt protecting the mail system from bots attempting to abuse stolen credentials to pump out spam; ASSP already has a rate limiter which helps detecting "mass mailing", slowing them down and alerting the admin but, till now, ASSP had no way to deal with a flock of bots with a bunch of different IPs authenticating using some stolen credentials and sending (say) 1 or 2 messages each; both issues can now be taken care of using the new feature :) -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
Re: [Assp-test] fixes in assp 2.4.6 build 15312
:: On Mon, 9 Nov 2015 12:36:00 +0100 :: <20151109123600.3...@gmx.net> :: Grayhatwrote: > No, ok, seriously, sounds like Thomas fixed it with #15313; as for the > feature, the idea is to attempt protecting the mail system from bots > attempting to abuse stolen credentials to pump out spam; ASSP already > has a rate limiter which helps detecting "mass mailing", slowing them > down and alerting the admin but, till now, ASSP had no way to deal > with a flock of bots with a bunch of different IPs authenticating > using some stolen credentials and sending (say) 1 or 2 messages each; > both issues can now be taken care of using the new feature :) forgot, as for the notify, one may want to add the following to the "NotifyRe" warning: too many recipients too many authentication attempts to get notifications for both the rate limiter *and* the new auth IP checker, this could allow mail admins to be quickly alerted about possible outbound spamruns and/or compromised accounts -- Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140 ___ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test