date:20151109

[Assp-test] Ver 24615313

2015-11-09 Thread Harley_1955

Started the latest version up, didn't change anything, and I couldn't receive 
outside mail. Looked like the connection was made and then it just sat there 
doing nothing. Had to go back to 24615303 and it's fine. Not sure whats up.


Nov-09-2015 09:24:27 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:27 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:27 Connected: session:4018E7B4 195.245.231.135:19028 > 
66.116.62.136:25 > 66.116.62.136:2140 > 66.116.62.136:125 , 47-48
Nov-09-2015 09:24:27 195.245.231.135 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:27 -0600
Nov-09-2015 09:24:28 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:28 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:28 Connected: session:40A530B4 193.109.254.103:54543 > 
66.116.62.136:25 > 66.116.62.136:2141 > 66.116.62.136:125 , 53-54
Nov-09-2015 09:24:28 193.109.254.103 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:28 -0600
Nov-09-2015 09:24:31 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:31 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:31 Connected: session:404F129C 195.245.231.135:18126 > 
66.116.62.136:25 > 66.116.62.136:2142 > 66.116.62.136:125 , 55-56
Nov-09-2015 09:24:31 195.245.231.135 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:31 -0600
Nov-09-2015 09:24:36 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:36 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:36 Connected: session:4086B3D4 195.245.230.39:8765 > 
66.116.62.136:25 > 66.116.62.136:2143 > 66.116.62.136:125 , 57-58
Nov-09-2015 09:24:36 195.245.230.39 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:36 -0600
Nov-09-2015 09:24:36 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:36 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:36 Connected: session:362CC154 195.245.230.39:47340 > 
66.116.62.136:25 > 66.116.62.136:2144 > 66.116.62.136:125 , 59-60
Nov-09-2015 09:24:36 195.245.230.39 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:36 -0600
Nov-09-2015 09:24:37 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:37 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:37 Connected: session:4052820C 193.109.254.103:35584 > 
66.116.62.136:25 > 66.116.62.136:2145 > 66.116.62.136:125 , 61-62
Nov-09-2015 09:24:37 193.109.254.103 [SMTP Reply] 220 mail2.grainsystems.com 
ESMTP Merak 5.5.7; Mon, 09 Nov 2015 09:24:37 -0600
Nov-09-2015 09:24:40 Info: try to connect to server at 66.116.62.136:125
Nov-09-2015 09:24:40 Info: connected to server at 66.116.62.136:125
Nov-09-2015 09:24:40 Connected: session:40A5339C 195.245.230.39:31816 > 
66.116.62.136:25 > 66.116.62.136:2146 > 66.116.62.136:125 , 63-64

--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.6 build 15312

2015-11-09 Thread Grayhat

:: On Mon, 9 Nov 2015 12:36:00 +0100
:: <20151109123600.3...@gmx.net>
:: Grayhat  wrote:

> No, ok, seriously, sounds like Thomas fixed it with #15313; as for the
> feature, the idea is to attempt protecting the mail system from bots
> attempting to abuse stolen credentials to pump out spam; ASSP already
> has a rate limiter which helps detecting "mass mailing", slowing them
> down and alerting the admin but, till now, ASSP had no way to deal
> with a flock of bots with a bunch of different IPs authenticating
> using some stolen credentials and sending (say) 1 or 2 messages each;
> both issues can now be taken care of using the new feature :)

hmmm... maybe I'm wrong, but after a quick eyeball at the code it
sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth
attempts while, to be effective it should work with *successful* ones
so that, if a given user account gets successful authentication from a
number of different IPs in less than a given time T, then we could
assume that the account got compromised and is being abused by bots,
but the above makes sense only if the check is performed on *valid*
auth not on errors

--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] fixes in assp 2.4.6 build 15314

2015-11-09 Thread Thomas Eckardt

Hi all

fixed in assp 2.4.6 build 15314:

- a typo caused an exception "unknown subroutine cleancacheAUTHIP" in 
worker 1

Thomas


DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
***

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.6 build 15312

2015-11-09 Thread Thomas Eckardt

>sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth
attempts

No - the frequency is checked after the user name is known.

Thomas




Von:Grayhat 
An: assp-test@lists.sourceforge.net
Datum:  09.11.2015 16:57
Betreff:Re: [Assp-test] fixes in assp 2.4.6 build 15312



:: On Mon, 9 Nov 2015 12:36:00 +0100
:: <20151109123600.3...@gmx.net>
:: Grayhat  wrote:


> No, ok, seriously, sounds like Thomas fixed it with #15313; as for the
> feature, the idea is to attempt protecting the mail system from bots
> attempting to abuse stolen credentials to pump out spam; ASSP already
> has a rate limiter which helps detecting "mass mailing", slowing them
> down and alerting the admin but, till now, ASSP had no way to deal
> with a flock of bots with a bunch of different IPs authenticating
> using some stolen credentials and sending (say) 1 or 2 messages each;
> both issues can now be taken care of using the new feature :)

hmmm... maybe I'm wrong, but after a quick eyeball at the code it
sounds like the "$AUTHUserIPfrequency" only works with *FAILED* auth
attempts while, to be effective it should work with *successful* ones
so that, if a given user account gets successful authentication from a
number of different IPs in less than a given time T, then we could
assume that the account got compromised and is being abused by bots,
but the above makes sense only if the check is performed on *valid*
auth not on errors



--
Presto, an open source distributed SQL query engine for big data, 
initially
developed by Facebook, enables you to easily query your data on Hadoop in 
a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
***

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.6 build 15312

2015-11-09 Thread Grayhat

:: On Sun, 8 Nov 2015 12:09:34 -0500
:: 
:: Scott MacLean  wrote:

> This sounds like a great feature, but as soon as I turned it on (I
> used 3 600), EVERY user attempting to send email, even those
> connecting for the first time (including myself) were blocked with a
> 4.7.1, and subsequent attempts got them added to PBBlack as well. I
> had to turn it off and clean out recent entries to PBBlack to get
> things back on track.

well, at least it works, doesn't it :D ?

No, ok, seriously, sounds like Thomas fixed it with #15313; as for the
feature, the idea is to attempt protecting the mail system from bots
attempting to abuse stolen credentials to pump out spam; ASSP already
has a rate limiter which helps detecting "mass mailing", slowing them
down and alerting the admin but, till now, ASSP had no way to deal with
a flock of bots with a bunch of different IPs authenticating using some
stolen credentials and sending (say) 1 or 2 messages each; both issues
can now be taken care of using the new feature :)


--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.4.6 build 15312

2015-11-09 Thread Grayhat

:: On Mon, 9 Nov 2015 12:36:00 +0100
:: <20151109123600.3...@gmx.net>
:: Grayhat  wrote:

> No, ok, seriously, sounds like Thomas fixed it with #15313; as for the
> feature, the idea is to attempt protecting the mail system from bots
> attempting to abuse stolen credentials to pump out spam; ASSP already
> has a rate limiter which helps detecting "mass mailing", slowing them
> down and alerting the admin but, till now, ASSP had no way to deal
> with a flock of bots with a bunch of different IPs authenticating
> using some stolen credentials and sending (say) 1 or 2 messages each;
> both issues can now be taken care of using the new feature :)

forgot, as for the notify, one may want to add the following to the
"NotifyRe"

warning: too many recipients
too many authentication attempts

to get notifications for both the rate limiter *and* the new auth IP
checker, this could allow mail admins to be quickly alerted about
possible outbound spamruns and/or compromised accounts


--
Presto, an open source distributed SQL query engine for big data, initially
developed by Facebook, enables you to easily query your data on Hadoop in a 
more interactive manner. Teradata is also now providing full enterprise
support for Presto. Download a free open source copy now.
http://pubads.g.doubleclick.net/gampad/clk?id=250295911=/4140
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Ver 24615313

Re: [Assp-test] fixes in assp 2.4.6 build 15312

[Assp-test] fixes in assp 2.4.6 build 15314

Re: [Assp-test] fixes in assp 2.4.6 build 15312

Re: [Assp-test] fixes in assp 2.4.6 build 15312

Re: [Assp-test] fixes in assp 2.4.6 build 15312

6 matches

Site Navigation

Mail list logo

Footer information