from:"Dirk Kulmsee"

[Assp-test] Update: Problem with wrongfully found invalid HELO

2023-12-26 Thread Dirk Kulmsee

When I set InvalidHeloRe completely empty, the message got through. Hopefully 
this was a one time problem. Still I don't understand it.

Best regards
Dirk


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Problem with wrongfully found invalid HELO

2023-12-22 Thread Dirk Kulmsee

Hi everyone,
today I have a problem with a wrongly found invalid helo that I simply don't 
understand.
I am running ASSP 2.8.2 build 23331 on Debian with Perl 5.36.

Problem as shown in the log:
Dec 22 14:32:12 localhost assp.pl[2858510]: [Worker_1] Connected: 
session:7FF7303B3310 87.191.147.111:21660 > 192.168.3.201:25 > 127.0.0.1:125
Dec 22 14:32:12 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 
Message-Score: added 10 (ihValencePB) for InvalidHELO, total score for this 
message is now 10
Dec 22 14:32:12 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 info: 
found invalid helo 'mail.kreuser-jansen.de' - is immediatly blocked by 
invalidHeloRe
Dec 22 14:32:12 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 [SMTP 
Error] 554 5.7.1 the connection is rejected - bad host identity detected
Dec 22 14:32:12 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 info: 
start damping on closing connection (10 s)
Dec 22 14:32:21 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 info: 
PB-IP-Score for '87.191.147.111' is 10, added 10 in this session
Dec 22 14:32:21 localhost assp.pl[2858510]: [Worker_1] 87.191.147.111 
disconnected: session:7FF7303B3310 87.191.147.111 - processing time 10 seconds

My settings are:
noHelo:=127.0.0.0/8|::1|192.168.3.|87.230.61.193|85.13.140.50|87.191.147.111
invalidHeloRe:=ylmf-pc|User|localhost 
and I included mail.kreuser-jansen.de in file:files/heloBlacklistIgnore

I cannot see why this IP / HELO gets penalized. MXToolbox or Spamhaus would not 
complain. Any ideas how to dig deeper or how to avoid it?

best regards
Dirk


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Where is 'blacklisted.txt' file? (EmailBlackAdd)

2022-01-24 Thread Dirk Kulmsee

Hi James,
that filename is not a law of nature. You can choose it to your liking. In my 
case the file is called "files/blackdomains.txt". A mouseover on the variable 
"blackListedDomains" in the explanation text for EmailBlackAdd should show 
_your_ current value.

Regards 
Dirk

Von: James Brown via Assp-test  
Gesendet: Dienstag, 25. Januar 2022 04:10
An: ASSP development mailing list 
Cc: James Brown 
Betreff: [Assp-test] Where is 'blacklisted.txt' file? (EmailBlackAdd)

I don’t have this file in Reports or Files, and can’t find it on SourceForge.

Add to BlackListed Addresses (EmailBlackAdd)

Any mail sent by local/authenticated users to this username will be interpreted 
as a request to add the sender address to the blackListedDomains addresses. 
Only the users defined in EmailAdmins and EmailAdminReportsTo are able to 
request an addition. Do not put the full address here, just the user part.
For example: assp-black. To use this option, you have to configure 
blackListedDomains with "file:..." for example "file:files/blacklisted.txt” !

Where can I get a copy of this file? Has it changed its name to something else?

Thanks,

James.



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] [CANCELLED] Timeout for 3rd DNS?

2022-01-01 Thread Dirk Kulmsee

Nice idea Thomas, but I'm afraid this does not fit my setup. ASSP is just a
VM on the internal network. One IP, one default gateway. It is the internet
router that is dual-homed. 

In the meantime I did a tcpdump and found proof for the "funny" things I
described before:
If I do a DNS query on the command line with "dig", I see a network packet
going out and an answer packet coming back.
If I watch the tcpdump while ASSP does its regular query for DNS checking
(once a minute) I see a network packet going out, but no answer packet
coming back:

Manual DNS query:
12:53:34.550204 IP 192.168.3.201.48836 > 80.69.100.198.53: 19486+ [1au] A?
sourceforge.net. (56)
12:53:34.570496 IP 80.69.100.198.53 > 192.168.3.201.48836: 19486 1/0/0 A
204.68.111.105 (64)

Automatic query by ASSP:
12:53:45.181187 IP 192.168.3.201.53872 > 80.69.100.198.53: 50213+ A?
sourceforge.net. (33)
12:54:45.223403 IP 192.168.3.201.39858 > 80.69.100.198.53: 4629+ A?
sourceforge.net. (33)

Does anyone have an idea what the difference between the two queries might
be?

Thanks 
Dirk

Von: Thomas Eckardt  
Gesendet: Samstag, 1. Januar 2022 08:05
An: ASSP development mailing list 
Betreff: Re: [Assp-test] [CANCELLED] Timeout for 3rd DNS?

>(two internet uplinks) 
It may be possible that you need to setuo 'dnsLocalIPAddress' on a
multihomed system! 

Thomas 







Von:        "Dirk Kulmsee" <mailto:d.kulm...@netgroup.de> 
An:        "'ASSP development mailing list'"
<mailto:assp-test@lists.sourceforge.net> 
Datum:        31.12.2021 19:49 
Betreff:        Re: [Assp-test] [CANCELLED] Timeout for 3rd DNS? 




I think I need to cancel this thread. I can not confirm that the problem is
with ASSP. We have a dual-homed system here (two internet uplinks) and the
problem appears to be _somehow_ related to that. I still need to find the
root cause, but currently I think it is not ASSP.

Sorry for the noise.
Regards
Dirk

-Ursprüngliche Nachricht-
Von: Dirk Kulmsee <mailto:d.kulm...@netgroup.de> 
Gesendet: Freitag, 31. Dezember 2021 13:25
An: mailto:assp-test@lists.sourceforge.net
Betreff: [Assp-test] Timeout for 3rd DNS?

Hi everybody,

I'm currently on ASSP 2.6.6. 21351, Linux, Perl 5.32. It looks like I have a
problem with the settings for "DNSServers". 

In the log it always says, that the DNS I put third in DNSServers timed out,
even when I raise the timeout value, but when I do a DNS query from the
console, everything is fine.

Example 1:
DNSServers: 192.168.3.100|217.237.149.205|80.69.100.198=>sourceforge.net

Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Info: Name Server
80.69.100.198: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Warning: Name
Server 80.69.100.198: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.        159     IN      A       204.68.111.105
;; Query time: 16 msec
;; SERVER: 80.69.100.198#53(80.69.100.198)

Example 2:
DNSServers: 192.168.3.100|80.69.100.198|217.237.149.205=>sourceforge.net

Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Info: Name Server
217.237.149.205: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Warning: Name
Server 217.237.149.205: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.        146     IN      A       204.68.111.105
;; Query time: 20 msec
;; SERVER: 217.237.149.205#53(217.237.149.205)

It's not a critical problem for me, because the internal DNS I put in first
place uses the other two as forwarders anyway. Still this does not look
right.

Best regards
Dirk



___
Assp-test mailing list
mailto:Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test



___
Assp-test mailing list
mailto:Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test






DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the 
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!
***



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] [CANCELLED] Timeout for 3rd DNS?

2021-12-31 Thread Dirk Kulmsee

I think I need to cancel this thread. I can not confirm that the problem is
with ASSP. We have a dual-homed system here (two internet uplinks) and the
problem appears to be _somehow_ related to that. I still need to find the
root cause, but currently I think it is not ASSP.

Sorry for the noise.
Regards
Dirk

-Ursprüngliche Nachricht-
Von: Dirk Kulmsee  
Gesendet: Freitag, 31. Dezember 2021 13:25
An: assp-test@lists.sourceforge.net
Betreff: [Assp-test] Timeout for 3rd DNS?

Hi everybody,

I'm currently on ASSP 2.6.6. 21351, Linux, Perl 5.32. It looks like I have a
problem with the settings for "DNSServers". 

In the log it always says, that the DNS I put third in DNSServers timed out,
even when I raise the timeout value, but when I do a DNS query from the
console, everything is fine.

Example 1:
DNSServers: 192.168.3.100|217.237.149.205|80.69.100.198=>sourceforge.net

Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Info: Name Server
80.69.100.198: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Warning: Name
Server 80.69.100.198: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.159 IN  A   204.68.111.105
;; Query time: 16 msec
;; SERVER: 80.69.100.198#53(80.69.100.198)

Example 2:
DNSServers: 192.168.3.100|80.69.100.198|217.237.149.205=>sourceforge.net

Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Info: Name Server
217.237.149.205: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Warning: Name
Server 217.237.149.205: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.146 IN  A   204.68.111.105
;; Query time: 20 msec
;; SERVER: 217.237.149.205#53(217.237.149.205)

It's not a critical problem for me, because the internal DNS I put in first
place uses the other two as forwarders anyway. Still this does not look
right.

Best regards
Dirk



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Timeout for 3rd DNS?

2021-12-31 Thread Dirk Kulmsee

Hi Doug,
what I wrote is just the result from a query like "dig @217.237.149.205
sourceforge.net". I asked the allegedly failing DNS for the IP of
sourceforge.net and got an answer, thus DNS not failing.

Best regards
Dirk

-Ursprüngliche Nachricht-
Von: Doug Lytle  
Gesendet: Freitag, 31. Dezember 2021 15:02
An: assp-test@lists.sourceforge.net
Betreff: Re: [Assp-test] Timeout for 3rd DNS?

On 12/31/21 7:25 AM, Dirk Kulmsee wrote:
> sourceforge.net.146 IN  A   204.68.111.105

Dirk,

As far as I an aware, sourceforge.net does not provide a public DNS.

Doug


___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Timeout for 3rd DNS?

2021-12-31 Thread Dirk Kulmsee

Hi everybody,

I'm currently on ASSP 2.6.6. 21351, Linux, Perl 5.32. It looks like I have a
problem with the settings for "DNSServers". 

In the log it always says, that the DNS I put third in DNSServers timed out,
even when I raise the timeout value, but when I do a DNS query from the
console, everything is fine.

Example 1:
DNSServers: 192.168.3.100|217.237.149.205|80.69.100.198=>sourceforge.net

Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Info: Name Server
80.69.100.198: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:49:39 localhost assp.pl[3738680]: [Worker_1] Warning: Name
Server 80.69.100.198: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.159 IN  A   204.68.111.105
;; Query time: 16 msec
;; SERVER: 80.69.100.198#53(80.69.100.198)

Example 2:
DNSServers: 192.168.3.100|80.69.100.198|217.237.149.205=>sourceforge.net

Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Info: Name Server
217.237.149.205: ResponseTime = 2003 ms for sourceforge.net
Dec 31 12:58:46 localhost assp.pl[290164]: [Worker_1] Warning: Name
Server 217.237.149.205: does not respond or timed out

;; ANSWER SECTION:
sourceforge.net.146 IN  A   204.68.111.105
;; Query time: 20 msec
;; SERVER: 217.237.149.205#53(217.237.149.205)

It's not a critical problem for me, because the internal DNS I put in first
place uses the other two as forwarders anyway. Still this does not look
right.

Best regards
Dirk



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] onlyAUTHHeloRe gets checked repeatedly

2021-11-26 Thread Dirk Kulmsee

Thank you for the quick clarification Thomas. I'm not worried about a few
more log lines. If everything is fine, you should not put too much effort
into cosmetics.

All the best
Dirk

Von: Thomas Eckardt  
Gesendet: Freitag, 26. November 2021 10:14
An: ASSP development mailing list 
Betreff: Re: [Assp-test] onlyAUTHHeloRe gets checked repeatedly

Everything is OK. onlyAUTHHeloRe is checked as part of the internal
'DisableAUTH' check. This has to be done multiple times, if the
 'DisableAUTH'-state was never reached for any reason. 
For now, you can skip the logging using 'noLogLineRe'. 

I'll see, if I can skip the logging - the check itself is required. 

Thomas 



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] onlyAUTHHeloRe gets checked repeatedly

2021-11-25 Thread Dirk Kulmsee

Hi everybody,

I am now running  ASSP 2.6.6 21328 on Linux with Perl 5.32. 

I have set NoAUTHListenPorts for port 25.

My listenPort2 is 587 and I have activated EnforceAUTH for the secondary
listen port.

There is only one external system that should relay through me, so I set
onlyAUTHHeloRe accordingly.

The whole setup works fine, but onlyAUTHHeloRe apparently is checked
numerous times:

 

Nov 25 13:56:00 localhost assp.pl[880887]: [Worker_1] Worker_1 wakes up

Nov 25 13:56:00 localhost assp.pl[880887]: [Worker_1] Info: Worker_1 got
connection from MainThread

Nov 25 13:56:00 localhost assp.pl[880887]: [Worker_1] IP 88.130.20.65
matches debugIP - with 88.130.20.65/32

Nov 25 13:56:00 localhost assp.pl[880887]: [Worker_1] Connected:
session:7F64D1D294D8 88.130.20.65:15079 > 192.168.101.242:587 >
127.0.0.1:125

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] 88.130.20.65 info: got
STARTTLS request from 88.130.20.65

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] [TLS-in] 88.130.20.65
info: authentication - login is used

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] SWL-2012R2-DC matches
SWL-2012R2-DC in onlyAUTHHeloRe

Nov 25 13:56:01 localhost assp.pl[880887]: m1-44961-10616 [Worker_1]
[TLS-in] 88.130.20.65  info: found message size
announcement: 27.93 kByte

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] u...@senderdomain.de
matches u...@senderdomain.de in LocalAddresses_Flat

Nov 25 13:56:01 localhost assp.pl[880887]: [Worker_1] VirusTotal uses direct
HTTP connection

Nov 25 13:56:01 localhost assp.pl[880887]: m1-44961-10616 [Worker_1]
[TLS-in] 88.130.20.65  to: u...@recipientdomain.de
[Plugin] calling plugin ASSP_AFC

Nov 25 13:56:02 localhost assp.pl[880887]: m1-44961-10616 [Worker_1]
[TLS-in] 88.130.20.65  to: u...@recipientdomain.de
info: using user based attachment

[Assp-test] PenaltyExtreme not used?

2021-11-12 Thread Dirk Kulmsee

Hi all,
I'm currently running ASSP 2.6.6. (21306) on Linux with Perl 5.32.
I have set both DoPenaltyExtreme and DoPenaltyExtremeSMTP to "block". My 
ExtremePenaltyTheshold (PenaltyExtreme) is set to 1500.
In the log I see a candidate for extreme treatment, but the log lines do not 
mention the "Extreme" status. 
The following lines show two concurrent connections from the same IP, one ends 
up in damping (Worker_1), the second one gets delayed (Worker_2):

Nov 12 14:02:29 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread got 
connection request
Nov 12 14:02:29 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread 
freed by idle Worker_1 in 0.004 seconds and zero cycles - got (ok)
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Worker_1 wakes up
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: Worker_1 got 
connection from MainThread
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] IP 45.144.225.61 matches 
debugIP - with 45.144.225.61/32
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: try to connect to 
server at 127.0.0.1:125
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Info: connected to server 
at 127.0.0.1:125
Nov 12 14:02:29 localhost assp.pl[446339]: [Worker_1] Connected: 
session:7F0F3C318670 45.144.225.61:42832 > 192.168.101.242:25 > 127.0.0.1:38320 
> 127.0.0.1:125 , 1558-1560
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: sent DNS query for 
'45.144.225.61' type 'PTR' to nameserver 192.168.101.222 ID 22692
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: got valid DNS 
NON-DATA answer 'NXDOMAIN' from nameserver 192.168.101.222 ID 22692
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: 
injected '250-STARTTLS' offer in to EHLO reply
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: send 
'250-STARTTLS' - injected for 127.0.0.1
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] 45.144.225.61 info: 
removed '250-STARTTLS' - it was already injected
Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
[unsupported_AUTH] 45.144.225.61 AUTH not allowed
Nov 12 14:02:30 localhost assp.pl[446339]: [Worker_1] Info: no skip condition 
detected for check: main::AUTHErrorsOK
Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 Message-Score: added 60 (autValencePB) for too many (111) AUTH 
errors from 45.144.225.0, total score for this message is now 60
Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 PB-IP-Score for '45.144.225.61' is 13740, added 60 for AUTHErrors
Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 [SMTP Error] 502 AUTH not supported
Nov 12 14:02:30 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 info: start damping (58 s)
Nov 12 14:02:48 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread got 
connection request
Nov 12 14:02:48 localhost assp.pl[446339]: [Main_Thread] Info: Main_Thread 
freed by idle Worker_2 in 0.006 seconds and zero cycles - got (ok)
Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] Worker_2 wakes up
Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] Info: Worker_2 got 
connection from MainThread
Nov 12 14:02:48 localhost assp.pl[446339]: [Worker_2] IP 45.144.225.61 matches 
debugIP - with 45.144.225.61/32
Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] [SMTP Status] 451 4.7.1 
Please try again later
Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] Delayed ip 45.144.225.61, 
because PBBlack(13740) is higher than DelayIP(500)- last penalty reason was: 
AUTHErrors
Nov 12 14:02:49 localhost assp.pl[446339]: [Worker_2] Worker_2 will sleep now
Nov 12 14:03:29 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 info: damping - stolen 58 seconds
Nov 12 14:04:26 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 info: PB-IP-Score for '45.144.225.61' is 13740, added 60 in this 
session
Nov 12 14:04:26 localhost assp.pl[446339]: m1-22150-05202 [Worker_1] 
45.144.225.61 disconnected: session:7F0F3C318670 45.144.225.61 - command list 
was 'EHLO,RSET,AUTH,QUIT' - used 4 SocketCalls - processing time 117 seconds - 
damped 116 seconds
Nov 12 14:04:26 localhost assp.pl[446339]: [Worker_1] Worker_1 will sleep now

Why the different behaviour on these two connections? And shouldn't there be 
log lines, that refer to the IP score beyond PenaltyExtreme?
I'm curious what I did wrong this time 

Best regards
Dirk



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Addition: Mail wrongly scored for dialup IP

2021-06-28 Thread Dirk Kulmsee

Sorry guys,

in my post I left out the ASSP details: It's 2.6.6 build 21168 running on
Debian with Perl 5.28

 

Von: Dirk Kulmsee  
Gesendet: Montag, 28. Juni 2021 12:28
An: 'ASSP development mailing list' 
Betreff: [Assp-test] Mail wrongly scored for dialup IP

 

Hi all,

I'm seeing an annoying problem with maybe only one mail server:

the client sits on a dynamic dialup IP and sends a message through a
mailserver via authenticated smtp. When ASSP receives this message, it
scores it for DNSBL. Of course that dialup IP is listed in Spamhaus' PBL.

 

Question: why does ASSP score for the dynamic sender IP, when the mail is
"legalized" by authenticating to the mail server? Is it ASSP's mistake or is
it the mailserver in the middle (Postfix), which maybe should provide yet
another header line?

 

Excerpt from the mail headers (slightly anonymized):

Received: from MEDISTAR (p2e51313d.dip0.t-ipconnect.de
[46.81.49.61])(Authenticated

   sender: ser...@sender.de)by <mailto:ser...@sender.de)by>
mx01.netgroup.de (Postfix) with ESMTPSA

   id BC6202400DBfor mailto:al...@recipient.de> >; Sun, 27 Jun 2021 22:00:13 +0200

   (CEST)

 

Excerpt from ASSP log:

Jun 27 22:00:15 localhost assp.pl[23547]: m1-24014-10318 [Worker_1] [TLS-in]
81.209.171.97 [OIP: 46.81.49.61] mailto:ser...@server.de>
> to: al...@recipient.de <mailto:al...@recipient.de>  Message-Score: added
50 for DNSBL: failed, 46.81.49.61 listed in zen.spamhaus.org, total score
for this message is now 50

 

Thanks for thinking

Regards

Dirk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Mail wrongly scored for dialup IP

2021-06-28 Thread Dirk Kulmsee

Hi all,

I'm seeing an annoying problem with maybe only one mail server:

the client sits on a dynamic dialup IP and sends a message through a
mailserver via authenticated smtp. When ASSP receives this message, it
scores it for DNSBL. Of course that dialup IP is listed in Spamhaus' PBL.

 

Question: why does ASSP score for the dynamic sender IP, when the mail is
"legalized" by authenticating to the mail server? Is it ASSP's mistake or is
it the mailserver in the middle (Postfix), which maybe should provide yet
another header line?

 

Excerpt from the mail headers (slightly anonymized):

Received: from MEDISTAR (p2e51313d.dip0.t-ipconnect.de
[46.81.49.61])(Authenticated

   sender: ser...@sender.de)by mx01.netgroup.de (Postfix) with
ESMTPSA

   id BC6202400DBfor ; Sun, 27 Jun 2021
22:00:13 +0200

   (CEST)

 

Excerpt from ASSP log:

Jun 27 22:00:15 localhost assp.pl[23547]: m1-24014-10318 [Worker_1] [TLS-in]
81.209.171.97 [OIP: 46.81.49.61]  to: al...@recipient.de
Message-Score: added 50 for DNSBL: failed, 46.81.49.61 listed in
zen.spamhaus.org, total score for this message is now 50

 

Thanks for thinking

Regards

Dirk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Feature Reqiest: Customizing more of the 554 5.7.1 error messages in rejections

2021-05-05 Thread Dirk Kulmsee

Hi Ken,

 

I understand you care for legitimate senders. Whenever my mail gets rejected 
I’m all on your side and I want to know why. On the other hand: wouldn’t 
precise explanations of the rejection train the spammers by telling them what 
to adjust?

 

Regards

Dirk

 

 

Von: K Post  
Gesendet: Mittwoch, 5. Mai 2021 17:13
An: ASSP development mailing list 
Betreff: [Assp-test] Feature Reqiest: Customizing more of the 554 5.7.1 error 
messages in rejections

 

 

Thomas,

First,  as requested, I've tried to change the way I generally ask for 
features.  I hope this is better, helpful, and fully explains my reasoning.

 

Just like we can customize the spamError, DelayError, NoValidRecipient, and 
other reasons that appear in rejection/delay messages to the sender, I believe 
it would be valuable to have additional optional settings to customize 
rejection messages in ASSP.  This would help legitimate senders who are 
erroneously rejected reach out to their IT for the following reasons:

 

554 5.7.1 Extreme Bad IP Profile

554 5.7.1 too many different IP's for domain (domain)

554 5.7.1 too frequent connections for (ip)

554 5.7.1 too frequent connections for originated IP-address (ip)

554 5.7.1 too many mails with same subject

 

there's also 521 transmission terminated, but I've never encountered that.

 

My top priority is the Extreme Bad IP Profile message.  Here's why:

We've seen several schools that our charity work with get IP blocked by ASSP 
recently, and rightfully so.  But there's legitimate senders too using the same 
IP space. That then gets our charity calls from the students asking what 
Extreme Bad IP Profile is (to which our well intentioned but non-technical 
volunteers obviously have no idea).  

 

Having a message like:

554 5.7.1 Your message was rejected due to your server's reputation.  Please 
work with your local email administrator to resolve this issue.  [Mail 
administrator: Your sender IP is on our blocklist due to previously observed 
bad activity.]

would be more clear to the sender, and they'd know to get their IT involved.  
If their IT calls us, so be it.

 

Even better would be to put the IP address and sender domain into the already 
variable message, but that's probably more coding work than it's worth.

 

I tried my hand at editing ASSP code (breaking the code signature) on a test 
server to make it so that we can optionally customize the error messages 
returned for some of the rejected mails.  Something's not right with the way 
the GUI prompts for the info, but I think my concept is solid, there should be 
no sweat for a perl pro to modify the code, and I believe it would be a widely 
valuable change.  If you'll only consider this request if I first get it 
working, I will press along, but I feel like you'll hate my sloppy code and 
will need to rework it anyway.

 

 

To accomplish what I'm asking for, I believe ASSP would need to be modified to 
have optional configuration entries in the GUI for each of the above 554 error 
scenarios.

 

Then everywhere that there are lines like

seterror( $fh, "554 5.7.1 Extreme Bad IP Profile", 1 );

(which is only 7 554 locations that aren't customizable already)

 

We'd need something like the logic that is already used for delayed messages:

if ($DelayError) {

 

$reply = $DelayError."\r\n";

} else {

$reply = "451 4.7.1 Please try again later\r\n";

}

 

so something like

 

if ($ExtremeBadIPProfileErrorMessage) {
$reply = $ExtremeBadIPProfileErrorMessage ."\r\n";
} else {
$reply = "451 4.7.1 Extreme Bad IP Profile \r\n";
}

 

Do you think that's a good idea, would it be reasonable to enhance the code to 
accomplish this?  This wouldn't impact the globalPB right?

and as importantly, are you happier with the way that I asked this question?

 

Thanks

Ken

 

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] noDMARCReportIP?

2020-10-02 Thread Dirk Kulmsee

Hi all,

in my mail queue I sometimes find a series of DMARC reports which cannot be
delivered to the spammer who caused them:

 

43EC952E6A 2035 Fri Oct  2 00:37:58  postmas...@mydomain.de

   (connect to ecijoven.com[31.220.44.130]:25: Connection
refused)

 ad...@ecijoven.com

 

47A1947827 2017 Fri Oct  2 04:04:28  postmas...@mydomain.de

   (connect to ppobbris.com[31.220.44.130]:25: Connection
refused)

 ad...@ppobbris.com

 

1D8F1468DB 2041 Fri Oct  2 03:04:02  postmas...@mydomain.de

  (connect to iberagree.com[31.220.44.130]:25: Connection
refused)

 ad...@iberagree.com

 

2CCDE46166 2045 Fri Oct  2 02:18:49  postmas...@mydomain.de

  (connect to shchinoff.com[31.220.44.130]:25: Connection
refused)

 ad...@shchinoff.com

 

3F7DC454B1 2007 Fri Oct  2 01:53:39  postmas...@mydomain.de

  (connect to ecomtyoon.com[31.220.44.130]:25: Connection
refused)

 ad...@ecomtyoon.com

 

3DCFE52E87 2013 Fri Oct  2 13:34:57  postmas...@mydomain.de

   (connect to iphstore.com[31.220.44.130]:25: Connection
refused)

 ad...@iphstore.com
 

 

I realize, that while the domain names are random, the destination IP for
these is the same for each message. 

That brings me to the question: would something like "noDMARCReportIP" be
useful, so that the list for noDMARCReportDomain does not grow too long?

(I admit in my case that list has less than 100 entries.)

 

 

Best regards & thank you for your good work

 

Dirk

 

 

 

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] question about statistics (low importance)

2020-07-06 Thread Dirk Kulmsee

Hi everybody,

 

this is not a real problem, but I’m seeing funny statistics in ASSP 2.6.4 
(20182). Look at the counter for „SMTP Connection damping“. Just how did I 
manage to hit 104% of the connections and why is this count higher than the 
total of „SMTP Connections Received“? 

 


General Runtime Information 


ASSP Proxy Uptime: 

5 days 21 hours 19 mins 56 secs   

119 days 20 hours 42 mins   


Messages Processed: 

31788 (5398 per day) 

677022 (5648 per day) 


Non-Local Mail Blocked: 

64.01% 

63.93% 


(no)blocking correctness:
 processed messages in relation to
 reported spam + ham 

100.000% 

99.999% 


CPU Usage:   

0.77% avg 

0.60% avg 


Concurrent SMTP Sessions: 

0 (15 max) 

42 max 


  

since reset   or restart at 2020-06-30 14:01:33 

since reset   at Sun Mar 8 13:38:59 2020 


Totaled Statistics 


SMTP Connections Received: 

47949 

1042302 


SMTP Connections Accepted: 

46619 

988538 


SMTP Connections Rejected: 

1330 

53764 


Envelope Recipients Processed: 

24488 

502684 


Envelope Recipients Accepted: 

10239 

236772 


Envelope Recipients Rejected: 

14249 

265912 


Messages Processed: 

31788 

677022 


Messages Passed: 

12416 

261297 


Messages Rejected: 

19372 

415725 


Admin Connections Received: 

23 

2083 


Admin Connections Accepted: 

23 

2083 


Admin Connections Rejected: 

0 

0 


Stat Connections Received: 

0 

0 


Stat Connections Accepted: 

0 

0 


Stat Connections Rejected: 

0 

0 


  

since reset   or restart at 2020-06-30 14:01:33 

since reset   at Sun Mar 8 13:38:59 2020 


SMTP Connection Statistics 


Accepted Logged SMTP Connections: 

46619 

988538 


SSL-Port SMTP Connections: 

252 

18825 


STARTTLS SMTP Connections: 

9566 

191325 


Not Logged SMTP Connections: 

0 

0 


SMTP Connection Limits: 

44703 

441337 


Overall Limits: 

0 

0 


By IP Limits: 

36430 

268994 


By Delay on PB: 

8269 

168170 


By AUTH Errors Count: 

4 

1382 


By IP Frequency Limits: 

0 

0 


By Domain IP Limits: 

0 

2791 


By Same Subjects Limits: 

0 

0 


By FakeMX (MX sandwitch): 

0 

0 


SMTP Connections Timeout: 

66 

2025 


SMTP SSL-Port-Connections Timeout: 

5 

143 


SMTP STARTTLS-Connections Timeout: 

22 

548 


Denied SMTP Connections (enforced Extreme): 

1282 

51491 


Denied SMTP Connections (strict): 

48 

2273 


SMTP Connection damping: 

48464 (103.96% avg of accepted connections) 

510218 (51.61% avg of accepted connections) 


stolen time by damping: 

2 days 19 hours 16 mins 42 secs 

58 days 19 hours 1 min 

 

 

Best regards

Dirk

 

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] TLS connections getting stuck (solved)

2019-12-16 Thread Dirk Kulmsee

SSL to localhost is obviously unnecessary. I excluded 127.0.0.1 from TLS and 
first tests tell me everything works fine again. 

Thank you for guiding me. From the logs I couldn’t distinguish whether the 
problem was between the outside world and ASSP or between ASSP and the internal 
mail server.

 

Best regards

Dirk

Von: Thomas Eckardt  
Gesendet: Dienstag, 17. Dezember 2019 06:09
An: ASSP development mailing list 
Betreff: Re: [Assp-test] TLS connections getting stuck

 

The connection to 127.0.0.1:125 (your MTA) stucks in SSL-renegotiation. ASSP as 
a SSL-client does not request a reneg - and your MTA should not. 
Why you use a SSL-connection for localhost? Does this make sense? 

Thomas





Von:"Dirk Kulmsee" mailto:d.kulm...@netgroup.de> > 
An:"'ASSP development mailing list'" mailto:assp-test@lists.sourceforge.net> > 
Datum:16.12.2019 20:51 
Betreff:Re: [Assp-test] TLS connections getting stuck 

  _  

 

Additional info: the two test messages that went into timeout finally were 
delivered. One had a delay of 53 minutes, the second one almost 6 hours. I 
don’t see a pattern.

 

Von: Dirk Kulmsee mailto:d.kulm...@netgroup.de> > 
Gesendet: Montag, 16. Dezember 2019 14:17
An: 'ASSP development mailing list' mailto:assp-test@lists.sourceforge.net> >
Betreff: Re: [Assp-test] TLS connections getting stuck

 

Thanks for your quick reply Thomas,

ConTimeOutDebug was already switched on. Now I additionally set connections 
logging to diagnostic. Then I sent 3 identical mails with only one word of text 
from gmx.de for testing, 1 got through immediately, the other 2 timed out. The 
timeout appears during SSL renegotiation. Here is one working and one failing 
example:

 

--- Working example --

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Worker_1 wakes up

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: Worker_1 got 
connection from MainThread

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: try to connect to 
server at 127.0.0.1:125

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: connected to server 
at 127.0.0.1:125

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Connected: 
session:5620A0F072B8 212.227.15.15:50033 > 192.168.12.242:25 > 127.0.0.1:46818 
> 127.0.0.1:125 , 771-772

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 Disabled 
SMTP AUTH for External IPs

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info: 
injected '250-STARTTLS' offer in to EHLO reply

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info: send 
'250-STARTTLS' - injected for 127.0.0.1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info: 
removed '250-STARTTLS' - it was already injected

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info: got 
STARTTLS request from 212.227.15.15

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1030: starting sslifying

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> 1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1125: handshake done, socket ready

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] 212.227.15.15 
info: started TLS-SSL session for client 212.227.15.15 - using TLSv1_2 , 
ECDHE-RSA-AES128-GCM-SHA256

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:757: ssl handshake not started

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:802: not using SNI because hostname is unknown

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:3093: get_session(127.0.0.1:125) -> none

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:850: set socket to non-blocking to enforce timeout=5

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:863: call Net::SSLeay::connect

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> 1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG: 
.../IO/Socket/SSL.pm:921: ssl handshake done

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out] info: 
started TLS-SSL session for server

Re: [Assp-test] TLS connections getting stuck

2019-12-16 Thread Dirk Kulmsee

Additional info: the two test messages that went into timeout finally were
delivered. One had a delay of 53 minutes, the second one almost 6 hours. I
don't see a pattern.

 

Von: Dirk Kulmsee  
Gesendet: Montag, 16. Dezember 2019 14:17
An: 'ASSP development mailing list' 
Betreff: Re: [Assp-test] TLS connections getting stuck

 

Thanks for your quick reply Thomas,

ConTimeOutDebug was already switched on. Now I additionally set connections
logging to diagnostic. Then I sent 3 identical mails with only one word of
text from gmx.de for testing, 1 got through immediately, the other 2 timed
out. The timeout appears during SSL renegotiation. Here is one working and
one failing example:

 

--- Working example --

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Worker_1 wakes up

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: Worker_1 got
connection from MainThread

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: try to connect
to server at 127.0.0.1:125

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Info: connected to
server at 127.0.0.1:125

Dec 16 13:33:39 localhost assp.pl[115465]: [Worker_1] Connected:
session:5620A0F072B8 212.227.15.15:50033 > 192.168.12.242:25 >
127.0.0.1:46818 > 127.0.0.1:125 , 771-772

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 Disabled
SMTP AUTH for External IPs

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info:
injected '250-STARTTLS' offer in to EHLO reply

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info:
send '250-STARTTLS' - injected for 127.0.0.1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info:
removed '250-STARTTLS' - it was already injected

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] 212.227.15.15 info:
got STARTTLS request from 212.227.15.15

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1030: starting sslifying

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> 1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1125: handshake done, socket ready

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] 212.227.15.15
info: started TLS-SSL session for client 212.227.15.15 - using TLSv1_2 ,
ECDHE-RSA-AES128-GCM-SHA256

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:757: ssl handshake not started

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:802: not using SNI because hostname is unknown

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:3093: get_session(127.0.0.1:125) -> none

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:850: set socket to non-blocking to enforce timeout=5

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:863: call Net::SSLeay::connect

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> 1

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:921: ssl handshake done

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
info: started TLS-SSL session for server 127.0.0.1 - using TLSv1_3 ,
TLS_AES_256_GCM_SHA384

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:2970: callback session new <127.0.0.1:125>
140333578219488

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:3040: add_session(127.0.0.1:125,140333578219488)

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
info: ssl-read - renegotiation in progress - SSL_WANT_READ

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
info: ssl-read renegotiation finished - recovered from - SSL_WANT_READ

Dec 16 13:33:40 localhost assp.pl[115465]: m1-99620-04635 [Worker_1]
[TLS-in] [TLS-out] 212.227.15.15 mailto:dirk.kulm...@gmx.de> > info: found message size announcement: 2.28
kByte

Dec 16 13:33:40 localhost assp.pl[115465]: m1-99620-04635 [Worker_1]
[TLS-in] [TLS-out] 212.227.15.15 mailto:dirk.kulm...@gmx.de> > Message-Score: added -10 (tlsValencePB) for
SSL-TLS-connection-OK, total score for this message is now -10

Dec 16 13:33:40 localhost assp.pl[115465]: [Worker_1]

Re: [Assp-test] TLS connections getting stuck

2019-12-16 Thread Dirk Kulmsee

arted

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:802: not using SNI because hostname is unknown

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:3093: get_session(127.0.0.1:125) -> none

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:850: set socket to non-blocking to enforce timeout=5

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:863: call Net::SSLeay::connect

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> -1

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:876: ssl handshake in progress

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:886: waiting for fd to become ready: SSL wants a read
first

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:906: socket ready, retrying connect

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:863: call Net::SSLeay::connect

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> 1

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:921: ssl handshake done

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] [TLS-in] [TLS-out]
info: started TLS-SSL session for server 127.0.0.1 - using TLSv1_3 ,
TLS_AES_256_GCM_SHA384

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:2970: callback session new <127.0.0.1:125>
140333266417424

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] SSL-DEBUG:
.../IO/Socket/SSL.pm:3040: add_session(127.0.0.1:125,140333266417424)

Dec 16 13:47:48 localhost assp.pl[115465]: [Worker_3] [TLS-in] [TLS-out]
info: ssl-read - renegotiation in progress - SSL_WANT_READ

Dec 16 13:49:48 localhost assp.pl[115465]: [Worker_3] [TLS-in] [TLS-out]
212.227.17.20 info: no (more) data readable from 212.227.17.20 (connection
closed by peer) - last command was 'EHLO'

Dec 16 13:49:48 localhost assp.pl[115465]: [Worker_3] [TLS-in] [TLS-out]
212.227.17.20 disconnected: session:7FA1E043EC18 212.227.17.20 - command
list was 'EHLO,STARTTLS,EHLO' - used 4 SocketCalls - processing time 120
seconds - damped 0 seconds

--- end timeout example --

 

 

 

Von: Thomas Eckardt  
Gesendet: Montag, 16. Dezember 2019 13:01
An: ASSP development mailing list 
Betreff: Re: [Assp-test] TLS connections getting stuck

 

enable 'ConTimeOutDebug' - the debug logs will show where the communication
stucks 

Thomas





Von:"Dirk Kulmsee" mailto:d.kulm...@netgroup.de> > 
An:"'ASSP development mailing list'"
mailto:assp-test@lists.sourceforge.net> > 
Datum:16.12.2019 12:43 
Betreff:[Assp-test] TLS connections getting stuck 

  _  

 

Hi all,

i am currently using ASSP 2.6.4 19341 on Debian Linux, Perl 5.28

 

For some weeks now I have the problem that many TLS connections time out so
mails are not received or are received after retries with huge delays up to
several days. This happens with several different servers (e.g. from
gmx.net, t-online.de) but it does not always happen. Most mail flows
smoothly. 

I am using an official SSL certificate  (Digicert wildcard), SSL_version and
SSL_cipher_list are set to default. ASSP forwards mail to a Postfix on the
same machine, port 125.

 

Here are some log lines:

 

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Worker_1 wakes up

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Info: Worker_1 got
connection from MainThread

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Connected:
session:7FA1F68F3B30 212.18.1.53:33523 > 192.168.12.242:25 > 127.0.0.1:125

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 Disabled
SMTP AUTH for External IPs

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 info: got
STARTTLS request from 212.18.1.53

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1030: starting sslifying

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> 1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1125: handshake done, socket ready

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 11:54:33 localhost

[Assp-test] TLS connections getting stuck

2019-12-16 Thread Dirk Kulmsee

Hi all,

i am currently using ASSP 2.6.4 19341 on Debian Linux, Perl 5.28

 

For some weeks now I have the problem that many TLS connections time out so
mails are not received or are received after retries with huge delays up to
several days. This happens with several different servers (e.g. from
gmx.net, t-online.de) but it does not always happen. Most mail flows
smoothly. 

I am using an official SSL certificate  (Digicert wildcard), SSL_version and
SSL_cipher_list are set to default. ASSP forwards mail to a Postfix on the
same machine, port 125.

 

Here are some log lines:

 

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Worker_1 wakes up

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Info: Worker_1 got
connection from MainThread

Dec 16 11:54:32 localhost assp.pl[115465]: [Worker_1] Connected:
session:7FA1F68F3B30 212.18.1.53:33523 > 192.168.12.242:25 > 127.0.0.1:125

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 Disabled
SMTP AUTH for External IPs

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] 212.18.1.53 info: got
STARTTLS request from 212.18.1.53

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1030: starting sslifying

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> -1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1077: Net::SSLeay::accept -> 1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1125: handshake done, socket ready

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:1578: start handshake

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:757: ssl handshake not started

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:802: not using SNI because hostname is unknown

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:3093: get_session(127.0.0.1:125) -> none

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:850: set socket to non-blocking to enforce timeout=5

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:863: call Net::SSLeay::connect

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:866: done Net::SSLeay::connect -> 1

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:921: ssl handshake done

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:2970: callback session new <127.0.0.1:125>
140333579019952

Dec 16 11:54:33 localhost assp.pl[115465]: [Worker_1] SSL-DEBUG:
.../IO/Socket/SSL.pm:3040: add_session(127.0.0.1:125,140333579019952)

Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
212.18.1.53 TLS-Connection idle for 180 secs - timeout

Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
212.18.1.53 [SMTP Status] 451 Connection timeout, try later

Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] [TLS-in] [TLS-out]
212.18.1.53 disconnected: session:7FA1F68F3B30 212.18.1.53 - processing time
0 seconds

Dec 16 11:57:44 localhost assp.pl[115465]: [Worker_1] Worker_1 will sleep
now

 

The IP mentioned here ends up in SSL-failed-cache.

 

Any ideas where to look or what to change?

 

Best regards

Dirk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Delaying vs. DoPenaltyExtremeSMTP

2019-04-09 Thread Dirk Kulmsee

I think I better take back the one question about damping. The documentation
clearly says that the MESSAGEscore is used to calculate damping, so score 60
divided by 5 would be 12 s. 
Sorry for partial blindness.
Regards
Dirk

Von: Dirk Kulmsee  
Gesendet: Dienstag, 9. April 2019 12:45
An: assp-test@lists.sourceforge.net
Betreff: [Assp-test] Delaying vs. DoPenaltyExtremeSMTP

Hi all,
I am currently running ASSP 2.6.4 (build 19086) on Linux with Perl 5.28. It
is working fine, but there is some unexpected behaviour.
Some detail:
- I activated DisableExtAUTH
- DoDamping is set to 5, maxDampingTime is set to 30
- DelayIP is set to 500
- DoPenaltyExtremeSMTP and DoPenaltyExtreme are both set to 1 (=block).
- PenaltyExtreme is set to 5000

I would expect ASSP to delay an incoming connection when the corresponding
IP has reached a score of 500 until it reaches the extreme score of 5000. At
that point, the connection would be blocked without further discussion.

Here is what I find in the log (excerpt, grep'ed for the IP):
2019-04-09 11:36:54 [Worker_1] Connected: session:7F5870F12FC0
115.29.197.41:35294 > 192.168.12.242:25 > 127.0.0.1:125
2019-04-09 11:36:54 [Worker_1] 115.29.197.41 Disabled SMTP AUTH for External
IPs
2019-04-09 11:36:56 m1-02615-12116 [Worker_1] [unsupported_AUTH]
115.29.197.41 AUTH not allowed
2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 Message-Score:
added 60 (autValencePB) for too many (20) AUTH errors from 115.29.197.0,
total score for this message is now 60
2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 [SMTP Error] 502
AUTH not supported
2019-04-09 11:36:57 m1-02615-12116 [Worker_1] 115.29.197.41 info: start
damping (12 s)
2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 info:
PB-IP-Score for '115.29.197.41' is 10500, added 60 in this session
2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 disconnected:
session:7F5870F12FC0 115.29.197.41 - processing time 26 seconds
2019-04-09 11:41:24 [Worker_1] Delayed ip 115.29.197.41, because
PBBlack(10500) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

It appears that ASSP still delays the connection, although the IP score is
way beyond the extreme limit. 
It appears, that at least with this IP the damping time does not reach its
configured maximum of 30 seconds. It never gets higher than 12s. (If I
remember correctly damping is done for every SMTP command, maybe that is the
reason?)
Why does the last log line (Delayed ip) pop up several minutes after it says
"disconnected"?
Another detail with logging: I disabled PenaltyUseNetblocks, but the logline
still says "AUTH errors from 115.29.197.0", i.e. the /24 network is logged
instead of the individual IP. This is probably cosmetic.

Looking forward to learning more about ASSP. 
Keep up the good work!

Regards
Dirk



___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Delaying vs. DoPenaltyExtremeSMTP

2019-04-09 Thread Dirk Kulmsee

Hi all,

I am currently running ASSP 2.6.4 (build 19086) on Linux with Perl 5.28. It
is working fine, but there is some unexpected behaviour.

Some detail:

*   I activated DisableExtAUTH
*   DoDamping is set to 5, maxDampingTime is set to 30
*   DelayIP is set to 500
*   DoPenaltyExtremeSMTP and DoPenaltyExtreme are both set to 1
(=block).
*   PenaltyExtreme is set to 5000

 

I would expect ASSP to delay an incoming connection when the corresponding
IP has reached a score of 500 until it reaches the extreme score of 5000. At
that point, the connection would be blocked without further discussion.

 

Here is what I find in the log (excerpt, grep'ed for the IP):



2019-04-09 11:36:54 [Worker_1] Connected: session:7F5870F12FC0
115.29.197.41:35294 > 192.168.12.242:25 > 127.0.0.1:125

2019-04-09 11:36:54 [Worker_1] 115.29.197.41 Disabled SMTP AUTH for External
IPs

2019-04-09 11:36:56 m1-02615-12116 [Worker_1] [unsupported_AUTH]
115.29.197.41 AUTH not allowed

2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 Message-Score:
added 60 (autValencePB) for too many (20) AUTH errors from 115.29.197.0,
total score for this message is now 60

2019-04-09 11:36:56 m1-02615-12116 [Worker_1] 115.29.197.41 [SMTP Error] 502
AUTH not supported

2019-04-09 11:36:57 m1-02615-12116 [Worker_1] 115.29.197.41 info: start
damping (12 s)

2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 info:
PB-IP-Score for '115.29.197.41' is 10500, added 60 in this session

2019-04-09 11:37:20 m1-02615-12116 [Worker_1] 115.29.197.41 disconnected:
session:7F5870F12FC0 115.29.197.41 - processing time 26 seconds

2019-04-09 11:41:24 [Worker_1] Delayed ip 115.29.197.41, because
PBBlack(10500) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

 

It appears that ASSP still delays the connection, although the IP score is
way beyond the extreme limit. 

It appears, that at least with this IP the damping time does not reach its
configured maximum of 30 seconds. It never gets higher than 12s. (If I
remember correctly damping is done for every SMTP command, maybe that is the
reason?)

Why does the last log line (Delayed ip) pop up several minutes after it says
"disconnected"?

Another detail with logging: I disabled PenaltyUseNetblocks, but the logline
still says "AUTH errors from 115.29.197.0", i.e. the /24 network is logged
instead of the individual IP. This is probably cosmetic.

 

Looking forward to learning more about ASSP. 

Keep up the good work!

 

Regards

Dirk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP and Perl 5.28?

2018-11-12 Thread Dirk Kulmsee

That gave me some insight. I found that assp.cfg got scrambled and more than
a dozen variables contained long hex numbers instead of reasonable values. I
tried to correct that by editor and also set AsADaemon=0

 

When I start assp I get this:

 

=

ASSP 2.6.2(18313) (source: /opt/assp/assp.pl) is starting in directory
/opt/assp

on host mail

using Perl /usr/bin/perl version 5.028000 (5.28.0), all Perl features for
5.28 are enabled

compiling code and check code integrity - please wait .

checking config in /opt/assp/assp.cfg[OK]

the assp.pl code of version 2.6.2(18313) passed the integrity check

ASSP uses AsspSelfLoader 2.03 - check   [OK]

loading configuration   [OK]

1199 values loaded  [OK]

defining environment[OK]

setting up global ENV   [OK]

loading modules.U   [OK]

loading database drivers[OK]

setup regular expressions   [OK]

loading plugins [OK]

fixing up config[OK]

check process env   [SKIP]

check process permission[OK]

setting up modules..[OK]

checking directories[OK]

check file permission   [OK]

loading caches and lists[OK]

starting maintenance worker thread -> init all databases

starting maintenance worker thread  [OK]

starting 5 communication worker threads .Thread 6 terminated abnormally:
error: AsspSelfLoader is unable to load code from file
/opt/assp/sl-cache/main-ThreadStart.sl - Too many open files

=

 

I can stop that whith ctrl-c. 

After that assp.cfg is scrambled again, containing values like
"runAsUser:=5c13dfe7a63b36ed00061f028b".

The file /opt/assp/sl-cache/main-ThreadStart.sl does exist and has a current
timestamp.

Ulimit says it is "unlimited".

 

 

Von: Thomas Eckardt  
Gesendet: Montag, 12. November 2018 15:06
An: ASSP development mailing list 
Betreff: Re: [Assp-test] ASSP and Perl 5.28?

 

su to the assp user and start assp interactive from console/ssh (possibly
switch off daemon mode) --AsADaemon:=0

Where is assp stucking? 

Thomas 



Von:"Dirk Kulmsee" mailto:d.kulm...@netgroup.de> > 
An:"'ASSP development mailing list'"
mailto:assp-test@lists.sourceforge.net> > 
Datum:12.11.2018 14:41 
Betreff:Re: [Assp-test] ASSP and Perl 5.28? 

  _  

 

I tried as you said, but the result remains the same. Assp.pl uses 2% cpu ,
does not listen on port 25 and does not log anything. (I waited up to 10
minutes.) The subfolders in tmpDB are recreated upon start of assp, but the
files in tmpDB/files remain unchanged (timestamp from last successful
shutdown of assp). The size of most of those file is 1 byte (is that
correct?).

 

I tried assp.pl 2.6.1 (18305) and 2.6.2 (18313). 

 

Hoping for other ideas

Dirk

 

Von: Thomas Eckardt mailto:thomas.ecka...@thockar.com> > 
Gesendet: Montag, 12. November 2018 08:25
An: ASSP development mailing list mailto:assp-test@lists.sourceforge.net> >
Betreff: Re: [Assp-test] ASSP and Perl 5.28?

 

- stop the process 
- remove the pid file 
- clean the tmpDB folder except the files subfolder 
- start assp 

Thomas





Von:"Dirk Kulmsee" < <mailto:d.kulm...@netgroup.de>
d.kulm...@netgroup.de> 
An:"'ASSP development mailing list'" <
<mailto:assp-test@lists.sourceforge.net> assp-test@lists.sourceforge.net> 
Datum:10.11.2018 20:05 
Betreff:[Assp-test] ASSP and Perl 5.28? 

  _  

 

Hi all,

i guess i was a little bit too daring today. On Debian (Buster, Kernel 4.18)
I updated to Perl 5.28. I reinstalled modules from assp.mod. Now the result
is that assp (2.6.1 / 18305) will start and create a process and
moduleloaderrors.txt says there are no problems. But the assp process just
sits there using ca. 2% cpu, doing nothing. It does not listen to port 25 or
5 and it does not log anything in maillog.txt

 

Is there a way to get it running again? How to proceed?

 

Thanks for your input.

 

Dirk___
Assp-test mailing list
 <mailto:Assp-test@lists.sourceforge.net> Assp-test@lists.sourceforge.net
 <https://lists.sourceforge.net/lists/listinfo/assp-test>
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and ar

Re: [Assp-test] ASSP and Perl 5.28?

2018-11-12 Thread Dirk Kulmsee

I tried as you said, but the result remains the same. Assp.pl uses 2% cpu ,
does not listen on port 25 and does not log anything. (I waited up to 10
minutes.) The subfolders in tmpDB are recreated upon start of assp, but the
files in tmpDB/files remain unchanged (timestamp from last successful
shutdown of assp). The size of most of those file is 1 byte (is that
correct?).

 

I tried assp.pl 2.6.1 (18305) and 2.6.2 (18313). 

 

Hoping for other ideas

Dirk

 

Von: Thomas Eckardt  
Gesendet: Montag, 12. November 2018 08:25
An: ASSP development mailing list 
Betreff: Re: [Assp-test] ASSP and Perl 5.28?

 

- stop the process 
- remove the pid file 
- clean the tmpDB folder except the files subfolder 
- start assp 

Thomas





Von:"Dirk Kulmsee" mailto:d.kulm...@netgroup.de> > 
An:"'ASSP development mailing list'"
mailto:assp-test@lists.sourceforge.net> > 
Datum:10.11.2018 20:05 
Betreff:[Assp-test] ASSP and Perl 5.28? 

  _  

 

Hi all,

i guess i was a little bit too daring today. On Debian (Buster, Kernel 4.18)
I updated to Perl 5.28. I reinstalled modules from assp.mod. Now the result
is that assp (2.6.1 / 18305) will start and create a process and
moduleloaderrors.txt says there are no problems. But the assp process just
sits there using ca. 2% cpu, doing nothing. It does not listen to port 25 or
5 and it does not log anything in maillog.txt

 

Is there a way to get it running again? How to proceed?

 

Thanks for your input.

 

Dirk___
Assp-test mailing list
Assp-test@lists.sourceforge.net <mailto:Assp-test@lists.sourceforge.net> 
 <https://lists.sourceforge.net/lists/listinfo/assp-test>
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the 
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!
***

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP and Perl 5.28?

2018-11-10 Thread Dirk Kulmsee

Hi all,

i guess i was a little bit too daring today. On Debian (Buster, Kernel 4.18)
I updated to Perl 5.28. I reinstalled modules from assp.mod. Now the result
is that assp (2.6.1 / 18305) will start and create a process and
moduleloaderrors.txt says there are no problems. But the assp process just
sits there using ca. 2% cpu, doing nothing. It does not listen to port 25 or
5 and it does not log anything in maillog.txt

 

Is there a way to get it running again? How to proceed?

 

Thanks for your input.

 

Dirk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] noCollecting & the ham/spam corpus

2018-05-03 Thread Dirk Kulmsee

Thank you for the explanation Thomas.

You are right, I chose to not collect and I am fine with that result. My 
concern was about the mails that were collected earlier and are overwritten in 
the process. Their contribution to the corpus is lost. A possible way around 
this could be an extra temporary storage location for the mail under 
investigation, where all the work is done. (There already is a tmp directory.) 
This would prevent existing collected mails to be overwritten. After the final 
results are there ASSP could decide where to move that mail file, or to delete 
it.

But I humbly admit that I have no idea how much benefit this would be or at 
what price it comes. I better trust in your excellent work. 

Best regards
Dirk

---

Von: Thomas Eckardt <thomas.ecka...@thockar.com> 
Gesendet: Donnerstag, 3. Mai 2018 08:32
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Betreff: Re: [Assp-test] noCollecting & the ham/spam corpus

Normaly assp will collect all mails. 
There are two states (configuration) to prevent this - noCollecting and 
noCollectRe. You use noCollecting. 

>2018-05-02 09:22:33 [Worker_1] mailto:Router@sender.domain matches
>mailto:router@sender.domain in noCollecting

Both states are checked in a Post-Mail-Procedure. So the rule is - collect all 
mails - if processed, check if any of the both flags were set in the past or 
has to be set (we now have the complete mail) - if the noCollect is 
detected remove the file. 

The 'collect all mails in doubt' rule is required for several other features 
and functions. A simple example: a noProcessing sender sends a virus and virus 
check is skipped because of this flag. Why should assp store a virus in the 
corpus? 

my questions: 

1. Yes this may weaken the corpus - but it was your decision to set 
noCollecting - why should assp ignore it? 
2. The final decision to collect or delete or not to collect a mail in a file 
can be only made, if we have the complete mail/file (not only maxBytes of the 
body) - so why should assp make an early decision, which can be wrong and has 
to be possibly be corrected? 

So - no it is not possible to change this order. 

Thomas 




Von:"Dirk Kulmsee" <mailto:d.kulm...@netgroup.de> 
An:"'ASSP development mailing list'" 
<mailto:assp-test@lists.sourceforge.net> 
Datum:02.05.2018 18:26 
Betreff:[Assp-test] noCollecting & the ham/spam corpus 




Hi all,

I have a question about the treatment of noCollecting emails. As I see it, a
mail first gets stored in the ham or spam folder and only after that the
decision is made to not collect it. So it is deleted again.
Question: Does this not unnecessarily weaken the corpus? Each time this
happens, a validly collected mail is overwritten / deleted. Could things be
improved by reversing the order, i. e. first checking if the mail is to be
collected and if so then put it into ham / spam?

Log snippet (from ASSP version 2.6.2  *Fortress*  build 18119):

2018-05-02 09:22:33 [Worker_1] mailto:Router@sender.domain matches
mailto:router@sender.domain in noCollecting
2018-05-02 09:22:34 [Worker_1] mailto:Router@sender.domain matches
mailto:router@sender.domain in LocalAddresses_Flat
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain info: 
DKIM-signature
precheck is skipped - DKIM result is ''
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain [Plugin] 
calling plugin
ASSP_AFC
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain ClamAV: scanned 
1219 bytes
in local message - OK
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain local (no bad 
attachments)
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] [MessageOK]
87.140.79.177 <mailto:router@sender.domain> to: mailto:alarm@recipient.domain 
message ok
[Mail Alert from Router] -> /opt/assp/notspam/62.eml
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain finished 
message -
received DATA size: 1.95 kByte - sent DATA size: 2.21 kByte
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain disconnected:
session:7FD26A9DF408 87.140.79.177 - processing time 1 seconds
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
<mailto:router@sender.domain> to: mailto:alarm@recipient.domain info: file
/opt/assp/notspam/62.eml was deleted - selected for no collection


Best regards
Dirk


-

[Assp-test] noCollecting & the ham/spam corpus

2018-05-02 Thread Dirk Kulmsee

Hi all,

I have a question about the treatment of noCollecting emails. As I see it, a
mail first gets stored in the ham or spam folder and only after that the
decision is made to not collect it. So it is deleted again.
Question: Does this not unnecessarily weaken the corpus? Each time this
happens, a validly collected mail is overwritten / deleted. Could things be
improved by reversing the order, i. e. first checking if the mail is to be
collected and if so then put it into ham / spam?

Log snippet (from ASSP version 2.6.2  *Fortress*  build 18119):

2018-05-02 09:22:33 [Worker_1] Router@sender.domain matches
router@sender.domain in noCollecting
2018-05-02 09:22:34 [Worker_1] Router@sender.domain matches
router@sender.domain in LocalAddresses_Flat
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain info: DKIM-signature
precheck is skipped - DKIM result is ''
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain [Plugin] calling plugin
ASSP_AFC
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain ClamAV: scanned 1219 bytes
in local message - OK
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain local (no bad attachments)
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] [MessageOK]
87.140.79.177  to: alarm@recipient.domain message ok
[Mail Alert from Router] -> /opt/assp/notspam/62.eml
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain finished message -
received DATA size: 1.95 kByte - sent DATA size: 2.21 kByte
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain disconnected:
session:7FD26A9DF408 87.140.79.177 - processing time 1 seconds
2018-05-02 09:22:34 m1-45753-00062 [Worker_1] [TLS-out] 87.140.79.177
 to: alarm@recipient.domain info: file
/opt/assp/notspam/62.eml was deleted - selected for no collection


Best regards
Dirk


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP damping double time?

2017-10-03 Thread Dirk Kulmsee

Hi all,
I keep seeing log lines like these:

2017-10-03 22:59:06 [Worker_1] 190.248.92.237 [SMTP Error] 502 AUTH not
supported
2017-10-03 22:59:06 [Worker_1] 190.248.92.237 info: start damping (12 s)
2017-10-03 22:59:30 [Worker_1] 190.248.92.237 info: PB-IP-Score for
'190.248.92.237' is 360, added 60 in this session
2017-10-03 22:59:30 [Worker_1] 190.248.92.237 disconnected:
session:7F0849891A58 190.248.92.237 - processing time 25 seconds
2017-10-03 22:59:30 [Worker_1] Worker_1 will sleep now

It looks like ASSP always doubles the time for damping (in this case it
announces 12s but takes 24 s).
Not that the bad guys don't deserve the longer wait, I'm just curious if
this is a miscalculation in ASSP or a mistake in my config.

Thanks for ASSP!
Dirk 


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] fixes in assp 2.5.6 build 17158

2017-06-08 Thread Dirk Kulmsee

I am seeing the same thing here. 17151 is running fine. 17158 has a process 
running and shows CPU activity in „top“, but startup never finishes. Nothing 
gets logged in maillog.txt, nothing gets logged in exception.log, 
moduleloaderrors.txt says „There were no module load errors detected.“ A telnet 
check to port 25 shows ASSP is not ready. No connection via web GUI.

 

This happens on Debian Linux, Perl 5.24. I waited up to 10 minutes before 
giving up. 

 

Despite this: thanks for all your good work.

 

Dirk

 

Von: James Brown via Assp-test [mailto:assp-test@lists.sourceforge.net] 
Gesendet: Donnerstag, 8. Juni 2017 06:37
An: ASSP development mailing list 
Cc: James Brown 
Betreff: Re: [Assp-test] fixes in assp 2.5.6 build 17158

 

I upgraded to 17158 but it won’t start properly. Looking at All Messages in 
Console finishes with:

 

8/06/17 2:25:25.047 PM ASSP: starting maintenance worker thread 
 [OK]   
 

8/06/17 2:25:25.047 PM ASSP: starting 5 communication worker threads 

8/06/17 2:25:25.260 PM ASSP: .

8/06/17 2:25:26.577 PM ASSP: .

8/06/17 2:25:27.763 PM ASSP: .

8/06/17 2:25:28.598 PM ASSP: .

8/06/17 2:25:29.568 PM ASSP: .

8/06/17 2:25:30.433 PM ASSP: starting 5 communication worker threads
   [OK]

8/06/17 2:25:30.433 PM ASSP: starting rebuild SpamDB worker thread

 

But nothing appears in maillog.txt - last entry is the Shutdown:ASSP finished 
work.

 

Also, cannot connect via the web interface.

 

Reverted back to build 17151 and it starts up properly.

 

James.

 

On 8 Jun 2017, at 1:59 am, Thomas Eckardt  > wrote:

 

Hi all, 

fixed in assp 2.5.6 build 17158: 

- ASSP_AFC.pm 4.55 is released. It provides failover mechanism, if libarchive 
fails to extract because of character conversion errors. 

- improved LDAP error reporting in maillog.txt 

- improved import speed (from several hours to less than 3 minutes) for Global 
PenaltyBox entries if a RDB (eg.mysql) is used for 'pbdb' 

- improved speed for maintenance tasks for all RDB tables 

- improved speed for database record-by-record imports (eg. bulk import fails 
or is disabled) 



changed: 

- BCC addresses are now detected in outgoing mails 

'AddIntendedForHeader','Add Envelope-Recipient 
Header','0:disabled|1:outgoing|2:incoming and local|3:all', 
 Adds (according to the setting) a line "X-Assp-Envelope-From: user@domain" for 
the envelope sender and a line "X-Assp-Intended-For: user@domain" for each 
 envelope recipient to the email header of the mail stream. 
 The "X-Assp-Intended-For:" header will not be added for Blind Carbon Copy 
(BCC:) addresses in outgoing mails, to keep them hidden from external readers. 
 BCC addresses are those listed in the BCC: header and - those that are 
envelope recipients, but not listed in the TO: and CC: header. 
 'incoming and local' is the default and recommended. 
 Setting this option to any other value than 'disabled' may be required for 
reporting, analyzing, resend and some other features to work like expected. 
 If not set to 'disabled', both header lines will be added for all emails (all 
addresses - incl. BCC) to all collected .eml files. 


Thomas



DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known 
virus in this email!
***

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org  ! 
http://sdm.link/slashdot___
Assp-test mailing list
Assp-test@lists.sourceforge.net  
https://lists.sourceforge.net/lists/listinfo/assp-test

 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] noScanIP ignored (outgoing mail)?

2016-10-26 Thread Dirk Kulmsee

Hi all,
my internal mailserver is  fully equipped with antivirus software, so i
decided to declare it a noScanIP for assp (ASSP version 2.5.4(16294)). 
The outbound mail flow is: Exchange (192.168.12.241) -> ASSP
(192.168.12.242:25) -> Postfix (127.0.0.1:125) -> internet

Here is an (anonymized) excerpt from the log which looks like assp ignores
this setting and scans outgoing mails for virus regardless:

2016-10-25 19:59:53 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  info: found message size announcement:
13.09 kByte
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain [Plugin]
calling plugin ASSP_AFC
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain IP
192.168.12.241 matches noScanIP - with 192.168.12.241/32
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain info: 1
attachment found for Level-0
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out]
192.168.12.241  to: recipient@other.domain local (no bad
attachments)
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] [TLS-out] [MessageOK]
192.168.12.241  to: recipient@other.domain message ok
[Interesting subject here] -> /opt/assp/notspam/11989.eml
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
 to: recipient@other.domain finished message - received
DATA size: 11.92 kByte - sent DATA size: 12.55 kByte
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
 to: recipient@other.domain disconnected:
session:7FF1A5AF63D0 192.168.12.241 - processing time 1 seconds
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
 to: recipient@other.domain ClamAV: scanned 12206 bytes in
file /opt/assp/notspam/11989.eml - OK
2016-10-25 19:59:54 m1-18393-11989 [Worker_1] [TLS-in] 192.168.12.241
 to: recipient@other.domain FileScan: scanned 12206 bytes
in file /opt/assp/notspam/11989.eml  OK


This is not a big deal at all, better scan twice than never. Id just like
to know the wise guys explanation for this unexpected behaviour. 

Best regards
Dirk


--
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] PB-IP-Score suddenly dropping

2016-10-03 Thread Dirk Kulmsee

Hi Thomas,
thanks for explaining this behaviour. Let's see if I get this right...

Let's assume an IP reveals constant misbehaviour adding a PB-IP-Score of 60
every hour. It started off at 0 so after 6 hours (default PenaltyExpiration)
the score would be 360 and rising, but *surprise* after PeneltyExpiration
time the IP gets a complete amnesty and is allowed to restart clean at 0
again.

That does not reflect that IP's behaviour. I think the amnesty can be
justified as soon as the offending IP sends one good message. But if it does
not?
Wouldn't it be better to have a "gliding" score, i.e. with every
recalculation all entries which are older than PenaltyExpiration minutes get
substracted from the overall score, but the rest is kept? (Obvious problem:
codewise this could be complicated, because you would have to keep track of
every single increment of the score and its timestamp.)

Best regards
Dirk
 
-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Montag, 3. Oktober 2016 11:50
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Betreff: Re: [Assp-test] PB-IP-Score suddenly dropping

The PBBlack record is removed after 'PenaltyExpiration' minutes of the
record creation (NOT the last update).

Thomas





Von:    "Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'" 
<assp-test@lists.sourceforge.net>
Datum:  03.10.2016 10:19
Betreff:Re: [Assp-test] PB-IP-Score suddenly dropping



Hi Thomas,

if there was a good message causing this, then I should see the IP in
question in my log before the drop. But there is not a single line.The score
is high, nothing happens, the score is low. 
This happened again today and I grep'ed the log for e.g.  118.71.251
(leaving out the last byte of the IP to see everything from a /24 area
around it):

2016-10-03 02:52:52 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 480, added 60 in this session
2016-10-03 02:52:52 [Worker_1] 118.71.251.67 disconnected:
session:7F11A94F5860 118.71.251.67 - processing time 24 seconds
2016-10-03 06:37:38 [Worker_1] Connected: session:7F11A94EBAB0
118.71.251.67:20540 > 192.168.12.242:25 > 127.0.0.1:125
2016-10-03 06:37:38 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs
2016-10-03 06:37:39 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed
2016-10-03 06:37:39 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60
2016-10-03 06:37:39 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 60, added 60 for AUTHErrors

Nobody from 118.71.251 shows up between 02:52 and 06:37. Still the score
drops from 480 to 0. There is however some background work being done during
that time, e.g.:

2016-10-03 03:31:11 [Worker_1] PenaltyBox: cleaning BlackBox (PBBlack)
finished: IP's before=81, deleted=19
2016-10-03 06:31:15 [Worker_1] PenaltyBox: cleaning BlackBox (PBBlack)
finished: IP's before=76, deleted=12

Can you give me a hint what to look at to better understand this? I have set
PenaltyDuration = 60 and PenaltyExpiration=720. What else can be of
influence here?

Thanks a lot
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
Gesendet: Montag, 3. Oktober 2016 09:12
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Betreff: Re: [Assp-test] PB-IP-Score suddenly dropping

There are dozend of reasons why this can happen.
Most common is 'PenaltyExpiration'.
If there is a good mail transfered by an IP, the IP score is deleted to
prevent false positives. Where good means - no doubed, like 'contentOnly',
RWL, SPF, DKIM 

Thomas.


Von:"Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'" 
<assp-test@lists.sourceforge.net>
Datum:  02.10.2016 20:04
Betreff:[Assp-test] PB-IP-Score suddenly dropping



Hi all,

I just tracked some IPs through my logfiles just to see how they build up
their score. Something strange is happening:

Case 1: between 09:51:13 and 12:49:10 PB-IP-Score drops from 600 to 0
without any visible reason

2016-10-02 06:13:54 [Worker_1] Connected: session:7F11F4A35FA0
118.71.251.67:53467 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 06:13:54 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 06:13:55 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 540, added 60 for AUTHErrors

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 info: start damping

Re: [Assp-test] PB-IP-Score suddenly dropping

2016-10-03 Thread Dirk Kulmsee

Hi Thomas,

if there was a good message causing this, then I should see the IP in
question in my log before the drop. But there is not a single line.The score
is high, nothing happens, the score is low. 
This happened again today and I grep'ed the log for e.g.  118.71.251
(leaving out the last byte of the IP to see everything from a /24 area
around it):

2016-10-03 02:52:52 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 480, added 60 in this session
2016-10-03 02:52:52 [Worker_1] 118.71.251.67 disconnected:
session:7F11A94F5860 118.71.251.67 - processing time 24 seconds
2016-10-03 06:37:38 [Worker_1] Connected: session:7F11A94EBAB0
118.71.251.67:20540 > 192.168.12.242:25 > 127.0.0.1:125
2016-10-03 06:37:38 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs
2016-10-03 06:37:39 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed
2016-10-03 06:37:39 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60
2016-10-03 06:37:39 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 60, added 60 for AUTHErrors

Nobody from 118.71.251 shows up between 02:52 and 06:37. Still the score
drops from 480 to 0. There is however some background work being done during
that time, e.g.:

2016-10-03 03:31:11 [Worker_1] PenaltyBox: cleaning BlackBox (PBBlack)
finished: IP's before=81, deleted=19
2016-10-03 06:31:15 [Worker_1] PenaltyBox: cleaning BlackBox (PBBlack)
finished: IP's before=76, deleted=12

Can you give me a hint what to look at to better understand this? I have set
PenaltyDuration = 60 and PenaltyExpiration=720. What else can be of
influence here?

Thanks a lot
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Montag, 3. Oktober 2016 09:12
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Betreff: Re: [Assp-test] PB-IP-Score suddenly dropping

There are dozend of reasons why this can happen.
Most common is 'PenaltyExpiration'.
If there is a good mail transfered by an IP, the IP score is deleted to
prevent false positives. Where good means - no doubed, like 'contentOnly',
RWL, SPF, DKIM 

Thomas.


Von:"Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'" 
<assp-test@lists.sourceforge.net>
Datum:  02.10.2016 20:04
Betreff:[Assp-test] PB-IP-Score suddenly dropping



Hi all,

I just tracked some IPs through my logfiles just to see how they build up
their score. Something strange is happening:

Case 1: between 09:51:13 and 12:49:10 PB-IP-Score drops from 600 to 0
without any visible reason

2016-10-02 06:13:54 [Worker_1] Connected: session:7F11F4A35FA0
118.71.251.67:53467 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 06:13:54 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 06:13:55 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 540, added 60 for AUTHErrors

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 info: start damping (12 s)

2016-10-02 06:14:07 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 540, added 60 in this session

2016-10-02 06:14:07 [Worker_1] 118.71.251.67 disconnected:
session:7F11F4A35FA0 118.71.251.67 - processing time 13 seconds

2016-10-02 06:22:56 [Worker_1] Delayed ip 118.71.251.67, because
PBBlack(540) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

2016-10-02 07:07:29 [Worker_1] Connected: session:7F11F4C41160
118.71.251.67:54518 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 07:07:29 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 600, added 60 for AUTHErrors

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 info: start damping (12 s)

2016-10-02 07:07:53 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 600, added 60 in this session

2016-10-02 07:07:53 [Worker_1] 118.71.251.67 disconnected:
session:7F11F4C41160 118.71.251.67 - processing time 24 seconds

2016-10-02 09:51:13 [Worker_1] Delayed ip 118.71.251.67, because
PBBlack(600) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

2016-10-02 12:49:10 [Worker_1] Connected: ses

[Assp-test] PB-IP-Score suddenly dropping

2016-10-02 Thread Dirk Kulmsee

Hi all,

 

I just tracked some IPs through my logfiles just to see how they build up
their score. Something strange is happening:

 

Case 1: between 09:51:13 and 12:49:10 PB-IP-Score drops from 600 to 0
without any visible reason

 

2016-10-02 06:13:54 [Worker_1] Connected: session:7F11F4A35FA0
118.71.251.67:53467 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 06:13:54 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 06:13:55 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 540, added 60 for AUTHErrors

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 06:13:55 [Worker_1] 118.71.251.67 info: start damping (12 s)

2016-10-02 06:14:07 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 540, added 60 in this session

2016-10-02 06:14:07 [Worker_1] 118.71.251.67 disconnected:
session:7F11F4A35FA0 118.71.251.67 - processing time 13 seconds

2016-10-02 06:22:56 [Worker_1] Delayed ip 118.71.251.67, because
PBBlack(540) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

2016-10-02 07:07:29 [Worker_1] Connected: session:7F11F4C41160
118.71.251.67:54518 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 07:07:29 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 600, added 60 for AUTHErrors

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 07:07:29 [Worker_1] 118.71.251.67 info: start damping (12 s)

2016-10-02 07:07:53 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 600, added 60 in this session

2016-10-02 07:07:53 [Worker_1] 118.71.251.67 disconnected:
session:7F11F4C41160 118.71.251.67 - processing time 24 seconds

2016-10-02 09:51:13 [Worker_1] Delayed ip 118.71.251.67, because
PBBlack(600) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

2016-10-02 12:49:10 [Worker_1] Connected: session:7F11F573EEF0
118.71.251.67:2425 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 12:49:10 [Worker_1] 118.71.251.67 Disabled SMTP AUTH for External
IPs

2016-10-02 12:49:10 [Worker_1] [unsupported_AUTH] 118.71.251.67 AUTH not
allowed

2016-10-02 12:49:10 [Worker_1] 118.71.251.67 Message-Score: added 60
(autValencePB) for too many AUTH errors from 118.71.251.0, total score for
this message is now 60

2016-10-02 12:49:10 [Worker_1] 118.71.251.67 PB-IP-Score for '118.71.251.67'
is 60, added 60 for AUTHErrors

2016-10-02 12:49:10 [Worker_1] 118.71.251.67 [SMTP Error] 502 AUTH not
supported

2016-10-02 12:49:11 [Worker_1] 118.71.251.67 info: start damping (12 s)

2016-10-02 12:49:34 [Worker_1] 118.71.251.67 info: PB-IP-Score for
'118.71.251.67' is 60, added 60 in this session

2016-10-02 12:49:34 [Worker_1] 118.71.251.67 disconnected:
session:7F11F573EEF0 118.71.251.67 - processing time 24 seconds

 

Case 2: between 15:02:57 and 15:41:09 PB-IP-Score drops from 600 to 0
without any visible reason

 

2016-10-02 11:49:40 [Worker_1] Connected: session:7F11F65EC988
46.32.239.160:64727 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 11:49:40 [Worker_1] 46.32.239.160 Disabled SMTP AUTH for External
IPs

2016-10-02 11:49:41 [Worker_1] [unsupported_AUTH] 46.32.239.160 AUTH not
allowed

2016-10-02 11:49:41 [Worker_1] 46.32.239.160 Message-Score: added 60
(autValencePB) for too many AUTH errors from 46.32.239.0, total score for
this message is now 60

2016-10-02 11:49:41 [Worker_1] 46.32.239.160 PB-IP-Score for '46.32.239.160'
is 540, added 60 for AUTHErrors

2016-10-02 11:49:41 [Worker_1] 46.32.239.160 [SMTP Error] 502 AUTH not
supported

2016-10-02 11:49:41 [Worker_1] 46.32.239.160 info: start damping (12 s)

2016-10-02 11:50:05 [Worker_1] 46.32.239.160 info: PB-IP-Score for
'46.32.239.160' is 540, added 60 in this session

2016-10-02 11:50:05 [Worker_1] 46.32.239.160 disconnected:
session:7F11F65EC988 46.32.239.160 - processing time 25 seconds

2016-10-02 14:43:24 [Worker_1] Delayed ip 46.32.239.160, because
PBBlack(540) is higher than DelayIP(500)- last penalty reason was:
AUTHErrors

2016-10-02 15:02:32 [Worker_1] Connected: session:7F11F6667F10
46.32.239.160:64548 > 192.168.12.242:25 > 127.0.0.1:125

2016-10-02 15:02:32 [Worker_1] 46.32.239.160 Disabled SMTP AUTH for External
IPs

2016-10-02 15:02:33 [Worker_1] [unsupported_AUTH] 46.32.239.160 AUTH not
allowed

2016-10-02 15:02:33 [Worker_1] 46.32.239.160 Message-Score: added 60
(autValencePB) for too many AUTH errors from

Re: [Assp-test] virus count / statistics (minor importance)

2016-09-30 Thread Dirk Kulmsee

A partial reset could be true for long term statistics, but especially for
the first column (current runtime) I would expect something like
"Viruses Detected = virus-ClamAV + virus-FileScan"


Best regards
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Freitag, 30. September 2016 14:49
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Betreff: Re: [Assp-test] virus count / statistics (minor importance)

Normaly this will not happen. Possibly a code correction (long time ago)
caused a reset of some Stats values.

Thomas





Von:    "Dirk Kulmsee" <d.kulm...@netgroup.de>
An: "'ASSP development mailing list'" 
<assp-test@lists.sourceforge.net>
Datum:  30.09.2016 14:24
Betreff:[Assp-test] virus count / statistics (minor importance)



Hi all,

 

in addition to ClamAV I have installed G Data AV via FileScanCMD. I can tell
from the email notifications I get, that this catches a lot of malware
(mostly addressed to non-existent recipients anyway).

 

If I look at the "Message Scoring Statistics" page of the GUI it says:

 

virus-ClamAV:   0  3

virus-FileScan:  80   240

 

On the other hand, when I look at the "Message Statistics" page of the GUI
it says:

 

Viruses Detected:   4 130

 

Where would this difference come from?

 

(currently running ASSP version 2.5.2(16270))

 

Best regards

Dirk

 


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!
***



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] virus count / statistics (minor importance)

2016-09-30 Thread Dirk Kulmsee

Hi all,

 

in addition to ClamAV I have installed G Data AV via FileScanCMD. I can tell
from the email notifications I get, that this catches a lot of malware
(mostly addressed to non-existent recipients anyway).

 

If I look at the "Message Scoring Statistics" page of the GUI it says:

 

virus-ClamAV:   0  3

virus-FileScan:  80   240

 

On the other hand, when I look at the "Message Statistics" page of the GUI
it says:

 

Viruses Detected:   4 130

 

Where would this difference come from?

 

(currently running ASSP version 2.5.2(16270))

 

Best regards

Dirk

 

--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] DisableExtAUTH / Bad SMTP Authentication

2016-09-27 Thread Dirk Kulmsee

Thank you for contantly improving ASSP,

If I look at the logs I find lines like these:

2016-09-27 08:57:22 [Worker_1] Info: Worker_1 got connection from MainThread
2016-09-27 08:57:22 [Worker_1] Connected: session:7F11F4205098
201.69.19.76:58216 > 192.168.12.242:25 > 127.0.0.1:125
2016-09-27 08:57:22 [Worker_1] 201.69.19.76 Disabled SMTP AUTH for External
IPs
2016-09-27 08:57:23 [Worker_1] [unsupported_AUTH] 201.69.19.76 AUTH not
allowed
2016-09-27 08:57:23 [Worker_1] 201.69.19.76 Message-Score: added 60
(autValencePB) for too many AUTH errors from 201.69.19.0, total score for
this message is now 60
2016-09-27 08:57:23 [Worker_1] 201.69.19.76 PB-IP-Score for '201.69.19.76'
is 180, added 60 for AUTHErrors
2016-09-27 08:57:23 [Worker_1] 201.69.19.76 [SMTP Error] 502 AUTH not
supported

And that's how we love it :-)

But I also see events like this:

2016-09-27 09:06:24 [Worker_1] Worker_1 wakes up
2016-09-27 09:06:24 [Worker_1] Info: Worker_1 got connection from MainThread
2016-09-27 09:06:24 [Worker_1] Connected: session:7F11A85A2640
108.174.203.170:44620 > 192.168.12.242:25 > 127.0.0.1:125
2016-09-27 09:06:24 [Worker_1] 108.174.203.170 Disabled SMTP AUTH for
External IPs
2016-09-27 09:06:24 [Worker_1] 108.174.203.170 disconnected:
session:7F11A85A2640 108.174.203.170 - processing time 0 seconds
2016-09-27 09:06:24 [Worker_1] Worker_1 will sleep now

2016-09-27 09:07:08 [Worker_1] Worker_1 wakes up
2016-09-27 09:07:08 [Main_Thread] Info: Main_Thread freed by idle Worker_1
in 0.019 seconds - got (ok)
2016-09-27 09:07:08 [Worker_1] Connected: session:7F11F49928A8
108.174.203.167:59077 > 192.168.12.242:25 > 127.0.0.1:125
2016-09-27 09:07:08 [Worker_1] 108.174.203.167 Disabled SMTP AUTH for
External IPs
2016-09-27 09:07:08 [Worker_1] 108.174.203.167 disconnected:
session:7F11F49928A8 108.174.203.167 - processing time 0 seconds
2016-09-27 09:07:08 [Worker_1] Worker_1 will sleep now


What is the difference? Is " Disabled SMTP AUTH for External IPs " already
logged before the client issues an auth request? 

Best regards
Dirk



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] DisableExtAUTH / Bad SMTP Authentication

2016-09-18 Thread Dirk Kulmsee

Hi all,
i have completely disabled external SMTP authentication (DisableExtAUTH = on). 
Obviously my logs still show frequent auth attempts from all over the world. 
This would be reason enough for me to score those IPs. 

Question: if DisableExtAUTH is set to "On", will an auth attempt trigger an IP 
score via autValencePB or would we need another PB setting for this?

(currently running ASSP version 2.5.2(16256) on Debian Linux with Perl 5.22)

Best regards
Dirk


--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Question about spam reporting / language detection

2014-11-17 Thread Dirk Kulmsee

Hi Thomas,

I am using Outlook 2013. Email::Outlook::Message is installed (just updated
to 0.918). 
I save the e-mail I want to report as *.msg or *.eml (maillogExt=.eml) and
send that as an attachment but it makes no difference, the content is
detected as Swedish or Finnish.
The same happens if I send the attached e-mail through Outlook Web App
instead of Outlook.

Any ideas what to improve?

Thanks
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Samstag, 15. November 2014 11:49
An: ASSP development mailing list
Betreff: Re: [Assp-test] Question about spam reporting / language detection

you mail client is unable to decode hex encode characters like : #x72;

Thomas





Von:Dirk Kulmsee d.kulm...@netgroup.de
An: 'ASSP development mailing list' 
assp-test@lists.sourceforge.net
Datum:  14.11.2014 08:33
Betreff:[Assp-test] Question about spam reporting / language 
detection



Hi everybody,

I am currently running ASSP version 2.4.4(14307) on Perl 5.20. As for spam
reporting through the email interface I understand it is best to send the
complete mail as an attachment so the headers are still available for
analysis. I think on my end the language detection does not work correctly.

When I report spam through the email interface I get this result:
-
Unicode Analysis:
the following non symbolic unicode blocks (except InBasicLatin) were
found:
the following symbolic unicode blocks were found:
the following unicode scripts were found except(Common + Latin):

Bayesian Analysis: - word stemming engine is used - language swedish
detected
Bad WordsBad ProbGood Words Good Prob
#x72#x65#x70#x6f#x72#x74#x20#x73#x70#x61#x6d  0.
 
#x73#x70#x61#x6d#x20#x61#x73#x73#x700.  
 #x66#x72#x69#x20#x6e#x6f#x76
0.0039
 #x6e#x6f#x76#x20#x72#x65#x63#x65#x69#x76#x65#x64
0.0152
#x73#x73#x75#x62#x20#x73#x74#x65#x6c#x6c#x65#x6e#x61#x75#x73
#x73#x63#x68#x72#x65#x69#x62#x75#x6e#x670.9848
 
 #x6e#x6f#x76#x20#x63#x65#x74
0.0556
#x66#x72#x6f#x6d#x20#x6f#x75#x74 0.9444  
-

When I paste the same mail into the Mail Analyzer in the GUI I get this
(much better) result:
-
Unicode Analysis:
the following non symbolic unicode blocks (except InBasicLatin) were
found:
the following symbolic unicode blocks were found:
the following unicode scripts were found except(Common + Latin):

Bayesian Analysis: - word stemming engine is used - language german detected

Bad WordsBad ProbGood Words Good Prob
uns firma1. 
uns team 1. 
die bezahl   0.9975 
uk sender0.9972 
uk ssub  0.9956 
stund sie0.9919 
-

Can anyone tell me what I would need to check and adjust?

Thanks a lot

Dirk




--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk

___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test




DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!
***


--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test


--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk

[Assp-test] Question about spam reporting / language detection

2014-11-13 Thread Dirk Kulmsee

Hi everybody,

I am currently running ASSP version 2.4.4(14307) on Perl 5.20. As for spam
reporting through the email interface I understand it is best to send the
complete mail as an attachment so the headers are still available for
analysis. I think on my end the language detection does not work correctly.

When I report spam through the email interface I get this result:
-
Unicode Analysis:
the following non symbolic unicode blocks (except InBasicLatin) were found:
the following symbolic unicode blocks were found:
the following unicode scripts were found except(Common + Latin):

Bayesian Analysis: - word stemming engine is used - language swedish
detected
Bad Words   Bad ProbGood Words  Good Prob
#x72#x65#x70#x6f#x72#x74#x20#x73#x70#x61#x6d 0.   
#x73#x70#x61#x6d#x20#x61#x73#x73#x70   0.   
#x66#x72#x69#x20#x6e#x6f#x76 0.0039
#x6e#x6f#x76#x20#x72#x65#x63#x65#x69#x76#x65#x64
0.0152
#x73#x73#x75#x62#x20#x73#x74#x65#x6c#x6c#x65#x6e#x61#x75#x73
#x73#x63#x68#x72#x65#x69#x62#x75#x6e#x67   0.9848   
#x6e#x6f#x76#x20#x63#x65#x74 0.0556
#x66#x72#x6f#x6d#x20#x6f#x75#x740.9444  
-

When I paste the same mail into the Mail Analyzer in the GUI I get this
(much better) result:
-
Unicode Analysis:
the following non symbolic unicode blocks (except InBasicLatin) were found:
the following symbolic unicode blocks were found:
the following unicode scripts were found except(Common + Latin):

Bayesian Analysis: - word stemming engine is used - language german detected

Bad Words   Bad ProbGood Words  Good Prob
uns firma   1.   
uns team1.   
die bezahl  0.9975   
uk sender   0.9972   
uk ssub 0.9956   
stund sie   0.9919  
-

Can anyone tell me what I would need to check and adjust?

Thanks a lot

Dirk



--
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP crashes after updates - too many open files

2014-11-04 Thread Dirk Kulmsee

Hi everybody,
I have been running ASSP 2.4.4 (14264) on Debian jessie with perl 5.20 for
some weeks. Today I updated the whole system (i.e. Debian Updates, cpan
updates, some newer files from ASSP). Well, never change a winning team :-).
If I try to start ASSP now it crashes in less than 30 seconds without ever
writing to log/maillog.txt.
I set AsADaemon:=0 and got this output:

-
ASSP 2.4.4(14307) is starting in directory /opt/assp
on host mail
using Perl /usr/bin/perl version 5.020001 (5.20.1)
compiling code please wait . checking config in /opt/assp/assp.cfg - OK
ASSP uses AsspSelfLoader 2.03 - check   [OK]
loading configuration   [OK]
1146 values loaded  [OK]
defining environment[OK]
setting up global ENV   [OK]
loading modules.U   [OK]
loading database drivers[OK]
setup regular expressions   [OK]
loading plugins [OK]
fixing up config[OK]
check process env   [SKIP]
check process permission[OK]
setting up modules..[OK]
checking directories[OK]
check file permission   [OK]
loading caches and lists[OK]
starting maintenance worker thread - init all databases
starting maintenance worker thread  [OK]
starting 5 communication worker threads .   [OK]
starting rebuild SpamDB worker thread   [FAILED]
initializing main thread and logging[OK]
error: AsspSelfLoader is unable to load code from file
/opt/assp/sl-cache/main-openLogs.sl - Zu viele offene Dateien
-

I stopped other services on this host to reduce the number of open files,
but that didn't help.
I am stuck with this error even if I boot an older Kernel or take an older
version of assp.pl. 
Maybe ASSP is right - there are 994 files in /opt/assp/sl-cache.
Any ideas how to proceed?

Thanks for your help
Dirk



--
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP crashes after updates - too many open files

2014-11-04 Thread Dirk Kulmsee

Thanks for the hint to ulimit. It was not the solution, but helped seeing
the problem. The ulimit was originally set to 1024. When I raise it (1536 or
2048) ASSP still crashes, but tells me more:


ASSP 2.4.4(14307) is starting in directory /opt/assp
on host mail
using Perl /usr/bin/perl version 5.020001 (5.20.1)
compiling code please wait . checking config in /opt/assp/assp.cfg - OK
ASSP uses AsspSelfLoader 2.03 - check   [OK]
loading configuration   [OK]
1146 values loaded  [OK]
defining environment[OK]
setting up global ENV   [OK]
loading modules.U   [OK]
loading database drivers[OK]
setup regular expressions   [OK]
loading plugins [OK]
fixing up config[OK]
check process env   [SKIP]
check process permission[OK]
setting up modules..[OK]
checking directories[OK]
check file permission   [OK]
loading caches and lists[OK]
starting maintenance worker thread - init all databases
starting maintenance worker thread  [OK]
starting 5 communication worker threads .   [OK]
starting rebuild SpamDB worker thread   [OK]
initializing main thread and logging[OK]
Warning: Failed to connect to the agentx master agent (tcp:localhost:705):
*** buffer overflow detected ***: /usr/bin/perl /opt/assp/assp.pl MainLoop -
next: Wed Nov  5 07:12:50 2014 terminated
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x7303f)[0x7fd5403d103f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fd540454137]
/lib/x86_64-linux-gnu/libc.so.6(+0xf4350)[0x7fd540452350]
/lib/x86_64-linux-gnu/libc.so.6(+0xf60a7)[0x7fd5404540a7]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(netsnmp_large_fd_set_resize+0x48)
[0x7fd539d1a718]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(netsnmp_large_fd_setfd+0x24)[0x7f
d539d1a924]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(snmp_sess_select_info2_flags+0xbd
)[0x7fd539cfad8d]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(snmp_sess_select_info_flags+0x70)
[0x7fd539cfb4c0]
/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.30(agent_check_and_process+0x76
)[0x7fd538dc3866]
/usr/lib/x86_64-linux-gnu/perl5/5.20/auto/NetSNMP/agent/agent.so(+0x576e)[0x
7fd53948d76e]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(Perl_pp_entersub+0x4bb)[0x7fd540ef
55db]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(Perl_runops_standard+0x16)[0x7fd54
0eede76]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(perl_run+0x21d)[0x7fd540e7ed4d]
/usr/bin/perl /opt/assp/assp.pl MainLoop - next: Wed Nov  5 07:12:50
2014(main+0x149)[0x400e19]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fd54037fb45]
/usr/bin/perl /opt/assp/assp.pl MainLoop - next: Wed Nov  5 07:12:50
2014[0x400e51]
=== Memory map: 
[ lengthy Memory Map left out here ]


I then deactivated SNMP in ASSP.cfg, because Agent X appears to be involved:
SNMPLog:=0
SNMP:=0
useNetSNMPagent:=0

Now ASSP is starting and hopefully working as it always used to.

Regards
Dirk

-Ursprüngliche Nachricht-
Von: aquilinux [mailto:aquili...@gmail.com] 
Gesendet: Mittwoch, 5. November 2014 05:54
An: ASSP development mailing list
Betreff: Re: [Assp-test] ASSP crashes after updates - too many open files

try setting a higher open files limit.
you can see actual value with *ulimit -n* and set new value with *ulimit -n
value*.
2048 should be reasonably high to allow your assp to start (*ulimit -n 2048*
)

regards,

On Tue, Nov 4, 2014 at 10:29 PM, Dirk Kulmsee d.kulm...@netgroup.de wrote:

 Hi everybody,
 I have been running ASSP 2.4.4 (14264) on Debian jessie with perl 5.20 
 for some weeks. Today I updated the whole system (i.e. Debian Updates, 
 cpan updates, some newer files from ASSP). Well, never change a 
 winning team :-).
 If I try to start ASSP now it crashes in less than 30 seconds without 
 ever writing to log/maillog.txt.
 I set AsADaemon:=0 and got this output:

 -
 ASSP 2.4.4(14307) is starting in directory /opt/assp on host mail 
 using Perl /usr/bin/perl version 5.020001 (5.20.1) compiling code 
 please wait . checking config in /opt/assp/assp.cfg - OK
 ASSP uses AsspSelfLoader 2.03 - check   [OK]
 loading configuration   [OK]
 1146 values loaded  [OK]
 defining environment[OK]
 setting up global ENV

Re: [Assp-test] ASSP crashes after updates - too many open files

2014-11-04 Thread Dirk Kulmsee

Well - I didn't imagine the ulimit of 1024 - Debian did. And when I do
changes to reasonable system defaults, I tend to do it moderately. The high
number of opened files can of course easily be seen e.g. by lsof | grep -c
/.

In this case though, the problem isn't really open files. I tried to start
with ulimit = 8192 without success. Something is faulty with the connection
to SNMP. I will try to figure that out later, it is not esssential to me.

Regards
Dirk
  
-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Mittwoch, 5. November 2014 08:18
An: ASSP development mailing list
Betreff: Re: [Assp-test] ASSP crashes after updates - too many open files

When I raise it (1536 or 2048) ASSP still crashes, but tells me more:

THERE should be NO limit  for ANY ulimit setting (or MAX for ALL settings)
for the user who runs ASSP

EVEN 2048 for opened files is very much too less. For example: you have 7
SMTP workers (are 10 threads in sum) and ~ 1000 files in the sl-cache and
all workers request all files in the sl-cache folder at the same time - this
leads in to 10.000 opened files. This will not really happen - BUT having
several thousands files in all folders in a project, which uses several
hundred socket connections at the same time - AND set ulimit -n to 1024.
DOES this MAKE SENSE???

Did you know, that every opened diskfile, every IP socket, every DB
connection, every unix socket . (everything that is opened by a
process) is a opened file in terms of ulimit!

Thomas


Von:Dirk Kulmsee d.kulm...@netgroup.de
An: 'ASSP development mailing list' 
assp-test@lists.sourceforge.net
Datum:  05.11.2014 07:45
Betreff:Re: [Assp-test] ASSP crashes after updates - too many open 
files



Thanks for the hint to ulimit. It was not the solution, but helped seeing
the problem. The ulimit was originally set to 1024. When I raise it (1536 or
2048) ASSP still crashes, but tells me more:


ASSP 2.4.4(14307) is starting in directory /opt/assp on host mail using Perl
/usr/bin/perl version 5.020001 (5.20.1) compiling code please wait .
checking config in /opt/assp/assp.cfg - OK
ASSP uses AsspSelfLoader 2.03 - check   [OK]
loading configuration   [OK]
1146 values loaded  [OK]
defining environment[OK]
setting up global ENV   [OK]
loading modules.U   [OK]
loading database drivers[OK]
setup regular expressions   [OK]
loading plugins [OK]
fixing up config[OK]
check process env   [SKIP]
check process permission[OK]
setting up modules..[OK]
checking directories[OK]
check file permission   [OK]
loading caches and lists[OK]
starting maintenance worker thread - init all databases
starting maintenance worker thread  [OK]
starting 5 communication worker threads .   [OK]
starting rebuild SpamDB worker thread   [OK]
initializing main thread and logging[OK]
Warning: Failed to connect to the agentx master agent (tcp:localhost:705):
*** buffer overflow detected ***: /usr/bin/perl /opt/assp/assp.pl MainLoop
-
next: Wed Nov  5 07:12:50 2014 terminated === Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x7303f)[0x7fd5403d103f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7fd540454137]
/lib/x86_64-linux-gnu/libc.so.6(+0xf4350)[0x7fd540452350]
/lib/x86_64-linux-gnu/libc.so.6(+0xf60a7)[0x7fd5404540a7]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(netsnmp_large_fd_set_resize+0x48)
[0x7fd539d1a718]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(netsnmp_large_fd_setfd+0x24)[0x7f
d539d1a924]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(snmp_sess_select_info2_flags+0xbd
)[0x7fd539cfad8d]
/usr/lib/x86_64-linux-gnu/libnetsnmp.so.30(snmp_sess_select_info_flags+0x70)
[0x7fd539cfb4c0]
/usr/lib/x86_64-linux-gnu/libnetsnmpagent.so.30(agent_check_and_process+0x76
)[0x7fd538dc3866]
/usr/lib/x86_64-linux-gnu/perl5/5.20/auto/NetSNMP/agent/agent.so(+0x576e)[0x
7fd53948d76e]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(Perl_pp_entersub+0x4bb)[0x7fd540ef
55db]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(Perl_runops_standard+0x16)[0x7fd54
0eede76]
/usr/lib/x86_64-linux-gnu/libperl.so.5.20(perl_run+0x21d)[0x7fd540e7ed4d]
/usr/bin/perl /opt/assp/assp.pl MainLoop - next: Wed Nov  5 07:12:50
2014(main+0x149)[0x400e19]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fd54037fb45]
/usr/bin/perl /opt/assp/assp.pl MainLoop - next: Wed Nov  5 07:12:50
2014

[Assp-test] Virusmail not quarantined?

2014-09-22 Thread Dirk Kulmsee

Hi everybody,

 

Today I received an infected email and it was blocked by ASSP:

 

2014-09-22 18:01:06 m1-01380-10527 [Worker_1] [Plugin] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ASSP_OCR: (att) file
text3.upa found in mime part 3

2014-09-22 18:01:06 m1-01380-10527 [Worker_1] [Plugin] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ASSP_OCR: (att) file
Ihre_Rechnung_22_09_2014.zip found in mime part 4

2014-09-22 18:01:06 m1-01380-10527 [Worker_1] [Plugin] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ASSP_OCR: (att) file
img_logo_picture_09.jpeg found in mime part 5

2014-09-22 18:01:06 m1-01380-10527 [Worker_1] [Plugin] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ASSP_OCR: OCR(2.20)
(TextFile(text3.upa)) data extracted

2014-09-22 18:01:06 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com info: the setting of
'UseAvClamd' (block) is temporarily overwritten by the 'DoASSP_OCR' setting
of (score)

2014-09-22 18:01:11 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com info: the setting of
'DoFileScan' (disabled) is temporarily overwritten by the 'DoASSP_OCR'
setting of (score)

2014-09-22 18:01:11 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com info: the setting of
'DoScriptRe' (disabled) is temporarily overwritten by the 'DoASSP_OCR'
setting of (score)

2014-09-22 18:01:11 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com [Plugin] calling plugin
ASSP_AFC

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ClamAV: scanned 0 bytes
in whitelisted message - OK

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ClamAV: scanned 1188
bytes in whitelisted message - OK

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ClamAV: scanned 3873
bytes in whitelisted message - OK

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com ClamAV: scanned 173179
bytes in whitelisted message - FOUND
Zip.Suspect.WinDoubleExtension-zippwd-1(c7329ae811aee30a2404eaa07f4fbb6e:173
179)

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com Message-Score: added 50
(vdValencePB) for virus detected:
'Zip.Suspect.WinDoubleExtension-zippwd-1(c7329ae811aee30a2404eaa07f4fbb6e:17
3179)', total score for this message is now 50

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] [VIRUS] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com mail blocked by Plugin
ASSP_AFC - reason VIRUS-found

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] [VIRUS] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com [spam found]
(VIRUS-found) [Ihre Mobilfunk Rechnung vom 22 09 2014 im Anhang als PDF];

2014-09-22 18:01:13 m1-01380-10527 [Worker_1] 186.63.225.200
raisedsw...@vodafone.de to: recipi...@mydomain.com [SMTP Error] 554 5.7.1
Mail appears infected with
\[Zip.Suspect.WinDoubleExtension-zippwd-1(c7329ae811aee30a2404eaa07f4fbb6e:1
73179)\].

2014-09-22 18:01:13 [Worker_1] Info: report successful sent to
recipi...@mydomain.com

 

 

Two little problems with this:

1)  The infected email was not quarantined as I would expect. I cannot
find it anywhere in my assp directories. The directories quarantine and
virusscanexist and have full access permissions (777). (I'm not sure if
virusscan is even needed, because I have the mail checked by ClamD.)

Some settings from my assp.cfg:

EmailVirusReportsToRCPT:=2

FileScanDir:=/opt/assp/virusscan

viruslog:=quarantine

SpamVirusLog:=5

 

 

2)  The virus report I received did not have a subject: line

 

 

As always thanks a lot for help and advice.

 

Best regards

Dirk

 

--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] BerkeleyDB not available?

2014-09-10 Thread Dirk Kulmsee

Hi,
I am currently running assp 2.4.4 (14253) on Debian Linux, with Perl 5.20.
I also have Perl modules BerkeleyDB v 0.54 and BerkeleyDB_DBEngine v 4.7.
The Perl Module DB_File is installed, but disabled by Module Setup.

When I try to set DBdriver to BerkeleyDB, ASSP refuses to obey: ***
incorrect: 'BerkeleyDB' - driver BerkeleyDB is not available!

What could be the missing link?

Thanks for clues.
Dirk



--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP_OCR stuck workers question

2014-09-04 Thread Dirk Kulmsee

Hi Thomas,
with ASSP 2.4.4 (14246) and ASSP_OCR 2.19 I set

DoImageASSP_OCR = on
ASSP_OCRLog = diagnostic
ASSP_OCRocrmaxprocesses = 5

and the workers still get stuck:

2014-09-04 08:30:10 m1-12210-11441 [Worker_3] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@sender-domain.de.de to:
al...@recipient-domain.de ASSP_OCR: (att) file text1.scm found in mime part
1
2014-09-04 08:30:10 m1-12210-11441 [Worker_3] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@sender-domain.de.de to:
al...@recipient-domain.de ASSP_OCR: (att) file logo.png found in mime part 2
2014-09-04 08:30:10 m1-12210-11441 [Worker_3] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@sender-domain.de.de to:
al...@recipient-domain.de ASSP_OCR: processing (attatched) file logo.png
2014-09-04 08:34:15 [Main_Thread] Info: Loop in Worker_3 was not active for
245 seconds
2014-09-04 08:34:15 [Main_Thread] Info: Worker_3 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-4-8
8:30:10 1409812210.85103 - 282
2014-09-04 08:34:15 [Main_Thread] Info: Worker_3 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-4-8 8:30:10
1409812210.83981 - 241
2014-09-04 08:34:15 [Main_Thread] Info: Worker_3 : last action was : call
Plugin ASSP_OCR with
2014-09-04 08:34:15 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_3


So I will follow your advice and deactivate DoImageASSP_OCR.

Best regards
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Mittwoch, 3. September 2014 12:38
An: ASSP development mailing list
Betreff: Re: [Assp-test] ASSP_OCR  stuck workers question

this should be fixed in ASSP_OCR.pm version 2.19

if you still getting stucking workers for this plugin, set the plugin log
level to diagnostic - this will show the state of the semaphore after each
mail

I've made tests (ocrmaxprocesses = 3) with more than 20 small images per
mail without any problem. The issue in 2.18 was caused by an incorrect
exception handling - for normal processing there was no problem.  I think,
there is something not working correct for ImageMagick or tesseract or any
of the related modules on your system.

Thomas




Von:Dirk Kulmsee d.kulm...@netgroup.de
An: assp-test@lists.sourceforge.net
Datum:  02.09.2014 16:27
Betreff:[Assp-test] ASSP_OCR  stuck workers question



Hi,

I am currently running ASSP 2.4.4 (14241) on Debian Linux with Perl 5.20.
The ASSP_OCR module is 2.18.

I had all worker processes stuck in ASSP_OCR one by one: 

 

2014-09-02 10:59:21 [Main_Thread] Info: Loop in Worker_1 was not active for
461 seconds

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
10:51:40 1409647900.23592 - 282

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 10:51:40
1409647900.2248 - 272

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last action was : call
Plugin ASSP_OCR with

2014-09-02 10:59:21 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_1

2014-09-02 11:19:26 [Main_Thread] Info: Loop in Worker_2 was not active for
466 seconds

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:11:40 1409649100.27879 - 282

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:11:40
1409649100.26713 - 241

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:19:26 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_2

2014-09-02 11:36:11 [Main_Thread] Info: Loop in Worker_3 was not active for
271 seconds

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:31:40 1409650300.57724 - 282

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:31:40
1409650300.56076 - 241

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:36:11 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_3

2014-09-02 13:49:57 [Main_Thread] Info: Loop in Worker_4 was not active for
196 seconds

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
13:46:41 1409658401.38248 - 282

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 13:46:41
1409658401.36525 - 241

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last action was : call
Plugin ASSP_OCR with

2014-09-02 13:49:57 [Main_Thread] Warning

Re: [Assp-test] ASSP_OCR stuck workers question

2014-09-03 Thread Dirk Kulmsee

Hi Thomas,

I am now on ASSP 2.4.4 (14246) and ASSP_OCR 2.19. I reactivated
DoImageASSP_OCR just to see what happens. 

Best regards
Dirk

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Mittwoch, 3. September 2014 12:38
An: ASSP development mailing list
Betreff: Re: [Assp-test] ASSP_OCR  stuck workers question

this should be fixed in ASSP_OCR.pm version 2.19

if you still getting stucking workers for this plugin, set the plugin log
level to diagnostic - this will show the state of the semaphore after each
mail

I've made tests (ocrmaxprocesses = 3) with more than 20 small images per
mail without any problem. The issue in 2.18 was caused by an incorrect
exception handling - for normal processing there was no problem.  I think,
there is something not working correct for ImageMagick or tesseract or any
of the related modules on your system.

Thomas




Von:Dirk Kulmsee d.kulm...@netgroup.de
An: assp-test@lists.sourceforge.net
Datum:  02.09.2014 16:27
Betreff:[Assp-test] ASSP_OCR  stuck workers question



Hi,

I am currently running ASSP 2.4.4 (14241) on Debian Linux with Perl 5.20.
The ASSP_OCR module is 2.18.

I had all worker processes stuck in ASSP_OCR one by one: 

 

2014-09-02 10:59:21 [Main_Thread] Info: Loop in Worker_1 was not active for
461 seconds

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
10:51:40 1409647900.23592 - 282

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 10:51:40
1409647900.2248 - 272

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last action was : call
Plugin ASSP_OCR with

2014-09-02 10:59:21 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_1

2014-09-02 11:19:26 [Main_Thread] Info: Loop in Worker_2 was not active for
466 seconds

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:11:40 1409649100.27879 - 282

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:11:40
1409649100.26713 - 241

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:19:26 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_2

2014-09-02 11:36:11 [Main_Thread] Info: Loop in Worker_3 was not active for
271 seconds

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:31:40 1409650300.57724 - 282

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:31:40
1409650300.56076 - 241

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:36:11 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_3

2014-09-02 13:49:57 [Main_Thread] Info: Loop in Worker_4 was not active for
196 seconds

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
13:46:41 1409658401.38248 - 282

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 13:46:41
1409658401.36525 - 241

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last action was : call
Plugin ASSP_OCR with

2014-09-02 13:49:57 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_4

 

Later I found a live example for this. A simple email status report
containing four little PNG icons stuck the worker process, leaving log lines
like these:

 

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: 
(att)
file text1.ecelp9600 found in mime part 1

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: 
(att)
file logo.png found in mime part 2

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file logo.png

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: 
(att)
file warning.png found in mime part 3

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file warning.png

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: 
(att)
file success.png found in mime part

[Assp-test] ASSP_OCR stuck workers question

2014-09-02 Thread Dirk Kulmsee

Hi,

I am currently running ASSP 2.4.4 (14241) on Debian Linux with Perl 5.20.
The ASSP_OCR module is 2.18.

I had all worker processes stuck in ASSP_OCR one by one: 

 

2014-09-02 10:59:21 [Main_Thread] Info: Loop in Worker_1 was not active for
461 seconds

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
10:51:40 1409647900.23592 - 282

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 10:51:40
1409647900.2248 - 272

2014-09-02 10:59:21 [Main_Thread] Info: Worker_1 : last action was : call
Plugin ASSP_OCR with

2014-09-02 10:59:21 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_1

2014-09-02 11:19:26 [Main_Thread] Info: Loop in Worker_2 was not active for
466 seconds

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:11:40 1409649100.27879 - 282

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:11:40
1409649100.26713 - 241

2014-09-02 11:19:26 [Main_Thread] Info: Worker_2 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:19:26 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_2

2014-09-02 11:36:11 [Main_Thread] Info: Loop in Worker_3 was not active for
271 seconds

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
11:31:40 1409650300.57724 - 282

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 11:31:40
1409650300.56076 - 241

2014-09-02 11:36:11 [Main_Thread] Info: Worker_3 : last action was : call
Plugin ASSP_OCR with

2014-09-02 11:36:11 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_3

2014-09-02 13:49:57 [Main_Thread] Info: Loop in Worker_4 was not active for
196 seconds

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigoff in ASSP_OCR,
/opt/assp/Plugins/ASSP_OCR.pm, 282, main::sigoffTry, 1, , ,  at 14-2-8
13:46:41 1409658401.38248 - 282

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last sigon in main, sub
main::URIBLok, 15, main::URIBLok_Run, 1, , ,  at 14-2-8 13:46:41
1409658401.36525 - 241

2014-09-02 13:49:57 [Main_Thread] Info: Worker_4 : last action was : call
Plugin ASSP_OCR with

2014-09-02 13:49:57 [Main_Thread] Warning: try to terminate
inactive/stucking Worker_4

 

Later I found a live example for this. A simple email status report
containing four little PNG icons stuck the worker process, leaving log lines
like these:

 

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: (att)
file text1.ecelp9600 found in mime part 1

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: (att)
file logo.png found in mime part 2

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file logo.png

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: (att)
file warning.png found in mime part 3

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file warning.png

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: (att)
file success.png found in mime part 4

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file success.png

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR: (att)
file error.png found in mime part 5

2014-09-02 13:59:26 m1-59166-11063 [Worker_1] [Plugin] 88.198.3.4 [OIP:
81.209.171.97] server2...@someone.de to: al...@mydomain.de ASSP_OCR:
processing (attatched) file error.png

 

I looked into the config for ASSP_OCR and found ASSP_OCRocrmaxprocesses set
to its default value of three.

Here comes the funny part:

When ASSP_OCRocrmaxprocesses is set to 3, the worker gets stuck as soon as
it hits png #4 

When ASSP_OCRocrmaxprocesses is set to 1, the worker gets stuck as soon as
it hits png #2

When ASSP_OCRocrmaxprocesses is set to 10, this email gets through and I
have no stuck worker processes since (at least for the last two hours :) ).

 

Can anyone confirm this? Could it be, that ASSP_OCR goes mad when it

[Assp-test] DNS queries

2014-09-02 Thread Dirk Kulmsee

It appears that every query is sent to every configured DNS:

 

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 217.237.150.115

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 217.237.150.115

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 208.67.222.222

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 208.67.222.222

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 217.237.151.205

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 217.237.151.205

 

Why would this be wanted? Wouldn't one (successful) query to the fastest DNS
be enough? Can it be adjusted?

 

(BTW: Thank you Thomas, for the quick response to my ASSP_OCR problem
earlier today)

 

Best regards

Dirk

 

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] DNS queries

2014-09-02 Thread Dirk Kulmsee

OK, I just thought that the number of DNS queries could be dramatically
reduced if ASSP asks only one DNS (the one with the lowest response time
before) and proceeds to the alternate DNS servers only if the first query
does not come back in a preset amount of time ( e. g. 1 or 2 seconds).

-Ursprüngliche Nachricht-
Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com] 
Gesendet: Dienstag, 2. September 2014 19:59
An: ASSP development mailing list
Betreff: Re: [Assp-test] DNS queries

Why would this be wanted? 

SPEED

Wouldn't one (successful) query to the fastest DNS be enough?

We receive the fastest (WHO knows what is the fastest in this millisecond
???)

Can it be adjusted?

NO

Thomas



Von:Dirk Kulmsee d.kulm...@netgroup.de
An: assp-test@lists.sourceforge.net
Datum:  02.09.2014 19:55
Betreff:[Assp-test] DNS queries



It appears that every query is sent to every configured DNS:

 

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 217.237.150.115

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 217.237.150.115

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 208.67.222.222

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 208.67.222.222

2014-09-02 19:39:20 [Worker_1] Info: reuse DNS socket for 217.237.151.205

2014-09-02 19:39:20 [Worker_1] Info: sent DNS query for '_domainkey.web.de'
type 'SOA' to nameserver 217.237.151.205

 

Why would this be wanted? Wouldn't one (successful) query to the fastest DNS
be enough? Can it be adjusted?

 

(BTW: Thank you Thomas, for the quick response to my ASSP_OCR problem
earlier today)

 

Best regards

Dirk

 


--
Slashdot TV. 
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test





DISCLAIMER:
***
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known
virus in this email!
***


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Missing ASSP Header

2014-07-29 Thread Dirk Kulmsee

Doesn't this mean that the  X-Assp-IP-Score: 49  has a probability of 100%
(i.e. ASSP is quite sure about it)?
This does not necessarily mean that the score itself is high enough to mark
the mail as spam.


-Ursprüngliche Nachricht-
Von: Steve Moss [mailto:st...@freeyournet.com] 
Gesendet: Dienstag, 29. Juli 2014 17:35
An: assp-test@lists.sourceforge.net
Betreff: [Assp-test] Missing ASSP Header

Running ASSP 2.4.2.14204, and find that many emails get through to users
with a missing X-Assp-Spam: YES header. For instance, see the following
example. The Bayesian and HMM spam probabilities are both 1.0, but the
mentioned header line is missing:

From: DIRECTV.Authorized.Dealer.7424670
best.deal.e...@great-offer-directview-fully.us
X-Assp-ID: assp.mydomain.com id-45557-16923
X-Assp-Session: 37E1EEE4 (mail 1)
Content-Transfer-Encoding: 7bit
X-Assp-Original-Subject: Announcing: The Best Offer Ever from DirecTV
Ref: 5866049
X-Assp-Version: 2.4.2(14204) on assp.mydomain.com
X-Assp-Server-TLS: yes
X-Original-Authentication-Results: assp.mydomain.com; spf=pass
X-Assp-Message-Score: -10 (SPF pass)
X-Assp-IP-Score: -10 (SPF pass)
X-Assp-Message-Score: 49 (Bayesian Probability: 1.0)
X-Assp-IP-Score: 49 (Bayesian Probability: 1.0)
X-Assp-Spam-Prob: 1.0
X-Assp-HMM-Spam-Prob: 1.0
X-Assp-Spam-Level: 



--
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test


--
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Question about DNS nameserver order

2013-11-25 Thread Dirk Kulmsee

 Try to define your DNS-Servers in 'DNSServers'

Hi Thomas,

This does not explain it but solves the problem. All DNS servers are checked
once per minute and reordering takes place as expected.
Thank you

Best regards
Dirk



--
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311iu=/4140/ostg.clktrk
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] Question about DNS nameserver order

2013-11-24 Thread Dirk Kulmsee

Hi all,
I am running ASSP on Debian Linux, currently 2.3.4  (13328). Perl version is
5.14.2.

I have set UseLocalDNS and my resolv.conf says: 
nameserver 192.168.12.241
nameserver 217.237.150.115
nameserver 217.237.151.205

maxDNSRespDist was set to 50 ms.

When I start ASSP and extract the DNS related lines from maillog.txt I find
this:

2013-11-24 15:29:21 [startup] Info: Name Server 192.168.12.241: ResponseTime
= 89 ms for sourceforge.net
2013-11-24 15:29:21 [startup] Info: Name Server 217.237.150.115:
ResponseTime = 80 ms for sourceforge.net
2013-11-24 15:29:21 [startup] Info: Name Server 217.237.151.205:
ResponseTime = 85 ms for sourceforge.net
2013-11-24 15:29:21 [startup] Info: switched (DNS) nameserver order from  to
217.237.150.115 , 217.237.151.205 , 192.168.12.241
2013-11-24 15:29:21 [startup] ASSP version 2.3.4(13328) (Perl 5.014002) (on
linux)running on server: mail (192.168.12.242)
2013-11-24 15:29:22 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 75 ms for sourceforge.net
2013-11-24 15:29:22 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 28 ms for sourceforge.net
2013-11-24 15:29:22 [Worker_1] Info: Name Server 192.168.12.241:
ResponseTime = 2 ms for sourceforge.net
2013-11-24 15:29:22 [Worker_1] Info: switched (DNS) nameserver order
from 217.237.150.115 , 217.237.151.205 , 192.168.12.241 to 192.168.12.241 ,
217.237.151.205 , 217.237.150.115
2013-11-24 15:30:21 [Worker_1] Info: Name Server 192.168.12.241:
ResponseTime = 3 ms for sourceforge.net
2013-11-24 15:30:21 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 28 ms for sourceforge.net
2013-11-24 15:30:21 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 75 ms for sourceforge.net
2013-11-24 15:31:26 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 20 ms for sourceforge.net
2013-11-24 15:31:26 [Worker_1] Info: switched (DNS) nameserver order
from 192.168.12.241 , 217.237.151.205 , 217.237.150.115 to 217.237.150.115
2013-11-24 15:32:26 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 74 ms for sourceforge.net
2013-11-24 15:33:29 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 21 ms for sourceforge.net
2013-11-24 15:34:31 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 21 ms for sourceforge.net
2013-11-24 15:35:33 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 75 ms for sourceforge.net
2013-11-24 15:36:35 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 20 ms for sourceforge.net
2013-11-24 15:37:37 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 80 ms for sourceforge.net
2013-11-24 15:38:39 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 21 ms for sourceforge.net


I Tried this again with maxDNSRespDist set to 95 ms:

2013-11-24 15:58:21 [startup] Info: Name Server 192.168.12.241: ResponseTime
= 32 ms for sourceforge.net
2013-11-24 15:58:21 [startup] Info: Name Server 217.237.150.115:
ResponseTime = 75 ms for sourceforge.net
2013-11-24 15:58:21 [startup] Info: Name Server 217.237.151.205:
ResponseTime = 86 ms for sourceforge.net
2013-11-24 15:58:21 [startup] Info: switched (DNS) nameserver order from  to
192.168.12.241 , 217.237.150.115 , 217.237.151.205
2013-11-24 15:58:21 [startup] ASSP version 2.3.4(13328) (Perl 5.014002) (on
linux)running on server: mail (192.168.12.242)
2013-11-24 15:58:22 [Worker_1] Info: Name Server 192.168.12.241:
ResponseTime = 4 ms for sourceforge.net
2013-11-24 15:58:22 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 73 ms for sourceforge.net
2013-11-24 15:58:22 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 84 ms for sourceforge.net
2013-11-24 15:58:22 [Worker_1] Info: switched (DNS) nameserver order
from 192.168.12.241 , 217.237.150.115 , 217.237.151.205 to 192.168.12.241 ,
217.237.150.115 , 217.237.151.205
2013-11-24 15:59:26 [Worker_1] Info: Name Server 192.168.12.241:
ResponseTime = 86 ms for sourceforge.net
2013-11-24 15:59:26 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 20 ms for sourceforge.net
2013-11-24 15:59:26 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 86 ms for sourceforge.net
2013-11-24 15:59:26 [Worker_1] Info: switched (DNS) nameserver order
from 192.168.12.241 , 217.237.150.115 , 217.237.151.205 to 217.237.150.115 ,
192.168.12.241 , 217.237.151.205
2013-11-24 16:00:30 [Worker_1] Info: Name Server 217.237.150.115:
ResponseTime = 21 ms for sourceforge.net
2013-11-24 16:00:30 [Worker_1] Info: Name Server 192.168.12.241:
ResponseTime = 2 ms for sourceforge.net
2013-11-24 16:00:30 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 94 ms for sourceforge.net
2013-11-24 16:01:32 [Worker_1] Info: Name Server 217.237.151.205:
ResponseTime = 85 ms for sourceforge.net
2013-11-24 16:01:32 [Worker_1] Info: switched (DNS) nameserver order
from 217.237.150.115 , 192.168.12.241 ,

Re: [Assp-test] BombBlack hits good mail

2010-07-11 Thread Dirk Kulmsee

 dummyaddr...@gmx.de to: recipi...@mydomain Regex:BlackRe 'PB 20: for
 [!empty!]'
 As you can see, 'blackRe' hits - not any of the above!

Thank you for pointing me there! 
For some reason my string in blackRe ended with '|\b' which makes no sense.
Deleted '|' and everything has been quiet since then.
I was obviously misled by the fact that those [!empty!] hits were only
logged with versions of ASSP  2.0.0-1.0.07.

Best regards
Dirk



 -Ursprüngliche Nachricht-
 Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
 Gesendet: Freitag, 9. Juli 2010 06:52
 An: ASSP development mailing list
 Betreff: Re: [Assp-test] BombBlack hits good mail
 
 Hi Dirk,
 
 I use bombre.txt for ...
 
 bombHeaderRe:=file:files/bombre.txt
 bombSubjectRe:=file:files/bombre.txt
 bombRe:=file:files/bombre.txt
 bombDataRe:=file:files/bombre.txt
 
 This config does not make sense, because the same regex is processed
 four times. Only use bombre.txt for 'bombre' (this checks the complete
 mail), leave the othes empty.
 
 dummyaddr...@gmx.de to: recipi...@mydomain Regex:BlackRe 'PB 20: for
 [!empty!]'
 
 As you can see, 'blackRe' hits - not any of the above!
 
 Try to find out where your regex for blackRe matches an empty string -
 if
 you can not find it, send me the regex.
 
 Thomas
 
 
 
 Von:Dirk Kulmsee d.kulm...@netgroup.de
 An: 'ASSP development mailing list'
 assp-test@lists.sourceforge.net
 Datum:  08.07.2010 13:44
 Betreff:Re: [Assp-test] BombBlack hits good mail
 
 
 
 Hi all,
 I am afraid I need to get back to this subject again. Long story short:
 old
 ASSP works fine - new ASSP bombs good mail with [!empty!] hits.
 
 Currently I am running ASSP 2.0.2-1.0.07 and everything seems alright
 with
 BombBlack. Here is some log info for test emails I sent from an gmx.de
 account:
 
 Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Message-Score: added -4
 for
 213.165.64 in griplist (0.03), total score for this message is now -4
 Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Message-Score: added -10
 for
 Home Country Bonus DE (GMX GmbH), total score for this message is now -
 14
 Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain PB-IP-Score for
 '213.165.64.20'
 is 10, added -10 for HomeCountry-DE
 Jul-08-10 07:54:47 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain  no Bomb found in header
 Jul-08-10 07:54:48 68487-01934 [Worker_3] [SPF] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain [scoring] SPF: pass
 (cache)
 ip=213.165.64.20 mailfrom=dummyaddr...@gmx.de helo=mail.gmx.net
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Message-Score: added -10
 for
 SPF pass, total score for this message is now -24
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain  no Bomb found for
 'bombSuspiciousRe'
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain  no Bomb found for
 'bombDataRe'
 and 'bombRe'
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain  no Bomb found for
 'bombBlack'
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Bayesian Check [scoring] -
 Prob: 0.0 = ham
 Jul-08-10 07:54:48 68487-01934 [Worker_3] [Bayesian][scoring]
 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain info: Bayesian-Check has
 taken
 0 seconds
 Jul-08-10 07:54:48 68487-01934 [Worker_3] [Plugin] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain ASSP_OCR: Plugin
 successful
 called for runlevel 'complete mail'!
 Jul-08-10 07:54:48 68487-01934 [Worker_3] [MessageOK] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain message ok [Test7 nochn
 Gedicht] - /opt/assp/okmail/Test7_nochn_Gedicht--61958.eml
 Jul-08-10 07:54:48 68487-01934 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain info: no (more) data
 readable
 from 213.165.64.20 (connection closed by peer) - last command was
 'QUIT'
 
 
 
 But whenever I run newer versions of ASSP (2.0.2-1.1.15 in this case)
 BombBlack works differently, although I do not touch my assp.cfg or
 bombre.txt:
 
 
 
 Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Message-Score: added -4
 for
 213.165.64 in griplist (0.03), total score for this message is now -4
 Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain Message-Score: added -10
 for
 Home Country Bonus DE (GMX GmbH), total score for this message is now -
 14
 Jul-08-10 07:40:48 67648-12664 [Worker_3] 213.165.64.20
 dummyaddr...@gmx.de to: recipi...@mydomain PB-IP-Score for
 '213.165.64.20'
 is 10, added -10 for HomeCountry-DE
 Jul-08-10 07:40:48 67648-12664

Re: [Assp-test] BombBlack hits good mail

2010-07-08 Thread Dirk Kulmsee

-10 07:40:49 67648-12664 [Worker_3] [BombBlack] 213.165.64.20
dummyaddr...@gmx.de to: recipi...@mydomain [spam found] (BombBlack '(l:0)
(l:0) '[!empty!] (20)'') [Test4 mit pdf] - /opt/assp/discarded/12664.eml;
Jul-08-10 07:40:52 67648-12664 [Worker_3] 213.165.64.20
dummyaddr...@gmx.de to: recipi...@mydomain [SMTP Error] 554 5.7.1 Delivery
not authorized, message refused -- . (reason: BombBlack '(l:0) (l:0)
'[!empty!] (20)'')
Jul-08-10 07:40:52 67648-12664 [Worker_3] 213.165.64.20
dummyaddr...@gmx.de to: recipi...@mydomain finished message - received
size: 0 Byte - sent size: 2.26 MByte


I use bombre.txt for ...

bombHeaderRe:=file:files/bombre.txt
bombSubjectRe:=file:files/bombre.txt
bombRe:=file:files/bombre.txt
bombDataRe:=file:files/bombre.txt

Can anyone tell, what causes this difference in behavior? How can I find out
why newer versions of ASSP get [!empty!] hits, where 2.0.2-1.0.07 does not?
Any config variables I should look at?

TIA
Dirk


 -Ursprüngliche Nachricht-
 Von: Thomas Eckardt [mailto:thomas.ecka...@thockar.com]
 Gesendet: Montag, 14. Juni 2010 09:25
 An: ASSP development mailing list
 Betreff: Re: [Assp-test] BombBlack hits good mail
 
 What does [!empty!]
 mean here?
 
 
 
 [!empty!] meens - that you regex ist testing for an empty string.  like
 ^$
 
 Thomas
 
 
 
 Von:Dirk Kulmsee d.kulm...@netgroup.de
 An: 'ASSP development mailing list'
 assp-test@lists.sourceforge.net
 Datum:  09.06.2010 10:56
 Betreff:[Assp-test] BombBlack hits good mail
 
 
 
 Hi all,
 since I upgraded from 2.0.2-1.0.06 to 2.0.2-1.1.10 (same issue with
 2.0.2-1.1.11) I see lots of log entries like these:
 
 Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
 sen...@yahoo.de
 to: recipi...@my.domain  no Bomb found in header Jun-09-10 08:37:32
 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
 to: recipi...@my.domain  no Bomb found for 'bombSuspiciousRe'
 Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
 sen...@yahoo.de
 to: recipi...@my.domain  no Bomb found for 'bombDataRe', 'bombRe' and
 'bombCharSets'
 Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
 sen...@yahoo.de
 to: recipi...@my.domain Regex:BlackRe 'PB 20: for [!empty!]'
 Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
 sen...@yahoo.de
 to: recipi...@my.domain [!empty!] : (l:0) 20 , count : 1 , sum : 20 ,
 time
 :
 0 s
 Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
 sen...@yahoo.de to: recipi...@my.domain  (BombBlack '(l:0) (l:0)
 '[!empty!] (20)'') Jun-09-10 08:37:32 65451-05566 [Worker_1]
 87.248.110.138 sen...@yahoo.de
 to: recipi...@my.domain Message-Score: added 20 for BombBlack '(l:0)
 (l:0) '[!empty!] (20)'', total score for this message is now 9 Jun-09-
 10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
 to: recipi...@my.domain PB-IP-Score for '87.248.110.138' is 20, added
 20 for BombBlack Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack]
 87.248.110.138 sen...@yahoo.de to: recipi...@my.domain [spam found]
 (BombBlack '(l:0)
 (l:0) '[!empty!] (20)'') [Alan Wake] - /opt/assp/discarded/5566.eml;
 Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138
 sen...@yahoo.de
 to: recipi...@my.domain [SMTP Error] 554 5.7.1 Delivery not authorized,
 message refused -- . (reason: BombBlack '(l:0) (l:0) '[!empty!] (20)'')
 
 
 The mail is not spam. I cannot see why it is discarded. What does
 [!empty!] mean here? Where does it come from? A bad regex somewhere?
 I use the bombre.txt from the cvs.
 
 Thanks for your hints.
 
 Regards
 Dirk Kulmsee
 
 
 ---
 ---
 ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's
 Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit.  See the
 prize list and enter to win:
 http://p.sf.net/sfu/thinkgeek-promo
 ___
 Assp-test mailing list
 Assp-test@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/assp-test
 
 
 
 
 DISCLAIMER:
 ***
 This email and any files transmitted with it may be confidential,
 legally privileged and protected in law and are intended solely for the
 use of the
 
 individual to whom it is addressed.
 This email was multiple times scanned for viruses. There should be no
 known virus in this email!
 ***
 



--
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] BombBlack hits good mail

2010-06-09 Thread Dirk Kulmsee

Hi all,
since I upgraded from 2.0.2-1.0.06 to 2.0.2-1.1.10 (same issue with
2.0.2-1.1.11) I see lots of log entries like these:

Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain  no Bomb found in header
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain  no Bomb found for 'bombSuspiciousRe'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain  no Bomb found for 'bombDataRe', 'bombRe' and
'bombCharSets'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain Regex:BlackRe 'PB 20: for [!empty!]'
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain [!empty!] : (l:0) 20 , count : 1 , sum : 20 , time :
0 s
Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
sen...@yahoo.de to: recipi...@my.domain  (BombBlack '(l:0) (l:0)
'[!empty!] (20)'')
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain Message-Score: added 20 for BombBlack '(l:0) (l:0)
'[!empty!] (20)'', total score for this message is now 9
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain PB-IP-Score for '87.248.110.138' is 20, added 20 for
BombBlack
Jun-09-10 08:37:32 65451-05566 [Worker_1] [BombBlack] 87.248.110.138
sen...@yahoo.de to: recipi...@my.domain [spam found] (BombBlack '(l:0)
(l:0) '[!empty!] (20)'') [Alan Wake] - /opt/assp/discarded/5566.eml;
Jun-09-10 08:37:32 65451-05566 [Worker_1] 87.248.110.138 sen...@yahoo.de
to: recipi...@my.domain [SMTP Error] 554 5.7.1 Delivery not authorized,
message refused -- . (reason: BombBlack '(l:0) (l:0) '[!empty!] (20)'')


The mail is not spam. I cannot see why it is discarded. What does [!empty!]
mean here? Where does it come from? A bad regex somewhere?
I use the bombre.txt from the cvs.

Thanks for your hints.

Regards
Dirk Kulmsee


--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP Process ID

2010-03-25 Thread Dirk Kulmsee

Hi all,

this is not really a problem I hope, ASSP is running fine.  Just a question.


On Debian Linux the process for ASSP which I get using the ps command
looks like 

 

22280 pts/0SNl0:02 /usr/bin/perl /opt/ASSP/assp.pl /opt/ASSP

 

when it is freshly started, but after some days of operation it looks like

 

14517 ?SNl   81:50 /usr/bin/perl /usr/bin/perl /usr/bin/perl
/usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl
/usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl
/usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl
/usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl /usr/bin/perl
/usr/bin/perl /usr/bin/perl /usr/b 

 

I have seen this with all V2 versions. This makes it a bit tricky to
identify the process for watchdog or restart scripts. 

Why does the process entry grow that way? Can this become a problem?

 

Best regards

 

Dirk Kulmsee

 

--
Download Intel#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] RC2.01 - questions about resendmail

2010-02-15 Thread Dirk Kulmsee

Hello everybody,
today I have some questions about the resendmail feature in RC2.01 (currently 
7.07):

1) if the resendmail directory is empty, my mail.log shows lines like
Feb 15 17:17:37 mail assp[23885]: [Worker_1] (re)send - process: 
/opt/assp/resendmail/. (try 1
Feb 15 17:17:37 mail assp[23885]: [Worker_1] (re)send - 
/opt/assp/resendmail/. - From: headertag not found
Feb 15 17:17:37 mail assp[23885]: [Worker_1] (re)send - try to open: 
/opt/assp/resendmail/..
Feb 15 17:17:37 mail assp[23885]: [Worker_1] (re)send - process: 
/opt/assp/resendmail/.. (try 1
Feb 15 17:17:37 mail assp[23885]: [Worker_1] (re)send - 
/opt/assp/resendmail/.. - From: headertag not found

Not a big thing I guess, but ASSP unnecessarily seems to work on . and ...

2) I had some *.err.err.err files in the resendmail dir. I edited them to 
correct the From: line (delete UTF8 code in From: line).
Funny thing: they were resent although I renamed them to *.eml, while 
maillogExt was set to be empty. Is maillogExt really obeyed here? That is what 
the comment for resendmail in the GUI says.

3) I get the error From: headertag not found with ASSPs own Mails.
The rebuildrun.txt was not sent (RebuildNotify) apparently because of the 
UTF8-Tags in the From: line. The variables decodeMIME2UTF8 and 
UseUnicode4MaillogNames are both set to on, system setting is LANG=de_DE.UTF-8.

The first lines of these mails read like: 

Date: Mon, 15 Feb 2010 18:47:53 +0100
X-Assp-Notification: YES
From: =?UTF-8?Q?spammas...@replaced.name?=

And the logfile says:
Feb 15 18:48:01 mail assp[30798]: [Worker_1] (re)send - try to open: 
/opt/assp/resendmail/n237979
Feb 15 18:48:01 mail assp[30798]: [Worker_1] (re)send - process: 
/opt/assp/resendmail/n237979 (first time)
Feb 15 18:48:01 mail assp[30798]: [Worker_1] (re)send - 
/opt/assp/resendmail/n237979 - From: headertag not found



Best regards from a happy user

Dirk Kulmsee



--
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] Antwort: ASSP 2.01_RC0.6.09 / Postgres / assp_db_import.cfg

2009-12-06 Thread Dirk Kulmsee

 Ive tested the following:
 
 - Postgres 8.4 on Win32
 - assp_db_import.cfg 2.0.1_1.0.0
 - assp.pl 2.0.1_RC0.6.10
 
 whithout any DB-errors!

Thanks for your effort Thomas. You are really working quickly on this.
But I'm sorry to say that I still see same fetchrow_arrayref error with
spamdb.

I have the same versions of assp.pl and assp_db_import.cfg, but I use
Postgres 8.3.8 on Debian Lenny.

The system locale is UTF8 and so is the database. Could this be a cause for
concern?
I activated some Postgres logging and get lines like these:


Dec  6 22:46:35 mail postgres[15680]: [3-1] 2009-12-06 22:46:35 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:46:35 mail postgres[15680]: [3-2] 2009-12-06 22:46:35 CET TIPP:
Dieser Fehler kann auch auftreten, wenn die Bytesequenz nicht mit der
Kodierung Ã¼bereinstimmt,
Dec  6 22:46:35 mail postgres[15680]: [3-3]  die der Server erwartet, welche
durch Â»client_encodingÂ« bestimmt wird.
Dec  6 22:46:35 mail postgres[15680]: [3-4] 2009-12-06 22:46:35 CET
ANWEISUNG:  select pvalue,pfrozen from spamdb where pkey=$1
Dec  6 22:46:35 mail postgres[15680]: [3-5] #011

Dec  6 22:46:36 mail postgres[15570]: [3-1] 2009-12-06 22:46:36 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:46:36 mail postgres[15570]: [3-2] 2009-12-06 22:46:36 CET TIPP:
Dieser Fehler kann auch auftreten, wenn die Bytesequenz nicht mit der
Kodierung Ã¼bereinstimmt,
Dec  6 22:46:36 mail postgres[15570]: [3-3]  die der Server erwartet, welche
durch Â»client_encodingÂ« bestimmt wird.
Dec  6 22:46:36 mail postgres[15570]: [3-4] 2009-12-06 22:46:36 CET
ANWEISUNG:  select pvalue,pfrozen from spamdb where pkey=$1
Dec  6 22:46:36 mail postgres[15570]: [3-5] #011

(Sorry if its ugly to read, but rsyslog apparently does not guess the
message encoding right.)


At the same time the mail.log shows:

Dec  6 22:46:36 mail assp[14480]: [Worker_1] Error: Worker_1: Can't call
method fetchrow_arrayref on an undefined value at
/usr/local/share/perl/5.10.0/Tie/RDBM.pm line 166.
Dec  6 22:46:36 mail assp[14480]: [Worker_1] Info: auto restart died worker
Worker_1
Dec  6 22:46:36 mail assp[14480]: [Worker_1] Worker_1 started

Dec  6 22:46:36 mail assp[14480]: [Worker_2] Error: Worker_2: Can't call
method fetchrow_arrayref on an undefined value at
/usr/local/share/perl/5.10.0/Tie/RDBM.pm line 166.
Dec  6 22:46:36 mail assp[14480]: [Worker_2] Info: auto restart died worker
Worker_2
Dec  6 22:46:36 mail assp[14480]: [Worker_2] Worker_2 started

There are different byte sequences Postgresql complains about:
Dec  6 21:59:17 mail postgres[12247]: [3-1] 2009-12-06 21:59:17 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xfc
Dec  6 22:13:17 mail postgres[13856]: [3-1] 2009-12-06 22:13:17 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:14:34 mail postgres[13811]: [3-1] 2009-12-06 22:14:34 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xe47374
Dec  6 22:22:26 mail postgres[14538]: [3-1] 2009-12-06 22:22:26 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:33:21 mail postgres[14658]: [3-1] 2009-12-06 22:33:21 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xe47374
Dec  6 22:35:23 mail postgres[15215]: [3-1] 2009-12-06 22:35:23 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:37:27 mail postgres[15366]: [3-1] 2009-12-06 22:37:27 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:38:13 mail postgres[14549]: [3-1] 2009-12-06 22:38:13 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:38:34 mail postgres[15470]: [3-1] 2009-12-06 22:38:34 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:38:34 mail postgres[15522]: [3-1] 2009-12-06 22:38:34 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:40:26 mail postgres[15551]: [3-1] 2009-12-06 22:40:26 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xe9
Dec  6 22:46:35 mail postgres[15680]: [3-1] 2009-12-06 22:46:35 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:46:36 mail postgres[15570]: [3-1] 2009-12-06 22:46:36 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:47:26 mail postgres[15986]: [3-1] 2009-12-06 22:47:26 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:49:29 mail postgres[16005]: [3-1] 2009-12-06 22:49:29 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xc3
Dec  6 22:50:04 mail postgres[16123]: [3-1] 2009-12-06 22:50:04 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xe47374
Dec  6 22:59:18 mail postgres[16164]: [3-1] 2009-12-06 22:59:18 CET FEHLER:
ungÃ¼ltige Byte-Sequenz fÃ¼r Kodierung Â»UTF8Â«: 0xfc

I am still hopeful

Dirk Kulmsee


--
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused

Re: [Assp-test] Antwort: ASSP 2.01_RC0.6.08 / Pg DB / rebuildspamdb stops

2009-12-05 Thread Dirk Kulmsee

Dez-05-09 11:02:04 remove /opt/a
=

So rebuildspamdb really bails out in the middle of the line.

Any ideas how to trace this?

 
Best regards


Dirk Kulmsee


--
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP 2.01_RC0.6.09 / Postgres / assp_db_import.cfg

2009-12-05 Thread Dirk Kulmsee

Hi all,

I come across some questions around Postgres and ASSP. 

The documentation says I need an existing file assp_db_import.cfg in ASSP
root directory. The file I found at
http://www.iworld.de/homes/assp/ASSP-V2-Downloads has version 1.3.6 . I
guess this has nothing to do with ASSP' version.

-  As far as I can tell, ASSP needs this file only when bulk
importing data into an SQL database, 

or does ASSP always rely on SQL statements defined in here?

-  With Mysql ASSP does an INSERT IGNORE INTO, which is not
available with Postgres.

-  There is no Pg line in that file. Would Postgres be
sufficiently covered by the SQL92 template?

 

Regards

 

Dirk Kulmsee

 

--
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP 2.01_RC0.6.08 / Pg DB / rebuildspamdb stops

2009-12-03 Thread Dirk Kulmsee

Hi all,

I use Postgresql 8.3.8 for the ASSP databases. When I try to rebuild the
spamdb, the run stops after half the work. This is what the logfile shows
(filtered for Worker_10001):

 

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] RebuildSpamDB-thread
started

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Maxfiles: 14000

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' started for
spamlog

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' processed 1
files in spamlog

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' started for
notspamlog

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' processed 1
files in notspamlog

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' started for
correctednotspam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' processed 1
files in correctednotspam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' started for
correctedspam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] 'move to num' processed 1
files in correctedspam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] /opt/assp/errors/spam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] File Count:#01112

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Processing... errors/spam
with 12 files

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Imported Files:#01112

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Finished in 1 second(s)

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] /opt/assp/errors/notspam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] File Count:#011216

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Processing...
errors/notspam with 216 files

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Imported Files:#011216

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Finished in 3 second(s)

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] /opt/assp/spam

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] File Count:#0112,052

Dec  3 11:44:27 mail assp[23126]: [Worker_10001] Processing... spam with
2052 files

Dec  3 11:45:01 mail assp[23126]: [Worker_10001] Imported Files:#0112,052

Dec  3 11:45:01 mail assp[23126]: [Worker_10001] Finished in 36 second(s)

Dec  3 11:45:01 mail assp[23126]: [Worker_10001] /opt/assp/notspam

Dec  3 11:45:01 mail assp[23126]: [Worker_10001] File Count:#0114,193

Dec  3 11:45:01 mail assp[23126]: [Worker_10001] Processing... notspam with
4193 files

Dec  3 11:47:09 mail assp[23126]: [Worker_10001] Imported Files:#0114,193

Dec  3 11:47:09 mail assp[23126]: [Worker_10001] Finished in 128 second(s)

Dec  3 11:47:10 mail assp[23126]: [Worker_10001] Error: rebuildspamdb failed
- Can't call method fetchrow_arrayref on an undefined value at
/usr/local/share/perl/5.10.0/Tie/RDBM.pm line 166.

Dec  3 11:47:10 mail assp[23126]: [Worker_10001] INFO: RebuildSpamdb removed
from queue

Dec  3 11:47:10 mail assp[23126]: [Worker_10001] Info: RebuildSpamdb
Scheduler stopped

Dec  3 11:47:10 mail assp[23126]: [Worker_10001] Info: ReStart Scheduler
stopped

Dec  3 11:47:10 mail assp[23126]: [Worker_10001] Info: starting
RebuildSpamdb Scheduler with '32 3 * * *'

 

 

The file rebuildrun.txt gets touched, but remains at 0 bytes.

As far as I read fetchrow_arrayref returns an undefined value either if
there is an error or if there are no more rows.

Now: does rebuildspamdb _think_ there is an error and stop, or is there a
real error? How to fix?

 

Best regards

 

Dirk Kulmsee

--
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] 2.01_RC0.5.26 and Postgresql DB

2009-11-23 Thread Dirk Kulmsee

Hi all,
I installed ASSP 2.01 RC 0.5.26 on Debian Lenny. 

The mail user accounts are held in a postgresql database (V 8.3.8), so I
decided to stay with postgresql for ASSP's tables.
On startup ASSP falls back to files instead of database tables and I find
errors like these in my postgres.log:

2009-11-22 21:30:30 CET FEHLER:  Typ Â»varbinaryÂ« existiert nicht bei
Zeichen 33
2009-11-22 21:30:30 CET ANWEISUNG:  create table whitelist (pkey
varbinary(254) primary key,pvalue  varbinary(255))

This varbinary apparently does not exist with Postgresql. I dared change
line 6022 in assp.pl 
from:

'Pg'  = [qw/ varbinary(254)  varbinary(255)   int   0  0
/],

to

'Pg'  = [qw/ bytea   byteaint   0  0
/],

This way I get ASSP up and running. Yet I wonder about the number of DB
connections. ASSP opens 133 connections to the postgresql database right
from the start, even without any mail traffic. Is it a bug or a feature? :-)
I did not find a place where I could tune this.

Best regards

Dirk Kulmsee



--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] 2.01_RC0.5.26 dying - main exception / Syslog.pm

2009-11-23 Thread Dirk Kulmsee

Hi all,
I installed ASSP 2.01 RC 0.5.26 on Debian Lenny. 
ASSP died four times during the last few hours, giving this error in
maillog.txt

main exception: Wide character in syswrite at
/usr/local/lib/perl/5.10.0/Sys/Syslog.pm line 482

Any suggestions how to track this? 
(There is another question about Postgres, but I will post this seperately,
as I do not think it belongs together.)

Best regards

Dirk Kulmsee



--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] ASSP frozen? Loop not active

2009-04-16 Thread Dirk Kulmsee

 Apr-16-09 17:58:08 [Main_Thread] Info: Loop in Worker_1 was not active
 for 17051 seconds
 Apr-16-09 17:58:08 [Main_Thread] Info: Worker_1 : last sigoff in
 main, /Applications/assp/assp.pl, 11047, main::DKIMpreCheckOK, 1,
 0, ,  at Apr-16-09 13:13:57 1239851637.07158 - 12909
 Apr-16-09 17:58:08 [Main_Thread] Info: Worker_1 : last sigon in main, /
 Applications/assp/assp.pl, 11047, main::DKIMpreCheckOK, 1, 0, ,  at
 Apr-16-09 13:14:02 1239851642.47042 - 12964
 
 That meens: the Worker_1 was not out of his MainLoop for 17051 seconds.
 The last registration (off) and (on) to the signalhandler from
 DKIMpreCheckOK, is the last known good state! So what I need to know,
 is
 the last action(s) at 13:14:02 (some seconds before and maybe after -

I can see similar messages with 2.0.1 RC 0.0.02:

Apr 16 14:56:08 mx01 assp[21206]: [Main_Thread] Info: Loop in Worker_1 was
not active for 12917 seconds
Apr 16 14:56:08 mx01 assp[21206]: [Main_Thread] Info: Worker_1 : last sigoff
in main, /opt/ASSP/assp.pl, 7082, main::sigoffTry, 1, , ,  at Apr-16-09
11:0:51 1239873651.46706 - 7082
Apr 16 14:56:08 mx01 assp[21206]: [Main_Thread] Info: Worker_1 : last sigon
in main, /opt/ASSP/assp.pl, 7084, main::sigonTry, 1, , ,  at Apr-16-09
11:2051 1239873651.46715 - 7084


When I grep the log for [Worker_1] I get this excerpt:

Apr 16 11:16:27 mx01 assp[21206]: [Worker_1] Worker_1 started
Apr 16 11:18:39 mx01 assp[21206]: [Worker_1] Connected: 213.79.115.234:3417
- 88.198.171.114:25 - 127.0.0.1:125 , 8-9
Apr 16 11:18:40 mx01 assp[21206]: 73520-13946 [Worker_1] 213.79.115.234
amado-enero...@qbquickfix.com Message-Score: total for this message is 5,
added 5 for Suspicious HELO - contains IP: '[213.79.115.234]'
Apr 16 11:18:40 mx01 assp[21206]: 73520-13946 [Worker_1] 213.79.115.234
amado-enero...@qbquickfix.com PB-IP-Score for '213.79.115.234' is 5, added
5 for IPinHELO
Apr 16 11:18:40 mx01 assp[21206]: [Worker_1] e...@capricomp.de matches
e...@capricomp.de in LocalAddresses_Flat
Apr 16 11:18:40 mx01 assp[21206]: 73520-13946 [Worker_1] 213.79.115.234
amado-enero...@qbquickfix.com to: e...@capricomp.de recipient delayed:
e...@capricomp.de
Apr 16 11:18:40 mx01 assp[21206]: 73520-13946 [Worker_1] 213.79.115.234
amado-enero...@qbquickfix.com to: e...@capricomp.de [SMTP Status] 451
4.7.1 Please try again later
Apr 16 11:18:40 mx01 assp[21206]: [Worker_1] Disconnected: 213.79.115.234
Apr 16 11:20:50 mx01 assp[21206]: [Worker_1] Connected:
144.232.225.146:28717 - 88.198.171.114:25 - 127.0.0.1:125 , 7-8
Apr 16 11:20:51 mx01 assp[21206]: [Worker_1] schulleit...@mpg-dortmund.de
matches @mpg-dortmund.de in LocalAddresses_Flat
Apr 16 11:20:51 mx01 assp[21206]: [Worker_1] schulleit...@mpg-dortmund.de
matches @mpg-dortmund.de in spamLovers
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] [MsgID]
144.232.225.146 specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de [scoring] (Message-ID suspicious:
'000d01c9be74$6ddd1920$6400a...@specifiersa79')
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] 144.232.225.146
specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de Message-Score: total for this message is 10,
added 10 for Message-ID suspicious:
'000d01c9be74$6ddd1920$6400a...@specifiersa79'
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] 144.232.225.146
specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de PB-IP-Score for '144.232.225.146' is 10, added
10 for Msg-IDsuspicious
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] 144.232.225.146
specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de Message-Score: total for this message is 112,
added 102 for DNSBL: failed, 144.232.225.146 listed in safe.dnsbl.sorbs.net
zen.spamhaus.org
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] 144.232.225.146
specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de PB-IP-Score for '144.232.225.146' is 112, added
102 for DNSBLfailed
Apr 16 11:20:52 mx01 assp[21206]: 73650-13570 [Worker_1] [DNSBL][sl]
144.232.225.146 specifiers...@thedalbeywealthinstitute.com to:
schulleit...@mpg-dortmund.de [spam found] and possibly passing because
spamlover, otherwise blocked (DNSBL, 144.232.225.146 listed in
safe.dnsbl.sorbs.net zen.spamhaus.org) [Price for Viagra 100mg x 10 pills US
7 00 Per Pill] - ./spam/13570.eml

After this no activity of Worker_1 is logged.

HTH
Dirk Kulmsee



--
Stay on top of everything new and different, both inside and 
around Java (TM) technology - register by April 22, and save
$200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
300 plus technical and hands-on sessions. Register today. 
Use priority code J9JMT32. http://p.sf.net/sfu/p
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

[Assp-test] ASSP as backup mx - relaying

2009-03-21 Thread Dirk Kulmsee

Hello all,

I am currently trying to set up an ASSP machine (2.0 16.04) with two goals:

a) spam filter for the main domain, handing mail over to a local Courier
mail server which has an appropriate esmtp route.
This works fine and I can start fine tuning.

b) backup mx for another domain without filtering, handing mail over to a
local Courier mail server which has an appropriate esmtp route.
On the first go I put this domain in localDomains and in
noProcessingDomains. When I did telnet testing for this setup I got 530
Relaying not allowed. 
The mailserver behind ASSP handles the request as wanted when I address it
on its private port.
On the second go I found that the relay error only disappears when I put the
domain in localDomains and LocalAddresses_Flat (+ checking
LocalAddresses_Flat_Domains).

Is this intended? Is there a better way do do it? It appears to me that if I
always have to supply LocalAddresses, then localDomains has no use on its
own.

Best regards

Dirk Kulmsee


--
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Re: [Assp-test] NoProcessingList - still processing?

2008-01-31 Thread Dirk Kulmsee

 On 1/31/2008, Dirk Kulmsee ([EMAIL PROTECTED]) wrote:
  Shouldn't the NoProcessingList take precedence over
  LocalAddresses_Flat (over anything else in fact)?
 
 Of course not.
 
 The NoProcessingList is NOT the list of valid recipients. Two totally
 different things.
 
 It is up to the Admin to make sure that a complete list of valid
 recipients is available to ASSP.
 
 The question you shoul dbe asking yourself if, why would you want to
 have a recipient in the NoProcessingList and NOT in the
 LocalAddresses_Flat?

My thought was to close down access to the mailbox server as much as
possible so that nobody will pour in spam although this server is not an MX.
So all incoming mail should go through the ASSP server first. But there are
domains, that I only forward (e.g. I am 2nd MX). I don't have the recipient
list for these. I assumed I could let the mail for these domains also go
through the ASSP system, but not filter them (i. e. NoProcessing).
Unfortunately the NoProcessingList appears to be a SomeProcessingList ;-)

I worked around the problem by putting @domain in LocalAddresses_Flat for
these recipients. I should probably redesign the mail flow so that ASSP and
a MTA work side by side on that machine. Then mail that is not to be
filtered can have its path through the same system, but not through ASSP.

Thanks for your help!

Regards
Dirk Kulmsee 


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

65 matches

Mail list logo