[Assp-user] [SPAM] ASSP 2.4.1 barely blocking any spam

2014-08-20 Thread bstringfel...@bobcad.com 
Hello,
I recently rolled over to version 2.4.1 from version 1.99. I copied over 
the assp.cfg file and everything in the /files/ folder.
I came to you all before when I was having this issue but concluded that 
it was because my version of perl (5.10.1) did not support the Baynesian 
model. I have since upgraded to 5.16.0 but it hasn't helped much. The 
vast majority of spam is still getting through. When I analyze a spam 
message, it will acknowledge the existence of certain spam words as 
found in the Baynesian analysis and listed in bombRe.
For example:

*•Whitelisted Domains *: 
'ourdomain.com'
*•SPF-check returned OK*for87.116.64.127 
->[email protected] , 
00d5a850.regnerg.eu
  •Received-SPF: pass (regnerg.eu:87.116.64.127 is 
authorized to use'[email protected]' in 'mfrom' 
identity (mechanism 'a' matched)) receiver=ASSP.ourdomain.com; 
identity=mailfrom; envelope-from="[email protected] 
"; helo=00d5a850.regnerg.eu; 
client-ip=87.116.64.127 
*•bombRe*: 'highest match: 
"erection" with valence: 25 - PB value = 25'
  •matching bombRe(file:files/bombre.txt[line 38] 
): 
'\b[e\xE3\xE8-\xEB]+\s?\S?\s?\W?R+\s?\S?\s?\W?[e\xE3\xE8-\xEB]+\s?\S?\s?\W?C+\s?\S?\s?\W?T+\s?\S?\s?\W?[I1!|lt\xEC-\xEF]+\s?\S?\s?\W?[O0\xF2-\xF6]+\s?\S?\s?\W?(?:\/\|\/|N)\b'
*•BombHeader RE *: 'highest 
match: "0 Aug 2014 14:04:56 -0400" with valence: 25 - PB value = 50'
  •matching bombHeaderRe(): '0'
*•URIBL check *: 'OK'
*•Valid Format of HELO *: 
'00d5a850.regnerg.eu'
*•IP in Helo check *: 'OK'
*•RBLCheck returned OK for87.116.64.127 *:
*•87.116.64.127 SenderBase*: status=not classified, 
data=BG, NAICOMS EOOD, , , , 22

Thanks in advance.
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] [SPAM] ASSP 2.4.1 barely blocking any spam

2014-08-22 Thread bstringfel...@bobcad.com 
Thank you, I removed it.
However, that's the way it's always been with ASSP1 and it's worked 
fine. Does ASSP2 work differently in this regard?

On 8/22/2014 3:33 AM, Thomas Eckardt wrote:
>> *•Whitelisted Domains *:
> 'ourdomain.com'
>
> looks like you added local domains to whitelisted domains - never do this
> !!!
>
> Thomas
>
>
>
>
> DISCLAIMER:
> ***
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> ***
>
>
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] [SPAM] ASSP 2.4.1 barely blocking any spam

2014-08-22 Thread bstringfel...@bobcad.com 
Should I also remove local IP addresses from these?
Whitelisted IPs
acceptAllMail
allowRelayCon


On 8/22/2014 3:33 AM, Thomas Eckardt wrote:
>>> *•Whitelisted Domains <http://192.168.21.13:5/#whiteListedDomains>*:
>> 'ourdomain.com'
>>
>> looks like you added local domains to whitelisted domains - never do this
>> !!!
>>
>> Thomas
>>
>>
>>
>>
>> DISCLAIMER:
>> ***
>> This email and any files transmitted with it may be confidential, legally
>> privileged and protected in law and are intended solely for the use of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> ***
>>
>>
>> --
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/
>> ___
>> Assp-user mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user

-- 
Regards,

Brian Stringfellow
IT Assistant
877-262-2231 ext. 175 |727-442-3554 ext. 175
Fax: 727-442-1773
[email protected] <mailto:[email protected]>


BobCAD-CAM Logo <http://www.bobcad.com>

BobCAD-CAM Facebook 
<http://www.facebook.com/pages/BobCAD-CAM/261363801413> BobCAD-CAM 
Twitter <http://twitter.com/BobCAD_CAM> BobCAD-CAM LinkedIn 
<http://www.linkedin.com/company/bobcad-cam-inc.> BobCAD-CAM YouTube 
<http://www.youtube.com/user/BobCADCAM> BobCAD-CAM News 
<http://www.bobcad.com/news>

* Disclosure Statement *

This email message is intended only for the addressee(s) and contains 
information that may be confidential and/or copyright. If you are not 
the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this 
email by anyone other than the intended recipient(s) is strictly 
prohibited. No representation is made that this email or any attachments 
are free of viruses. Virus scanning is recommended and is the 
responsibility of the recipient. Thank you, BobCAD-CAM, Inc.
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] [SPAM] ASSP 2.4.1 barely blocking any spam

2014-08-22 Thread bstringfel...@bobcad.com 
Thank you for your help. I removed our local addresses from Whitelisted 
IPs and allowRelayCon. I had to leave our local addresses in 
acceptAllMail because it wouldn't let me send messages at all after 
removing it from there, but at least it's working now.

On 8/22/2014 9:03 AM, Thomas Eckardt wrote:
>> Does ASSP2 work differently in this regard?
> YES. If someone wants local domains/IP's to be whitelisted, this should be
> possible and it should be processed like this - V1 ignores this in some
> cases.
>
> AND YES - V2 works more or less different in some cases.
>
> Thomas
>
>
>
>
>
> Von:"[email protected]" 
> An: For Users of ASSP 
> Datum:  22.08.2014 14:38
> Betreff:Re: [Assp-user] [SPAM] ASSP 2.4.1 barely blocking any spam
>
>
>
> Thank you, I removed it.
> However, that's the way it's always been with ASSP1 and it's worked
> fine. Does ASSP2 work differently in this regard?
>
> On 8/22/2014 3:33 AM, Thomas Eckardt wrote:
>>> *•Whitelisted Domains <http://192.168.21.13:5/#whiteListedDomains
>> *:
>> 'ourdomain.com'
>>
>> looks like you added local domains to whitelisted domains - never do
> this
>> !!!
>>
>> Thomas
>>
>>
>>
>>
>> DISCLAIMER:
>> ***
>> This email and any files transmitted with it may be confidential,
> legally
>> privileged and protected in law and are intended solely for the use of
> the
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be no
>> known virus in this email!
>> ***
>>
>>
>>
> --
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/
>> ___
>> Assp-user mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/assp-user
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
> DISCLAIMER:
> ***
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> ***
>
>
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user



--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] Allow relaying without whitelisting?

2014-08-26 Thread bstringfel...@bobcad.com 
Hello,
I need to be able to allow users to be able to access and send from 
their internal emails on their mobile devices. I'm already aware of the 
IP address ranges that need to be opened, but the only way I've found to 
allow this is to add those IP addresses to acceptAllMail. This creates a 
problem because it also whitelists all emails coming from that IP range. 
I tried adding them to allowRelayCon but it did not work.
Is there a way to allow relaying for a specific IP range without 
whitelisting it?
Thanks in advance.

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] Backing up assp

2014-08-27 Thread bstringfel...@bobcad.com 
Generally yes, you would just copy the entire ASSP folder. You probably 
ought to exclude the discarded and spam folders to save space. You could 
also have a copy of the /etc/init.d/assp file backed up somewhere.
Also, keep track of your Perl version and modules (*perl -v* and 
*instmodsh* on the Linux command line, respectively). Those details will 
be necessary if you want to migrate it to a new system.

On 8/27/2014 1:51 AM, John Grasty wrote:
> Hello,
>
> I've just now got asap installed and seemingly correctly configured. How
> is the best way to go about backing it up? What are the best practices?
>
> Currently, I'm just taking zfs snapshots of the entire assp directory.
>
> Thanks,
> John Grasty
>
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] Receiving spam messages twice?

2014-08-27 Thread bstringfel...@bobcad.com 
Hello,
It seems that every spam message that gets filtered out gets duplicated 
when it's sent to my spam address. I don't recall changing anything that 
would cause this. What should I check first?
-- 
Regards,

Brian Stringfellow
IT Assistant
877-262-2231 ext. 175 |727-442-3554 ext. 175
Fax: 727-442-1773
[email protected] <mailto:[email protected]>


BobCAD-CAM Logo <http://www.bobcad.com>

BobCAD-CAM Facebook 
<http://www.facebook.com/pages/BobCAD-CAM/261363801413> BobCAD-CAM 
Twitter <http://twitter.com/BobCAD_CAM> BobCAD-CAM LinkedIn 
<http://www.linkedin.com/company/bobcad-cam-inc.> BobCAD-CAM YouTube 
<http://www.youtube.com/user/BobCADCAM> BobCAD-CAM News 
<http://www.bobcad.com/news>

* Disclosure Statement *

This email message is intended only for the addressee(s) and contains 
information that may be confidential and/or copyright. If you are not 
the intended recipient please notify the sender by reply email and 
immediately delete this email. Use, disclosure or reproduction of this 
email by anyone other than the intended recipient(s) is strictly 
prohibited. No representation is made that this email or any attachments 
are free of viruses. Virus scanning is recommended and is the 
responsibility of the recipient. Thank you, BobCAD-CAM, Inc.
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] Receiving spam messages twice?

2014-08-27 Thread bstringfel...@bobcad.com 
Hello, It seems that every spam message that gets filtered out gets 
duplicated when it's sent to my spam address. I don't recall changing 
anything that would cause this. What should I check first?
I noticed it happened on 8/22, the day I rolled over to ASSP 2.4.1 from 
1.99.

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] weird spam duplication

2014-08-29 Thread bstringfel...@bobcad.com 
Is anyone else having the issue of spam messages always being sent twice 
to the specified inbox? Literally every message that gets filtered out 
gets sent there twice.

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] tagged messages get duplicated... help

2014-09-11 Thread bstringfel...@bobcad.com 
Hello,
I'm having a strange issue with ASSP 2.4.3 where any message that gets 
marked as spam via tagging gets sent to the spam email address twice. 
There are always duplicates of every message. Messages from blacklisted 
domains don't do this however.
Thanks everyone.

--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

[Assp-user] Spam marked but not blocked

2014-09-12 Thread bstringfel...@bobcad.com 
Hello,
First, I figured out why I was getting duplicates of every spam message 
forwarded to my spam address. It was because the email address I entered 
for ccSpamInDomain is actually an alias for the same email used for 
sendAllSpam. That was simpler than I thought it would be.

However, we have a user who's getting tons of spam. It is marked as spam 
with the {ASSP-SPAM} [MessageLimit][tagging] prefixes and the headers 
even show a high tagging score, well above what should have it flagged.

I found one message in the logs for example. This is what the log says:

Sep-12-14 07:35:22 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] Message-Score: added -10 
(spfpValencePB) for SPF pass, total score for this message is now -10
Sep-12-14 07:35:22 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] Message-Score: added -10 for 
Home Country Bonus US (DORIS_MARTINSSON), total score for this message 
is now -20
Sep-12-14 07:35:22 m-21721-03024 [Worker_2] [BombHeaderRe] 
100.43.187.172  to: [email protected] [scoring] 
(BombHeaderRe '2 Sep 2014 04:03:20 -0700')
Sep-12-14 07:35:22 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] Message-Score: added 50 for 
BombHeaderRe '2 Sep 2014 04:03:20 -0700', total score for this message 
is now 30
Sep-12-14 07:35:28 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] FileScan: scanned 50448 bytes 
in message
Sep-12-14 07:35:28 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] Bayesian Check [scoring] - 
Prob: 1.0 => spam
Sep-12-14 07:35:28 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] Message-Score: added 49 for 
Bayesian Probability: 1.0, total score for this message is now 79
Sep-12-14 07:35:28 m-21721-03024 [Worker_2] 
[MessageLimit][tagging][testmode] 100.43.187.172  
to: [email protected] [spam found] and possibly passing because testmode, 
otherwise blocked (MessageScore 79, limit 50) [Pure Garcinia Cambogia 
Extract] -> spam/Pure_Garcinia_Cambogia_Extract--1496652.eml
Sep-12-14 07:35:28 m-21721-03024 [Worker_2] 100.43.187.172 
 to: [email protected] spam found and passing () [Pure 
Garcinia Cambogia Extract] -> 
spam/Pure_Garcinia_Cambogia_Extract--1496652.eml

This is what feature matching says with the analyze option:

• SPF-check returned OK for 100.43.187.172 -> 
[email protected], esurgas.us
  • SPF: pass (cache) ip=100.43.187.172 
[email protected] helo=esurgas.us
• BombHeader RE: 'highest match: "2 Sep 2014 04:03:20 -0700" with 
valence: 25 - PB value = 50'
  • matching bombHeaderRe(): '0'
• URIBL check: 'OK'
• Valid Format of HELO: 'esurgas.us'
• IP in Helo check: 'OK'
• RBLCheck returned OK for 100.43.187.172:
• 100.43.187.172 SenderBase: status=not classified, data=US, 
DORIS_MARTINSSON, , , , 26

Thank you all.
--
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
___
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user