Re: [Assp-test] About the penaltybox cleanup

I have just run RebuildspamDB 2.5.1.2, when started it created .bak files of all the file in the pb folder, these files were not deleted. When the next cache cleanup ran the *.tmp were created but the update fails - coincidence? Nope, bad design and wrong approach to solve a bug (not to

Re: [Assp-test] Antwort: Re: About the penaltybox cleanup

Running 1.5.1.2(1.2.0) on windows 2003, permissions are ok and tried anything (even following Fritz suggestions), including recreating the pb folder or letting ASSP creating it, wiping files and so on, still, here's what I'm getting (also notice that I changed paths to use / in place of \ due to

Re: [Assp-test] About the penaltybox cleanup

Reverted back to 1.0.07 and the permission denied errors are gone. not gone, they just are NOT logged, but there are STILL there :P -- Register Now Save for Velocity, the Web Performance Operations Conference from

Re: [Assp-test] Antw: Re: Antwort: Re: About the penaltybox cleanup

Also... another /strange/ thing I noticed is that, while the tmp files are left in place due to those errors, if I stop and then restart ASSP they disappear just in case, they seem to be wiped when assp stops, so I think that it may definitely be ASSP which is keeping those files opened

Re: [Assp-test] About the penaltybox cleanup

Is it possible the file is still open when these two actions are taking place? that's what I suspect, see the FS will return that permission denied error in both cases, that is, if a file can't be accessed due to permission issues or if it can't be accessed (or unlinked/renamed) due to the fact

Re: [Assp-test] Antwort: Re: About the penaltybox cleanup

Is it possible the file is still open when these two actions are taking place? It looks so, but the files are closed just before that actions taking place! hmmm... just shooting in the dark here but... let's say the Perl I/O subsystem flushes the file contents on close, now, the code closes

Re: [Assp-test] Note: Reclassification of Sender ID and SPF to HistoricStatus

http://tools.ietf.org/html/draft-moonesamy-senderid-spf-historic-00 I am not suggesting to remove from ASSP (specially since Strict SPF Processing Regular Expression has been helpful for us to identify spoofed mails), however, I though everyone ought to know and maybe adjust some of your

Re: [Assp-test] Note: Reclassification of Sender ID and SPF to HistoricStatus

We'll see how that draft will end up ;-) In Mauritius? Hmmm I was thinking at another place g -- Register Now Save for Velocity, the Web Performance Operations Conference from O'Reilly Media. Velocity features a

Re: [Assp-test] Antwort: Re: Antwort: RC22 List reloads written to config history log

I'm running hMailServer, which has no LDAP implementation. all you need is installing an LDAP server on windows and sync it with the hMailServer accounts, at that point you'll be able to use LDAP from ASSP to validate addresses, otherwise you may just setup ASSP to use VRFY/EXPN so avoiding the

Re: [Assp-test] Antwort: Re: Antwort: Re: About the penaltyboxcleanup

Just for me as an old Apple guy: why is the backslash used? I thought, that Windows accept both slash and backslash and a ll the other systems like ..nix and MacOS X accept only slash. I remember that the backslash was in CP/M and DOS was trying to be compatible but today? As far as I

Re: [Assp-test] About the penaltybox cleanup

Apr-28-09 13:27:32 PenaltyBox: cleaning BlackBox finished; IP's before=954, deleted=844 Apr-28-09 13:27:32 Error: orderedtie is unable to delete c:/assp/pb/pbdb.black.db - Permission denied same here; ensured to use / instead of \, even edited the registry to ensure that

Re: [Assp-test] About the penaltybox cleanup

The only one which is shrinked is the blackbox. well ... yes, apparently so... while before it kept growing more and more (and the other files did the same but their size didn't grow as fast as the blackbox) One stupid question: if it's useful to solve an issue, a question is NEVER stupid

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

A bit of warning; not sure if it's an issue on my install or something else, but running the File::Scan::ClamAV 1.9.1 along with the ClamAV 0.95.1 sometimes the whole ASSP gets stuck; I mean, it becomes totally deaf, CPU usage down to 0% and the only way to get it back on is killing the ASSP

Re: [Assp-test] About the penaltybox cleanup

Apr-27-09 05:09:30 PenaltyBox: cleaning WhiteBox finished; IP's before=350, deleted=11 Apr-27-09 05:09:30 Error: orderedtie is unable to delete c:\assp/pb/pbdb.white.db - Permission denied try the following: stop assp rename pb to pb.bak start assp and stop it again start

Re: [Assp-test] About the penaltybox cleanup

stop assp rename pb to pb.bak start assp and stop it again start explorer, select the pb folder set permission to everyone, full control apply to folder, subfolders and files start assp I am not a windows guy, but it should be sufficient to select the pb folder set permission to

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

Thank you for information, Y/W I planed to install 0.95.1 today, but alerted from your warning I will leave my hands off this. As I mentioned in my last post, I did a manual upgrade to File::Scan::ClamAV 1.91 last week but still use clamd 0.94. This seems to work, at least until today.

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

A bit of warning; not sure if it's an issue on my install or something else, but running the File::Scan::ClamAV 1.9.1 along with the ClamAV 0.95.1 sometimes the whole ASSP gets stuck; I mean, it becomes totally deaf, CPU usage down to 0% and the only way to get it back on is killing the ASSP

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

I tend to suspect that the hangup issue is related to the latest ASSPs I am aware of at least one mailserver (Kerio) whose ClamAV support is known not to work with v0.95 - so there is still the possibility of an issue remaining. still investigating... will report as soon as I'll have some

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

Thank you! I finally could install 1.91 with your help!! :) You're welcome :) The only thing what makes me nervous is that nmake test gives the following: C:\Perl\cpan\build\File-Scan-ClamAV-1.91nmake test warn, the test tries to locate the clamav signatures and it's probably failing

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

I will watch what 1.91 does for a couple of days you may speed up things by running a tail -f clamd.log and looking at the detected messages; you may even try sending yourself (from an external account) and email with the eicar test file attached to check if the scanner is working as expected

Re: [Assp-test] About the penaltybox cleanup

I do not see any bug in the cleanup process and there are no other reports about such a behaviour. well... that's why I'm asking for help here, if there's anything I may check to see if it's causing such a behaviour, just tell me where to look and I'll do; I'd really like to solve this issue

[Assp-test] About the penaltybox cleanup

As I reported in several messages, sounds like there may be a bug into the code handling the pb black database cleanup; looking at the entries below 22-04-2009 10:16 7 633 395 pbdb.black.db 22-04-2009 06:00 6 813 711 pbdb.black.db.bak 24-04-2009 08:5814 901 334

Re: [Assp-test] About the penaltybox cleanup

it's easy to see how the file almost doubled in size in a couple of days, instead it kept growing; my PB parameters are as follows I should have been it's easy to see how the file almost doubled in size in a couple of days, is should have been cleaned up instead it kept growing sorry

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

Ok, so I installed the latest ClamAV perl module 1.9.1 per GrayHat's instructions. I've also got tBB's 0.95.1a version of ClamAV (http://hideout.ath.cx/ClamAV/) installed at c:\clamav. But, I'm still having problems with ClamAV severely slowing my ASSP installation to where the GUI becomes

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

hmm... maybe it isn't the ClamAV; I'm running 0.95.1 + module 1.9.1 and didn't notice such an issue (and btw the scanner IS working) since we're at it, check your clamd.conf and ensure to have the following parameters with the listed values MaxThreads 20 ReadTimeout 300 CommandReadTimeout 10

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

http://oss.netfarm.it/clamav/ (http://hideout.ath.cx/ClamAV/) installed at c:\clamav. But, I'm still I don't know about that particular version. The one above is a native w32 port, the one used in clamwin. same for the other one; at any rate I use the first one (from netfarm)

Re: [Assp-test] About the penaltybox cleanup

I was looking at the code, now, I'm not a Perl guru at all, but I'm wondering if ... if ( $PenaltyExpiration == 0 ) { if ( $pbdb =~ /mysql/ ) { while ( my ( $k, $v ) = each(%PBBlack) ) { delete $PBBlack{$k}; } } else {

Re: [Assp-test] Antwort: Re: Antwort: RC13 headers still missing

When it was set to block, lots of spam was getting through with one header line added by ASSP. Now that it is not set to block, the same emails (tons of spam) are getting through completely untouched by ASSP - no headers added, no blocking, nothing, it just lets the spam Totally WIPE

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

http://oss.netfarm.it/clamav/ THANKS :) ! -- Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5,

Re: [Assp-test] ClamAV Antivirus Native Win32 Port - 0.95.1

I have File::Scan::ClamAV 1.91. Heh... the problem is that, apparently there's no 1.91 for win32 at least not in the repos I'm using, btw if you know of any other repo carrying that I'd be happy to test the 0.95.1 in production, till then, I'll just give it a spin on a test system

Re: [Assp-test] senderbase bug

Delete the cache. The cache is completely different organized in 1.5.1.2 did that and it got repopulated with correct format entries I just wonder... I only deleted the pbdb.sb.db; do I need to also delete other cache files due to format changes ?

Re: [Assp-test] Senderbase Cache Scores question

0 = neutral 1 = used for blocking 2 = used for whiting 3 = spam detected from this IP Fritz... what about adding the above infos near the show cache button on the ASSP GUI ? -- Stay on top of everything new and

Re: [Assp-test] SSL/TLS

Confirmed - problem exists with IO:Socket:SSL 1.24, openssl 0.9.8g-4ubuntu3.5 on ubuntu hardy. Timeout if more than one packet in email. so, it sounds like it's definitely a bug inside the SSL module; it may be a good idea further investigating (looking at the module source code) and then

Re: [Assp-test] SSL/TLS

So we have problem reports on Windows, OS/X and Ubuntu. apparently so I am using FreeBSD and do not appear to have this problem. May I suggest you all upgrade?! Man, I do *love* beastie but I can't just start flattening all the boxes and installing it or I'll suddenly find myself running to

Re: [Assp-test] SSL/TLS

Anyone can verify it (I can't because centos 5 offers 0.9.7e) ? I'm on OSX running OpenSSL 0.9.7l and I still have timeouts with it and IO::Socket::SSL 1.19 with assp 1.5.1.2 1.0.02. Uhm ... so it sounds like it isn't just a windows specific issue ?!? I thought the issue only surfaced on

Re: [Assp-test] Senderbase whiteorg

Nice list, Grayhat, but I would shy away from the following This microsoft address block as phish/fraud haven based upon our log history: live.com officeliveemail.com Hmmm... good finding, sounds like when I pruned the list I left out the above two; removed them and re-checked the list

Re: [Assp-test] Senderbase whiteorg

In the email that I received, there's a section in the middle that looks like the above. In an email after this, you mentioned how some of these have spaces in their names. Well, with it bunched up like that, it is a little difficult to determine what belongs to what. Is there a chance you

Re: [Assp-test] Senderbase whiteorg

If you don't mind sending to me in rar format, I'd appreciate it. You've new mail, and btw if you feel like you may integrate it with some more entries and pass it back it would be cool -- Stay on top of everything new

[Assp-test] senderbase bug

Looking at the senderbase cache I found entries like 12.10.219.431240239639 2 US|AMERICAN 12.10.219.441240240231 2 US|AMERICAN 12.10.219.611240232500 2 US|AMERICAN now; if you query the above IPs against senderbase you'll obtain 0=1|1=AMERICAN

Re: [Assp-test] Senderbase whiteorg

Whiteorg cannot contain spaces. Please replace spaces with _ or . When did that start ? And in any case, why didn't you put somewhere a note about it ? Also, senderbase org strings contain spaces, so such a thing doesn't make so much sense to me

[Assp-test] Senderbase whiteorg

A somewhat more comprehensive list HTH 3com corporation acer-euro.com activedir.org activepdf.com addt.com adp-ics.com aexp.com alerts.com alliedpilots.org amazon.com america online american airlines american express aopa.org appdev.com apple computer ashampoo.com atcfkid.com autodesk.com avira

Re: [Assp-test] Attachment blocking not working at all.

After seeing this entry I decided to try setting everyone to level 4 and completely clearing the level4 field so every attachment should be blocked.. Zip came in just fine.. Ugh.. I think that while upgrading from a version from another the config file got somewhat screwed and since ASSP

Re: [Assp-test] Antwort: Re: Antwort: [SPAM] Re: ASSP V 2.0.1 RC 0.0.01 released

ASSP the Plugins and the Modules using system calls like qw($cmd). First we have to wait for the call to finish because we need the return and second - there is no way to control this calls - we are (ASSP) on the systemstack - an other program is using our thread. And nobody needs a

Re: [Assp-test] Antwort: Re: Antwort: [SPAM] Re: ASSP V 2.0.1 RC 0.0.01 released

Perhaps the correct way to deal with it would be to put email with embedded images in a separate queue in directory, where a separate process can pick through them one by one and OCR them, add its results to the message header, then move it to a queue out directory where ASSP would pick

Re: [Assp-test] ASSP 1.5.1.2 ready

I don't think you can filter dynamics just by using HELO checks in such a case it would be a better idea keeping some DNSBLs copies on local boxes but, again, that's up to you Hmmm... Early HELO check here do a large part of the magic. Again, don't get me wrong, early HELO checks along with

Re: [Assp-test] Strict helo checking

RFC 2821 states that the helo/ehlo salutation contain a fqdn or a domain literal. I see lots of bots using the home computer's name link bob or some sort of provisioning ID like AM23g6d so since valid helos must have a period in them and since many co-oped home computers just have names how

Re: [Assp-test] ASSP 1.5.1.2 ready

ASSP_1.5.1.2-Install.zip is ready to be published on SF. It would be helpful if this package is tested for correctness: strange log entries, probably a minor bug: Apr-15-09 13:01:31 msg-00491-04667 201.92.46.248 doggyh...@aripulkkinen.com [SMTP Reply] 1 Apr-15-09 13:01:31 msg-00491-08371

Re: [Assp-test] ASSP 1.5.1.2 ready

Since we're at it, the invalidformatHELORe may be changed to include the following ^\d+\.\d+\.\d+\.\d+$ ^[^\.]+\.?$ \.intra$ \.local$ \.lan$ \.priv$ \.private$ \.localdomain$ \.online$ I've been using the above for quite a while now and it's working withouth problems (and allowing to reject

Re: [Assp-test] ASSP 1.5.1.2 ready

Check PenaltyTrapPolite. When Fritz added it a few builds back I don't think the default was set correctly. thanks, that did the trick, yet I think it would be a good idea setting it to a reasonable default :) --

Re: [Assp-test] ASSP 1.5.1.2 ready

The default is reasonable. But the field changed from checkbox to textfield and got the 1 saved into your config. sounds like there's another issue; upgraded to the latest version and left it run till now, then noticed it was slowing down quite a lot, so stopped it and found that the

Re: [Assp-test] Senderbase Accepted Emails

This is not a domain in the WhiteOrg.txt file from what I can tell. Is there a better way to monitor these types of emails? Noticed the same, but forgot about it, yes, it seems that a senderbase hit, even if not for a whitelisted domain, will decrease the spamscore... does it make any sense ???

Re: [Assp-test] ASSP 1.5.1.2 ready

^\d+\.\d+\.\d+\.\d+$ ^[^\.]+\.?$ \.intra$ \.local$ \.lan$ \.priv$ \.private$ \.localdomain$ \.online$ Mine is : ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$|\d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}|d yn am ic| ddns|dns\.org$ hmm... that dynam sounds like risky business, using that you'd be

Re: [Assp-test] Antwort: Re: Senderbase Accepted Emails

even if not for a whitelisted domain SenderBase is never done for whitelisted! what I mean is that, even if a given domain is NOT whitelisted, nor included into the whitesenderbase list, it gets a decrease in spamscore just because there's a hit from the senderbase... if you look at the

Re: [Assp-test] Antwort: Re: Senderbase Accepted Emails

SenderBase is never done for whitelisted! Whitelisted senderbase domains are meant. I removed the feature that hits of domains can decrease the score. Obviously too risky. just to be sure, current 1.5.1.2 (1.0.00) still has such a feature or has it already been disabled ?

Re: [Assp-test] ASSP 1.5.1.2 ready

Bad split, sorry. It should read dynamic. I repost it : no prob, I was just pointing out the risk of using that expression :) imVHo, better doing so when checking the PTR Helo check is faster than doing a reverse lookup sure, but a lot of hosts sitting on dynamic IPs won't use an HELO

Re: [Assp-test] Antwort: Re: Senderbase Accepted Emails

1.5.1.2 (1.0.00) on my site does it have removed. confirmed, and it works -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational

Re: [Assp-test] Antwort: [SPAM] Re: ASSP V 2.0.1 RC 0.0.01 released

OCR uses external calls to ImageMagick and tesseract - both are using 100% CPU per core and call - and nobody has control on it - this is simple to recognize. Uhm won't it be possible to bind those processes only to a given core ? Not that it would really solve the issue, but at least such

Re: [Assp-test] Antwort: Re: 1.5.1.2 - Many Connection Idle - timeout

So it meens, changing the configuration (disable SSL) fixes the problem? Not in my case (didn't try with the latest version); as far as I can tell, unchecking the SSL option didn't fix the issue and the only real solution was uninstalling the IO::Socket::SSL module so that it wasn't loaded at

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

No, it was not solved. I propose you send him the 1.5.1.1 (1.0.06). If that is a better version, I will do a last attempt to take that version and put all the new patches into it. Fritz... maybe I found some track, I tried the 1.5.1.2(0.0.16) but this time, before starting it, I uninstalled

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

a reliable report, but judging from what I see, sounds like those hiccups aren't showing up anymore (fingers crossed, will report again later) Till now, all well, so apparently uninstalling the SSL module did the trick, yet I can't understand why just having it installed (but NOT enabled in

Re: [Assp-test] Antwort: Re: 1.5.1.2 - Many Connection Idle - timeout

But never use SSL for your client connnection on Win32! Uh... why not ? I'm using stunnel and it works pretty well, sure, I'm missing TLS, but for the moment that's ok -- This SF.net email is sponsored by: High Quality

Re: [Assp-test] Antwort: Re: 1.5.1.2 - Many Connection Idle - timeout

If 'use IO::Socket::SSL' is done, this module wraps all calls to Sockets to it self, if you call undedicated $fh-close or $fh-sysread or ..! Uhm so if the module is installed it /affects/ all socket calls, not just the SSL ones... now I see (although it sounds quite crazy to me, since

Re: [Assp-test] V1.5.1.2(0.0.09) DNSBL Test mode et al

Apr-9-09 06:51:34 118.71.198.64 cvunl...@commendium.co.uk to: ifarequ...@ndfs.co.uk MessageScore is now 97, after adding 75 (DNSBL: failed, 118.71.198.64 listed in dnsbl-1.uceprotect. net safe.dnsbl.sorbs.net) Apr-9-09 06:51:34 [DNSBL][testmode]

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

I am now running 1.5.1.2(0.0.16) which I believe is the latest version as I type, and I am still getting some unexplained timeouts. Yeah, noticed them too, and not just with latest 0.16 but starting with 1.5.1.1 (1.0.09) while with 1.5.1.1 (1.0.06) there was no problem, if you look at the ASSP

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

Thanks that is quite cool :-) y/w, aside from debugging purposes it comes handy to eyeball the ASSP working in real time by looking at the live logs Win32-API-OutputDebugString yes, sorry, I forgot to mention that :( by the way the debugview approach as some pluses over the tail -f one, in

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

Ah! but as a windows boy I can recommend BareTail know that, still prefer the dbgview approach :) -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

I am running ASSP Version: 1.5.1.2(0.0.03) on Windows with active state PERL 5.10.0 IO::SOCKET::SSL is at version 1.22 which is the latest I temporary patch to debug the program: open assp.pl using an editor, locate line #3169, it should read: print DEBUG $time $debugprint\n; add a blank

[Assp-test] 1.5.1 - problems with PTR checks and SRS signed bounces

A couple of possible issues which may need investigation first of all, got some reports from senders about rejected emails (valid ones), and turned out to be an issue related to the PTR check, the score got increased due to missing PTR and the messages were incorrectly rejected, but, manually

Re: [Assp-test] pbdb.black.db growing indefinitely

Apr-5-09 01:16:34 PenaltyBox: cleaning BlackBox finished; IP's before=157624, deleted=145732 Apr-5-09 03:15:43 PenaltyBox: cleaning BlackBox finished; IP's before=159951, deleted=147536 Apr-5-09 05:15:31 PenaltyBox: cleaning BlackBox finished; IP's before=162143, deleted=149832

Re: [Assp-test] pbdb.black.db growing indefinitely

Set the logging to MaintenanceLog=verbose already had it that way Apr-5-09 01:16:34 PenaltyBox: cleaning BlackBox finished; IP's before=157624, deleted=145732 Apr-5-09 03:15:43 PenaltyBox: cleaning BlackBox finished; IP's before=159951, deleted=147536 Apr-5-09 05:15:31 PenaltyBox: cleaning

Re: [Assp-test] pbdb.black.db growing indefinitely

It would be intersting adding some debug code do dump all the involved file/path names, I wonder if the issue may be caused by a wrong name used for the delete/rename operations and/or if it may be caused by files left open (or even reopened) while attempting such operations Also, failures

Re: [Assp-test] pbdb.black.db growing indefinitely

This is unchanged code for 5 years and is running flawless in several thousand installations. I am always ready to find bugs in my (and others) code but this is the one and only case reported to my knowledge. Your case with ever increasing file size sounds very unrelated. Ok, will leave

Re: [Assp-test] 1.5.1.2 - Many Connection Idle - timeout

example I found) but it seems to just come to a halt - the debug log has a series of 6, 50, 8 repeats and then drops in to the next conversation (I assume those are place markers from the script) Yes, look at the calls to d(6) d(8) and d(50) in the code So far, I have found that for one

[Assp-test] denySMTPConnectionsFromAlways

Just a note; if you didn't already do so, I suggest you to add an entry to your denySMTPConnectionsFromAlways list reading as follows 64.18.128.0/19 RackVibe spammers the whole range shown above is a can of worms, not just that, lately (and now too) I'm observing flurries of connection attempts

Re: [Assp-test] denySMTPConnectionsFromAlways

64.18.128.0/19 RackVibe spammers just in case, this is a small samples of hostnames sitting on that range, judge by yourself :) 64.18.149.2 st1.journalpreport.com 64.18.149.3 gre1.journalqreport.com 64.18.149.4 bg1.journalrreport.com 64.18.149.5 rs1.journalsreport.com 64.18.149.6

Re: [Assp-test] Error Resending emails in version 1.5.1.1(1.0.06)

c:\assp/resendmail/10173.eml to 10.0.50.150:25 - Can't call method I suspect that the resend function isn't properly handling the IP:port format and that it's feeding to the SMTP module the whole string as an address... and btw the SMTP bombs due to the invalid IP :)

[Assp-test] ASSP hanging

Notice the behaviour starting some versions ago, but didn't report it since, being a work in progress I thought it was just a temporary glitch, but now, since even the latest version (1.14) shows the same behaviour I thought it was the case of reporting it ASSP starts and runs just fine for

[Assp-test] sbcache format

Just a request, the senderbase hosts cache is using the - character as a separator, so, the textual part of the entries is something like tld-orgname-domain now, the above imVHo may cause confusion and for sure makes more complex to split the entries in case one wants to extract the infos from

Re: [Assp-test] sbcache format

Is changed A couple of issues; the first is probably related to the latest release, installing it the program starts fine, but if you hit the apply button (even w/o changing anything) and restart the service, it bombs... rolled back to previous; the error was related to a penaltybox string...

Re: [Assp-test] 1.5.1.1 (0.1.00) not starting

Global symbol $spfpValencePB requires explicit package name at C:\ASSP\assp.pl line 8756. BEGIN not safe after errors--compilation aborted at C:\ASSP\assp.pl line 15377. Started fine here. Win2k3 Server with Perl 5.10. Same error I saw, seems to only happen if you hit the apply button

Re: [Assp-test] 1.5.1.1 (.04) block report not being processed

Error: Host name: 10.42.23.11, message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond Uhmm... let me guess... you have things setup this way you -

Re: [Assp-test] 1.5.1.1 (.04) block report not being processed

Me - mailserver (Kerio) - ASSP - SMPT relay (hmailserver) - internet Yes, ok... I ass-u-med g that :) anyways, sounds like the bug I described is hitting again :( -- ___

Re: [Assp-test] use of senderbase and other antispam techniques

put only microsoft.com into whiteorg, not microsoft. Since we're at it... I downloaded the latest whiteorg.txt and looking at it I got somewhat lost... what I mean is that in some cases the dash signs - are escaped, that is written as \- while it others they're unescaped, and all the dots . are

Re: [Assp-test] use of senderbase and other antispam techniques

There is now a better adaption possible. I introduced orgwhiting. Uhm... any LDVM I could look at to understand what are you referring to :) ? (note: LDVM = RTFM g) -- Apps built with the Adobe(R) Flex(R) framework

Re: [Assp-test] use of senderbase and other antispam techniques

I commented out gmail, google, msn, and live because of spam sources. I added microsoft.com per fritz and hopefully that will only allow microsoft corporate. add microsoft.com to the whiteorg.txt and then add @microsoft.com to the spfstrict list, this way you'll avoid spoofed messages and will

Re: [Assp-test] use of senderbase and other antispam techniques

Uhm... any LDVM I could look at to understand what are you referring to :) ? (note: LDVM = RTFM g) Try looking at the newest version of ASSP 1.5.1. It was included there. yup... saw it, updated and restarting it right now :) thanks !

Re: [Assp-test] 1.5.1 (1.04) trap not working

The question is why do I need DoPenaltyMakeTraps, when ldap is used??? The *real* question is: did you understand what the DoPenaltyMakeTraps does ? Apparently, ad least judging from your question, you didn't and you didn't even read the help text... oh well... sounds like an RTFM, doesn't

Re: [Assp-test] Messages

Error, you have got a penalty - to much bad emails that's why I don't currently using the penalty box :) the idea isn't bad, it's just that, as it is, it's too easy to abuse it and block legitimate servers -- Apps built

Re: [Assp-test] 1.5.1 (1.04) trap not working

The *real* question is: did you understand what the DoPenaltyMakeTraps does ? Apparently, ad least judging from your question, you didn't and you didn't even read the help text... I know what it does, and it was not a real question. It was meant rhetorical. Sorry if that was not clear. You

Re: [Assp-test] 1.5.1 (1.04) trap not working

RTFM:Lies das verdammte Manual /me makes a note: RTFM = LDVM :D -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily

Re: [Assp-test] Messages

that's why I don't currently using the penalty box :) May be you overlooked some possibilities. Highly possible, but in a past I noticed that the PB gave me quite a lot of F/P so I decided to switch it off... at any rate, since I'm not locked into it... You do not have to use the PenaltyBox

[Assp-test] Something strange...

I was looking at the ASSP logs and found the following (note replaced the real recipient with u...@example.com) === Mar-23-09 07:20:17 msg-92813-07954 213.161.194.44 vxh...@casfei.com to: u...@example.com MessageScore is now 10, after

Re: [Assp-test] Something strange...

This is a logging (cosmetic) issue: SPF pass got a bonus value and the proper text was not set. It should be fixed since 1.01 Uhm... on a second thought, that domain has no MX/A record so how could it pass the SPF test and get that bonus score ?? Mar-23-09 07:20:17 msg-92813-07954

Re: [Assp-test] Something strange...

This is a logging (cosmetic) issue: SPF pass got a bonus value and the proper text was not set. It should be fixed since 1.01 Ok, I see, not a problem but seeing the MXA increasing and then decreasing the score was a bit confusing :)

Re: [Assp-test] assp.pl version 1.5.1.0(1.0) crash on Win2K server

It would be nice, if you give the newest version a try. Following the log, there was no reason for a timeout. Hmmm... the code sets alarm 300 when entering mainloop and then resets it to alarm 0 just before exiting, but inside the main loop there are several calls to functions which may take

Re: [Assp-test] Some serious problems in 2.0.0 SMTP password stolenby a trojan Part

One of my users had their PC compromised, and their SMTP password stolen by a trojan. This was then used to log into my server from zombie spam bots and send massive amounts of spam all over the world. 1) Remove trojan by antivirus software ( or simply reinstall OS) 2) change

Re: [Assp-test] Some serious problems in 2.0.0 SMTP passwordstolenby a trojan Part

I'd switch 1-2 I mean, FIRST change the password, THEN proceed to the cleanup so that, during the cleanup the account won't be abused by other bots But new pass may be also leak while virus continue executing on infected computer Uh... how ? See, you change the email password on the

Re: [Assp-test] IO::Socket::SSL

I'm running 1.08 and have been having problems with hosts timing out when trying to make a SSL--TLS connection. Where are you getting 1.13 from? add the following repository: Name:tcool URL: http://ppm.tcool.org/archives/package.xml then run a ppm s IO::Socket::SSL HTH :)

Re: [Assp-test] Antwort: logs

Need tagging of subject for easy parse in external programm sounds quite braindead to me, the same subject may be used by whatever host and would pollute whatever you're using the collected messages for; if you could detail what you are trying to achieve, maye you'll get better help

[Assp-test] whiteorg.txt

here's a somewhat longer list you may use to fill your whiteorg.txt file (the use used to whitelist organization names through senderbase lookups) = LIST BELOW === 3Com Corporation AMERICAN EXPRESS Apple Computer Avira GmbH Bank of America Capital One Financial Central

<    2   3   4   5   6   7   8   9   >