Re: [Assp-user] Unallowed file

On 8/18/06, Fritz Borgstedt <[EMAIL PROTECTED]> wrote: > > >It is now corrected in (11). > > The following rules apply now: > > - '..' unallowed everywhere > > - Edit of files in ASSP directory OR upper directories allowed only > for > '.txt' and '.db' files. This to block accessing to other info a

Re: [Assp-user] Unallowed file

Fritz Borgstedt wrote: > The following rules apply now: > > - '..' unallowed everywhere > > - Edit of files in ASSP directory OR upper directories allowed only > for > '.txt' and '.db' files. This to block accessing to other info at the > assp > directory, like assp.pl or even the config etc > >

Re: [Assp-user] Unallowed file

>It is now corrected in (11). The following rules apply now: - '..' unallowed everywhere - Edit of files in ASSP directory OR upper directories allowed only for '.txt' and '.db' files. This to block accessing to other info at the assp directory, like assp.pl or even the config etc - Get of A

Re: [Assp-user] CCallspam with BombRe

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: >spamPBlog = 7 The logoption for bombre is "spamBombLog" not >spamPBlog . - Using Tomcat but need to do more? Need to support web services, security? G

Re: [Assp-user] Unallowed file

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: >I think most of it is now corrected in (10). It is now corrected in (11). - Using Tomcat but need to do more? Need to support web services, security?

Re: [Assp-user] CCallspam with BombRe

Jérôme PHILIPPE wrote: For example : Aug-18-06 19:20:58 217.174.222.11 <[EMAIL PROTECTED]> whitelisting triplet: (217.174.222.0, whitelisting triplet? My most recent example: -- Aug-18-06 13:22:01 Connected: 63.118.119.36:29400 -> 192.168.X.X:25 -> 192.168.X.X:26

Re: [Assp-user] CCallspam with BombRe

spamPBlog = 7For example :Aug-18-06 19:20:58 217.174.222.11 <[EMAIL PROTECTED]> whitelisting triplet: (217.174.222.0,   [EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 3h 40mAug-18-06 19:20:58 217.174.222.11 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]   recipient

Re: [Assp-user] [SPAM] Re: [SPAM] Re: Unallowed file

Przemek Czerkas wrote: config directory to /etc (assuming that attacker has already assp administrator rights). ;-) Eep!  I guess I hadn't thought that through - although I liked the idea that is was config-based. Well either way, I've been told not to comment on this thread anymore.  S

Re: [Assp-user] [SPAM] Re: [SPAM] Re: Unallowed file

On 8/18/06, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > Matti Haack wrote: > > The only really clean & secure way (but as I think most > > complicated patch) would be allow access only to the files & locations which > > are entered somewhere in the config file. > > Best idea I have heard so fa

Re: [Assp-user] [SPAM] Re: [SPAM] Re: Unallowed file

Micheal Espinola Jr wrote: > Matti Haack wrote: >> The only really clean & secure way (but as I think most >> complicated patch) would be allow access only to the files & locations which >> are entered somewhere in the config file. > > Best idea I have heard so far. So one aditional step before b

Re: [Assp-user] CCallspam with BombRe

Jérôme PHILIPPE wrote: I have bombTestMode off My bombTestMode is off also.  Let me know if there is anything else I can compare settings for. - Using Tomcat but need to do more? Need to support web services, s

Re: [Assp-user] [SPAM] Re: [SPAM] Re: Unallowed file

Matti Haack wrote: > The only really clean & secure way (but as I think most > complicated patch) would be allow access only to the files & locations which > are entered somewhere in the config file. Best idea I have heard so far. -

Re: [Assp-user] Unallowed file

>That will be restored. I think most of it is now corrected in (10). - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier

Re: [Assp-user] CCallspam with BombRe

Thanks Micheal,   I'm searching why...   I have bombTestMode off     - Original Message - From: Micheal Espinola Jr To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy Sent: Friday, August 18, 2006 8:16 PM Subject: Re: [Assp-user] CCallspam with

[Assp-user] [SPAM] Re: [SPAM] Re: Unallowed file

The only really clean & secure way (but as I think most complicated patch) would be allow access only to the files & locations which are entered somewhere in the config file. If this was possible, you could put your files even outside of the assp directorys (e.g. a common logfile directory) and st

Re: [Assp-user] CCallspam with BombRe

Jérôme PHILIPPE wrote: Hi all,   I noticed that my BombRe didn't go to my ccallspam's account since wednesday...   v1.2.5(8) PB in testmode spamBombLog = 7 I also have spamBombLog = 7, but I have not noticed any issues. --

[Assp-user] CCallspam with BombRe

Hi all,   I noticed that my BombRe didn't go to my ccallspam's account since wednesday...   v1.2.5(8) PB in testmode spamBombLog = 7   Jérôme.   - Using Tomcat but need to do more? Need to support web services, security? Ge

Re: [Assp-user] Unallowed file

Fritz Borgstedt wrote: > You are not discussing a resolution, you are making proposals for > restrictions. > I didn't realize that expressing my opinion about an issue was "making a proposal". Thanks for clarifying that for me. --

Re: [Assp-user] [SPAM] Re: RBL Problem in 1.2.5

FB> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy FB> schreibt: >> >>Line 8396 has a typo: "RBLmaxhitss" FB> Not from me. I can confirm the typo. Correcting it solves the problem. A cool future feature would be if the text from the green/red messages in the Gui would apear also i

Re: [Assp-user] RBL Problem in 1.2.5

Fritz Borgstedt wrote: > Not from me. I don't know who its from, or who did it - it doesn't matter to me, and I'm certainly not here pointing fingers. As long as we know whats wrong and it gets fixed, I'm happy. I downloaded (8) to beta test, and found that it contains a typo in-relation to

Re: [Assp-user] Unallowed file

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: > >Stop what shit Fritz? *You cant current open the PB DB's via the web >interface*. We are discussion a resolution. Or are we no longer >allowed to do that? You are not discussing a resolution, you are making proposals for

Re: [Assp-user] Unallowed file

> >Frankly I think it would be fine to just limit ASSP to it's own >directory and sub-folders. That will be restored. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with p

Re: [Assp-user] Unallowed file

Fritz Borgstedt wrote: Please stop this shit. Stop what shit Fritz?  *You cant current open the PB DB's via the web interface*.  We are discussion a resolution.  Or are we no longer allowed to do that? - Using Tomcat

Re: [Assp-user] RBL Problem in 1.2.5

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: > >Line 8396 has a typo: "RBLmaxhitss" Not from me. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly

Re: [Assp-user] Unallowed file

On 8/18/06, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > Do we need to be that restrictive? > > > > No, and we shouldn't be due to the customizable configuration of ASSP. > > > Also, I've just discovered that we need .db files in there. Currently you > > can't loo

Re: [Assp-user] RBL Problem in 1.2.5

Matti Haack wrote: > Hello, > > another Problem in 1.2.5 is that I could not activate RBL: Line 8396 has a typo: "RBLmaxhitss" - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quick

Re: [Assp-user] Unallowed file

>Although, if possible, I think it would be >safer to restrict access to specific file types. We just need an >accurate list. Please stop this shit. - Using Tomcat but need to do more? Need to support web services, secur

Re: [Assp-user] Unallowed file

[EMAIL PROTECTED] wrote: > Do we need to be that restrictive? > No, and we shouldn't be due to the customizable configuration of ASSP. > Also, I've just discovered that we need .db files in there. Currently you > can't look at your > pb/.db files through the interface. > Good point. I

Re: [Assp-user] RBL Problem in 1.2.5

Matti Haack wrote: > Hello, > > another Problem in 1.2.5 is that I could not activate RBL: > > *** Updated *** RBLmaxhits must be defined and positive before enabling RBL. Confirmed in (8). My RBL got disabled! :-( An email notification of something like that would be nice! I don't know if wo

Re: [Assp-user] Unallowed file

On 18 Aug 2006 at 12:41, Javier Albinarrate wrote: > This opens the possibility of making things like > images/../../../../blah.txt Yes > If other directories should be allowed, then these should be > speciffically allowed I think. > Like: > > elsif ($fil !~ /^(images\/

[Assp-user] RBL Problem in 1.2.5

Hello, another Problem in 1.2.5 is that I could not activate RBL: *** Updated *** RBLmaxhits must be defined and positive before enabling RBL. The settings on this Tab: [...] RBL Service Providers ix.dnsbl.manitu.net|sbl-xbl.spamhaus.org|combined.njabl.org|bl.spamcop.net|relays.ordb.org M

Re: [Assp-user] FAQs needed

The following is an example FAQ I recently created.  I'd appreciate some feedback as to if this is|isn't going in the right direction. This type of project is new to me, so I'd rather know now if what I am doing is not particularly useful.  TIA! Why is a RE file matching when it is empty or do

Re: [Assp-user] Unallowed file

Hi, You are right and I am wrong :) In fact I didn't realize that the .. is speciffically forbidden just before that RE :) So the problem doesn't really exist! Regards! Javier - Original Message - From: "Micheal Espinola Jr" <[EMAIL PROTECTED]> To: "Ques

Re: [Assp-user] Feature : userpref

Read the DSpam FAQ.  It looks entirely too complicated -Original Message-From: Lars Troen [mailto:[EMAIL PROTECTED]Sent: Friday, August 18, 2006 3:47 AMTo: Questions and Answers for users of ASSP Anti-Spam SMTP ProxySubject: Re: [Assp-user] Feature : userpref I think D

Re: [Assp-user] Unallowed file

Javier Albinarrate wrote: > What do you think? $.02: I think this is increasingly becoming the wrong approach. The interface allows for files to be placed in any [sub]directory of the admins choosing. For instance, take a look at my [preferred] directory structure off the ASSP base:

Re: [Assp-user] [SPAM] Re: 1.2.5(4) Interface Bug?

Hi there, I had no chance to comment on this earlier, but I am also experiencing the GUI problem, Only after clicking Attachments I can see the sections bellow it. It certainly seems to be a CSS + JS problem. Regards! Javier Albinarrate - Original Message - From: "Matti Haac

Re: [Assp-user] Unallowed file

Hi there, This opens the possibility of making things like images/../../../../blah.txt You get the idea, right? If other directories should be allowed, then these should be speciffically allowed I think. Like: elsif ($fil !~ /^(images\/|notes\/)?[\w-\.]+\.txt$/i){

[Assp-user] FAQs needed

Hi everyone, In the effort to add more content (and properly organize that content) on the Wiki, I have created a FAQ page. If you could take a moment, think about the issues you had (or still have) about ASSP and its configuration - and what the most significant questions/issue you ran into

Re: [Assp-user] [SPAM] Re: Its official - we are on Secunia...

Matti Haack wrote: > someone who has access to the assp sourceforge-page should > post the update with the fix there and inform secunia, > so that they can update their advisory. Not just yet, but soon. We need more verification across all platforms.

Re: [Assp-user] [SPAM] Re: Its official - we are on Secunia...

Hello, someone who has access to the assp sourceforge-page should post the update with the fix there and inform secunia, so that they can update their advisory. http://secunia.com/advisories/21523/ Matti -- Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-

Re: [Assp-user] [SPAM] Re: Unallowed file

Matti Haack wrote: > As a real newbie to ASSP - where get I those "betas" like 1.2.5(x)? As a "newbie", I wouldn't recommend that you run betas. - Using Tomcat but need to do more? Need to support web services, security? Get

Re: [Assp-user] ASSP 1.2.4

Fritz Borgstedt wrote: > ASSP 1.2.4 is ready to be published. We hold it back to built in the > security patch. > So it is currently available as 1.2.5 (6) and will be renamed to 1.2.4 > final. Please test this version. Will do. I also have an update for the Analyzer page (I missed the noProces

Re: [Assp-user] TLS/SSL with ASSP

James L. Brown wrote: > Is there any way to get SSL to work with ASSP? Or is that a whole new > set of functionality that needs to be added? ASSP is an *SMTP* proxy. If you encrypt the traffic, ASSP cant listen to it. Place ASSP in an unencrypted part of your topology. SSL encryption/decryp

Re: [Assp-user] [SPAM] Re: 1.2.5(4) Interface Bug?

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: > >Yes, now I see it with IE. After collapse all, 'Attachment Control' >is the final item before the >links to docs etc.. Open that up and the rest are visible, including >the apply changes and panic >buttons. Close it an

Re: [Assp-user] [SPAM] Re: [SPAM] Re: 1.2.5(4) Interface Bug?

>>Yes, now I see it with IE. After collapse all, 'Attachment Control' >>is the final item before the >>links to docs etc.. Open that up and the rest are visible, including >>the apply changes and panic >>buttons. Close it and they are gone. FB> Please try (8) 1.2.5(8) looks good. It seems a

Re: [Assp-user] Bayes-Confidence?

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: >I’m trying to figure out this whole Bayes-Confidence thing. But, I’m >a little confused as to why this message got marked as spam (it >should have been a HAM). Maybe I’m not understanding something, but >with a Bayes-Confide

[Assp-user] Bayes-Confidence?

I’m trying to figure out this whole Bayes-Confidence thing.  But, I’m a little confused as to why this message got marked as spam (it should have been a HAM).  Maybe I’m not understanding something, but with a Bayes-Confidence of 0, shouldn’t the Bayesian filter mark it as not spam?  Anyway

Re: [Assp-user] [SPAM] Re: 1.2.5(4) Interface Bug?

On 18 Aug 2006 at 14:17, Matti Haack wrote: > Every tap under Atachment-Blocking is gone until I klick on this Tab. > Then they magically reapier. Musßt be soem Browser/css/jacascript > issue... Yes, now I see it with IE. After collapse all, 'Attachment Control' is the final item before

[Assp-user] spamparse2.py

Hey everybody, I have an updated Python script that was originally posted by Shawn Masters, that parses the spam/notspam database and produces an html report. This has just a small bug fix on the search string. The search string wasn't case insensitive. This has been fixed. Documentation

Re: [Assp-user] [SPAM] Re: 1.2.5(4) Interface Bug?

Hello, I have the same problem wih 1.2.4 and 1.2.5(7) using IE Didn't test it with mozilla... Every tap under Atachment-Blocking is gone until I klick on this Tab. Then they magically reapier. Musßt be soem Browser/css/jacascript issue... I used the provides css files... Matti > > [

Re: [Assp-user] [SPAM] Re: Unallowed file

On 18 Aug 2006 at 10:57, Matti Haack wrote: > As a real newbie to ASSP - where get I those "betas" like 1.2.5(x)? >From Fritz's site at - Using Tomcat but need to do more? Need to sup

Re: [Assp-user] Unallowed file

On 18 Aug 2006 at 10:51, Fritz Borgstedt wrote: > Questions and Answers for users of ASSP Anti-Spam SMTP Proxy > schreibt: > >1.2.5(6) stops the functioning of the notes files. > > > Thanks, try (7) Great. Works fine.

Re: [Assp-user] [SPAM] Re: Unallowed file

As a real newbie to ASSP - where get I those "betas" like 1.2.5(x)? >>1.2.5(6) stops the functioning of the notes files. > Thanks, try (7) Matti - Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-22 Fax: +49 851 50477-29 http://www.haack-it.de Dieses Doku

Re: [Assp-user] Unallowed file

Questions and Answers for users of ASSP Anti-Spam SMTP Proxy schreibt: >1.2.5(6) stops the functioning of the notes files. Thanks, try (7) - Using Tomcat but need to do more? Need to support web services, security? Get stu

Re: [Assp-user] Feature : userpref

I think DSPAM will do this. http://dspam.sourceforge.net/   Lars From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jérôme PHILIPPESent: 10. august 2006 09:54To: assp-user@lists.sourceforge.netSubject: [Assp-user] Feature : userpref Hi !   One idea :

[Assp-user] Unallowed file

1.2.5(6) stops the functioning of the notes files. path is notes/xxx.txt and the slash is not allowed. if line 7431: elsif ($fil !~ /^[\w-\.]+\.txt$/i){ becomes elsif ($fil !~ /^[\w][\w-\.\/]+\.txt$/i){ then the path (if present) has to be below the base and the notes are functioning again

[Assp-user] ASSP 1.2.4

ASSP 1.2.4 is ready to be published. We hold it back to built in the security patch. So it is currently available as 1.2.5 (6) and will be renamed to 1.2.4 final. Please test this version. - Using Tomcat but need to do more?