> I can only find rfcs that say the helo must
> contain a name that has an dns A record.
yes, A record MUST be resolved, missing
that the HELO may be considered invalid
--
Let Crystal Reports handle the reporting - Fr
On 9 Nov 2009 at 2:53, Scott Haneda wrote:
> On Nov 9, 2009, at 2:45 AM, Hisham Al Saad wrote:
> >
> > If I remove \.local$ from my invalidhelo.txt file, will this allow
> > them to
> > pass through ?
>
> Yes, and I also believe that .local is valid rfc for ehlo/helo.
I can only find rfcs tha
On 9 Nov 2009 at 13:45, Hisham Al Saad wrote:
> > I don't know why they are using a local address in a helo, but I
> > would either put the IP in 'noHelo' or put the helo into
> > 'heloBlacklistIgnore'.
> >
> > The helos you want blocked will stay blocked.
> >
>
> In this case we will have to
> Yes, and I also believe that .local is valid rfc for ehlo/helo. I
> would not run that one. That is too high risk, as you are seeing,
> unless you can weight it, in which case, by all means, run it with
> a low weight.
Heh... maybe it's valid for RFC but the ".local" TLD isn't
a valid one
On Nov 9, 2009, at 2:45 AM, Hisham Al Saad wrote:
>>
>> I don't know why they are using a local address in a helo, but I
>> would either put the IP in 'noHelo' or put the helo into
>> 'heloBlacklistIgnore'.
>>
>> The helos you want blocked will stay blocked.
>
> In this case we will have to wait u
> I don't know why they are using a local address in a helo, but I
> would either put the IP in 'noHelo' or put the helo into
> 'heloBlacklistIgnore'.
>
> The helos you want blocked will stay blocked.
>
In this case we will have to wait until they complain about it before we
know which address
On 9 Nov 2009 at 8:31, Hisham Al Saad wrote:
> Under my (Regular Expression to Invalidate Format of HELO*) file I have
> these settings.
>
> ^\d+\.\d+\.\d+\.\d+$
> ^[^\.]+\.?$
> \d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}
> \.intra$
> \.local$
> \.lan$
> \.priv$
> \.private$
> \.localdomain$
> \.onli
Hi,
> >
> > The "invalid HELO" option is very useful when enabled to reject large
> amount
> > of spam, but unfortunately also rejects lots of legitimate mail ;-(
>
> You'll have to tell us what you have in your config and what gets
> blocked.
>
> The default setting blocks an IP address or a nam
On 8 Nov 2009 at 13:45, Hisham Al Saad wrote:
> Hi,
>
> The "invalid HELO" option is very useful when enabled to reject large amount
> of spam, but unfortunately also rejects lots of legitimate mail ;-(
You'll have to tell us what you have in your config and what gets
blocked.
The default set
I do not know how to do it, but block on ehlo/helo does not contain
one dot. This is my most effective rule on another server, accounts
for something like 90% of all blocked email.
Then make ehlo/ehlo look like dynamic ranges. Those get the rest.
--
Scott * If you contact me off list replac
Hi,
The "invalid HELO" option is very useful when enabled to reject large amount
of spam, but unfortunately also rejects lots of legitimate mail ;-(
What is the best way to enable it without having those legitimate senders
gets rejected.
I hope there is a workaround somehow.
Appreciate your input.
> There is a whole section for this, it is called "collecting".
> I said already, look into that section.
> You will find, that there are modes for the different types
> of blocking.
>
> And you will find
> Spam Helos
>
> Where to store spam helo emails. Recommended: 6 or 7.
>
Thank you Frit
There is a whole section for this, it is called "collecting". I said
already, look into that section.
You will find, that there are modes for the different types of
blocking.
And you will find
Spam Helos
Where to store spam helo emails. Recommended: 6 or 7.
---
> >How can I have the Invalid HELO rejected emails sent to an email
> >address like the 'sendAllspam' feature does? I'm seem many Invalid
> >HELO's that are spam and I would like to have them CC'd if possible.
>
> Look into the collect section.
>
> fritz
>
Fritz,
I must be doing something w
>How can I have the Invalid HELO rejected emails sent to an email
>address
>like the 'sendAllspam' feature does? I'm seem many Invalid HELO's
>that are
>spam and I would like to have them CC'd if possible.
Look into the collect section.
fritz
--
How can I have the Invalid HELO rejected emails sent to an email address
like the 'sendAllspam' feature does? I'm seem many Invalid HELO's that are
spam and I would like to have them CC'd if possible.
Thank you,
~Rick
-
Th
Hello,
ASSP version is 1.2.6.
I read somewhere that if the IP address is not enclosed in a square bracket,
it is considered as an invalid HELO, but following is what is logged...
Feb-5-07 00:03:45 218.17.235.99 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]
Validate Sender: Invalid HELO Format '[218.
OK. Will do.
Thanks.
James.
On 01/02/2007, at 2:07 PM, Kevin wrote:
> James Brown wrote:
>>> What is in your 'validFormatHeloRe' field?
>>>
>> ^[a-z]([a-z\d\-]*[a-z\d])?(\.[a-z]([a-z\d\-]*[a-z\d])?)+\.?$|^\[[12]?
>> \d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\]$
>>
>> This is different to
James Brown wrote:
>> What is in your 'validFormatHeloRe' field?
>>
> ^[a-z]([a-z\d\-]*[a-z\d])?(\.[a-z]([a-z\d\-]*[a-z\d])?)+\.?$|^\[[12]?
> \d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\]$
>
> This is different to the default. Must have been posted by someone to
> this list.
Thats the pr
On 01/02/2007, at 1:48 PM, Kevin wrote:
> James Brown wrote:
>> Just had an email from the database makers 4D that got blocked:
>>
>> Validate Sender: Invalid HELO Format 'info.4d.com
>>
>> I'm just using the default regex:
>>
>> ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$
>>
>> I can't read regex, but does
James Brown wrote:
> Just had an email from the database makers 4D that got blocked:
>
> Validate Sender: Invalid HELO Format 'info.4d.com
>
> I'm just using the default regex:
>
> ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$
>
> I can't read regex, but does this mean that it needs to be altered? I
> pre
Just had an email from the database makers 4D that got blocked:
Validate Sender: Invalid HELO Format 'info.4d.com
I'm just using the default regex:
^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$
I can't read regex, but does this mean that it needs to be altered? I
presume that there is nothing wrong with i
> Now mine has evolved in
>
> ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$|\d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}|dynamic|ddns|dns\.org$
In the flat file, for easier reading, could this line become:
^\d+\.\d+\.\d+\.\d+$
^[^\.]+\.?$
\d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}
dynamic
ddns
dns\.org$
Tha
no :) I think its like regex buddy to validate a single regex against
some strings. What I am searching is a ASSP tool - something like the
mail analyzer - with two Textboxes.
First textbox to put a list of regexes.
second to put a list of textstrings.
And a button who shows the result, which r
Matti Haack wrote:
> It would be cool if there was a regex tester in ASSP, where
> you can enter a list of regexes and a test string and ASSP
> echos back, which regex was positive.
> So these kind of errors could be detected very fast...
>
Something like this?
http://weitz.de/regex-coach/
kevin
>> Remove '\d+[_.-]\d+[_.-]|' or put the name in 'don't block these helos' -
>> but the first is the
>> better option.
>>
>
> Hmm Intresting. I'm using a reg-ex from an older version.
>
> Mine is "^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$" it looks like it was changed
> between 1.2.6 (35) and 1.2.6 (46) (I
It would be cool if there was a regex tester in ASSP, where
you can enter a list of regexes and a test string and ASSP
echos back, which regex was positive.
So these kind of errors could be detected very fast...
Matti
--
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
schreibt:
>That's fine and the one I use. Stops dotted ip addresses and
>anything without a dot.
>
>paul
I propose this:
^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$|dynamic|ddns|dns\.org$
---
pabcu> I was caught by that a few months ago :) The
pabcu> relevant rfc is now 1123 (as cited in the interface)
pabcu> and says:
pabcu> The syntax of a legal Internet host name was specified in RFC-952
pabcu> [DNS:4]. One aspect of host name syntax is hereby changed: the
pabcu> res
On 10 Jan 2007 at 17:32, Dave Emory wrote:
> Is this compliant for the "Invalidate the format of HELO" regex?
>
> ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$
That's fine and the one I use. Stops dotted ip addresses and anything without
a dot.
paul
Kevin wrote:
> Dave Emory wrote:
>>> The syntax of a legal Internet host name was specified in RFC-952
>>> [DNS:4]. One aspect of host name syntax is hereby changed: the
>>> restriction on the first character is relaxed to allow either a
>>> letter or a digit. Host software MUST su
Dave Emory wrote:
>> The syntax of a legal Internet host name was specified in RFC-952
>> [DNS:4]. One aspect of host name syntax is hereby changed: the
>> restriction on the first character is relaxed to allow either a
>> letter or a digit. Host software MUST support this more lib
[EMAIL PROTECTED] wrote:
>
> The default validHeloRE as used by Ernesto obeys this more liberal rule, but
> the first part of his
> invalidFormatHeloRE is catching it, which is shown as the default but is not
> compliant.
>
> Remove '\d+[_.-]\d+[_.-]|' or put the name in 'don't block these hel
>
> The syntax of a legal Internet host name was specified in RFC-952
> [DNS:4]. One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit. Host software MUST support this more liberal
> syntax.
On 10 Jan 2007 at 15:49, Micheal Espinola Jr wrote:
> Kevin wrote:
> > Domain names must start with a letter and not a number, "53.com" is NOT
> > a valid domain name according to the RFCs (rfc1035 to be exact), however
> > these are not followed to the letter all the time and thus we get names
On 10 Jan 2007 at 12:16, Kevin wrote:
> [EMAIL PROTECTED] wrote:
> > On 10 Jan 2007 at 13:23, Ernesto Nieto wrote:
> >
> >> When I go look in the maillog file, this is the corresponding log entry:
> >>
> >> Sender: Invalid HELO Format 'mailgw5.53.com' RE_E_mail_problems_
> >>
> >> Now, I'm not up
Andreas Krüger wrote:
> I got spam mails from 53.com...
I agree. I get nothing bu spam from them, from multiple IPs within the
same /24
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay pa
Kevin wrote:
> Domain names must start with a letter and not a number, "53.com" is NOT
> a valid domain name according to the RFCs (rfc1035 to be exact), however
> these are not followed to the letter all the time and thus we get names
> like that which violate that rule.
>
> I'm not sure but th
I got spam mails from 53.com...
on 10-01-2007 21:16 Kevin wrote:
> [EMAIL PROTECTED] wrote:
>> On 10 Jan 2007 at 13:23, Ernesto Nieto wrote:
>>
>>> When I go look in the maillog file, this is the corresponding log entry:
>>>
>>> Sender: Invalid HELO Format 'mailgw5.53.com' RE_E_mail_problems_
>>>
[EMAIL PROTECTED] wrote:
> On 10 Jan 2007 at 13:23, Ernesto Nieto wrote:
>
>> When I go look in the maillog file, this is the corresponding log entry:
>>
>> Sender: Invalid HELO Format 'mailgw5.53.com' RE_E_mail_problems_
>>
>> Now, I'm not up to snuff on the format, but isn't that legit? Is ther
On 10 Jan 2007 at 13:23, Ernesto Nieto wrote:
> When I go look in the maillog file, this is the corresponding log entry:
>
> Sender: Invalid HELO Format 'mailgw5.53.com' RE_E_mail_problems_
>
> Now, I'm not up to snuff on the format, but isn't that legit? Is there
> somewhere else I need to loo
Hi again,
I've looked up on several sites, and in the archives, and can't see what's
wrong with this.
One of users has told us that emails coming from a certain domain aren't
being able to send to them. The error is this:
The following message to [EMAIL PROTECTED] was undeliverable. The rea
On 12 Dec 2006 at 8:46, Doug Traylor wrote:
> Hello all,
>
> host252.atx.net
It matches your first validate line.
> I was wondering why this HELO was deemed invalid.
> Entire email attached as sample.txt
>
> I think it is this line in my invalidate regex that I got from this list:
> ^host.*\.t
Hello all,
host252.atx.net
I was wondering why this HELO was deemed invalid.
Entire email attached as sample.txt
I think it is this line in my invalidate regex that I got from this list:
^host.*\.telecom\.net\.ar
The email comes from a site pbcompliance.com that does not appear to be spam
in
Andreas Krüger wrote:
> Guys, you got away from my problem :( - I still cant find the problem with
> ASSP and my HELO.
Well, which HELO options do you have enabled, what are you using for
Regular Expressions, and what is the HELO (or HELOs) that are failing?
My crystal ball is in the shop. :-)
Guys, you got away from my problem :( - I still cant find the problem with
ASSP and my HELO.
Andreas
"Micheal Espinola Jr" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Fritz Borgstedt wrote:
>> ASSP need nothing of this for first installation, all necessary mkdirs
>> are done
"Micheal Espinola Jr" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Fritz Borgstedt wrote:
>> ASSP need nothing of this for first installation, all necessary mkdirs
>> are done automatically when needed.
>
> Does this apply to all directories or just the corpus? It may be a
> poin
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
schreibt:
>Does this apply to all directories or just the corpus? It may be a
>point of confusion to people if this applied to some but not all
>things
>that require directories.
-d "$base/$spamlog" or mkdir "$base/$spamlog",0700;
Fritz Borgstedt wrote:
> ASSP need nothing of this for first installation, all necessary mkdirs
> are done automatically when needed.
I never knew that. I'll make sure the Wiki gets updated. I believe its
always bee a part of the various install documentation that the
directories were to be ma
Fritz Borgstedt wrote:
>> mkdir -p /usr/share/assp/spam
>> mkdir /usr/share/assp/notspam
>> mkdir /usr/share/assp/errors
>> mkdir /usr/share/assp/errors/spam
>> mkdir /usr/share/assp/errors/notspam
>
>
> I do not know who is responsible for this in the wiki.
>
> ASSP need nothing of this for fir
>>mkdir -p /usr/share/assp/spam
>>mkdir /usr/share/assp/notspam
>>mkdir /usr/share/assp/errors
>>mkdir /usr/share/assp/errors/spam
>>mkdir /usr/share/assp/errors/notspam
> I do not know who is responsible for this in the wiki.
> ASSP need nothing of this for first installation, all necessary mkd
> Hello there.
>
> I just set up ASSP for my postfix server. This is how I
> installed ASSP:
[...]
> What is wrong? Is ASSP not doing HELO commands correctly or?
> Andreas,
> You can turn of spam checking in postfix. RBL checking etc wont do you
> any good from the postfix side as postfix sees
>mkdir -p /usr/share/assp/spam
>mkdir /usr/share/assp/notspam
>mkdir /usr/share/assp/errors
>mkdir /usr/share/assp/errors/spam
>mkdir /usr/share/assp/errors/notspam
I do not know who is responsible for this in the wiki.
ASSP need nothing of this for first installation, all necessary mkdirs
are
> Hello there.
>
> I just set up ASSP for my postfix server. This is how I
> installed ASSP:
[...]
> What is wrong? Is ASSP not doing HELO commands correctly or?
Andreas,
You can turn of spam checking in postfix. RBL checking etc wont do you
any good from the postfix side as postfix sees all co
Hello there.
I just set up ASSP for my postfix server. This is how I installed ASSP:
--
perl -MCPAN -e shell
install Compress::Zlib
install Digest::MD5
install Email::Valid
install File::ReadBackwards
install Mail::SPF::Query
install Mail::SRS
install Net::DNS
install Sys
55 matches
Mail list logo
