Anti-Spam SMTP Proxy Server

Thomas,

While logging and comparing log to code, noted that $PenaltyLimit is used,
but never defined and never assigned a value:

sub PBOK - return 1 if $totalscore<$PenaltyLimit;

sub PBExtremeOK - if ( $totalscore >= $PenaltyLimit && $totalscore <
$PenaltyExtreme ) {

sub cleanBlackPB - if ($tdif>$PenaltyDuration*60 && $score<$PenaltyLimit ) {

In all three cases, I believe $PenaltyLimit should be $PenaltyMessageLimit.

Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)

> -----Original Message-----
> From: Michael Thomas [mailto:mike@...] 
> Sent: Sunday, October 24, 2010 2:55 PM
> To: 'ASSP development mailing list'
> Subject: Re: [Assp-test] Penalty Box - Message Scoring
> 
> 
> Thomas,
> 
> For load balancing and redundancy, I have three virtual 
> incoming MX. Issue
> shows on all three. Mx01 handles 70% of load, mx02 handles 
> 20% of load, and
> mx03 handles 10% of load. So, I do not think it is load 
> factor. It does not
> happen to every message. Most messages that score similarly 
> are tagged.
> 
> At first, I thought it might be related to the fact that I disabled PB
> Extreme, but after monitoring, I realized that it was not all 
> messages,
> there were similar messages getting tagged.
> 
> I will turn up logging to debug level and monitor.
> 
> Michael Thomas
> Mathbox
> 978-687-3300
> Toll Free: 1-877-MATHBOX (1-877-628-4269)
> 
> > -----Original Message-----
> > From: Thomas Eckardt [mailto:Thomas.Eckardt@...] 
> > Sent: Sunday, October 24, 2010 4:59 AM
> > To: ASSP development mailing list
> > Subject: Re: [Assp-test] Penalty Box - Message Scoring
> > 
> > Hi Thomas,
> > 
> > I'm unable to reproduce this behavior - it is reproduceable on your 
> > system?
> > 
> > Thomas
> > 
> > 
> > 
> > 
> > Von:    "Michael Thomas" <mike@...>
> > An:     "'ASSP development mailing list'" 
> > <assp-test@...>
> > Datum:  24.10.2010 03:59
> > Betreff:        [Assp-test] Penalty Box - Message Scoring
> > 
> > 
> > 
> > 
> > Thomas,
> > 
> > In the example below, the message exceeded the low limit, 
> > then exceeded 
> > the
> > high limit. As you can see from the log, assp passed the 
> > message through 
> > to
> > the SMTP. What I found interesting was that assp did not 
> > write any headers
> > to the message. I thought that because assp was in Message 
> > Scoring Mode:
> > tagging, that assp would tag. Apparently, because of the 
> score, assp 
> > wanted
> > to move to blocking and because assp was in tagging, assp did 
> > nothing. Or 
> > do
> > I misunderstand message scoring mode?
> > 
> > On the final destination SMTP, if I find "X-Assp-Spam: YES" in the 
> > headers,
> > I toss the message into the Junk folder. In this case there 
> > no headers at
> > all.
> > 
> > ASSP version 2.0.2(1.2.26)
> > Do PenaltyBox - IP History: Monitor/MessageScoring
> > Message Scoring Mode: tagging
> > Low MessageLimit: 25
> > High MessageLimit: 50
> > Add IP/Message Scoring Header: Checked
> > Extreme Scoring Threshold (PenaltyExtreme): 150
> > PenaltyBox Extreme IP Profiling (DoPenaltyExtreme): disabled
> > 
> > 
> > ================================
> > 10-Oct-23 13:28:16 [Worker_4] Connected: 67.23.229.242:1221 >
> > 208.69.48.42:25 > 208.69.48.46:25
> > 10-Oct-23 13:28:20 54896-03236 [Worker_4] [DNSBL] 67.23.229.242
> > <support@...> to: mailbox@... [scoring] DNSBL: 
> > neutral,
> > 67.23.229.242 listed in bl.mathbox.net
> > 10-Oct-23 13:28:20 54896-03236 [Worker_4] 67.23.229.242
> > <support@...> to: mailbox@... 
> > Message-Score: added 25
> > for DNSBL: neutral, 67.23.229.242 listed in bl.mathbox.net, 
> > total score 
> > for
> > this message is now 25
> > 10-Oct-23 13:28:20 54896-03236 [Worker_4] 67.23.229.242
> > <support@...> to: mailbox@... 
> > Regex:InvalidPTRRe 'PB 
> > 15:
> > for 67-23-229-242'
> > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 67.23.229.242
> > <support@...> to: mailbox@... 
> > Message-Score: added 50
> > for URIBL: neutral, phantasyleague.com listed in black.uribl.com
> > uri.mathbox.net, total score for this message is now 75
> > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 
> > [MessageLimit][tagging][tagmode]
> > 67.23.229.242 <support@...> to: 
> mailbox@... [spam 
> > found]
> > and possibly passing because tagmode: mailbox@..., 
> > otherwise
> > blocked (MessageScore 75, limit 50) [YourCashNow] -> 
> > C:/ASSP/spam/3236.eml
> > 10-Oct-23 13:28:21 54896-03236 [Worker_4] [PenaltyBox] 67.23.229.242
> > <support@...> to: mailbox@... 
> > [monitoring] totalscore
> > for 67.23.229.242 is 75, last bad penalty was 'URIBLneutral'
> > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 67.23.229.242
> > <support@...> to: mailbox@... spam found 
> > and passing 
> > ()
> > [YourCashNow] 
> > 10-Oct-23 13:28:21 54896-03236 [Worker_4] [MessageOK] 67.23.229.242
> > <support@...> to: mailbox@... message ok 
> > [YourCashNow]
> > -> C:/ASSP/spam/3236.eml
> > ================================
> > 
> > Michael Thomas
> > Mathbox
> > 978-687-3300
> > Toll Free: 1-877-MATHBOX (1-877-628-4269)
> > 
> > 
> > --------------------------------------------------------------
> > ----------------
> > Nokia and AT&T present the 2010 Calling All 
> Innovators-North America 
> > contest
> > Create new apps & games for the Nokia N8 for consumers in  
> > U.S. and Canada
> > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in 
> > marketing
> > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish 
> > to Ovi Store 
> > http://p.sf.net/sfu/nokia-dev2dev
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@...
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> > 
> > 
> > 
> > 
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be 
> > confidential, legally 
> > privileged and protected in law and are intended solely for 
> > the use of the 
> > 
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There 
> should be no 
> > known virus in this email!
> > *******************************************************
> > 
> > 
> > 
> 
> 
> --------------------------------------------------------------
> ----------------
> Nokia and AT&T present the 2010 Calling All Innovators-North 
> America contest
> Create new apps & games for the Nokia N8 for consumers in  
> U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly 
> $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish 
> to Ovi Store 
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
> 
>

Hi,

it would be great if someone could help me out with this.

I'm currently running 2.0.1(1.2.21). BTW: does this version belong to 
assp-user or assp-test?

Unfortunately since installing that version I get stuck workers at least 
once per hour:

These are the corresponding log lines:

27-10-10 14:46:19 [Worker_2] LDAP - found <user>@<mydomain> in LDAPlist

27-10-10 14:50:10 [Main_Thread] Info: Loop in Worker_2 was not active 
for 231 seconds
27-10-10 14:50:10 [Main_Thread] Info: Worker_2 : last sigoff in main, 
/usr/share/assp/assp.pl, 10080, main::sigoffTry, 1, , ,  at 10-27-9 
14:4619 1288183579.45356 - 10080
27-10-10 14:50:10 [Main_Thread] Info: Worker_2 : last sigon in main, 
/usr/share/assp/assp.pl, 10082, main::sigonTry, 1, , ,  at 10-27-9 
14:4619 1288183579.45363 - 10082
27-10-10 14:50:10 [Main_Thread] Info: Worker_2 : last action was : 
makeSubject

What exactly does makeSubject do? Can I somehow use this info to find 
out what assp was doing when this worker got stuck?

Thank you very much!

Max


ASSP startup:

ASSP 2.0.1(1.2.21) is starting in directory /usr/share/assp
on host filter
using Perl /opt/.perl5/perlbrew/perls/perl-5.12.2/bin/perl5.12.2 version 
5.012002 (5.12.2)

loading configuration                    [OK]
1010 values loaded                    [OK]
defining environment                        [OK]
loading modules.........                [OK]
loading database drivers                [OK]
setup regular expressions                [OK]
loading plugins                        [OK]
fixing up config                    [OK]
rendering HTML for GUI                    [OK]
check process env                     [SKIP]
check process permission                [OK]
setting up modules......                [OK]
checking directories                    [OK]
check file permission                    [OK]
loading caches and lists                [OK]
starting maintenance worker thread            [OK]
starting rebuild SpamDB worker thread            [OK]
starting 5 communication worker threads ......      [OK]
starting main thread and logging            [OK]
27-10-10 11:07:02 [startup] Starting in console mode
27-10-10 11:07:02 [startup] ASSP-professional version 2.0.1(1.2.21) 
(Perl 5.012002) (on linux) initializing
27-10-10 11:07:02 [startup] Info: try loading plugin ASSP_AFC
27-10-10 11:07:02 [startup] ASSP_AFC: Plugin successful called!
27-10-10 11:07:02 [startup] Info: plugin ASSP_AFC version 1.18 loaded 
for runlevel 'complete mail'.
27-10-10 11:07:02 [startup] Info: try loading plugin ASSP_ARC
27-10-10 11:07:02 [startup] ASSP_ARC: ARC-Plugin successful called!
27-10-10 11:07:02 [startup] Info: plugin ASSP_ARC version 1.14 loaded 
for runlevel 'complete mail'.
27-10-10 11:07:02 [startup] Info: try loading plugin ASSP_OCR
27-10-10 11:07:02 [startup] ASSP_OCR: Plugin successful called for 
runlevel 'complete mail' using PDF::OCR2!
27-10-10 11:07:02 [startup] Info: plugin ASSP_OCR version 1.25 loaded 
for runlevel 'complete mail'.
27-10-10 11:07:02 [startup] Info: try loading plugin ASSP_Razor
27-10-10 11:07:02 [startup] Info: try loading plugin ASSP_SkeletonTest
27-10-10 11:07:02 [startup] ASSP_SkeletonTest: Plugin successful called!
27-10-10 11:07:02 [startup] Info: plugin ASSP_SkeletonTest version 1.06 
loaded for runlevel 'mail header'.
27-10-10 11:07:02 [startup] Info: no valid recipient replacement rule found
27-10-10 11:07:02 [startup] Info: Regex invalidFormatHeloRe: 3 weighted 
regular expression defined
27-10-10 11:07:10 [startup] Info: 3 MSGID-secrets activated
27-10-10 11:07:10 [startup] Info: 3 BATV-secrets activated
27-10-10 11:07:10 [startup] Info: registered encrypted POP3ConfigFile 
file /usr/share/assp/files/pop3cfg.txt
27-10-10 11:07:10 [startup] Info: an ASSP restart will be done with:
27-10-10 11:07:10 [startup] ASSP_OCR: ImageMagick's convert found.
27-10-10 11:07:10 [startup] ASSP version 2.0.1(1.2.21) (Perl 5.012002) 
(on linux)running on server: filter (192.168.22.100)
27-10-10 11:07:10 [init] Threads module 1.81 installed
27-10-10 11:07:10 [init] Threads::shared module 1.34 installed
27-10-10 11:07:10 [init] Thread::Queue module 2.11 installed
27-10-10 11:07:10 [init] IO::Poll module 0.07 installed
27-10-10 11:07:10 [init] IO::Select module 1.17 installed
27-10-10 11:07:10 [init] ASSP is using IOEngine - Poll
27-10-10 11:07:10 [init] Thread::State module version 0.09 installed and 
available
27-10-10 11:07:10 [init] File::Scan::ClamAV module version 1.91 
installed and available
27-10-10 11:07:10 [init] Net::LDAP module version 0.4001 installed and 
available
27-10-10 11:07:10 [init] Net::DNS module version 0.66 installed and 
available
27-10-10 11:07:10 [init] Email::Valid module version 0.184 installed and 
available
27-10-10 11:07:10 [init] Net::SMTP module version 2.31 installed and 
available
27-10-10 11:07:10 [init] Mail::SPF::Query module version 1.999001 
installed and available
27-10-10 11:07:10 [init] Mail::SPF module version 2.007 installed and 
available
27-10-10 11:07:10 [init] Mail::SRS module version 0.31 installed - 
Sender Rewriting Scheme available
27-10-10 11:07:10 [init] Compress::Zlib module version 2.03 installed - 
HTTP compression available
27-10-10 11:07:10 [init] Digest::MD5 module version 2.51 installed - 
delaying can use MD5 keys for hashes
27-10-10 11:07:10 [init] Digest::SHA1 module version 2.13 installed - 
BATV and FBMTV check available
27-10-10 11:07:10 [init] File::ReadBackwards module version 1.04 
installed - searching of log files enabled
27-10-10 11:07:10 [init] Time::HiRes module version 1.9721 installed - 
CPU usage statistics available
27-10-10 11:07:10 [init] Sys::Syslog module version 0.27 installed - 
Unix centralized logging enabled
27-10-10 11:07:10 [init] Net::Syslog module version 0.03 installed - 
network Syslog logging enabled
27-10-10 11:07:10 [init] Tie::RDBM module version 0.73 installed - 
database usage available
27-10-10 11:07:10 [init] DB_File module version 1.82 installed - DB_File 
(Berkeley V1) database usage available
27-10-10 11:07:10 [init] BerkeleyDB module version 0.43 installed - 
Berkeley database usage available
27-10-10 11:07:10 [init] BerkeleyDB DB-version 4.6 / Berkeley DB 4.6.21: 
(September 27, 2007) is installed
27-10-10 11:07:10 [init] Info: griplist is using 'BerkeleyDB' version 
4.6 in file /usr/share/assp/griplist.bdb
27-10-10 11:07:10 [init] Net::IP::Match::Regexp module version 1.01 
installed - CIDR notation for IP range available
27-10-10 11:07:10 [init] Net::CIDR::Lite module version 0.21 installed - 
hyphenated IP address range available
27-10-10 11:07:10 [init] Net::SenderBase module version 1.01 installed - 
Query the senderbase service available
27-10-10 11:07:10 [init] LWP::Simple module version 5.835 installed - 
procedural LWP interface available
27-10-10 11:07:10 [init] Email::MIME::Modifier module version 1.906 
installed - MIME charset decoding and conversion interface and 
attachment detection available
27-10-10 11:07:10 [init] MIME::Types module version 1.31 installed - 
TNEF conversion may possible
27-10-10 11:07:10 [init] Email::Send module version 2.198 installed - 
sending .eml files available
27-10-10 11:07:10 [init] Convert::TNEF module version 0.17 installed - 
TNEF conversion is available
27-10-10 11:07:10 [init] Mail::DKIM::Verifier module version 0.38 
installed - DKIM verification is available
27-10-10 11:07:10 [init] Schedule::Cron module version 1.00 installed - 
RebuildSpamdb Scheduler is available
27-10-10 11:07:10 [init] Sys::MemInfo module version 0.91 installed - 
memory calculation is available
27-10-10 11:07:10 [init] Authen::SASL module version 2.15 installed - 
SMTP AUTH is available
27-10-10 11:07:10 [init] Regex::Optimizer module version 1.07 installed 
- Regular Expression Optimization is available
27-10-10 11:07:10 [init] IO::Socket::SSL module version 1.33 installed - 
https and TLS/SSL is possible
27-10-10 11:07:10 [init] Found valid certificate and privat key file - 
https and TLS/SSL is available
27-10-10 11:07:10 [init] Info: last DB-backup was scheduled before 1 
hour 14 mins
27-10-10 11:07:10 [init] Info: next DB-backup is scheduled in 45 mins
27-10-10 11:07:10 [init] Starting maintenance worker thread [10000] - 
ThreadCycleTime is set to 3000 microseconds
27-10-10 11:07:12 [Worker_10000] Worker_10000 started
27-10-10 11:07:12 [init] Starting rebuild SpamDB worker thread [10001] - 
ThreadCycleTime is set to 30 microseconds
27-10-10 11:07:12 [Worker_10001] Worker_10001 started
27-10-10 11:07:12 [Worker_10001] Info: found module 
/usr/share/assp/lib/rebuildspamdb.pm version 2.34
27-10-10 11:07:12 [init] Starting SMTP-worker-threads with 
ThreadCycleTime set to 3000 microseconds
27-10-10 11:07:12 [init] Starting communication worker threads [1 to 5]
27-10-10 11:07:17 [init] Using table <whitelist>       in mysql Database 
<assp> instead of file /usr/share/assp/whitelist
27-10-10 11:07:17 [init] Using table <persblack>       in mysql Database 
<assp> instead of file /usr/share/assp/persblack
27-10-10 11:07:17 [init] Using table <redlist>         in mysql Database 
<assp> instead of file /usr/share/assp/redlist
27-10-10 11:07:17 [init] Using table <delaydb>         in mysql Database 
<assp> instead of file /usr/share/assp/delaydb
27-10-10 11:07:17 [init] Using table <delaywhitedb>    in mysql Database 
<assp> instead of file /usr/share/assp/delaydb.white
27-10-10 11:07:17 [init] Using table <PBWhite>         in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.white.db
27-10-10 11:07:17 [init] Using table <PBBlack>         in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.black.db
27-10-10 11:07:17 [init] Using table <RBLCache>        in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.rbl.db
27-10-10 11:07:17 [init] Using table <URIBLCache>      in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.uribl.db
27-10-10 11:07:17 [init] Using table <PTRCache>        in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.ptr.db
27-10-10 11:07:17 [init] Using table <MXACache>        in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.mxa.db
27-10-10 11:07:17 [init] Using table <RWLCache>        in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.rwl.db
27-10-10 11:07:17 [init] Using table <SPFCache>        in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.spf.db
27-10-10 11:07:17 [init] Using table <SBCache>         in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.sb.db
27-10-10 11:07:17 [init] Using table <PBTrap>          in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.trap.db
27-10-10 11:07:17 [init] Using table <DKIMCache>       in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.dkim.db
27-10-10 11:07:17 [init] Using table <BATVTag>         in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.batv.db
27-10-10 11:07:17 [init] Using table <BackDNS>         in mysql Database 
<assp> instead of file /usr/share/assp/pb/pbdb.back.db
27-10-10 11:07:17 [init] Using table <spamdb>          in mysql Database 
<assp> instead of file /usr/share/assp/spamdb
27-10-10 11:07:17 [init] Using table <spamdbhelo>      in mysql Database 
<assp> instead of file /usr/share/assp/spamdb.helo
27-10-10 11:07:17 [init] Using table <ldaplist>        in mysql Database 
<assp> instead of file /usr/share/assp/ldaplist
27-10-10 11:07:17 [init] Using table <AdminUsers>      in mysql Database 
<assp> instead of file /usr/share/assp/adminusers
27-10-10 11:07:17 [Worker_10001] Info: starting RebuildSpamdb Scheduler 
with '8 3 * * *'
27-10-10 11:07:17 [init] Using table <AdminUsersRight> in mysql Database 
<assp> instead of file /usr/share/assp/adminusers.right
27-10-10 11:07:17 [init] Listening for SMTP connections on 192.168.22.100:25
27-10-10 11:07:17 [init] Listening for SMTPS (SSL) connections on 
192.168.22.100:465
27-10-10 11:07:17 [init] Listening for admin HTTPS connections on 55555
27-10-10 11:07:17 [init] Listening for stat HTTP connections on 55553
27-10-10 11:07:17 [init] Listening for SMTP relay connections on 
0.0.0.0:25000
27-10-10 11:07:17 [init] Starting PID: 30447
27-10-10 11:07:17 [init] Info: command queue released
27-10-10 11:07:17 [init] Switched effective gid to 1002 (nobody)
27-10-10 11:07:17 [init] Switched real gid to 1002 (nobody)
27-10-10 11:07:17 [init] Switched effective uid to 1001 (assp)
27-10-10 11:07:17 [init] Switched real uid to 1001 (assp)
27-10-10 11:07:17 [init] Info: central signalhandler - NUM63(63) - 
TRAP(5) - NUM42(42) - URG(23) - STOP(19) - NUM39(39) - NUM62(62) - 
NUM43(43) - NUM57(57) - NUM56(56) - RTMAX(64) - NUM59(59) - VTALRM(26) - 
CONT(18) - NUM45(45) - NUM61(61) - NUM44(44) - NUM36(36) - NUM32(32) - 
BUS(7) - NUM40(40) - NUM51(51) - IOT(65) - STKFLT(16) - NUM41(41) - 
KILL(9) - QUIT(3) - NUM37(37) - NUM50(50) - ABRT(6) - NUM48(48) - 
NUM35(35) - NUM38(38) - TTOU(22) - IO(29) - TSTP(20) - PROF(27) - 
NUM53(53) - NUM58(58) - SEGV(11) - RTMIN(34) - POLL(67) - PIPE(13) - 
SYS(31) - NUM46(46) - PWR(30) - FPE(8) - NUM54(54) - XCPU(24) - TTIN(21) 
- NUM52(52) - NUM55(55) - XFSZ(25) - NUM33(33) - NUM49(49) - UNUSED(68) 
- WINCH(28) - ILL(4) - NUM47(47) - NUM60(60) - INT(2) - HUP(1) - 
TERM(15) - CHLD(17) - CLD(66) - ALRM(14) - installed

"Dale" <dbritt@...> schreibt:
>So put it in bombdatare just as an email address?

put in bombdatare just as the string you want to catch

Thomas,

I think I found the original tagmode issue below:

In sub PBOK:
    return 1 if $totalscore<$PenaltyLimit;
Should be:
    return 1 if $totalscore<$PenaltyMessageLimit && $DoPenalty != 4;
Which allows PBOK check in getbody() to handle as thisIsSpam rather than
falling through and being handled by isnotspam.

Michael Thomas
Mathbox
978-687-3300
Toll Free: 1-877-MATHBOX (1-877-628-4269)

> -----Original Message-----
> From: Michael Thomas [mailto:mike@...] 
> Sent: Thursday, October 28, 2010 4:05 AM
> To: 'ASSP development mailing list'
> Subject: [Assp-test] FW: Penalty Box - Message Scoring
> 
> 
> Thomas,
> 
> While logging and comparing log to code, noted that 
> $PenaltyLimit is used,
> but never defined and never assigned a value:
> 
> sub PBOK - return 1 if $totalscore<$PenaltyLimit;
> 
> sub PBExtremeOK - if ( $totalscore >= $PenaltyLimit && $totalscore <
> $PenaltyExtreme ) {
> 
> sub cleanBlackPB - if ($tdif>$PenaltyDuration*60 && 
> $score<$PenaltyLimit ) {
> 
> In all three cases, I believe $PenaltyLimit should be 
> $PenaltyMessageLimit.
> 
> Michael Thomas
> Mathbox
> 978-687-3300
> Toll Free: 1-877-MATHBOX (1-877-628-4269)
> 
> > -----Original Message-----
> > From: Michael Thomas [mailto:mike@...] 
> > Sent: Sunday, October 24, 2010 2:55 PM
> > To: 'ASSP development mailing list'
> > Subject: Re: [Assp-test] Penalty Box - Message Scoring
> > 
> > 
> > Thomas,
> > 
> > For load balancing and redundancy, I have three virtual 
> > incoming MX. Issue
> > shows on all three. Mx01 handles 70% of load, mx02 handles 
> > 20% of load, and
> > mx03 handles 10% of load. So, I do not think it is load 
> > factor. It does not
> > happen to every message. Most messages that score similarly 
> > are tagged.
> > 
> > At first, I thought it might be related to the fact that I 
> disabled PB
> > Extreme, but after monitoring, I realized that it was not all 
> > messages,
> > there were similar messages getting tagged.
> > 
> > I will turn up logging to debug level and monitor.
> > 
> > Michael Thomas
> > Mathbox
> > 978-687-3300
> > Toll Free: 1-877-MATHBOX (1-877-628-4269)
> > 
> > > -----Original Message-----
> > > From: Thomas Eckardt [mailto:Thomas.Eckardt@...] 
> > > Sent: Sunday, October 24, 2010 4:59 AM
> > > To: ASSP development mailing list
> > > Subject: Re: [Assp-test] Penalty Box - Message Scoring
> > > 
> > > Hi Thomas,
> > > 
> > > I'm unable to reproduce this behavior - it is 
> reproduceable on your 
> > > system?
> > > 
> > > Thomas
> > > 
> > > 
> > > 
> > > 
> > > Von:    "Michael Thomas" <mike@...>
> > > An:     "'ASSP development mailing list'" 
> > > <assp-test@...>
> > > Datum:  24.10.2010 03:59
> > > Betreff:        [Assp-test] Penalty Box - Message Scoring
> > > 
> > > 
> > > 
> > > 
> > > Thomas,
> > > 
> > > In the example below, the message exceeded the low limit, 
> > > then exceeded 
> > > the
> > > high limit. As you can see from the log, assp passed the 
> > > message through 
> > > to
> > > the SMTP. What I found interesting was that assp did not 
> > > write any headers
> > > to the message. I thought that because assp was in Message 
> > > Scoring Mode:
> > > tagging, that assp would tag. Apparently, because of the 
> > score, assp 
> > > wanted
> > > to move to blocking and because assp was in tagging, assp did 
> > > nothing. Or 
> > > do
> > > I misunderstand message scoring mode?
> > > 
> > > On the final destination SMTP, if I find "X-Assp-Spam: 
> YES" in the 
> > > headers,
> > > I toss the message into the Junk folder. In this case there 
> > > no headers at
> > > all.
> > > 
> > > ASSP version 2.0.2(1.2.26)
> > > Do PenaltyBox - IP History: Monitor/MessageScoring
> > > Message Scoring Mode: tagging
> > > Low MessageLimit: 25
> > > High MessageLimit: 50
> > > Add IP/Message Scoring Header: Checked
> > > Extreme Scoring Threshold (PenaltyExtreme): 150
> > > PenaltyBox Extreme IP Profiling (DoPenaltyExtreme): disabled
> > > 
> > > 
> > > ================================
> > > 10-Oct-23 13:28:16 [Worker_4] Connected: 67.23.229.242:1221 >
> > > 208.69.48.42:25 > 208.69.48.46:25
> > > 10-Oct-23 13:28:20 54896-03236 [Worker_4] [DNSBL] 67.23.229.242
> > > <support@...> to: mailbox@... 
> [scoring] DNSBL: 
> > > neutral,
> > > 67.23.229.242 listed in bl.mathbox.net
> > > 10-Oct-23 13:28:20 54896-03236 [Worker_4] 67.23.229.242
> > > <support@...> to: mailbox@... 
> > > Message-Score: added 25
> > > for DNSBL: neutral, 67.23.229.242 listed in bl.mathbox.net, 
> > > total score 
> > > for
> > > this message is now 25
> > > 10-Oct-23 13:28:20 54896-03236 [Worker_4] 67.23.229.242
> > > <support@...> to: mailbox@... 
> > > Regex:InvalidPTRRe 'PB 
> > > 15:
> > > for 67-23-229-242'
> > > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 67.23.229.242
> > > <support@...> to: mailbox@... 
> > > Message-Score: added 50
> > > for URIBL: neutral, phantasyleague.com listed in black.uribl.com
> > > uri.mathbox.net, total score for this message is now 75
> > > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 
> > > [MessageLimit][tagging][tagmode]
> > > 67.23.229.242 <support@...> to: 
> > mailbox@... [spam 
> > > found]
> > > and possibly passing because tagmode: mailbox@..., 
> > > otherwise
> > > blocked (MessageScore 75, limit 50) [YourCashNow] -> 
> > > C:/ASSP/spam/3236.eml
> > > 10-Oct-23 13:28:21 54896-03236 [Worker_4] [PenaltyBox] 
> 67.23.229.242
> > > <support@...> to: mailbox@... 
> > > [monitoring] totalscore
> > > for 67.23.229.242 is 75, last bad penalty was 'URIBLneutral'
> > > 10-Oct-23 13:28:21 54896-03236 [Worker_4] 67.23.229.242
> > > <support@...> to: mailbox@... spam found 
> > > and passing 
> > > ()
> > > [YourCashNow] 
> > > 10-Oct-23 13:28:21 54896-03236 [Worker_4] [MessageOK] 
> 67.23.229.242
> > > <support@...> to: mailbox@... message ok 
> > > [YourCashNow]
> > > -> C:/ASSP/spam/3236.eml
> > > ================================
> > > 
> > > Michael Thomas
> > > Mathbox
> > > 978-687-3300
> > > Toll Free: 1-877-MATHBOX (1-877-628-4269)
> > > 
> > > 
> > > --------------------------------------------------------------
> > > ----------------
> > > Nokia and AT&T present the 2010 Calling All 
> > Innovators-North America 
> > > contest
> > > Create new apps & games for the Nokia N8 for consumers in  
> > > U.S. and Canada
> > > $10 million total in prizes - $4M cash, 500 devices, 
> nearly $6M in 
> > > marketing
> > > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish 
> > > to Ovi Store 
> > > http://p.sf.net/sfu/nokia-dev2dev
> > > _______________________________________________
> > > Assp-test mailing list
> > > Assp-test@...
> > > https://lists.sourceforge.net/lists/listinfo/assp-test
> > > 
> > > 
> > > 
> > > 
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be 
> > > confidential, legally 
> > > privileged and protected in law and are intended solely for 
> > > the use of the 
> > > 
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There 
> > should be no 
> > > known virus in this email!
> > > *******************************************************
> > > 
> > > 
> > > 
> > 
> > 
> > --------------------------------------------------------------
> > ----------------
> > Nokia and AT&T present the 2010 Calling All Innovators-North 
> > America contest
> > Create new apps & games for the Nokia N8 for consumers in  
> > U.S. and Canada
> > $10 million total in prizes - $4M cash, 500 devices, nearly 
> > $6M in marketing
> > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish 
> > to Ovi Store 
> > http://p.sf.net/sfu/nokia-dev2dev
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@...
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> > 
> > 
> 
> 
> --------------------------------------------------------------
> ----------------
> Nokia and AT&T present the 2010 Calling All Innovators-North 
> America contest
> Create new apps & games for the Nokia N8 for consumers in  
> U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly 
> $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish 
> to Ovi Store 
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
> 
>

On 2010-10-28 11:08, Henrik wrote:
>    new assp version 1.8.1.3 (1.0.00) is available for download at
> http://downloads.sourceforge.net/project/assp/ASSP%20Installation/AutoUpdate/ASSP1x/assp.pl.gz;
> Oct-28-10 10:52:12 Autoupdate: info: performing assp.pl.gz download to...
>
> ...Oct-28-10 11:00:18 ASSP 1.8.1.2(1.0.04) starting .......
>
Now it's the rigth version.
Oct-28-10 11:40:14 ASSP 1.8.1.3(1.0.00) starting....

new assp version 1.8.1.3 (1.0.00) is available for download at 
http://downloads.sourceforge.net/project/assp/ASSP%20Installation/AutoUpdate/ASSP1x/assp.pl.gz;
Oct-28-10 10:52:12 Autoupdate: info: performing assp.pl.gz download to...

...Oct-28-10 11:00:18 ASSP 1.8.1.2(1.0.04) starting .......

Dear all,

 This time my system receives many spams that have virus attached.

 These spam's attachment has a special name, look like : mydomain.com.zip
(sorry I forgot this virus's name)

 We all know that we can't block .zip extension, so I use the Attachment
Blocking and use level 2 blocking, this have the following syntax:

 (ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]).zip



So I add (mydomain.com).zip in the level 2 but email with this attachment
still go inside.


When I check the ASSP's log file:


 info: 1 attachment found for Level-2

 info: 1 attachment found for Level-3


and nothing special!


Does anybody have this problem?


Note: I'm still using ASSP 2.0.1(0.7.07) (stable for me and this time I dont
have time to upgrade)



Thank you.

Thanks Thomas for updating ASSP.

For those following this thread:

changed in 2.0.2_1.2.31:
- NullAddresses are now working independend from CatchAll and CatchAllAll
>ASSP will dump a message silently when encountering such an address in
"MAIL FROM:" or "RCPT TO:". ....

Hi

I'm not sure if this affects anyone but in case you didn't know, dnswl.org 
has changed it's terms of use.

http://www.dnswl.org/news/archives/20-Announcement-Start-of-license-enforcement.html

http://www.dnswl.org/license

Users with high query volumes (> 100'000 queries/24 hours) and commercial 
filter vendors of anti-spam products and services are required to purchase a 
subscription (see here for full access requirements).

Over the next couple of days, we will start the enforcement of this model. 
"Enforcement" means that we may block your rsync access or your access to 
the DNS servers without further warning, since we usually do not know who 
you are.

Dale

Is anyone using the raw statistics that is accessible through port 55553?
I'm asking this because I am using Zabbix to monitor several servers and now
I'm also able to monitor ASSP directly.

How are you monitoring your ASSP?
I was secretly hoping that others would be making nice templates with
triggers / graphs or any other useful feedback.

I wrote some scripts so I can monitor sendmail, exim and postfix.
If anyone is interested I can post them too (postfix is already on the
zabbix forum)


-----Oorspronkelijk bericht-----
Van: JP [mailto:jp@...] 
Verzonden: vrijdag 15 oktober 2010 16:39
Aan: 'ASSP development mailing list'
Onderwerp: [Assp-test] Zabbix Client for ASSP


For those that are interested, I wrote a zabbix client in bash which is able
to send statistical data to a zabbix-server.
http://www.zabbix.com/

More information can be found in this forum.
http://www.zabbix.com/forum/showthread.php?p=73730

I know it would be more portable if it was written in perl, but alas... I
don't speak perl that well.

In this thread a perl script is posted.
http://www.zabbix.com/forum/showthread.php?p=66339

JP


----------------------------------------------------------------------------
--
Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and
Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test

Hi

I'm running ASSP version 2.0.2(1.2.31) and it's crashing every 30 minutes. 
Version .30 also had some crashing under relatively low loads but .31 is 
consistantly crashing since updating it

Dale