From: Barry d. H. <ba...@ba...> - 2014-01-16 16:10:21
|
Hi, I'm running ASSP rebuildspamdb v1.99 (13177) which normally runs fine and finishes within approx. 30 minutes. Since about 2 weeks ago it suddenly takes 1,5 day to run. A lot of the processing time seems to be taken by analyzing the notspam folder (14129 seconds), while the spam folder takes 888 seconds. The total processing time is 113488 seconds, which is mostly caused by the "Generating weighted Bayesian tuplets" action "Saving rebuilt SPAM database". When it happened last week, I remove the files in the notspam folder from the days prior to the day it started to took such a long time to process, which made the rebuild fast again (30 minutes). Now again, the process takes up to about 1,5 day. What can cause this problem? I've been monitoring the server, but the CPU is most of the times <10%. ASSP is running on a dedicated Windows 2003 server, 1 CPU, 2GB ram. The rebuild process is starting in a seperate process via Windows Task Schedular, but the normal ASSP process is very slow during the rebuild. Regards, Barry |
From: Fritz B. <fb...@iw...> - 2007-08-11 21:23:03
|
It is working inside the Analyze Tool and helps to identify the regular expression match in bomb regex checking. Just put the text to search for into the Analyze box . (and press enter))). fritz |
From: Fritz B. <fb...@iw...> - 2007-08-15 07:19:52
|
"Fritz Borgstedt" <fb...@iw...> schreibt: >In my installation 1.3.3.2 (22) runs quite flawlessly. "Quite"....)))(( 1.3.3.2 up to (25) is buggy. It does not collect spam altogether, if "do not collect spam if redlisted" is set. This bug slipped into (20) and is fixed in (26), Please pay atttention to the changed default for Ordered-Tie Hash Table Size in section >Server Setup :20000 Please set your value to this new default. |
From: Fritz B. <fb...@iw...> - 2007-08-15 20:55:08
|
>Just curious if the CIDR code that's in the current beta's is >testable. No. It will be part of 1.2.4 (development)-> 1.2.5 (stable) |
From: Milan T. <no...@tr...> - 2007-08-20 01:12:07
|
white list addition over the e-mail interface: I have submitted 4 Addresses first was a local user, skipped but no report. The others like this: > Report from: xx...@xx... > > > aa...@ho...: added to whitelist > bb...@bl...: already on whitelist > cc...@hi...: already on whitelist > aa...@ho...: already on whitelist And in logfile only one line: Aug-20-07 02:48:45 x.x.x.x <> authenticated Aug-20-07 02:48:46 mail-0925c1744 x.x.x.x <no...@xx...> email whitelist addition Aug-20-07 02:48:46 Email whitelist addition: aa...@ho... Regards Milan |
From: Fritz B. <fb...@iw...> - 2007-08-20 06:13:09
|
>white list addition over the e-mail interface: yep, that worked as designed, anything wrong? |
From: Micheal E. Jr <mi...@es...> - 2007-08-22 14:34:17
|
Marrco wrote: > > Can=E2=80=99t tell why, but i tested this 2 times and results are consi= stent. > My regex (header and body) work in a different way switching from > 1.3.3.2 (aug.9) to this week versions. Newer version cause a lot of > unwanted of bombheader/bombdata rejects. > > =20 > > Just changing assp.pl back to the aug.9 version fixes the problem > > =20 > > Is there any major difference in regex processing ? > There has been a change if you have been following the assp-test conversations. Can you give examples of the erroneous matches? |
From: Marrco <as...@mi...> - 2007-08-22 14:52:07
|
>> >> Can=E2=80=99t tell why, but i tested this 2 times and results are = consistent. >> My regex (header and body) work in a different way switching from >> 1.3.3.2 (aug.9) to this week versions. Newer version cause a lot of >> unwanted of bombheader/bombdata rejects. >> >> =20 >> >> Just changing assp.pl back to the aug.9 version fixes the problem >> >> =20 >> >> Is there any major difference in regex processing ? >> > >There has been a change if you have been following the assp-test >conversations. Can you give examples of the erroneous matches? > Back from holidays, so i think i missed the last few thousand = messages... Some additional info : It looks like there is some difference about end of lines. This is the regex I use for headers (to stop forged message IDs = reference) : ^Message-ID:.*@(mydomain\.com) Now is blocking [....] Received: by 10.143.11.13 with SMTP id o13mr45646wfi.1187792197724; Wed, 22 Aug 2007 07:16:37 -0700 (PDT) Received: by 10.142.87.5 with HTTP; Wed, 22 Aug 2007 07:16:36 -0700 = (PDT) Message-ID: = <246...@ma...> Date: Wed, 22 Aug 2007 16:16:36 +0200 From: testfromgmail <my...@gm...> To: "marrco" <my...@my...> Subject: asspregextesting MIME-Version: 1.0 Content-Type: multipart/alternative;=20 boundary=3D"----=3D_Part_100941_12483672.1187792196950" and this is what i get in the logs with the newer version : Aug-22-07 16:14:41 209.85.162.183 <my...@gm...> to: = my...@my... BombHeaderRe:'Message-ID: = <246...@ma...> Date: Wed, 22 Aug 2007 16:07:52 +0200 From: testfromgmail = <my...@gm...> To: "marrco" <my...@my...' |
From: Marrco <as...@mi...> - 2007-08-22 15:08:24
|
>>> >>> Can=E2=80=99t tell why, but i tested this 2 times and results are = consistent. >>> My regex (header and body) work in a different way switching from >>> 1.3.3.2 (aug.9) to this week versions. Newer version cause a lot of >>> unwanted of bombheader/bombdata rejects. >>> >>> =20 >>> >>> Just changing assp.pl back to the aug.9 version fixes the problem >>> >>> =20 >>> >>> Is there any major difference in regex processing ? >>> >> >>There has been a change if you have been following the assp-test >>conversations. Can you give examples of the erroneous matches? >> > >Back from holidays, so i think i missed the last few thousand = messages... > >Some additional info : > >It looks like there is some difference about end of lines. > >This is the regex I use for headers (to stop forged message IDs = reference) : >^Message-ID:.*@(mydomain\.com) > >Now is blocking > >[....] >Received: by 10.143.11.13 with SMTP id o13mr45646wfi.1187792197724; > Wed, 22 Aug 2007 07:16:37 -0700 (PDT) >Received: by 10.142.87.5 with HTTP; Wed, 22 Aug 2007 07:16:36 -0700 = (PDT) >Message-ID: = <246...@ma...> >Date: Wed, 22 Aug 2007 16:16:36 +0200 >From: testfromgmail <my...@gm...> >To: "marrco" <my...@my...> >Subject: asspregextesting >MIME-Version: 1.0 >Content-Type: multipart/alternative;=20 > boundary=3D"----=3D_Part_100941_12483672.1187792196950" > >and this is what i get in the logs with the newer version : > >Aug-22-07 16:14:41 209.85.162.183 <my...@gm...> to: = my...@my... BombHeaderRe:'Message-ID: = ><246...@ma...> Date: > Wed, 22 Aug 2007 16:07:52 +0200 From: testfromgmail = <my...@gm...> To: "marrco" <my...@my...' > > > A few more tests with 1.3.3.2 (aug.9) (old good working version): Using mail analyzer I got a single hit for=20 >> Feature Matching: >> >> (red dot) Bomb Data RE: 'message-id:date:from:to = :subject:mime-version:content-type;=20 >> b=3DChlOvxaQq5lKH8sFH2/G41fUV/p0+0632/+IpPOmwJX376T1wXFouWAsyIXWIMk = [....](PDT) Message-ID: >> <246...@ma...> Date:=20 >> Wed, 22 Aug 2007 16:16:36 +0200 From: testfromgmail [...] But the mail passed without any problem. So it looks like there is a = small cosmetic error (I think it's bomb header, not bomb data), and a = different processing of end of lines between mail analyzer and standard = assp operation.=20 It looks to me that mail analyzer and newer assp consider ALL headers as = a single line, but older assp processes regex match in a different way (I still did not test body regex and newlines) |
From: Fritz B. <fb...@iw...> - 2007-08-28 05:43:11
|
>You are correct - but the feature is broken / has issues. What version are you talking? I made an intensive effort and since 1.3.3.3 (6) it should work correctly. |
From: Fritz B. <fb...@iw...> - 2007-08-28 06:34:41
|
>I made an intensive effort and since 1.3.3.3 (6) it should work >correctly. Correction, it was (4). >For the benefit of the list: Resolved in 1.3.3.3 (4), Thanks Fritz > >Nick |
From: Steve T. <st...@sw...> - 2007-08-28 13:27:52
|
> What version are you talking? > > I made an intensive effort and since 1.3.3.3 (6) it should > work correctly. (11) Maybe my settings aren't correct. I will look over them again today and test. |
From: Micheal E. Jr <mi...@es...> - 2007-08-28 15:08:53
|
Steve Thompson wrote: > I have a list in BadAttachL1 but nothing in 2 and 3. > > I did not put xls in BadAttachL1. I thought since I didn't include it in > the GoodAttach, it would be blocked. Do entries need to exist in all places > for it to work? They shouldnt, but I am trying to isolate the problem with you - as I see it with me. Put it in BadAttachL1 and see if it gets blocked. |
From: Steve T. <st...@sw...> - 2007-08-28 15:19:18
|
> Put it in BadAttachL1 and see if it gets blocked. Nope, still comes through Aug-28-07 10:18:12 [Local/White] id-4291c12387 192.168.0.5 <st...@sw...> to: st...@sw... local or whitelisted - (no bad attachments) _ -> c:\ASSP/notspam/12387.eml |
From: Kevin <ass...@la...> - 2007-08-29 22:42:47
|
Fritz Borgstedt wrote: > CIDR notation for IP ranges is now available for testing purposes in > (15) > > please try Not working for me. In fact, neither DenySMTP field is working for me now. 1.3.3.3(17) Net::IP::Match::Regexp 0.94 Net::CIDR::Lite 0.94 I also got an error message in the console: Argument "" isn't numeric in pack at C:/Perl/site/lib/Net/IP/Match/Regexp.pm lin e 150. Kevin |
From: Micheal E. Jr <mi...@es...> - 2007-08-30 14:43:19
|
Fritz Borgstedt wrote: > In (19) is now an option to have the header copied into the body. > Somebody interested may try how SpamCop is reacting to this format. I report all my spam to SpamCop, but I do it with server-side inbox rules on my Exchange server - forwarding the messages as attachments. Details on SpamCop email submissions are here: http://www.spamcop.net/fom-serve/cache/166.html If you interact with SpamCop on a large scale, I recommend that you add their IP Blocks to your noProcessingIPs: http://www.asspsmtp.org/wiki/SpamCop_%28IP_Block%29 A Perl script for reporting spam to various services based on content can be found here: http://www.gloomytrousers.co.uk/open_source/spam_reporter.shtml |
From: Fritz B. <fb...@iw...> - 2007-08-30 16:27:38
|
> >I report all my spam to SpamCop, but I do it with server-side inbox >rules on my Exchange server - forwarding the messages as attachments. > >Details on SpamCop email submissions are here: interesting, but I am here more interested in reaction to ASSP features. |
From: Fritz B. <fb...@iw...> - 2007-09-04 09:21:45
|
>I'm seeing addresses in my spamtrapaddresses list fail for being >invalid >addresses now. I'm using a flatfile of valid users. This seems to >indicate >that the order of testing has changed. Am I right? SpamTrap-addresses and SpamCollect-adresses were reworked, I hope everything is fine in (7): SpamTrap-addresses must not be valid, they are checked before User Validation. SpamCollect-addresses must be valid , however there is an option for a catchall-spamcollectaddresses. so you need just one addresses, all others can be mapped to the catchall. |
From: Paul H. <du...@sh...> - 2007-09-07 17:48:04
|
This may or may not be related, but I just noticed if I email a collect address I receive a spam report. Steve Thompson wrote: >> Running 1.3.4(14). This has stopped working again. FYI >> > > Mine too. I just get blank reports when sending to spam/notspam. Nothing. > Nada. Zip. > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test |
From: Tracy H. <Admin@CrashWizards.com> - 2007-09-08 20:49:38
|
Ok, I bounced the service and it started working again. It seems that file:files/* don't automatically reload after a change like before. Tracy Tracy Hammond wrote: > Penalty trap addresses don't seem to be working with build 20. > > Also is seems like denysmtp is not working as well, but I didn't > investigate too much. > > Tracy > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test > |
From: JP v. M. <jp...@ds...> - 2007-09-11 07:09:36
|
To Jose A. Dias, > Here's the fallacy I see: By this logic you don't need to look at any > portion of the header. You accept mail from only a server which is > designated by you, so you accept connections from one (or a few) ip's > only. It can only be trusted. I have explained (hopefully) a bit better what I meant, but I never got any comments on that. The discussion is now focused on checking the whole header or not. The only thing I wanted to achieve is to check the last IP in the chain, the MTA that connected to one of my designated trusted relay-servers. JP |
From: Fritz B. <fb...@iw...> - 2007-09-12 08:17:21
|
>OK. Given that, what is EmailSenderOK for? The GUI says this: > >Accept Emails (Reports) from these external addresses* > >Allow the following external domains/addresses to report to the email >interface. By default, ASSP only accepts reports from local or >authenticated >users. > >Internal Name: EmailSenderOK It is for that, what the GUI says. So put one address into the field for testing. > |
From: Fritz B. <fb...@iw...> - 2007-09-12 13:21:22
|
> >So put one address into the field for testing. activate regexlogging to see a match. I put in the last built. |
From: Marrco <as...@mi...> - 2007-09-15 13:40:02
|
.41 starts fine. But the null sender skipping the bombregex problem is still present in my setup. |
From: JP v. M. <jp...@ds...> - 2007-09-17 09:16:09
|
I'm having issues lately as well, but I can't really solve it by running an older version which proofed to be stable before. I have a watchdog which stops the service if it doesn't respond and starts it when it's not running.... This watchdog doesn't need to stop the service as it is already stopped somehow. The watchdog only has to start the ASSP-service every hour... At the moment I think it has something to do with vmware which I'm running on the same host. Stopping the service didn't help, so I disabled autostart of the vmware service and restarted Fedora. I waited an hour before sending this mail. There's definately a one-hour interval and it doesn't coincide with my hourly cronjob... It stops after running one hour. Does ASSP start something special every hour? Sep-17-07 10:58:57 id-9537c8315 124.121.196.250 <cas...@gr...> to: kee...@he... is disconnected Sep-17-07 10:59:08 id-9547c12344 122.124.174.193 <sha...@am...> to: mat...@he... is disconnected Sep-17-07 11:03:04 ASSP version 1.3.4(44) (Perl 5.008008) initializing Sep-17-07 11:03:05 File::Scan::ClamAV module version 1.8 installed and available _____ Van: ass...@li... [mailto:ass...@li...] Namens Jose A. Dias Verzonden: zondag 16 september 2007 2:02 Aan: ass...@li... Onderwerp: [Assp-test] version 42 shuts down for now reason. All, Haven't seen this one for a while. Updated to 1.3.4(42) but service would shutdown for no reason. See bellow for what details there were. I've gone back to (39) as that had no such issue. Version (42) seems to shutdown after a clean up, but I see no other issue. Upgrade was as before. Shutdown service, overwrite assp.pl, restart the service. --snip-- Sep-15-07 18:53:53 Saving whitelist Sep-15-07 18:53:53 Saving redlist Sep-15-07 18:53:53 Saving delaying records Sep-15-07 18:53:53 Saving penalty records Sep-15-07 18:53:53 Saving cache records Sep-15-07 18:53:53 Cleaning up delaying databases ... Sep-15-07 18:53:53 Cleaning delaying database (triplets) finished; keys before=196, deleted=6 Sep-15-07 18:53:53 Cleaning delaying database (whitelisted tuplets) finished; keys before=98, deleted=0 Sep-15-07 18:53:53 Saving penalty records Sep-15-07 18:53:53 Saving cache records Sep-15-07 18:53:53 Cleaning penalty records... Sep-15-07 18:53:53 PenaltyBox: cleaning BlackBox finished; IP's before=64, deleted=1 Sep-15-07 18:53:54 PenaltyBox: cleaning WhiteBox finished; IP's before=43, deleted=0 Sep-15-07 18:53:54 Cleaning cache records... Sep-15-07 18:53:54 DNSBLCache: cleaning cache finished; IP's before=13, deleted=0 Sep-15-07 18:53:54 URIBLCache: cleaning cache finished; Domains before=268, deleted=0 Sep-15-07 18:53:54 RWLCache: cleaning cache finished; IP's before=99, deleted=1 Sep-15-07 18:53:54 PTRCache: cleaning cache finished; IP's before=98, deleted=2 Sep-15-07 18:53:54 MXACache: cleaning cache finished; IP's before=118, deleted=6 Sep-15-07 18:53:54 SPFCache: cleaning cache finished; IP's before=0, deleted=0 Sep-15-07 19:57:04 Starting as a service _____ I am using the free version of SPAMfighter for private users. It has removed 9342 spam emails to date. Paying users do not have this message in their emails. Try SPAMfighter <http://www.spamfighter.com/len> for free now! |