From: Fritz B. <fb...@iw...> - 2007-08-11 21:19:13
|
> > >IMHO rename this group to something like "ASSP-Test-User" whatever. >since recent there is almost nothing for an [Average-Assp-user] and >*definitely* nothing for a [New-Assp-User]. > >it's a good idea to open various mailing lists with different >concerns like Assp-Power, Assp-Beta, Assp-Help, Assp-Config etc... >with alternative subscribtion options. Lots of valuable info is >getting lost in this way. |
From: Fritz B. <fb...@iw...> - 2007-08-16 10:50:37
|
1.3.3.2(28) is candidate for the 1.3.3.3 release. As recently introduced we use odd numbers at the end for stable releases and even for development. Please test and report. |
From: Fritz B. <fb...@iw...> - 2007-08-17 08:06:15
|
>1.3.3.2(28) is candidate for the 1.3.3.3 release. In 1.3.3.2 (31) the modifiers for regexen like bombre and whitere are changed from /si to /msi. The /s modifier treat a string as single line. The "/s" modifier overrides the $* setting. That is, no matter what $* contains, /s will force "^" to match only at the beginning of the string and "$" to match only at the end (or just before a newline at the end) of the string. Together, as /ms, they let the "." match any character whatsoever, while still allowing "^" and "$" to match, respectively, just after and just before newlines within the string. The "/i" modifier causes case-insensitive pattern matching. |
From: JP v. M. <jp...@ds...> - 2007-08-20 08:19:07
|
I'd like to know if the following assumptions on how "Spamhaters" works is correct: All rules that are in testmode are ignored for normal users, but are effective for those that are meant for spamhaters. This means I have to enable some rules I'm currently not using and put them in testmode. If nothing is in testmode, there's no difference between normal users and "spamhaters"... |
From: Fritz B. <fb...@iw...> - 2007-08-20 08:51:08
|
ass...@li... schreibt: > >I'd like to know if the following assumptions on how "Spamhaters" >works is >correct: spamHaters are exceptions to spamlovers and/or testmode. testmode can be set for the various methods ASSP uses, additionally testmode is internally used if blocking seems not appropriate. there are two spamHater lists: - Bayesian - All |
From: Matti H. <m....@ha...> - 2007-08-20 12:48:37
|
Yes, but a) the connection still stays open (inactiv), until the timeout. So I have lots of open connections from my relay server, which slows down ASSP sometimes so mauch, that it would not process any other request. b) the server is in ISPIP and is a relaying server - which should not produce any bounces, if he accepted the mail once. So it would be good if ASSP would mark these mails as SPAM and accept them anyway. Now it will be retried from my relaying server again and again until it got bounced from the relaying server. Is there a way to prevent servers in Ispip from getting blocked (beside puting it into NoProcessing)? matti > ass...@li... schreibt: >>Aug-17-07 10:29:55 [MessageLimit] id-9394c12012 85.10.201.53 <> to: >>lin...@so... Message Limit _SPAM_failure_notice_ >> >>The connection stays open until timeout. No further logentry with id >>id-9394c12012 > But the MessageLimit log entry is the normal last log entry for that > method of blocking. > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test - Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-22 Fax: +49 851 50477-29 http://www.haack-it.de Registergericht Passau HRB 5678 USt. ID: DE195625715 Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit: http://www.inn.de -- Ausgehende E-Mail wurde auf Viren gescannt -- |
From: Matti H. <m....@ha...> - 2007-08-20 13:58:11
|
Attached are my changed defaults: S e c t i o n: Network Setup listenPort -- SMTP Listen Port: 25 SMTPDESTINATION -- SMTP Destination: 127.0.0.1:225 (Default: 125) smtpDestinationRT -- SMTP Destination Routing Table**: LISTENPORT2 -- Second SMTP Listen Port: 125 (Default: ) smtpAuthServer -- Second SMTP Destination: EnforceAuth -- Force SMTP AUTH on Second SMTP Listen Port: smtpReportServer -- SMTP Reporting Destination: S e c t i o n: SMTP Session Limits MAXERRORS -- Maximum Errors Per Session: 3 (Default: 10) maxSMTPSessions -- Maximum Sessions: 32 MAXSMTPIPSESSIONS -- Maximum Sessions Per IP Address: 10 (Default: 5) MAXSMTPIPCONNECTS -- Maximum SMTP Connections Per IP Address Frequency: 30 (Default: 5) MAXSMTPIPDURATION -- Maximum SMTP Connections Per IP Address Frequency Duration: 60 (Default: 90) MAXSMTPIPEXPIRATION -- Maximum SMTP Connections Per IP Address Frequency Expiration: 300 (Default: 3600) MAXSMTPDOMAINIP -- Limit Subnet IPs Per Domain : 20 (Default: 0) maxSMTPdomainIPExpiration -- Limit Different IPs Per Domain Expiration: 7200 maxSMTPdomainIPWL -- Do Not Limit Different IPs For These Domains*: yahoo.com|hotmail.com SMTPIDLETIMEOUT -- SMTP Idle Timeout: 60 (Default: 300) S e c t i o n: SPAM Control blackRe -- BlackRe - Regular Expression to Identify Spam* : file:identspam.txt redRe -- Regular Expression to Identify Redlisted Mail*: file:redre.txt SpamGTUBE -- Generic Test for Unsolicited Bulk Email: XJS\*C4JDBQADN1.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C.34X SPAMERROR -- Spam Error: 500 Mail appears to be unsolicited spam -- send error reports to pos...@in... (Default: 554 5.7.1 Mail appears to be unsolicited -- send error reports to pos...@yo...) blackListedDomains -- Blacklisted Addresses/Domains*: file:blacklistedDomains.txt contentOnlyRe -- Regular Expression to Set Contents Only Checks*: noGriplistUpload -- Don't Upload Griplist Stats: noGriplistDownload -- Don't auto-download the Griplist file: ADDSPAMPROBHEADER -- Add Spam Probability Header: 1 (Default: 0) ADDINTENDEDFORHEADER -- Add Envelope-Recipient Header: 1 (Default: 0) NoExternalSpamProb -- Block Outgoing Spam-Prob header: 1 AddSpamHeader -- Add Spam Header: 1 AddCustomHeader -- Add Custom Header: X-SMSMSE-SCL: 9 AddLevelHeader -- Add Graphical Level Header: 1 CUSTOMIZESTARS -- Customize Graphical Level Header: 10 (Default: 5) AddSpamReasonHeader -- Add Spam Reason Header: 1 S e c t i o n: CC Mail sendAllSpam -- Copy Spam and Send to this Address: ccMaxBytes -- Restricts Copy Spam to MaxBytes: 1 ccSpamFilter -- Copy Spam Filter*: ccSpamAlways -- Copy Spam to these Recipients always*: sendAllPostmaster -- Catchall Address for Postmaster Mail: sendAllPostmasterNP -- Skip Spam Checks for Postmaster Catchall: sendAllAbuse -- Catchall Address for Abuse Mail: pos...@in... sendAllAbuseNP -- Skip Spam Checks for Abuse Catchall: 1 sendAllDestination -- Copy Mail SMTP Destination: SPAMSUBJECTCC -- Prepend Spam Subject to Copied Spam: 1 (Default: 0) spamTagCC -- Prepend Spam Tag to Copied Spam: 1 sendHamInbound -- Copy Incoming Not-Spam and Send to this Address: sendHamOutbound -- Copy Outgoing Not-Spam and Send to this Address: ccHamFilter -- Copy Not-Spam Filter*: S e c t i o n: SPAM Lover/No Processing spamLovers -- All Spam-Lover*: spamHaters -- All Spam-Haters*: baysSpamLovers -- Bayesian Spam-Lover*: file:baysianlovers.txt baysSpamHaters -- Bayesian Spam-Hater*: blSpamLovers -- Blacklisted Spam-Lover*: bombSpamLovers -- Bomb Spam-Lover*: hlSpamLovers -- HELO Blacklisted Spam-Lover*: attachSpamLovers -- Bad Attachment Spam-Lover*: spfSpamLovers -- SPF Failures Spam-Lover*: rblSpamLovers -- DNSBL Failures Spam-Lover*: file:spamlovers-rbl.txt uriblSpamLovers -- URIBL Failures Spam-Lover*: srsSpamLovers -- Not SRS Signed Bounces Spam-Lover *: delaySpamLovers -- No Delaying Spam-Lover*: isSpamLovers -- Invalid Sender Spam-Lover*: file:spamlovers-rfc.txt mxaSpamLovers -- Missing MX/A Spam-Lover*: ptrSpamLovers -- Invalid/Missing PTR Spam-Lover*: pbSpamLovers -- Penalty Box Blocking Spam-Lover *: file:spamlovers-pb.txt slRe -- Regular Expression to Identify Spam-Lover*: slScoringMode -- Message Scoring: 1 SPAMSUBJECTSL -- Suppress Spam Subject and Tag to Spam-Lover-mail: 1 (Default: 0) noProcessing -- Unprocessed Addresses*: te...@in... noProcessingDomains -- No Processing Domains*: sourceforge.net noProcessingIPs -- Unprocessed IPs*: file:files/ipnp.txt npRe -- Regular Expression to Identify No Processing Mail*: lists\.sourceforge\.net NPSIZE -- No Processing for Messages larger this SIZE: 100000 (Default: 500000) processOnlyAddresses -- Process Only Addresses*: poTestMode -- Enable Process Only Addresses: S e c t i o n: Whitelisting whiteRe -- Regular Expression to Identify Non-Spam* : file:nospamregex.txt whiteListedIPs -- Whitelisted IPs*: file:files/ipwl.txt whiteListedDomains -- Whitelisted Domains*: file:whitelist.txt VALIDATERWL -- Enable Realtime Whitelist Validation: 1 (Default: 0) RWLServiceProvider -- RWL Service Providers*: file:data/lists/RWLServiceProvider.txt RWLMAXREPLIES -- Maximum Replies: 5 (Default: 3) RWLminhits -- Minimum Hits: 1 RWLMAXTIME -- Maximum Time: 5 (Default: 10) AddRWLHeader -- Add X-Assp-Received-RWL Header: 1 NORWL -- Don't Validate RWL for these IPs*: 127.0.0.1 (Default: ) MAXWHITELISTDAYS -- Max Whitelist Days: 365 (Default: 180) WhitelistOnly -- Reject All But Whitelisted Mail: NoMaillog -- Don't log mail: NoAutoWhite -- Only Email-Interface Addition to Whitelist.: NotGreedyWhitelist -- Only the envelope-sender is added/compared to the whitelist: WHITELISTLOCALONLY -- Only local or authenticated users contribute to the whitelist.: 1 (Default: 0) WHITELISTLOCALFROMONLY -- Only users with a local domain in mailfrom contribute to the whitelist.: 1 (Default: 0) WHITELISTAUTH -- Whitelist authenticated users.: 1 (Default: 0) UpdateWhitelist -- Save Whitelist: 3600 S e c t i o n: Relaying acceptAllMail -- Accept All Mail* : file:acceptmail.txt localDomains -- Local Domains*: file:domains.txt nolocalDomains -- Skip Local Domain Check: ldLDAP -- Do LDAP lookup for local domains: ispip -- ISP/Secondary MX Servers*: file:relayfor.txt ispgreyvalue -- ISP/Secondary MX Grey Value: 0.5 BounceSenders -- Bounce Senders*: postmaster|mailer-daemon PopB4SMTPFile -- Pop Before SMTP DB File: PopB4SMTPMerak -- Pop Before SMTP Merak Style: relayHost -- : relayPort -- Relay Port: relayPortNP -- Relay Port Noprocessing: NoRelaying -- : 530 Relaying not allowed - Benutzen Sie SMTP-Auth (Benutzername u. Password wie bei POP3) wenn Sie über mail.internethit.de Emails versenden möchten. defaultLocalHost -- Default Local Host: localDomainsFile -- Local Domains File: relayHostFile -- Relay Host File - OBSOLETE: S e c t i o n: Validate Local Addresses DoRFC822 -- Validate local addresses to conform with RFC 822: 1 DoLocalSender -- Do Local Addresses Check for Local Sender : DoLDAP -- Do LDAP lookup for valid local addresses: LocalAddresses_Flat -- Lookup valid Local Addresses from here*: file:users.txt LOCALADDRESSESVALID -- Accept Remote Sender with Valid Local Addresses : 1 (Default: 0) CatchAll -- Send Invalid Recipients To This Address*: InternalAddresses -- Accept Mail from Local Domains only*: SepChar -- Separation Character for Subaddressing: + NoValidRecipient -- No-Valid-Local-User Reply: 550 5.1.1 User unknown - Sorry, but <EMAILADDRESS> is no valid user. S e c t i o n: Penalty Box DoPenalty -- Penalty Box : 2 DoPenaltyMessage -- Message Mode: 1 PENALTYMESSAGELOW -- Low Threshold for Combined Scores per Message: 39 (Default: 40) PENALTYMESSAGELIMIT -- High Threshold for Combined Scores per Message: 79 (Default: 50) NOPB -- Don't do Black Box for these IP's* : 85.10.201.53 (Default: ) AddScoringHeader -- Add PB Scoring Header: 1 pbdb -- Penalty Box Database: pb/pbdb spamtrapaddresses -- Penalty Trap Addresses * : file:spamtrapblock.txt sendAllTraps -- Catchall Address for Trap Addresses: PenaltyUseNetblocks -- Use IP Netblocks: PENALTYERROR -- Penalty Reply: 554 5.7.1 Error You are on the Penalty list because you violated our Anti-Spam policy. Ihre IP Adresse wurde vorrübergehend gesperrt. Verwenden Sie SMTP-Auth und ueberpruefen Sie die einstellungen Ihres eMail Servers. (Default: ) PENALTYDURATION -- Scoring Interval: 1440 (Default: 60) PENALTYLIMIT -- Threshold: 120 (Default: 50) PenaltyExpiration -- Expiration Time: 360 PENALTYEXTREME -- Extreme Threshold: 250 (Default: 150) DoExtremeWL -- Penalize Whitelisted: DoExtremeNP -- Penalize NonProcessing: ExtremeExpiration -- Expiration Time for Extreme Penalties: 7 WHITEEXPIRATION -- Expiration Time for WhiteBox Entries: 30 (Default: 90) exportExtremeFile -- Exported Penalty Black Box Extreme IPs *: denyUseNetblocks -- Use IP Netblocks in Deny Connections: 1 exportExtremeFileAppend -- Append Exported Extreme File: EXPORTEXTREMEFILEMAX -- Maximum Entries in Extreme File: 10000 (Default: 100000) exportExtremeFileDeny -- Use Exported Extreme File for SMTP Denying: denySMTPConnectionsFrom -- Deny SMTP Connections from these IP's*: denySMTPConnectionsFromAlways -- Always Deny SMTP Connections from these IP's*: DoNotPenalizeRed -- Do Not Penalize Redlisted Mails: DoNotPenalizeBounces -- Do Not Penalize Bounced Mails: 1 BAVALENCEPB -- Bad Attachment: 30 (Default: 20) SATVALENCEPB -- Scoring Attachment*: 25 (Default: 20) BAYSVALENCEPB -- Bayesian*: 40 (Default: 45) BLACKVALENCEPB -- BlackRe Expression*: 30 (Default: 20) BLVALENCEPB -- Blacklisted Domain: 45 (Default: 20) BOMBVALENCEPB -- Bomb Expression: 80 (Default: 25) bombTestValencePB -- Bomb Test Expression: 0 BOMBSUSPICIOUSVALENCEPB -- Bomb Scoring Only Expression*: 15 (Default: 20) ERVALENCEPB -- Empty Recipients**: 31 (Default: 5) FHVALENCEPB -- Forged HELO: 30 (Default: 150) FLVALENCEPB -- Forged Local Sender: 30 (Default: 20) HLVALENCEPB -- Blacklisted HELO: 80 (Default: 20) IAVALENCEPB -- Internal Only Address: 30 (Default: 25) IDVALENCEPB -- IP Subnet Changing Per Domain**: 20 (Default: 150) IFVALENCEPB -- Connection per IP Frequency Limit**: 71 (Default: 150) IHVALENCEPB -- Invalid HELO: 30 (Default: 20) ILVALENCEPB -- Parallel Sessions per IP Limit**: 5 (Default: 10) IRVALENCEPB -- Invalid Recipient: 31 (Default: 5) MEVALENCEPB -- Max Errors Exceeded**: 40 (Default: 15) MXVALENCEPB -- Missing MX/A Record: 35 (Default: 20) PTVALENCEPB -- Missing/Invalid PTR Record: 35 (Default: 20) RBLNVALENCEPB -- DNSBL Neutral: 0 (Default: 25) RBLVALENCEPB -- DNSBL Failed: 45 (Default: 100) RLVALENCEPB -- Failed Relay Attempt**: 25 (Default: 15) saValencePB -- Spam Collect Address**: 25 SCRIPTVALENCEPB -- Script Expression: 30 (Default: 25) SPFNVALENCEPB -- SPF Neutral: 0 (Default: 5) SPFSVALENCEPB -- SPF Softfailed: 15 (Default: 5) SPFVALENCEPB -- SPF Failed: 35 (Default: 10) STVALENCEPB -- Penalty Trap Address**: 25 (Default: 50) URIBLNVALENCEPB -- URIBL Neutral*: 0 (Default: 20) URIBLVALENCEPB -- URIBL Failed*: 35 (Default: 20) URIMAXVALENCEPB -- Max URIs exceeded*: 15 (Default: 20) URIOBFVALENCEPB -- URI Obfuscated*: 35 (Default: 20) vsValencePB -- Virus suspicious*: 25 VDVALENCEPB -- Virus detected: 80 (Default: 50) S e c t i o n: Validate Sender USEHELOBLACKLIST -- Use the Helo Blacklist: 1 (Default: 3) DoFakedLocalHelo -- Block Forged Helos: 1 DOFAKEDWL -- Do Not Block Whitelisted: 1 (Default: ) DoFakedNP -- Do Not Block Noprocessing: myServerRe -- Local IP's and Hostnames*: mail.internethit.de|internethit.de|internethit.info|mail.internethit.info|212.227.101.191|82.165.35.80 heloBlacklistIgnore -- Don't block these HELO's*: file:helo-white.txt DOVALIDFORMATHELO -- Validate Format of HELOs: 1 (Default: 3) validFormatHeloRe -- Regular Expression to Validate Format of HELO*: ^(([a-z\d][a-z\d\-]*)?[a-z\d]\.)+[a-z]{2,6}$ DoInvalidFormatHelo -- Regular Expression to Invalidate Format of HELOs: 3 invalidFormatHeloRe -- Regular Expression to Invalidate Format of HELO*: file:invalidHelos.txt DONOVALIDLOCALSENDER -- Validate Remote Sender with Local Domain Address: 3 (Default: 1) DoNoSpoofing -- Block All Remote Sender with Local Domain Address: DoReversed -- Reversed Lookup: 3 DoInvalidPTR -- Reversed Lookup FQDN: 3 invalidPTRRe -- Regular Expression to Invalidate Format of PTR*: file:\files\invalidptr.txt DoDomainCheck -- Validate Sender Domain MX/A: 3 SenderInvalidError -- Sender Validation Error: 554 5.7.7 REASON . S e c t i o n: Delaying/Greylisting EnableDelaying -- Enable Delaying/Greylisting: 1 DelayWL -- Whitelisted Delaying: DelaySL -- Spamlovers Delaying: DelayAddHeader -- Add X-Assp-Delayed Header: 1 DELAYEMBARGOTIME -- Embargo Time: 2 (Default: 5) DelayWaitTime -- Wait Time: 28 DELAYEXPIRYTIME -- Expiry Time: 90 (Default: 36) DelayUseNetblocks -- Use IP Netblocks: 1 DelayNormalizeVERPs -- Normalize VERP Addresses: 1 DelayExpireOnSpam -- Expire Spamming Whitelisted Tuplets: 1 CleanDelayDBInterval -- Clean Up Delaying Database: 3600 noDelay -- Don't Delay these IPs*: file:nodelay.txt DelayError -- Reply Message to Refuse Delayed Email: 451 4.7.1 Please try again in three minutes - Greylisting S e c t i o n: SPF VALIDATESPF -- Enable SPF Validation: 3 (Default: 0) SPFWL -- Whitelisted SPF Validation: SPFNP -- noProcessing SPF Validation: SPFtrusted -- Use Trusted Forwarder List: 1 AddSPFHeader -- Add Received-SPF Header: 1 SPFERROR -- SPF Failed Reply: 550 5.7.1 failed SPF: SPFRESULT (Default: 554 5.7.1 failed SPF: SPFRESULT) LocalPolicySPF -- Local SPF Policy: v=spf1 a/24 mx/24 ptr ~all noSPFRe -- Skip SPF Processing Regex*: strictSPFRe -- Strict SPF Processing Regex*: SPFsoftfail -- Fail SPF Softfail Validations: SPFneutral -- Fail SPF Neutral Validations: SPFtemp -- Fail SPF Temperror Validations: SPFperm -- Fail SPF Permerror Validations: DebugSPF -- Enable SPF Debug output to ASSP Logfile: S e c t i o n: SRS Options ENABLESRS -- Enable Sender Rewriting Scheme: 1 (Default: 0) SRSAliasDomain -- Alias Domain: internethit.de SRSSecretKey -- Secret Key: Eurocheque$ SRSTimestampMaxAge -- Maximum Timestamp Age: 21 SRSHashLength -- Hash Length: 4 SRSValidateBounce -- Enable Bounce Recipient Validation: 1 NOSRS -- Don't Validate Bounces From these IPs*: 127.0.0.1|212.227.101.191|82.165.35.80|62.159.145.82|85.10.201.53|145.253. (Default: ) S e c t i o n: DNSBL ValidateRBL -- Enable DNS Blacklist Validation : 1 noRBL -- Don't do DNSBL for these IPs*: file:excludeFromRBL.txt RBLWL -- Whitelisted DNSBL Validation: (Default: 1) AddRBLHeader -- Add X-Assp-Received-DNSBL Header: 1 RBLERROR -- DNSBL Failed Reply: 550 5.7.1 Blacklisted by RBLLISTED - please contact pos...@in... (Default: 554 5.7.1 DNS Blacklisted by RBLLISTED) RBLServiceProvider -- RBL Service Providers* : file:rblprovider.txt RBLMAXREPLIES -- Maximum Replies: 4 (Default: 3) RBLMAXHITS -- Maximum Hits: 2 (Default: 1) RBLMAXTIME -- Maximum Time: 3 (Default: 10) RBLSOCKTIME -- Socket Timeout: 5 (Default: 1) DoRBLCache -- Cache DNSBL Hits : 1 ForceRBLCache -- Enforce DNSBL Cache : 1 RBLCACHEREFRESH -- DNSBL Cache Refresh Interval: 6 (Default: 24) S e c t i o n: URIBL VALIDATEURIBL -- Enable URI Blocklist Validation : 3 (Default: 1) URIBLWL -- Do URI Blocklist Validation for Whitelisted: URIBLNP -- Do URI Blocklist Validation for No Processing: URIBLLocal -- Do URI Blocklist Validation for Local Mails: URIBLServiceProvider -- URIBL Service Providers*: file:data/lists/URIBLServiceProvider.txt URIBLCCTLDS -- URIBL Country Code TLDs*: file:data/lists/URIBLCCTLDS.txt VALIDATEMAXURI -- Enable maximum number of URI domains check: 3 (Default: 1) URIBLMAXURIS -- Maximum URIs: 200 (Default: 25) URIBLMAXDOMAINS -- Maximum Unique Domain URIs: 180 (Default: 15) URIBLNOOBFUSCATED -- Disallow Obfuscated URIs : (Default: 1) URIBLMAXREPLIES -- Maximum Replies: 2 (Default: 1) URIBLMAXHITS -- Maximum Hits: 2 (Default: 1) URIBLMAXTIME -- Maximum Time: 15 (Default: 10) URIBLSOCKTIME -- Socket Timeout: 5 (Default: 1) URIBLwhitelist -- Whitelisted URIBL Domains*: doubleclick.net noURIBL -- Don't Check Messages from these Addresses*: URIBLPOLICYERROR -- URIBL Policy Abuse Reply: 550 5.7.1 Message rejected by domain policy: Bad or Blocked URL in this mail. Contact the pos...@in... . This attempt has been logged. (Default: 554 5.7.1 Message rejected by domain policy. Contact the postmaster of this domain for resolution. This attempt has been logged.) AddURIBLHeader -- Add X-Assp-Received-URIBL Header: 1 DoURIBLCache -- Cache URIBL Hits : 1 DoURIBLCacheNoHit -- Cache URIBL Misses : 1 URIBLCACHEREFRESH -- URIBL Cache Refresh Interval: 4 (Default: 6) URIBLERROR -- Reply Message to refuse failed URIBL Email: 550 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged. (Default: 554 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged.) S e c t i o n: Attachments & Viruses DOBLOCKEXES -- External Attachment Blocking : 3 (Default: 0) BlockExes -- External Attachment Blocking Level: 0 BlockWLExes -- Whitelisted & Local Attachment Blocking: 0 BlockNPExes -- NoProcessing Attachment Blocking: 0 BadAttachL1 -- Level 1 rejected File Extensions: pdf\.exe BadAttachL2 -- Level 2 rejected File Extensions: BadAttachL3 -- Level 3 rejected File Extensions: GoodAttach -- Level 4 Allowed File Extensions: doc|xls|ppt|pdf|zip|rtf|txt SuspiciousAttach -- Suspicious File Extensions: pdf|zip ATTACHMENTERROR -- Reply Message to Refuse rejected Attachments: 552 These attachments are not allowed -- Compress before mailing :: Die Mail enthaelt Anhaenge, deren Dateityp nicht zulässig ist (.*.exe) (Default: 550 These attachments are not allowed -- Compress before mailing.) BLOCKUUENCODED -- Refuse Uuencoded Mails: (Default: 1) UuencodedError -- Reply to Refuse Uuencoded Mails: 554 5.7.1 This mail is uuencoded and will be blocked. USEAVCLAMD -- Use ClamAV: 1 (Default: 0) NoScanRe -- Skip ClamAV RegEx*: SuspiciousVirus -- Suspicious Virus Scoring Regex: SCANWL -- Scan Whitelisted Senders: 1 (Default: 0) ScanNP -- Scan No Processing Senders: SCANLOCAL -- Scan Local Senders: 1 (Default: 0) AVCLAMDPORT -- Port or file socket for ClamAV: 3310 (Default: /tmp/clamd) AvError -- Reply Message to Refuse Infected Email: 554 Mail appears infected with '$infection' -- disinfect and resend :: Die Mail enthaelt vermutlich einen Virus oder Spam und kann daher nicht versendet werden EmailVirusReportsTo -- Virus Report Mail Address: EmailVirusReportsHeader -- Add Full Header To Virus Report To Mail Address Above: EmailVirusReportsToRCPT -- Virus Report To Recipient: ClamAVBytes -- ClamAV Bytes: 100000 S e c t i o n: Regex Filters / Spambomb bombReWL -- Do Regular Expressions Checks for Whitelisted: bombReNP -- Do Regular Expressions Checks for No Processing: bombReLocal -- Do Regular Expressions Checks for Local Mails: DOBOMBSENDERRE -- Use BombSender Regular Expression: 1 (Default: 0) bombSenderRe -- BombSender Blocking Regular Expression *: file:blockedsender.txt DOBOMBHEADERRE -- Use BombHeader Regular Expressions on Header: 3 (Default: 0) bombHeaderRe -- Regular Expression to Identify Spam in Header*: file:blockedheader.txt bombSubjectRe -- Regular Expression to Identify Spam in Subject*: bombCharSets -- Regular Expression to Identify Spam in Characterset* : DOBOMBRE -- : 3 (Default: 0) bombRe -- BombRaw Regular Expression in Header and Data*: file:bombregex.txt bombSuspiciousRe -- Regular Expression for Message Scoring Only*: file:bombsuspicious.txt bombDataRe -- BombData Regular Expression in Data*: file:files/bombre.txt noBombScript -- Don't Check Messages from these Addresses*: DoTestRe -- BombTest Regular Expression: testRe -- BombTest Regular Expression*: BOMBERROR -- Spam Bomb Error: 550 Your message was rejected because it appears to be part of a spam bomb -- . (Default: 554 5.7.1 Delivery not authorized, message refused -- .) bombErrorReason -- Add Reason: 1 DoScriptRe -- Use Regular Expression to Identify Mobile Scripts: 0 scriptRe -- Regular Expression to Identify Mobile Scripts*: SCRIPTERROR -- Script Error: 550 Your email contains html scripting code -- please resend as plain text. (Default: 554 5.7.1 Your email contains html scripting code -- please resend as plain text.) S e c t i o n: Bayesian Options DOBAYESIAN -- Bayesian Check : 3 (Default: 0) noBayesian -- Skip Bayesian Check*: BAYSSPAMLOVERSRED -- Do not store Bayesian SpamLover in SpamDB: 1 (Default: 0) baysConfidence -- Bayesian Confidence Threshold (experimental): baysConfidenceHalfScore -- Reduce Scoring for Low Confidence: 1 NoTagInTestmode -- No Subject Tag in Testmode: ADDCONFIDENCEHEADER -- Add Bayes Confidence Header: 1 (Default: 0) S e c t i o n: TestModes spamSubject -- Prepend Spam Subject : ***** Spam ***** spamTag -- Prepend Spam Tag: testScoringMode -- Message Scoring : 1 BAYSTESTMODE -- Bayesian Test Mode: (Default: 1) blTestMode -- BlackDomain Test Mode: hlTestMode -- Helo-Blacklist Test Mode: sbTestMode -- Spam Address Test Mode: spfTestMode -- SPF Test Mode: rblTestMode -- DNSBL Test Mode: attachTestMode -- Bad Attachment Test Mode: uriblTestMode -- URIBL Test Mode: srsTestMode -- SRS Test Mode: bombTestMode -- Bomb Regex Test Mode: scriptTestMode -- Script Regex Test Mode: mxaTestMode -- Missing MX/A Record Test Mode: ptrTestMode -- Reversed Lookup Test Mode: ihTestMode -- Invalid Helo Test Mode: fhTestMode -- Forged Local Helo Test Mode: flsTestMode -- Forged Local Sender Test Mode: msTestMode -- Message Scoring Test Mode: pbTestMode -- Penalty Box Test Mode: S e c t i o n: Email Interface EmailInterfaceOk -- Enable Email Interface: 1 EmailSenderOK -- Accept Emails (Reports) from these external addresses*: file:acceptexternal.txt EmailAdminReportsTo -- Admin Mail Address: no...@in... EmailHelp -- Help Address: assphelp EmailSpam -- Report Spam Address: spam EmailHam -- Report not-Spam Address: notspam EMAILERRORSREPLY -- Reply to Spam/Not-Spam Reports: 3 (Default: 1) EmailErrorsTo -- TO Address for Spam/Ham-Reports: no...@in... EmailWhiteRemovalToRed -- Add Whitelist Removals To Redlist : EMAILERRORSMODIFYWHITE -- Combined Spam/Ham Report & Whitelist Add/Remove: 1 (Default: 0) EmailWhitelistAdd -- Add to Whitelist Address: white EmailWhitelistRemove -- Remove from Whitelist Address: notwhite EMAILWHITELISTREPLY -- Reply to Add to/Remove from Whitelist: 3 (Default: 1) EmailWhitelistTo -- To Address for Whitelist-Reports: pos...@in... EmailRedlistAdd -- Add to Redlist Address: red EmailRedlistRemove -- Remove from Redlist Address: notred EmailRedlistReply -- Reply to Add to/Remove from Redlist: 1 EmailRedlistTo -- To Address for Redlist-Reports: pos...@in... EmailFrom -- From Address for Reports: pos...@in... NoHaiku -- Legacy: Don't reply to messages to the Email Interface: S e c t i o n: File Paths base -- Directory Base: h:\assp spamlog -- Spam Collection: spam notspamlog -- Not-spam Collection: notspam incomingOkMail -- OK Mail: viruslog -- Attachment/Virus Collection: virus correctedspam -- False-negative Collection: errors/spam correctednotspam -- False-positive Collection: errors/notspam maillogExt -- Extension for Mail Files: .eml spamdb -- Spam Bayesian Database File: spamdb whitelistdb -- Email Whitelist Database File: whitelist redlistdb -- Email Redlist Database File: redlist griplist -- GReyIPlist Database: greylist delaydb -- Delaying Database: delaydb myhost -- MySQL hostname or IP: mydb -- MySQL database name: myuser -- MySQL username: mypassword -- MySQL password: logfile -- ASSP Logfile: maillog.txt pidfile -- PID File: S e c t i o n: Collecting spamaddresses -- Spam Collect Addresses* : file:spamcollect.txt sendAllCollect -- Catchall Address for Collect Addresses: sp...@in... UseSubjectsAsMaillogNames -- Use Subject as Maillog Names: DoNotCollectRed -- Do Not Collect Redlisted Mails: 1 DoNotCollectBounces -- Do Not Collect Bounced Mails: 1 MAXFILES -- Max Files: 20000 (Default: 14000) FILESDISTRIBUTION -- Files Distribution: 0.4 (Default: 0.5) MAXBYTES -- Max Bytes: 5000 (Default: 4000) ERRORMAXBYTES -- Error Max Bytes: 20000 (Default: 10000) WLATTACHLOG -- Whitelisted rejected Attachments: 7 (Default: 5) npAttachLog -- No Processing rejected Attachments: 7 extAttachLog -- External rejected Attachments: 7 SpamVirusLog -- Virus Infected: 6 spamBombLog -- Spam Bombs: 6 scriptLog -- Scripts: 3 baysNonSpamLog -- OK Mail: 4 NonSpamLog -- Non Spam: 2 blDomainLog -- Blacklisted Domains: 3 SPAMHELOLOG -- Spam Helos: 7 (Default: 6) forgedHeloLog -- Forged Helos: 6 SPAMBUCKETLOG -- Spam Collect Addresses: 3 (Default: 1) baysSpamLog -- Bayesian Spams: 3 SPFFailLog -- SPF Failures: 3 RBLFailLog -- DNSBL Failures: 3 URIBLFailLog -- URIBL Failures: 3 SRSFailLog -- SRS Failures: 3 spamPTRLog -- Missing/Invalid Pointer : 3 spamMXALog -- Missing MX/A Record : 3 SPAMISLOG -- Invalid Sender Failures: 7 (Default: 6) spamMSLog -- Message Scoring Blocks: 3 SPAMPBLOG -- PB Blocks: 7 (Default: 6) freqNonSpam -- Non Spam Collection Frequency: 1 freqSpam -- Spam Collection Frequency: 1 S e c t i o n: Logging FILELOGGING -- File name logging: 1 (Default: 0) SUBJECTLOGGING -- Subject logging: 1 (Default: 0) regexLogging -- Regex Match logging: 1 ADDREGEXHEADER -- Add RegEx Match Header: 1 (Default: 0) UNIQEIDLOGGING -- Unique ID logging: 1 (Default: 0) uniqueIDPrefix -- Prepend Unique ID logging: id- tagLogging -- Spam Tag Logging: 1 SYSLOG -- SYSLOG Centralized Logging: 1 (Default: 0) sysLogPort -- Syslog Port (UDP): 514 SysLogFac -- Syslog Facility: mail sysLogIp -- Syslog IP: 127.0.0.1 asspLog -- ASSP local logging: 1 LogRollDays -- Roll the Logfile How Often?: 7 silent -- Silent Mode: DEBUG -- Debug Mode: noLog -- Don't Log these IPs*: CONNECTIONLOG -- Connections Logging: 1 (Default: 0) SessionLog -- Session Limit Logging: 1 DENYSMTPLOG -- Enables Logging for 'Deny SMTP Connections From': (Default: 1) RWLLOG -- Enable RWL logging: 1 (Default: 0) LDAPLog -- Enable LDAP logging: VALIDATEUSERLOG -- Enable User Validation logging: 2 (Default: 1) PENALTYLOG -- Enable PenaltyBox logging: 2 (Default: 1) MessageLog -- Enable Message Scoring logging: 1 ValidateSenderLog -- Enable Validate Sender Logging: 1 DELAYLOG -- Enable Greylisting/Delaying logging: 1 (Default: 0) SPFLog -- Enable SPF logging: 1 RBLLog -- Enable DNSBL logging: 1 URIBLLog -- Enable URIBL logging: 1 ScanLog -- Enable ClamAV logging: 1 BayesianLog -- Enable Bayesian Logging: 1 MaintenanceLog -- Enable Maintenance logging: 1 Showmaxreplies -- Show All Possible Hits : RegExLength -- RegEx Length in Log: 32 SENDNOOPINFO -- Send NOOP Info: 1 (Default: 0) S e c t i o n: LDAP Setup LDAPHost -- LDAP Host(s): localhost LDAPLogin -- LDAP Login: LDAPPassword -- LDAP Password: LDAPRoot -- LDAP Root container: DC=mail.internethit.de ldLDAPFilter -- LDAP Filter for Local Domains: LDAPFilter -- LDAP Filter for Local Addresses: LDAPFail -- LDAP failures return false: S e c t i o n: Server Setup ASASERVICE -- Run ASSP as a Windows Service**: 1 (Default: 0) AsADaemon -- Run ASSP as a Daemon**: runAsUser -- Run as UID**: runAsGroup -- Run as GID**: ChangeRoot -- Change Root**: myName -- My Name: Internethit.nospam proxyserver -- Proxy Server: OutgoingBufSize -- Size of TCP/IP Buffer: 102400 webAdminPort -- Web Admin Port: 55555 webAdminPassword -- Web Admin Password: Eurocheque$ ALLOWADMINCONNECTIONSFROM -- Only Allow Admin Connections From*: 127.0.0.1|82.165.35.80 (Default: ) HEADERMAXLENGTH -- Maximum Header Size: 32000 (Default: 100000) HeaderMaxLocal -- Check Header Size for Locals: 1 SaveStatsEvery -- Statistics Save Interval: 0 totalizeSpamStats -- Upload Consolidated Spam Statistics: 1 RestartEvery -- Restart Timeout**: 0 OrderedTieHashSize -- Ordered-Tie Hash Table Size: 20000 EnableHTTPCompression -- Enable HTTP Compression in GUI: 1 ENABLEFLOATINGMENU -- Enable Floating Menu Panel in GUI: (Default: 1) EnableInternalNamesInDesc -- Show Internal Names Below Descriptions in the GUI: 1 MAILLOGTAILJUMP -- Jump to the End of the Maillog: 1 (Default: 0) MaillogTailBytes -- Maillog Tail Bytes: 10000 MaillogTailWrapColumn -- Maillog Tail Wrap Column: 80 UseLocalTime -- Use Local Time: 1 > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test - Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-22 Fax: +49 851 50477-29 http://www.haack-it.de Registergericht Passau HRB 5678 USt. ID: DE195625715 Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit: http://www.inn.de -- Ausgehende E-Mail wurde auf Viren gescannt -- |
From: Fritz B. <fb...@iw...> - 2007-08-20 14:29:39
|
Yes , ASSP is working as announced. No changes in that for ages. |
From: Micheal E. Jr <mi...@es...> - 2007-08-21 15:36:13
|
JP van Melis wrote: > ?? > Hey, I'm merely suggesting something that could be seen as an improvement. > I consider that contributing. > Apparently, you (or even most) don't see this as an improvement. > If so, just say so, but don't come with arguments about editing in one > place, as that wasn't what I meant. I was merely reacting on that. > > If I'm the only one that sees an advantage in this extra info.. Well... > Leave it. > Don't become offending... Language barrier. You'll get familiar with it. |
From: Micheal E. Jr <mi...@es...> - 2007-08-21 18:16:05
|
I would like to add this: Ever few months I take a peak at my whitelist to see how its doing - and at the top of the alphabetized list I will have 3-5 addresses that have a ' (apostrophe) preceding the address. No other corruption to speak of - just this odd-ball apostrophe thing. It would be great if perhaps there was some automation in checking for there erroneous first characters and stripping them. It's just an idea since we are on the subject right now. I don't know if its feasible or within RFCs to do so - but it is something I find myself doing every once in a while. |
From: Hill, B. <hi...@nl...> - 2007-08-21 18:23:45
|
Back when I had Exchange 5.5 and was running earlier versions of ASSP like 1.0.12, usually 50% of my whitelist started with "'". Now that I'm using Exchange 2003, I've got like 8 with apostrophe's and 1 that starts with "&to=3D3d" (not sure if 3d's part of the email address or not). I don't know if it's Exchange related or if it has just been reduced because of newer versions of ASSP. -----Original Message----- From: ass...@li... [mailto:ass...@li...] On Behalf Of Micheal Espinola Jr Sent: Tuesday, August 21, 2007 2:16 PM To: ass...@li... Subject: Re: [Assp-test] Odd Whitelist entires I would like to add this: Ever few months I take a peak at my whitelist to see how its doing - and at the top of the alphabetized list I will have 3-5 addresses that have a ' (apostrophe) preceding the address. No other corruption to speak of - just this odd-ball apostrophe thing. It would be great if perhaps there was some automation in checking for there erroneous first characters and stripping them. It's just an idea since we are on the subject right now. I don't know if its feasible or within RFCs to do so - but it is something I find myself doing every once in a while. ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test |
From: Fritz B. <fb...@iw...> - 2007-08-21 19:51:20
|
>because of newer versions of ASSP. we are stripping the "'". |
From: Fritz B. <fb...@iw...> - 2007-08-21 20:04:09
|
> >It's just an idea since we are on the subject right now There were requests to remove the check on "=" in addresses. What is your opinion: are there really companies out there which use "=" in addresses and why do they do it. I tend to use the following regex for checking adddresses: "[^()<>@,;:\\\"\\[\\]\000-\040]+" |
From: Kevin <ass...@la...> - 2007-08-22 01:08:48
|
Dave Emory wrote: > Fritz Borgstedt wrote: >> ass...@li... schreibt: >>> For whatever reason, sourceforge.net's IP address got into the pb >>> blacklist. I found the IP address in the gui edit window, and deleted >>> them. >> It is a better idea to delete the IP from blackbox by adding the ip to >> the whiteListedIPs. >> > The current ASSP code allows editing the PB blacklist, so it should work. > If it doesn't work, then that way of editing should not be in the code > (IMHO). It's not a matter of being able to or not, it's a matter of what works best. While you CAN remove the ip from the blackbox, whitelisting the IP would do the same thing AND prevent it from ever getting on the blackbox again. Just because you CAN do something does not mean you should, nor does it mean it's the best way to do it. Kevin |
From: Fritz B. <fb...@iw...> - 2007-08-22 06:18:30
|
ass...@li... schreibt: >Just because you CAN do something does not mean you should, nor does >it >mean it's the best way to do it. There is already (since some versions) a text in the box: No changes here recommended. For removal of entries from BlackBox use noPB. For whitelisting use Whitelisted IPs. For blacklisting use Deny SMTP Connections From these IP's. |
From: Graziano <dre...@li...> - 2007-08-23 16:18:43
|
Hello what is "Allow = in Whitelisted Addresses" on email interface ? Thank you Graziano |
From: Fritz B. <fb...@iw...> - 2007-08-23 16:25:49
|
ass...@li... schreibt: >what is "Allow = in Whitelisted Addresses" on email interface ? it allows adresses like =me@domain to be added some people asked for that |
From: Steve T. <st...@sw...> - 2007-08-23 16:30:09
|
The title=3d whitelist entries that I was having issues with do not happen anymore. Might have been the "=" you added and I do not allow them now. Works fine now. Thanks |
From: Fritz B. <fb...@iw...> - 2007-08-24 10:21:36
|
Opinions: I tend to remove the "old" testmode and replace it with operation modus "4" in the sections, like : 0 = inactive, 1 = active, 2 = monitor, 3 = score, 4= testmode That would show clearly the current mode in one place. And NO I am not willing then to keep the current testmode and show/update it depending on the operation mode ))). |
From: Paul H. <du...@sh...> - 2007-08-24 10:30:11
|
How would you change between testmode/scoring and testmode/active? Fritz Borgstedt wrote: > Opinions: > > I tend to remove the "old" testmode and replace it with operation > modus "4" in the sections, like : > 0 = inactive, 1 = active, 2 = monitor, 3 = score, 4= testmode > > That would show clearly the current mode in one place. > And NO I am not willing then to keep the current testmode and > show/update it depending on the operation mode ))). > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test |
From: Fritz B. <fb...@iw...> - 2007-08-24 11:27:12
|
ass...@li... schreibt: >How would you change between testmode/scoring and testmode/active? Currently testmode is ignored when operation mode is not 1. So there was never a testmode/scoring combination of any meaning, it is just scoring. |
From: Fritz B. <fb...@iw...> - 2007-08-24 11:28:31
|
ass...@li... schreibt: >And NO I am not willing then to keep the current testmode and >show/update it depending on the operation mode ))). However, I would replace the current testmodes by an "allTestModes" (set all Testmodes) |
From: Bob C. - I. F. D. Corp. <bco...@in...> - 2007-08-24 15:29:13
|
>I tend to remove the "old" testmode and replace it with operation modus "4" in the sections, like : 0 = inactive, 1 = active, 2 = monitor, 3 = score, 4= testmode >However, I would replace the current testmodes by an "allTestModes" (set all Testmodes) I like this idea. |
From: Daniel L. M. <dm...@am...> - 2007-08-24 15:23:13
|
Fritz Borgstedt wrote: > ass...@li... schreibt: > >> And NO I am not willing then to keep the current testmode and >> show/update it depending on the operation mode ))). >> > > > However, I would replace the current testmodes by an "allTestModes" > (set all Testmodes) > If the purpose of "testmode" is either troubleshooting or to fill a database, I LIKE having the testmodes in a central area. Just as with the logging options, there are certainly arguments for both central and distributed placement. But for me, both for ease of locating the settings and ease of browsing (cuz splitting testmode up means each section is then going to grow accordingly by at least one option) I like the current centralized placement. This part ain't broke yet - it don't need no fixin'! What IS broken is proper end-user understanding of testmode and message scoring. -- Daniel A spam trap for your crawler pleasure: lis...@am... |
From: Katip <ka...@ka...> - 2007-08-24 17:58:40
|
Fritz, no, the same behaviour with (3) sorry. Katip On 24 Aug 2007 at 19:39, Fritz Borgstedt wrote: > I put a bug in. > Should be out in (3). > > fritz > > > ---------------------------------------------------------------------- > --- This SF.net email is sponsored by: Splunk Inc. Still grepping > through log files to find problems? Stop. Now Search log events and > configuration files using AJAX and a browser. Download your FREE copy > of Splunk now >> http://get.splunk.com/ > _______________________________________________ Assp-test mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-test |