You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(7) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
(26) |
Feb
(29) |
Mar
(27) |
Apr
(61) |
May
(179) |
Jun
(176) |
Jul
(243) |
Aug
(270) |
Sep
(147) |
Oct
(161) |
Nov
(110) |
Dec
(132) |
2004 |
Jan
(161) |
Feb
(114) |
Mar
(190) |
Apr
(79) |
May
(265) |
Jun
(269) |
Jul
(176) |
Aug
(159) |
Sep
(138) |
Oct
(45) |
Nov
(85) |
Dec
(80) |
2005 |
Jan
(145) |
Feb
(65) |
Mar
(49) |
Apr
(80) |
May
(136) |
Jun
(134) |
Jul
(408) |
Aug
(107) |
Sep
(75) |
Oct
(32) |
Nov
(42) |
Dec
(28) |
2006 |
Jan
(74) |
Feb
(134) |
Mar
(804) |
Apr
(984) |
May
(829) |
Jun
(427) |
Jul
(397) |
Aug
(745) |
Sep
(176) |
Oct
(564) |
Nov
(748) |
Dec
(1052) |
2007 |
Jan
(984) |
Feb
(678) |
Mar
(568) |
Apr
(434) |
May
(644) |
Jun
(396) |
Jul
(655) |
Aug
(693) |
Sep
(497) |
Oct
(411) |
Nov
(316) |
Dec
(310) |
2008 |
Jan
(192) |
Feb
(169) |
Mar
(141) |
Apr
(55) |
May
(143) |
Jun
(157) |
Jul
(136) |
Aug
(187) |
Sep
(131) |
Oct
(228) |
Nov
(227) |
Dec
(144) |
2009 |
Jan
(205) |
Feb
(211) |
Mar
(302) |
Apr
(186) |
May
(99) |
Jun
(127) |
Jul
(74) |
Aug
(18) |
Sep
(110) |
Oct
(61) |
Nov
(149) |
Dec
(186) |
2010 |
Jan
(108) |
Feb
(135) |
Mar
(85) |
Apr
(109) |
May
(115) |
Jun
(176) |
Jul
(81) |
Aug
(210) |
Sep
(76) |
Oct
(41) |
Nov
(69) |
Dec
(78) |
2011 |
Jan
(65) |
Feb
(48) |
Mar
(78) |
Apr
(34) |
May
(78) |
Jun
(92) |
Jul
(42) |
Aug
(40) |
Sep
(175) |
Oct
(26) |
Nov
(22) |
Dec
(15) |
2012 |
Jan
(20) |
Feb
(24) |
Mar
(20) |
Apr
(13) |
May
(29) |
Jun
(22) |
Jul
(12) |
Aug
(14) |
Sep
(22) |
Oct
(51) |
Nov
(74) |
Dec
(45) |
2013 |
Jan
(10) |
Feb
(40) |
Mar
(17) |
Apr
(59) |
May
(186) |
Jun
(67) |
Jul
(25) |
Aug
(51) |
Sep
(67) |
Oct
(47) |
Nov
(70) |
Dec
(39) |
2014 |
Jan
(41) |
Feb
(32) |
Mar
(67) |
Apr
(58) |
May
(89) |
Jun
(36) |
Jul
(59) |
Aug
(50) |
Sep
(86) |
Oct
(43) |
Nov
(43) |
Dec
(31) |
2015 |
Jan
(43) |
Feb
(40) |
Mar
(35) |
Apr
(23) |
May
(24) |
Jun
(45) |
Jul
(26) |
Aug
(38) |
Sep
(38) |
Oct
(17) |
Nov
(15) |
Dec
(21) |
2016 |
Jan
(28) |
Feb
(81) |
Mar
(157) |
Apr
(59) |
May
(9) |
Jun
(30) |
Jul
(77) |
Aug
(44) |
Sep
(64) |
Oct
(31) |
Nov
(26) |
Dec
(59) |
2017 |
Jan
(27) |
Feb
(56) |
Mar
(24) |
Apr
(14) |
May
(31) |
Jun
(35) |
Jul
(19) |
Aug
(7) |
Sep
(11) |
Oct
(2) |
Nov
(15) |
Dec
(22) |
2018 |
Jan
(13) |
Feb
(9) |
Mar
|
Apr
(4) |
May
(8) |
Jun
(11) |
Jul
(26) |
Aug
(14) |
Sep
(5) |
Oct
(2) |
Nov
(11) |
Dec
(7) |
2019 |
Jan
(5) |
Feb
(4) |
Mar
(5) |
Apr
(1) |
May
(7) |
Jun
(15) |
Jul
|
Aug
(4) |
Sep
|
Oct
(6) |
Nov
(20) |
Dec
(14) |
2020 |
Jan
(11) |
Feb
|
Mar
(32) |
Apr
(3) |
May
(14) |
Jun
(8) |
Jul
|
Aug
(9) |
Sep
(14) |
Oct
(5) |
Nov
(1) |
Dec
|
2021 |
Jan
(13) |
Feb
|
Mar
(6) |
Apr
(6) |
May
(18) |
Jun
(3) |
Jul
(7) |
Aug
(20) |
Sep
(20) |
Oct
(3) |
Nov
(5) |
Dec
|
2022 |
Jan
(7) |
Feb
(4) |
Mar
(7) |
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
(3) |
Sep
(4) |
Oct
(1) |
Nov
|
Dec
|
2023 |
Jan
(5) |
Feb
(2) |
Mar
|
Apr
(3) |
May
(3) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
|
From: Farokh <fa...@be...> - 2023-11-18 19:04:22
|
I'm trying to figure out what is going on. ASSP keeps connecting to one of my mail servers, and then immediately disconnects, multiple times in succession, and I don't know why. There's no indications of these connections in the ASSP maillog.txt file. How do I go about figuring out where the issue is? Here's a sample: Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: BBE46248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: BF36E248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: C263C248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: CB17F248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: D2822248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: D691F248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: DA14F248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: E0E04248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: E3E17248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: ED538248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: F09E8248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:17 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: 03FAA248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: 07342248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:32:18 linuxmail postfix/smtpd[4337]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:25 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:26 linuxmail postfix/smtpd[4529]: 7B8CA248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:26 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:26 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:27 linuxmail postfix/smtpd[4529]: 8347E248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:27 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:27 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:28 linuxmail postfix/smtpd[4529]: 8AA3E248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:28 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:28 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:29 linuxmail postfix/smtpd[4529]: 8E9D8248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:29 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:29 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:30 linuxmail postfix/smtpd[4529]: 9302F248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:30 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 Nov 18 13:35:30 linuxmail postfix/smtpd[4529]: connect from ns1.xmsi.net[165.254.4.23] Nov 18 13:35:31 linuxmail postfix/smtpd[4529]: 9C5CE248045B: client=ns1.xmsi.net[165.254.4.23] Nov 18 13:35:31 linuxmail postfix/smtpd[4529]: disconnect from ns1.xmsi.net[165.254.4.23] ehlo=1 mail=1 rcpt=1 quit=1 unknown=0/1 commands=4/5 -- Farokh ---------------------------------------------------------------------------- Best Tech Service, LLC - When only the Best Tech will do... For all your technology needs including hosting solutions. Office: 845-735-0210 Cell: 914-262-1594 Like us on Facebook: https://www.facebook.com/besttechsvc |
From: Thomas E. <Tho...@th...> - 2023-11-12 15:26:03
|
Hi all, a new build of perl 5.38.0.1 for windows is available at sourceforge https://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/ASSP%20V2%20module%20installation/strawberry-perl-5.38.0.1-64bit_gcc13-relocateable_4-assp.7z This perl was build using the GNU GCC version 13 (the version available until today was compiled with GCC 8.3.0) and the modified perl module Perl::Dist::Strawberry gcc version 13.1.0 (MinGW-W64 x86_64-msvcrt-posix-seh, built by Brecht Sanders) Several perl modules got a correction to prevent unexpected errors and crashes - for example Win32::Unicode (SEGV in Win32::Unicode::Dir because of wrong pointers in C-code). The module DBD::mysql was upgraded to version 5.002 using the GNU-compiled mysql (liblibmysql.dll) library version 8.0.35. The mysql lib-version 8.0.35 is not able to connect to mysql servers version 5.1 (and lower) using a password. Connecting to any version 8 mysql server is no problem (as well as version 5.7). Connecting to mysql servers version 5.5 is not tested, but should work. The installed liblibmysql.dll library version 8.0.35 requires an installed msvcr100.dll (Microsoft Visual C++ 2010 x64 Redistributable) All libraries, header files and perl modules in this build are uptodate for 2023.11.12 14:00:00 GMT and all components required to run assp are included. The current location of this build is "C:\perl" - if you extract the build in to this location, there is nothing more to do (check the perl PATH env variable). If you want or need to extract the build in to a different location - extract - and ..... After extraction add the new perl PATH to your env. Open a command prompt, cd in to the extracted folder and run "relocation.pl.bat" - DONE. Thomas |
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2023-06-29 16:08:14
|
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p>Further information - <br> </p> <p>According to Buffalo, this model supports TLS 1.0 and TLS 1.1.</p> <p>This setting:</p> <p>"'SSLv23' and the older definition 'SSLv2/3' (of the same) uses a handshake compatible with SSL2.0, SSL3.0 and TLS1.x" seems to indicate that this should work, but it is not.</p> <p>What am I missing?</p> <p><br> </p> <p>- Bob<br> </p> <p><br> </p> <div class="moz-cite-prefix">On 6/20/2023 6:02 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:<br> </div> <blockquote type="cite" cite="mid:e2f...@in..."> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <p>On a similar note, I discovered my Buffalo NAS aren't able to use STARTTLS to send health reports. They are Linkstation 210 using current firmware from Buffalo.<br> </p> <p>I recently did a full upgrade of the ASSP host (Ubuntu) and ASSP.</p> <p>This is logged, but I'm not sure how to tell what protocol is in use.</p> <p>Jun-20-23 17:56:11 [Worker_1] 104.188.144.67 error: Couldn't upgrade to TLS for client 104.188.144.67: SSL accept attempt failed error:0A000102:SSL routines::unsupported protocol</p> <p>SSL key cipher list (default)</p> <p>SSL_version (SSLv23:!SSLv3:!SSLv2)</p> <p>Net::SMTP::SSL module version 1.02 installed and available<br> IO::Socket::SSL module version 2.074 installed - https and TLS/SSL is possible<br> Found valid certificate and private key file - https and TLS/SSL is available<br> The underlying SSL library Net::SSLeay version 1.92 uses OpenSSL 3.0.2 15 Mar 2022<br> </p> <p>- Robert<br> </p> <div class="moz-cite-prefix">On 6/19/2023 10:06 PM, Daniel L. Miller via Assp-user wrote:<br> </div> <blockquote type="cite" cite="mid:AMF...@c9..."> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <style id="css_styles">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }a img { border: 0px; }li[style='text-align: center;'], li[style='text-align: center; '], li[style='text-align: right;'], li[style='text-align: right; '] { list-style-position: inside;}body { font-family: 'Segoe UI'; font-size: 12pt; }.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb solid; padding-left: 0.3em; }</style> <div>I currently have the default of "SSLv23:!SSLv3:!SSLv2" for ssl_version. Various online MX health checkers report my servers as not supporting TLS.</div> <div><br> </div> <div>Should I change my ssl_version? Possible add a ":TLSv1_3" to the end?</div> <div><br> </div> <div id="signature_old" style="clear:both">-- <div>Daniel</div> </div> <div><br> </div> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ Assp-user mailing list <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Ass...@li..." moz-do-not-send="true">Ass...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/assp-user" moz-do-not-send="true">https://lists.sourceforge.net/lists/listinfo/assp-user</a> </pre> </blockquote> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:su...@in..." moz-do-not-send="true">su...@in...</a></pre> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ Assp-user mailing list <a class="moz-txt-link-abbreviated" href="mailto:Ass...@li...">Ass...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/assp-user">https://lists.sourceforge.net/lists/listinfo/assp-user</a> </pre> </blockquote> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre> </body> </html> |
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2023-06-20 22:03:01
|
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p>On a similar note, I discovered my Buffalo NAS aren't able to use STARTTLS to send health reports. They are Linkstation 210 using current firmware from Buffalo.<br> </p> <p>I recently did a full upgrade of the ASSP host (Ubuntu) and ASSP.</p> <p>This is logged, but I'm not sure how to tell what protocol is in use.</p> <p>Jun-20-23 17:56:11 [Worker_1] 104.188.144.67 error: Couldn't upgrade to TLS for client 104.188.144.67: SSL accept attempt failed error:0A000102:SSL routines::unsupported protocol</p> <p>SSL key cipher list (default)</p> <p>SSL_version (SSLv23:!SSLv3:!SSLv2)</p> <p>Net::SMTP::SSL module version 1.02 installed and available<br> IO::Socket::SSL module version 2.074 installed - https and TLS/SSL is possible<br> Found valid certificate and private key file - https and TLS/SSL is available<br> The underlying SSL library Net::SSLeay version 1.92 uses OpenSSL 3.0.2 15 Mar 2022<br> </p> <p>- Robert<br> </p> <div class="moz-cite-prefix">On 6/19/2023 10:06 PM, Daniel L. Miller via Assp-user wrote:<br> </div> <blockquote type="cite" cite="mid:AMF...@c9..."> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <style id="css_styles">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }a img { border: 0px; }li[style='text-align: center;'], li[style='text-align: center; '], li[style='text-align: right;'], li[style='text-align: right; '] { list-style-position: inside;}body { font-family: 'Segoe UI'; font-size: 12pt; }.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb solid; padding-left: 0.3em; }</style> <div>I currently have the default of "SSLv23:!SSLv3:!SSLv2" for ssl_version. Various online MX health checkers report my servers as not supporting TLS.</div> <div><br> </div> <div>Should I change my ssl_version? Possible add a ":TLSv1_3" to the end?</div> <div><br> </div> <div id="signature_old" style="clear:both">-- <div>Daniel</div> </div> <div><br> </div> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ Assp-user mailing list <a class="moz-txt-link-abbreviated" href="mailto:Ass...@li...">Ass...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/assp-user">https://lists.sourceforge.net/lists/listinfo/assp-user</a> </pre> </blockquote> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre> </body> </html> |
From: Daniel L. M. <dm...@am...> - 2023-06-20 02:24:56
|
I currently have the default of "SSLv23:!SSLv3:!SSLv2" for ssl_version. Various online MX health checkers report my servers as not supporting TLS. Should I change my ssl_version? Possible add a ":TLSv1_3" to the end? -- Daniel |
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2023-05-14 13:53:55
|
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p>An update overwrote my resolv.conf - sorry for the noise.<br> </p> <div class="moz-cite-prefix">On 5/12/2023 2:11 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:<br> </div> <blockquote type="cite" cite="mid:e64...@in..."> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <p>Not sure if this has anything to do with the recent announcement from Sourceforge, but I'm getting this error in my dev environment trying to run mod_inst.pl.</p> <p>%HTTP_proxy% is not set - will make downloads via direct connect<br> the script is unable to download <a class="moz-txt-link-freetext" href="https://downloads.sourceforge.net/project/assp/ASSP%20V2%20multithreading/autoupdate/version.txt" moz-do-not-send="true">https://downloads.sourceforge.net/project/assp/ASSP%20V2%20multithreading/autoupdate/version.txt</a><br> there is no Proxy configured - please check the internet connection and the Proxy-Option<br> </p> <p>I'm able to copy that link and download the file manually through a web browser with no issue.<br> </p> <p>Ubuntu 22.04<br> </p> <p>perl v5.34.0</p> <p>OpenSSL 3.0.2<br> </p> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:su...@in..." moz-do-not-send="true">su...@in...</a></pre> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <br> <fieldset class="moz-mime-attachment-header"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ Assp-user mailing list <a class="moz-txt-link-abbreviated" href="mailto:Ass...@li...">Ass...@li...</a> <a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/assp-user">https://lists.sourceforge.net/lists/listinfo/assp-user</a> </pre> </blockquote> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre> </body> </html> |
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2023-05-12 18:11:16
|
<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body> <p>Not sure if this has anything to do with the recent announcement from Sourceforge, but I'm getting this error in my dev environment trying to run mod_inst.pl.</p> <p>%HTTP_proxy% is not set - will make downloads via direct connect<br> the script is unable to download <a class="moz-txt-link-freetext" href="https://downloads.sourceforge.net/project/assp/ASSP%20V2%20multithreading/autoupdate/version.txt">https://downloads.sourceforge.net/project/assp/ASSP%20V2%20multithreading/autoupdate/version.txt</a><br> there is no Proxy configured - please check the internet connection and the Proxy-Option<br> </p> <p>I'm able to copy that link and download the file manually through a web browser with no issue.<br> </p> <p>Ubuntu 22.04<br> </p> <p>perl v5.34.0</p> <p>OpenSSL 3.0.2<br> </p> <pre class="moz-signature" cols="72">-- Robert K Coffman Jr. Info From Data Corp. 3307249000 <a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre> </body> </html> |
From: Thomas E. <Tho...@th...> - 2023-05-11 11:44:00
|
The new ASSP version 2.8.1 build 23131 provides some new features and several fixes. Please read the changelog.txt and the changelog_2.6.X.txt for the complete list of changes. If you've configured your assp to autoupdate the assp.pl script and you don't have a "Global PenaltyBox Subscription", you are requested to update all used Plugins manually as soon as possible. It is highly recommended to bring perl - but at least the perl modules - uptodate. MOST IMPORTANT changes ****************************************************************************************************************************** ***************************** * !!!!!!! ATTENTION !!!!!!! * ***************************** * this version of assp * * requires at least * * * * perl 5.12.0 * * * * it will NOT start on lower* * versions of perl * ***************************** * !!!!!!! ATTENTION !!!!!!! * ***************************** Because several required perl modules changed their minimum required perl version to 5.12, the minimum required perl version to run assp is also changed to 5.12.0 ****************************************************************************************************************************** VERY IMPORTANT changes - the minimum version of the module 'Schedule::Cron' is changed to 1.03 - perl version 5.36.x is now supported and shown as recommended perl version for assp - all plugins failed to detect assp.pl versions with two digit version numbers all plugins are updated - after talking to the sourceforge support team, an exception is made for assp the assp project at the sourgeforge web-server to accept plain https connections for a short range of time. It is strongly recommended to upgrade your assp installation to the latest version! If the exception is canceled at any time, all older versions of assp will be unable to use griplist and stats. Thomas |
From: Leandro N. C. - I. I. <Lea...@in...> - 2023-04-05 16:53:07
|
Hi Thomas I enabled the verbose to AttachmentLog an checking in the maillog.txt and comparing with the working server I found that some lines referring to “info: using user based attachment check” wasn’t in the serves who block attachments. Extract From Working server: In bold are the lines that doesn’t appear in the other server. Apr-05-23 10:40:34 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... [Plugin] calling plugin ASSP_AFC Apr-05-23 10:40:34 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: attachment _spam_exampleFile.zip found for Level-1 Apr-05-23 10:40:34 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: using user based attachment check Apr-05-23 10:40:34 [Worker_1] Info: SHA256_HEX: 1D47380C743D8B6D92BBE804273DC040F3686726FA1004B8948B3BDC914545E1 - in Apr-05-23 10:40:34 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: using user based compressed attachment check for _spam_exampleFile.zip Apr-05-23 10:40:34 [Worker_1] Info: will detect encrypted compressed files Apr-05-23 10:40:34 [Worker_1] Info: MIME-type 'application/zip' detected Apr-05-23 10:40:34 [Worker_1] Info: file-extensions for application/zip: .zip Apr-05-23 10:40:34 [Worker_1] Info: analyzing compressed file /opt/assp/tmp/zip_1_1680702034.96784/ _spam_exampleFile.zip at zip-level 0 Apr-05-23 10:40:34 [Worker_1] Info: looking for filetype in: .zip Apr-05-23 10:40:34 [Worker_1] Info: found compressed file with type: 'zip' Apr-05-23 10:40:34 [Worker_1] Info: the following extraction methodes are available for the file '/opt/assp/tmp/zip_1_1680702034.96784/ _spam_exampleFile.zip' with type 'zip': libarchive, 7z Apr-05-23 10:40:34 [Worker_1] Info: using libarchive 3.5.2 to extract '/opt/assp/tmp/zip_1_1680702034.96784/ _spam_exampleFile.zip' Apr-05-23 10:40:35 [Worker_1] Info: extracted '/opt/assp/tmp/zip_1_1680702034.96784/ _spam_exampleFile.zip' - used libarchive Apr-05-23 10:40:35 [Worker_1] Info: attached content in ZIP (/opt/assp/tmp/zip_1_1680702034.96784/ _spam_exampleFile.zip : /opt/assp/tmp/zip_1_1680702034.96784/.0/ _spam_exampleFile.pdf) at zip-level 0 - SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 Apr-05-23 10:40:35 [Worker_1] Info: SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 - in at zip-level 1 Apr-05-23 10:40:35 [Worker_1] Info: analyzing compressed file /opt/assp/tmp/zip_1_1680702034.96784/.0/ _spam_exampleFile.pdf at zip-level 1 Apr-05-23 10:40:35 [Worker_1] Info: looking for filetype in: /opt/assp/tmp/zip_1_1680702034.96784/.0/ _spam_exampleFile.pdf Apr-05-23 10:40:35 [Worker_1] Info: /opt/assp/tmp/zip_1_1680702034.96784/.0/ _spam_exampleFile.pdf seems not to be a compressed file Apr-05-23 10:40:35 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: attachment _spam_exampleFile.pdf found for Level-1 Apr-05-23 10:40:35 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: using user based attachment check Apr-05-23 10:40:35 [Worker_1] Info: SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 - in Apr-05-23 10:40:35 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] 209.85.208.44 <myA...@gm...> to: adm...@wo... info: using user based compressed attachment check for _spam_exampleFile.pdf Apr-05-23 10:40:35 [Worker_1] Info: will detect encrypted compressed files Apr-05-23 10:40:35 [Worker_1] Info: MIME-type 'application/pdf' detected Apr-05-23 10:40:35 [Worker_1] Info: file-extensions for application/pdf: .pdf Apr-05-23 10:40:35 [Worker_1] Info: analyzing compressed file /opt/assp/tmp/zip_1_1680702035.91743/ _spam_exampleFile.pdf at zip-level 0 Apr-05-23 10:40:35 [Worker_1] Info: looking for filetype in: .pdf Apr-05-23 10:40:35 [Worker_1] Info: /opt/assp/tmp/zip_1_1680702035.91743/ _spam_exampleFile.pdf seems not to be a compressed file Apr-05-23 10:40:35 m1-02032-08254 [Worker_1] [TLS-in] [TLS-out] [MessageOK] 209.85.208.44 <myA...@gm...> to: adm...@wo... message ok [Fwd test adjunto] -> /opt/assp/okmail/Fwd_test_adjunto--542718.eml Extract From Blocking server: Apr-05-23 11:06:31 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com [Plugin] calling plugin ASSP_AFC Apr-05-23 11:06:31 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com info: attachment _spam_exampleFile.zip found for Level-1 Apr-05-23 11:06:31 [Worker_3] Info: SHA256_HEX: 1D47380C743D8B6D92BBE804273DC040F3686726FA1004B8948B3BDC914545E1 - in Apr-05-23 11:06:32 [Worker_3] Info: will detect encrypted compressed files Apr-05-23 11:06:32 [Worker_3] Info: MIME-type 'application/zip' detected Apr-05-23 11:06:32 [Worker_3] Info: file-extensions for application/zip: .zip Apr-05-23 11:06:32 [Worker_3] Info: analyzing compressed file /opt/assp/tmp/zip_3_1680703592.03347/ _spam_exampleFile.zip at zip-level 0 Apr-05-23 11:06:32 [Worker_3] Info: looking for filetype in: .zip Apr-05-23 11:06:32 [Worker_3] Info: found compressed file with type: 'zip' Apr-05-23 11:06:32 [Worker_3] Info: the following extraction methodes are available for the file '/opt/assp/tmp/zip_3_1680703592.03347/ _spam_exampleFile.zip' with type 'zip': libarchive, 7z Apr-05-23 11:06:32 [Worker_3] Info: using libarchive 3.5.2 to extract '/opt/assp/tmp/zip_3_1680703592.03347/ _spam_exampleFile.zip' Apr-05-23 11:06:32 [Worker_3] Info: extracted '/opt/assp/tmp/zip_3_1680703592.03347/ _spam_exampleFile.zip' - used libarchive Apr-05-23 11:06:32 [Worker_3] Info: attached content in ZIP (/opt/assp/tmp/zip_3_1680703592.03347/ _spam_exampleFile.zip : /opt/assp/tmp/zip_3_1680703592.03347/.0/ _spam_exampleFile.pdf) at zip-level 0 - SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 Apr-05-23 11:06:32 [Worker_3] Info: SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 - in at zip-level 1 Apr-05-23 11:06:32 [Worker_3] Info: analyzing compressed file /opt/assp/tmp/zip_3_1680703592.03347/.0/ _spam_exampleFile.pdf at zip-level 1 Apr-05-23 11:06:32 [Worker_3] Info: looking for filetype in: /opt/assp/tmp/zip_3_1680703592.03347/.0/ _spam_exampleFile.pdf Apr-05-23 11:06:32 [Worker_3] Info: /opt/assp/tmp/zip_3_1680703592.03347/.0/ _spam_exampleFile.pdf seems not to be a compressed file Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com info: attachment _spam_exampleFile.pdf found for Level-1 Apr-05-23 11:06:33 [Worker_3] Info: SHA256_HEX: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 - in Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] [Attachment] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com SPAM FOUND bad attachment ' _spam_exampleFile.pdf' cause: 'Java script - possibly (ransomware) virus' - SHA256: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com Message-Score: added 40 (baValencePB) for bad attachment ' _spam_exampleFile.pdf' cause: 'Java script - possibly (ransomware) virus' - SHA256: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24, total score for this message is now -17 Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] [Attachment] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com SPAM FOUND replaced bad attachment ' _spam_exampleFile.pdf' cause: 'Java script - possibly (ransomware) virus' - SHA256: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 with ' _spam_exampleFile.txt' Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com info: logfile /opt/assp/okmail/Fwd_test_adjunto--973987.eml removed Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com file path changed to -> /opt/assp/discarded/Fwd_test_adjunto--973987.eml Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com [spam found] bad attachment ' _spam_exampleFile.pdf' cause: 'Java script - possibly (ransomware) virus' - SHA256: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 [Fwd test adjunto] -> /opt/assp/discarded/Fwd_test_adjunto--973987.eml Apr-05-23 11:06:33 m1-03588-08981 [Worker_3] 209.85.218.45 <myA...@gm...> to: Administrator@BlockingDomain.com info: sending modified message In both configuration the section “Attachment Validation and Protection” and “ASSP_AFC-Plugin” are the same. some clue of what is happening? Thanks in advance. Leandro. De: Thomas Eckardt [mailto:Tho...@th...] Enviado el: miércoles, 05 de abril de 2023 04:14 Para: For Users of ASSP Asunto: Re: [Assp-user] Question about NoCheckIf for trusted domains >Any advice to try to find the root of my problem? AttachmentLog ?? check the maillog.txt for such a mail - only the real processing shows what happens the analyzer shows all results >In the server who blocked the mail when I Analyze: except the output mistake '(?:.*' for the ZIP: part, I can't find any issue in the analyze pdf and zip are finaly passed >is or contains an executable - Java script even if the attachment passes the check - this hint is given to the admin in the analyzer (in case the config is wrong - and the attachment should be blocked) >NocheckIf in a couple of my servers >but in one of them don’t work crosscheck the config Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 04.04.2023 23:52 Betreff: Re: [Assp-user] Question about NoCheckIf for trusted domains ________________________________ Hi Thomas I was working to use NocheckIf in a couple of my servers. Centos 7 VMs with ASSP version 2.6.7 *SPAM-Evaporator* build 22280 and Plugin ASSP_AFC 5.46 In both server I added the options in UserAttach (file:files/userattachment.txt<file:///\\files\userattachment.txt>) ; for example for gmail: *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim but in one of them don’t work and the attachment is blocked, there are any option to debug what is happening? I send for my personal gmail account two files, one pdf with a link inside (not a virus it’s a safe pdf) and the same file compressed in a zip. In the server who blocked the mail when I Analyze: Feature Matching: • DoNoFrom<http://172.20.1.55:55555/#DoNoFrom>: OK - mode is scoring • Strict SPF RE<http://172.20.1.55:55555/#strictSPFRe>: '@gmail.com'<javascript:void(0);> • matching strictSPFRe(file:files/strictspf.txt[line 1]<javascript:void(0);>): '@gmail.com'<javascript:void(0);> • 209.85.208.47<javascript:void(0);> is in SPFCache: status=pass with helo=mail-ed1-f47.google.com • DKIM-check returned OK verified-OK for identity '@gmail.com'<javascript:void(0);> • SPF-check returned OK for 209.85.208.47<javascript:void(0);> -> myA...@gm...<javascript:void(0);>, mail-ed1-f47.google.com • SPF: pass (cache) ip=209.85.208.47<javascript:void(0);> mailfrom=myA...@gm...<javascript:void(0);> helo=mail-ed1-f47.google.com (strict) • DMARC-check returned OK - results: dmarc: pass , spf: pass , dkim: pass • URIBL check<http://172.20.1.55:55555/#ValidateURIBL>: 'OK' • ZIP: executable : no exceptions are accepted by UserAttach<javascript:void(0);> • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match (see UserAttach<javascript:void(0);>) • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => (?:.* (see UserAttach<javascript:void(0);>) • executable : no exceptions are accepted by UserAttach<javascript:void(0);> • extension : _spam_exampleFile.zip passed UserAttach<javascript:void(0);> • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => .* all-match • attachment _spam_exampleFILE.pdf is or contains an executable - Java script - possibly (ransomware) virus (see UserAttach<javascript:void(0);>) • the SHA256_HEX ( see ASSP_AFCKnownGoodEXE<javascript:void(0);> ) value of the _spam_exampleFILE.pdf is: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 • ZIP: executable : no exceptions are accepted by UserAttach<javascript:void(0);> • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match (see UserAttach<javascript:void(0);>) • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => (?:.* (see UserAttach<javascript:void(0);>) • executable : no exceptions are accepted by UserAttach<javascript:void(0);> • extension : _spam_exampleFile.pdf passed UserAttach<javascript:void(0);> • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => .* all-match • Known Good HELO: 'mail-ed1-f47.google.com' • Valid Format of HELO<http://172.20.1.55:55555/#DoValidFormatHelo>: 'mail-ed1-f47.google.com' • IP in Helo check<http://172.20.1.55:55555/#DoIPinHelo>: 'OK' Feature Matching Log: Apr-04-23 18:17:00 [Main_Thread] Info: analyze detected: IP: '209.85.208.47<javascript:void(0);>' , HELO: 'mail-ed1-f47.google.com' , assp-Host: 'myhost’ Apr-04-23 18:17:00 [Main_Thread] Info: 'strictSPFRe' regular expression '@gmail.com'<javascript:void(0);> match in line 1 of 'files/strictspf.txt' with '@gmail.com'<javascript:void(0);> Apr-04-23 18:17:01 [Main_Thread] [scoring] DKIM signature verified-OK - pass - identity is: @gmail.com<javascript:void(0);> - sender policy is: accept - author policy is: accept Apr-04-23 18:17:01 [Main_Thread] Info: domain gmail.com has published a DMARC record Apr-04-23 18:17:01 [Main_Thread] Strictspf Regex: strictSPFRe '@gmail.com'<javascript:void(0);> Apr-04-23 18:17:01 [Main_Thread] Info: analyzing MIME header in incoming email for virus Apr-04-23 18:17:01 [Main_Thread] Info: analyzing attachments in incoming email Apr-04-23 18:17:02 [Main_Thread] <myA...@gm...<mailto:myA...@gm...>> to: adm...@my...<mailto:adm...@my...> info: skip user based compressed attachment 'good' check, because 'NoCheckIf' match found Apr-04-23 18:17:02 [Main_Thread] < myA...@gm...<mailto:%20m...@gm...>> to: adm...@my...<mailto:adm...@my...> info: skip user based compressed attachment 'block' check, because 'NoCheckIf' match found Any advice to try to find the root of my problem? Thanks in advance. Leandro. De: Thomas Eckardt [mailto:Tho...@th...] Enviado el: miércoles, 11 de enero de 2023 06:19 Para: For Users of ASSP Asunto: Re: [Assp-user] Question about NoCheckIf for trusted domains >With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers. >*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains ________________________________ Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance._______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user |
From: Thomas E. <Tho...@th...> - 2023-04-05 07:14:50
|
>Any advice to try to find the root of my problem? AttachmentLog ?? check the maillog.txt for such a mail - only the real processing shows what happens the analyzer shows all results >In the server who blocked the mail when I Analyze: except the output mistake '(?:.*' for the ZIP: part, I can't find any issue in the analyze pdf and zip are finaly passed >is or contains an executable - Java script even if the attachment passes the check - this hint is given to the admin in the analyzer (in case the config is wrong - and the attachment should be blocked) >NocheckIf in a couple of my servers >but in one of them don’t work crosscheck the config Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 04.04.2023 23:52 Betreff: Re: [Assp-user] Question about NoCheckIf for trusted domains Hi Thomas I was working to use NocheckIf in a couple of my servers. Centos 7 VMs with ASSP version 2.6.7 *SPAM-Evaporator* build 22280 and Plugin ASSP_AFC 5.46 In both server I added the options in UserAttach ( file:files/userattachment.txt) ; for example for gmail: *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim but in one of them don’t work and the attachment is blocked, there are any option to debug what is happening? I send for my personal gmail account two files, one pdf with a link inside (not a virus it’s a safe pdf) and the same file compressed in a zip. In the server who blocked the mail when I Analyze: Feature Matching: • DoNoFrom: OK - mode is scoring • Strict SPF RE: '@gmail.com' • matching strictSPFRe(file:files/strictspf.txt[line 1]): '@gmail.com' • 209.85.208.47 is in SPFCache: status=pass with helo=mail-ed1-f47.google.com • DKIM-check returned OK verified-OK for identity '@gmail.com' • SPF-check returned OK for 209.85.208.47 -> myA...@gm..., mail-ed1-f47.google.com • SPF: pass (cache) ip=209.85.208.47 mailfrom=myA...@gm... helo=mail-ed1-f47.google.com (strict) • DMARC-check returned OK - results: dmarc: pass , spf: pass , dkim: pass • URIBL check: 'OK' • ZIP: executable : no exceptions are accepted by UserAttach • ZIP: myA...@gm... -> adm...@my... => block => never-match (see UserAttach) • ZIP: myA...@gm... -> adm...@my... => good => (?:.* (see UserAttach) • executable : no exceptions are accepted by UserAttach • extension : _spam_exampleFile.zip passed UserAttach • myA...@gm... -> adm...@my... => block => never-match • myA...@gm... -> adm...@my... => good => .* all-match • attachment _spam_exampleFILE.pdf is or contains an executable - Java script - possibly (ransomware) virus (see UserAttach) • the SHA256_HEX ( see ASSP_AFCKnownGoodEXE ) value of the _spam_exampleFILE.pdf is: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 • ZIP: executable : no exceptions are accepted by UserAttach • ZIP: myA...@gm... -> adm...@my... => block => never-match (see UserAttach) • ZIP: myA...@gm... -> adm...@my... => good => (?:.* (see UserAttach) • executable : no exceptions are accepted by UserAttach • extension : _spam_exampleFile.pdf passed UserAttach • myA...@gm... -> adm...@my... => block => never-match • myA...@gm... -> adm...@my... => good => .* all-match • Known Good HELO: 'mail-ed1-f47.google.com' • Valid Format of HELO: 'mail-ed1-f47.google.com' • IP in Helo check: 'OK' Feature Matching Log: Apr-04-23 18:17:00 [Main_Thread] Info: analyze detected: IP: ' 209.85.208.47' , HELO: 'mail-ed1-f47.google.com' , assp-Host: 'myhost’ Apr-04-23 18:17:00 [Main_Thread] Info: 'strictSPFRe' regular expression '@gmail.com' match in line 1 of 'files/strictspf.txt' with '@gmail.com' Apr-04-23 18:17:01 [Main_Thread] [scoring] DKIM signature verified-OK - pass - identity is: @gmail.com - sender policy is: accept - author policy is: accept Apr-04-23 18:17:01 [Main_Thread] Info: domain gmail.com has published a DMARC record Apr-04-23 18:17:01 [Main_Thread] Strictspf Regex: strictSPFRe '@gmail.com' Apr-04-23 18:17:01 [Main_Thread] Info: analyzing MIME header in incoming email for virus Apr-04-23 18:17:01 [Main_Thread] Info: analyzing attachments in incoming email Apr-04-23 18:17:02 [Main_Thread] <myA...@gm...> to: adm...@my... info: skip user based compressed attachment 'good' check, because 'NoCheckIf' match found Apr-04-23 18:17:02 [Main_Thread] < myA...@gm...> to: adm...@my... info: skip user based compressed attachment 'block' check, because 'NoCheckIf' match found Any advice to try to find the root of my problem? Thanks in advance. Leandro. De: Thomas Eckardt [mailto:Tho...@th...] Enviado el: miércoles, 11 de enero de 2023 06:19 Para: For Users of ASSP Asunto: Re: [Assp-user] Question about NoCheckIf for trusted domains >With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers. >*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles ,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance._______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user |
From: Leandro N. C. - I. I. <Lea...@in...> - 2023-04-04 21:49:01
|
Hi Thomas I was working to use NocheckIf in a couple of my servers. Centos 7 VMs with ASSP version 2.6.7 *SPAM-Evaporator* build 22280 and Plugin ASSP_AFC 5.46 In both server I added the options in UserAttach (file:files/userattachment.txt) ; for example for gmail: *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim but in one of them don’t work and the attachment is blocked, there are any option to debug what is happening? I send for my personal gmail account two files, one pdf with a link inside (not a virus it’s a safe pdf) and the same file compressed in a zip. In the server who blocked the mail when I Analyze: Feature Matching: • DoNoFrom<http://172.20.1.55:55555/#DoNoFrom>: OK - mode is scoring • Strict SPF RE<http://172.20.1.55:55555/#strictSPFRe>: '@gmail.com'<javascript:void(0);> • matching strictSPFRe(file:files/strictspf.txt[line 1]<javascript:void(0);>): '@gmail.com'<javascript:void(0);> • 209.85.208.47<javascript:void(0);> is in SPFCache: status=pass with helo=mail-ed1-f47.google.com • DKIM-check returned OK verified-OK for identity '@gmail.com'<javascript:void(0);> • SPF-check returned OK for 209.85.208.47<javascript:void(0);> -> myA...@gm...<javascript:void(0);>, mail-ed1-f47.google.com • SPF: pass (cache) ip=209.85.208.47<javascript:void(0);> mailfrom=myA...@gm...<javascript:void(0);> helo=mail-ed1-f47.google.com (strict) • DMARC-check returned OK - results: dmarc: pass , spf: pass , dkim: pass • URIBL check<http://172.20.1.55:55555/#ValidateURIBL>: 'OK' • ZIP: executable : no exceptions are accepted by UserAttach<javascript:void(0);> • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match (see UserAttach<javascript:void(0);>) • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => (?:.* (see UserAttach<javascript:void(0);>) • executable : no exceptions are accepted by UserAttach<javascript:void(0);> • extension : _spam_exampleFile.zip passed UserAttach<javascript:void(0);> • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => .* all-match • attachment _spam_exampleFILE.pdf is or contains an executable - Java script - possibly (ransomware) virus (see UserAttach<javascript:void(0);>) • the SHA256_HEX ( see ASSP_AFCKnownGoodEXE<javascript:void(0);> ) value of the _spam_exampleFILE.pdf is: CECEC08889F3347F3C63FB67D775F69926FE4CF669D681A11D628359F2E6EF24 • ZIP: executable : no exceptions are accepted by UserAttach<javascript:void(0);> • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match (see UserAttach<javascript:void(0);>) • ZIP: myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => (?:.* (see UserAttach<javascript:void(0);>) • executable : no exceptions are accepted by UserAttach<javascript:void(0);> • extension : _spam_exampleFile.pdf passed UserAttach<javascript:void(0);> • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => block => never-match • myA...@gm...<javascript:void(0);> -> adm...@my...<javascript:void(0);> => good => .* all-match • Known Good HELO: 'mail-ed1-f47.google.com' • Valid Format of HELO<http://172.20.1.55:55555/#DoValidFormatHelo>: 'mail-ed1-f47.google.com' • IP in Helo check<http://172.20.1.55:55555/#DoIPinHelo>: 'OK' Feature Matching Log: Apr-04-23 18:17:00 [Main_Thread] Info: analyze detected: IP: '209.85.208.47<javascript:void(0);>' , HELO: 'mail-ed1-f47.google.com' , assp-Host: 'myhost’ Apr-04-23 18:17:00 [Main_Thread] Info: 'strictSPFRe' regular expression '@gmail.com'<javascript:void(0);> match in line 1 of 'files/strictspf.txt' with '@gmail.com'<javascript:void(0);> Apr-04-23 18:17:01 [Main_Thread] [scoring] DKIM signature verified-OK - pass - identity is: @gmail.com<javascript:void(0);> - sender policy is: accept - author policy is: accept Apr-04-23 18:17:01 [Main_Thread] Info: domain gmail.com has published a DMARC record Apr-04-23 18:17:01 [Main_Thread] Strictspf Regex: strictSPFRe '@gmail.com'<javascript:void(0);> Apr-04-23 18:17:01 [Main_Thread] Info: analyzing MIME header in incoming email for virus Apr-04-23 18:17:01 [Main_Thread] Info: analyzing attachments in incoming email Apr-04-23 18:17:02 [Main_Thread] <myA...@gm...<mailto:myA...@gm...>> to: adm...@my...<mailto:adm...@my...> info: skip user based compressed attachment 'good' check, because 'NoCheckIf' match found Apr-04-23 18:17:02 [Main_Thread] < myA...@gm...<mailto:%20m...@gm...>> to: adm...@my...<mailto:adm...@my...> info: skip user based compressed attachment 'block' check, because 'NoCheckIf' match found Any advice to try to find the root of my problem? Thanks in advance. Leandro. De: Thomas Eckardt [mailto:Tho...@th...] Enviado el: miércoles, 11 de enero de 2023 06:19 Para: For Users of ASSP Asunto: Re: [Assp-user] Question about NoCheckIf for trusted domains >With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers. >*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains ________________________________ Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance. |
From: Doug L. <su...@dr...> - 2023-02-15 09:21:59
|
On 2/14/23 17:32, Alexandre Arruda wrote: > Hi, > > Sorry to revive this thread, but I have issues with whitelisted domain > that bypass all of checks, like you described. When a forged email > comes, but domain is whitelisted, ASSP deliver it whitout check (PB, > bayes/HMM, etc) Alexandre, There are options to force a check on white listed users/domains. I found a couple just doing a quick search. The version that I am running is ASSP version 2.6.8 *SPAM-Evaporator* build 23002. Doug |
From: Alexandre A. <ada...@gm...> - 2023-02-14 22:32:48
|
Hi, Sorry to revive this thread, but I have issues with whitelisted domain that bypass all of checks, like you described. When a forged email comes, but domain is whitelisted, ASSP deliver it whitout check (PB, bayes/HMM, etc). Em sex., 25 de jun. de 2021 16:09, Geoff Nordli <ge...@gn...> escreveu: > Hi Jan. > > Sorry, my choice of words was not the best. > > What I am trying to do is force any email from a specific domain to pass > DKIM and SPF checks, even if the address is whitelisted. I am hoping > this will eliminate any attempt at spoofing addresses. > > thanks, > > Geoff > > On 2021-06-23 10:34 p.m., Hartmann, Jan wrote: > > > > HI Geoff, > > please take a look at: > > > > SPF: > > noSPFRe > > DKIM: > > noDKIMAddresses > > Mail from or to any of these envelope addresses will not be tagged and > checked for DKIM. Accepts specific addresses (us...@do...), user > parts (user) or entire domains (@domain.com). > > noDKIMIP > > Enter IP's that you want to exclude from DKIM check, separated by pipes > (|). > > > > > > Mit freundlichen Grüßen / Best Regards > > > > > > i. A. Jan Hartmann > > IT Service Design and Transition Specialist > > > > phone: +49 2371 820 298 > > mobile: +49 171 865 962 2 > > fax: +49 2371 211 443 > > e-mail: jan...@ki... > > > > > > KIRCHHOFF Witte GmbH > > c/o KIRCHHOFF Automotive GmbH > > Stefanstr. 2 > > 58638 Iserlohn > > Germany > > > > > > > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain > confidential and/or privileged information. If you are not the intended > recipient (or have received this e-mail in error) please notify the sender > immediately and destroy this e-mail. Any unauthorised copying, disclosure > or distribution of the material in this e-mail is strictly > forbidden.-----Original Message----- > > From: Geoff Nordli <ge...@gn...> > > Sent: Wednesday, June 23, 2021 11:46 PM > > To: ass...@li... > > Subject: EXT: [Assp-user] forcing email to pass both spf and dkim > > > > > > > > Hi. > > > > How do I force emails from certain domains to pass dkim and spf. > > > > Right now I have spf and dkim set to "score". > > > > There is an option called: blockstrictSPFRe which seems to ensure that > the domain passes the spf check. Is that right? > > > > Any settings for DKIM? > > > > One of my concerns is if an address has been whitelisted it doesn't > process any other checks on it. I want to prevent any of the addresses > from being spoofed. > > > > thanks, > > > > Geoff > > > > > > > > _______________________________________________ > > Assp-user mailing list > > Ass...@li... > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > KIRCHHOFF Witte GmbH | HRB 6370 Amtsgericht Iserlohn | Sitz der > Gesellschaft: 58640 Iserlohn | Geschäftsführer Thorsten Cramer, Dipl.-Ing. > Michael Kaack | http://www.kirchhoff-automotive.com > > > > > > > > _______________________________________________ > > Assp-user mailing list > > Ass...@li... > > https://lists.sourceforge.net/lists/listinfo/assp-user > > > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > |
From: Leandro N. C. - I. I. <Lea...@in...> - 2023-01-11 13:10:48
|
Hi Thomas, I really appreciate your helpful answer, many thanks, I have lot a work to do :) Leo. De: Thomas Eckardt [mailto:Tho...@th...] Enviado el: miércoles, 11 de enero de 2023 06:19 Para: For Users of ASSP Asunto: Re: [Assp-user] Question about NoCheckIf for trusted domains >With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers. >*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains ________________________________ Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance. |
From: Thomas E. <Tho...@th...> - 2023-01-11 09:20:13
|
>With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. IMHO, you should NOT trust them globaly - they are abused by hackers. >*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim >*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim Because MS-Office documents (MSO-version > 2007) are ZIP-files, you need to add the same rule for them - like zip:*@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim zip:*@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim There is an issue with 'NoChceckIf' in the versions you use! changelog: " 2023-01-02 fixed in assp 2.6.8 *SPAM-Evaporator* build 23002: - ASSP_AFC.pm is upgraded to version 5.45 " ...... " 2022-09-08 fixed in assp 2.6.8 *SPAM-Evaporator* build 22251: ..... - the attachment 'NoCheckIf' rule was not working, if the SPF-check or the DKIM-check was skipped because of any condition (noprocessing, whitelisting, ...) " You should switch to the latest fixup version 2.6.7 build 22280 or the latest dev version 2.6.8 build 23002 I also recomment to use the Groups feature: example groups: .... [AttachFullTrust] *@gmail.com *@hotmail.com ... ... example userattach: ~~allowAllSDin=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim .... [AttachFullTrust]=>~~allowAllSDin zip:[AttachFullTrust]=>~~allowAllSDin This way userattach only needs to be changed, if rules changes and a rule change applies to all group members. Rule to user/domain assignment is maintained in 'Groups'. Thomas Von: "Leandro N. Castro - INSETEC Informática" <Lea...@in...> An: "For Users of ASSP" <ass...@li...> Datum: 10.01.2023 14:19 Betreff: [Assp-user] Question about NoCheckIf for trusted domains Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles ,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance. |
From: Leandro N. C. - I. I. <Lea...@in...> - 2023-01-10 13:16:45
|
Hi I’m trying to implement a new policy that allow all attachments from a trusted domain like gmail or hotmail, because many of our contacts use their webmail platforms to send files (for example old msole doc files or some excel macro files). With the idea that the antivirus from hotmail/gmail are trusted, and they use spf and dkim policies. I started to experiment using NoCheckIf functionality in this way (in userattachment.txt): *@gmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim *@hotmail.com=>good-in=>NoCheckIf=SpfDkim,block-in=>NoCheckIf=SpfDkim I have a couple of Centos 7 VMs with ASSP version 2.6.5 *SPAM-Evaporator* build 21218, Plugins ASSP_AFC 5.38 The issue is that work different in two ASSPs (with different domains), for example that one of them still blocked MSOLE files and I should to add the allowed group to the NoCheckIf line ~AllowedFiles => xlsm|xlsx|xls|xlsb|doc|docx|HLMSOLE|MSOM *@hotmail.com=>good-in=>NoCheckIf=SpfDkim|~AllowedFiles,block-in=>NoCheckIf=SpfDkim There is a way to trust in a domain like this who use spf and dkim policies, without to add allowed groups to receive all? Thanks in advance. Leo. |
From: Thomas E. <Tho...@th...> - 2023-01-07 12:46:36
|
Blocking in sense of "human language" is not possible. But you can block by unicode Script and/or unicode Blocks and/or unicode Categories or any other unicode Property in nearly all assp "Perl Regular Expression Filter and Spambomb Detection" e.g. \p{Arabic} same like \p{IsScript:Arabic} \p{Arabic Presentation Forms-A} \p{Arabic Presentation Forms-B} or \p{Bidi_Class:R} which matches all right to left written characters (notice: this matches also hebrew !) \p{Bidi_Class:AL} Arabic letters https://perldoc.perl.org/perlunicode will help you, as well as the assp analyzers "Unicode Analysis:" see also: https://perldoc.perl.org/perluniintro nice explanation: https://www.regular-expressions.info/unicode.html keep in mind: Generally, if you’re not sure whether to use a Unicode script or Unicode block, use the script. Thomas Von: "Eric Germann via Assp-user" <ass...@li...> An: "For Users of ASSP" <Ass...@li...> Kopie: "Eric Germann" <ekg...@se...> Datum: 07.01.2023 04:45 Betreff: [Assp-user] Stop spam in Arabic Is there anyway to tag as spam messages in certain languages? I get all kinds of spam in Arabic. Some makes it to the spam folder and some doesn’t. Wondering if there a way to block it -- Eric Germann ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com LinkedIn: https://www.linkedin.com/in/ericgermann Medium: https://ekgermann.medium.com Twitter: @ekgermann Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712 GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 [Anhang "attoermc.txt" gelöscht von Thomas Eckardt/eck] [Anhang "attiujfv.txt" gelöscht von Thomas Eckardt/eck] |
From: Eric G. <ekg...@se...> - 2023-01-07 03:42:35
|
Is there anyway to tag as spam messages in certain languages? I get all kinds of spam in Arabic. Some makes it to the spam folder and some doesn’t. Wondering if there a way to block it -- Eric Germann ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com LinkedIn: https://www.linkedin.com/in/ericgermann Medium: https://ekgermann.medium.com <https://ekgermann.medium.com/> Twitter: @ekgermann Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712 GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 |
From: <Tho...@th...> - 2022-10-07 09:21:53
|
ASSP version 2.6.7 build 22280 is available as 'quick fix' at '2.6.7 latest fixup' https://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/2.6.7%20latest%20fixup/ To install this build, download assp.pl.gz from the '2.6.7 latest fixup' folder, extract the file, replace assp.pl in your assp folder and restart assp. The fixup folder also contains updates for some plugins. If you use any of the updated plugins, it is recommended to upgrade these plugins before you restart assp (in your assp/Plugins folder) as well! list of very important fixes in the latest builds: - after an upgrade of the perl module Schedule::Cron to version 1.03 the assp scheduler was no longer working - assp now generates 2048 bit RSA keys (instead of 1024 bit) if no SSL-keys/certs are found at startup - griplist uploads and downloads were no longer working, because the sourceforge http server no longer accepts plain http transfer NOTICE: ALL older versions/builds of assp will fail to upload to the griplist server! - statistc uploads were no longer working, because assp used http - now https is used by assp NOTICE: ALL older versions/builds of assp will fail to upload to the stats server! - after talking to the sourceforge support team, an exception is made for assp the assp project at the sourgeforge web-server to accept plain https connections for a short range of time. It is strongly recommended to upgrade your assp installation to the latest version (use this fixup-build)! If the exception is canceled at any time, all older versions of assp will be unable to use griplist and stats. To get a full overview about all fixes and changes, download and read the changelog for the development version 2.6.8 : https://sourceforge.net/p/assp/svn/HEAD/tree/assp2/trunk/changelog.txt Thomas ps: Hopefully a full release upgrade will be available within four weeks. If it is required, the version provided by the assp autoupdate feature will be upgraded before the new full release is available. Members of the ASSP-Global-PenaltyBox network don't have to care about all of this - your assp installation will manage all updates and upgrades for you. |
From: Thomas E. <Tho...@th...> - 2022-09-10 10:46:26
|
ASSP_ARC.pm version ?? assp.pl version ?? ... Only collected mails could be archived! ... make sure the DB field which contains the file name is long enough and can store unicode data (UTF8) post all log lines for a not archived mail Thomas Von: "Geoff Nordli" <ge...@gn...> An: "For Users of ASSP" <ass...@li...> Datum: 09.09.2022 20:28 Betreff: [Assp-user] ASSP_ARC not storing all e-mail Hi. I noticed that ARC is not storing all emails. There doesn't seem to be any settings that would prevent e-mails from being archived and I can't quite narrow it down. Anything I should be looking for? thanks, Geoff _______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user |
From: Geoff N. <ge...@gn...> - 2022-09-09 18:25:37
|
Hi. I noticed that ARC is not storing all emails. There doesn't seem to be any settings that would prevent e-mails from being archived and I can't quite narrow it down. Anything I should be looking for? thanks, Geoff |
From: Eric G. <ekg...@se...> - 2022-09-07 23:40:35
|
This works great. Thanks! Eric > On Sep 6, 2022, at 09:18, K Post <nnt...@gm...> wrote: > > (@|.)wsj.com <http://wsj.com/> > will match @wsj.com <http://wsj.com/> and all subdomains > > FYI, I generally use DKIMWLAddresses where possible, instead of WhitelistedDomains. For a domain like WSJ.com, it's perfect since I know that nearly everything is DKIM signed from (and by) them. > > The (@|.)wsj.com <http://wsj.com/> syntax was suggested Thomas for DKIMWLAddresses, and that should work with WhitelistedDomains too. The wildcard (*) isn't necessary as both DKIMWLAddresses and WhitelistedDomains match the end of the from address. (from the GUI: "Note this matches the end of the address, so if you don't want to match subdomains then include the @.") > > Using DKIMWLAddresses prevents WhitelistedDomains from allowing spoofed mail through. The only time I use WhitelistedDomains is if there's a subdomain that I need to always let through that isn't signed by the sender. > > Hope this helps. > > > > On Tue, Aug 30, 2022 at 7:51 PM Doug Lytle <su...@dr... <mailto:su...@dr...>> wrote: > On 8/30/22 18:02, Robert Ellsworth wrote: >> *.wsj.com <http://wsj.com/> >> On Tue, Aug 30, 2022, 5:21 PM Eric Germann via Assp-user <ass...@li... <mailto:ass...@li...>> wrote: >> If I want to match all subdomains of a domain (@interactive.wsj.com <http://interactive.wsj.com/> as well as @wsj.com <http://wsj.com/>), what is the proper format for the entry in whitedomains.txt > > You'll also need to add @wsj.com <http://wsj.com/> as well. > > Doug > > _______________________________________________ > Assp-user mailing list > Ass...@li... <mailto:Ass...@li...> > https://lists.sourceforge.net/lists/listinfo/assp-user <https://lists.sourceforge.net/lists/listinfo/assp-user> > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user |
From: K P. <nnt...@gm...> - 2022-09-06 13:19:06
|
(@|.)wsj.com will match @wsj.com and all subdomains FYI, I generally use DKIMWLAddresses where possible, instead of WhitelistedDomains. For a domain like WSJ.com, it's perfect since I know that nearly everything is DKIM signed from (and by) them. The (@|.)wsj.com syntax was suggested Thomas for DKIMWLAddresses, and that should work with WhitelistedDomains too. The wildcard (*) isn't necessary as both DKIMWLAddresses and WhitelistedDomains match the end of the from address. (from the GUI: "Note this matches the end of the address, so if you don't want to match subdomains then include the @.") Using DKIMWLAddresses prevents WhitelistedDomains from allowing spoofed mail through. The only time I use WhitelistedDomains is if there's a subdomain that I need to always let through that isn't signed by the sender. Hope this helps. On Tue, Aug 30, 2022 at 7:51 PM Doug Lytle <su...@dr...> wrote: > On 8/30/22 18:02, Robert Ellsworth wrote: > > *.wsj.com > > On Tue, Aug 30, 2022, 5:21 PM Eric Germann via Assp-user < > ass...@li...> wrote: > >> If I want to match all subdomains of a domain (@interactive.wsj.com as >> well as @wsj.com), what is the proper format for the entry in >> whitedomains.txt >> > > You'll also need to add @wsj.com as well. > > Doug > > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > |
From: Doug L. <su...@dr...> - 2022-08-30 23:50:21
|
On 8/30/22 18:02, Robert Ellsworth wrote: > *.wsj.com <http://wsj.com> > > On Tue, Aug 30, 2022, 5:21 PM Eric Germann via Assp-user > <ass...@li...> wrote: > > If I want to match all subdomains of a domain > (@interactive.wsj.com <http://interactive.wsj.com> as well as > @wsj.com <http://wsj.com>), what is the proper format for the > entry in whitedomains.txt > You'll also need to add @wsj.com as well. Doug |
From: Robert E. <ell...@gm...> - 2022-08-30 22:02:39
|
*.wsj.com On Tue, Aug 30, 2022, 5:21 PM Eric Germann via Assp-user < ass...@li...> wrote: > If I want to match all subdomains of a domain (@interactive.wsj.com as > well as @wsj.com), what is the proper format for the entry in > whitedomains.txt > > --- > Eric Germann > ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com > LinkedIn: https://www.linkedin.com/in/ericgermann > Medium: https://ekgermann.medium.com > Twitter: @ekgermann > Telegram || Signal || Skype || Phone +1 {dash} 419 {dash} 513 {dash} 0712 > > GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1 > > > > > > > > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > |