From: Robert S. <rrs...@ya...> - 2007-07-23 14:31:18
|
I can't take all the credit for this as someone had noticed this before and had a fix. The regex attributes on BombHeader was changed from /is to just /i. In my case this caused all emails to hit on the BombHeader rule which all of my Regex's have been modified so as to incure no false positives so I trust them completely to discarding. However I did have them cc'd so luckily I was able to catch it quickly. In assp.pl the following line can be modified to put things back the way they were: [bombHeaderRe,'BombHeaader Regular Expression to Identify Spam in Header*',80,textinput,'\d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\d','(.*)',ConfigCompileRei, change to [bombHeaderRe,'BombHeaader Regular Expression to Identify Spam in Header*',80,textinput,'\d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\d','(.*)',ConfigCompileRe, I thought I had seen a email reply that this was changed back in 1.3.4(10). However I have been unable to download that version. The beta site shows 1.3.4(10) although after downloading it still shows 1.3.4(8) without the above change. http://www.iworld.de/homes/fb/ASSP/S05EDA290 Hmmm.. Above page now shows 1.3.4(11) but I'm still getting 1.3.4(8)... I also get 1.3.2(53) instead of 1.3.3 as it shows it should be on the other page. Anyway, the above fix should stop the false bombheaders. Rile ----- Original Message ---- From: James Brown <jl...@bo...> To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <ass...@li...> Sent: Sunday, July 22, 2007 8:37:31 PM Subject: Re: [Assp-user] BombHeaderRe:'' Thanks Dave. I thought of that just after I sent the email. I've now set it to 2, logging, so that I'll be able to run it through the Mail Analyzer to work out exactly what is happening. Ie what triggers the regex. Thanks, James. On 23/07/2007, at 11:29 AM, Dave Emory wrote: > Set DoBombHeaderRe = 0. > > ----- Original Message ----- > From: James Brown > To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy > Sent: Sunday, July 22, 2007 6:07 PM > Subject: [Assp-user] BombHeaderRe:'' > > > I am getting lots of emails blocked by BombHearderRe: > > > Jul-23-07 09:47:49 [BombHeader] id-8068c11086 209.104.37.135 > <ntf-202934_5-74412479-user_=_BO...@re...> to: > us...@bo... BombHeaderRe:'' > > > Jul-23-07 09:53:09 [BombHeader] id-8389c12337 61.8.115.193 > <jen...@gl...> to: us...@bo... BombHeaderRe:'' > Glenfords_Discount_Tool_Centres_Head_Office_ > > > I am using the default bombHeaderRe of: > > > \d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+ > \d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\d > > > Any suggestions as to how to fix this? > > > Thanks, > > > James. > > > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user > > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a > browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Assp-user mailing list > Ass...@li... > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Assp-user mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-user ____________________________________________________________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC |