Delay failing in 1.3.1 ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Delay failing in 1.3.1 ?

Miguel Angel Mtz
Hello, recently updated to 1.3.1 from 1.2.6 an noted that i have too many attacks (in 1.2.6 whre stoped correctly) i have enabled delaying, RBL, SPF, IP per deomain limits, and this kind of attak don't stop! i have 1000s can you tell me why? I tryed to answer 250 ok from penalty error, but without luck

Please help

May-28-07 04:32:01 Limiting domain/ip: @modelspacenyc.com/196.202.14.97  (112 >= 4)
May-28-07 04:32:01 id-03447213 196.202.14.97 <[hidden email]> PB: 196.202.14.97
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:32:01 Limiting domain/ip: @regions.com/201.3.93.76  (8 >= 4)
May-28-07 04:32:01 id-03447214 201.3.93.76 <[hidden email]> PB:
                   201.3.93.76 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:28 Limiting domain/ip: @regions.com/85.178.214.5  (9 >= 4)
May-28-07 04:32:28 id-03447488 85.178.214.5 <[hidden email]> PB:
                   85.178.214.5 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:52 Limiting domain/ip: @modelspacenyc.com/80.98.68.83  (113 >= 4)
May-28-07 04:32:52 id-03447723 80.98.68.83 <[hidden email]> PB: 80.98.68.83
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:55 Limiting domain/ip: @regions.com/87.0.21.207  (10 >= 4)
May-28-07 04:32:55 id-03447754 87.0.21.207 <[hidden email]> PB:
                   87.0.21.207 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:04 Limiting domain/ip: @modelspacenyc.com/194.208.162.82  (114 >= 4)
May-28-07 04:33:04 id-03447845 194.208.162.82 <[hidden email]> PB: 194.208.162.82
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:14 Limiting domain/ip: @modelspacenyc.com/85.102.109.62  (115 >= 4)
May-28-07 04:33:14 id-03447949 85.102.109.62 <[hidden email]> PB: 85.102.109.62
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:15 Limiting domain/ip: @modelspacenyc.com/81.49.114.171  (116 >= 4)
May-28-07 04:33:15 id-03447951 81.49.114.171 <[hidden email]> PB: 81.49.114.171
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:21 Admin connection from 189.138.125.102:4454; page:/edit; reading
                   file:listas/frases_noprocesar.txt
May-28-07 04:33:41 Limiting domain/ip: @regions.com/82.53.93.147  (11 >= 4)
May-28-07 04:33:41 id-03448215 82.53.93.147 <[hidden email]> PB:
                   82.53.93.147 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:54 Limiting domain/ip: @modelspacenyc.com/87.202.54.117  (117 >= 4)
May-28-07 04:33:54 id-03448348 87.202.54.117 <[hidden email]> PB: 87.202.54.117
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:15 Limiting domain/ip: @modelspacenyc.com/207.68.253.23  (118 >= 4)
May-28-07 04:34:15 id-03448550 207.68.253.23 <[hidden email]> PB: 207.68.253.23
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:18 Limiting domain/ip: @modelspacenyc.com/71.241.164.243  (119 >= 4)
May-28-07 04:34:18 id-03448581 71.241.164.243 <[hidden email]> PB: 71.241.164.243
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:11 Limiting domain/ip: @modelspacenyc.com/65.188.203.244  (120 >= 4)
May-28-07 04:35:11 id-03449110 65.188.203.244 <[hidden email]> PB: 65.188.203.244
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:14 Limiting domain/ip: @modelspacenyc.com/81.213.111.213  (121 >= 4)
May-28-07 04:35:14 id-03449141 81.213.111.213 <[hidden email]> PB: 81.213.111.213
                   score: 0+150 => 150 reason:LimitingDomain


       
       
               
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Miguel Angel Mtz
I downgraded to 1.2.6 and the attack stoped.

I really like the new version 1.3.1 is so complete, I'm reading the source code and I guess that delay is after PB, RBL, Session IP, Limit IP, i think that delay need to be the first thing to check.

Antother thik to say, about localdomain, I left unactivated to let my mailserver do this, but i see that if is not active a message have to pass for all the filters and then the mailserver decide if is local or not. I will try to upgrade again to 1.3.1 with localdomains active and see what happen


----- Mensaje original ----
De: Miguel Angel Mtz <[hidden email]>
Para: ASSP Development Discussion <[hidden email]>
Enviado: lunes, 28 de mayo, 2007 4:47:12
Asunto: [Assp-devel] Delay failing in 1.3.1 ?


Hello, recently updated to 1.3.1 from 1.2.6 an noted that i have too many attacks (in 1.2.6 whre stoped correctly) i have enabled delaying, RBL, SPF, IP per deomain limits, and this kind of attak don't stop! i have 1000s can you tell me why? I tryed to answer 250 ok from penalty error, but without luck

Please help

May-28-07 04:32:01 Limiting domain/ip: @modelspacenyc.com/196.202.14.97  (112 >= 4)
May-28-07 04:32:01 id-03447213 196.202.14.97 <[hidden email]> PB: 196.202.14.97
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:32:01 Limiting domain/ip: @regions.com/201.3.93.76  (8 >= 4)
May-28-07 04:32:01 id-03447214 201.3.93.76 <[hidden email]> PB:
                   201.3.93.76 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:28 Limiting domain/ip: @regions.com/85.178.214.5  (9 >= 4)
May-28-07 04:32:28 id-03447488 85.178.214.5 <[hidden email]> PB:
                   85.178.214.5 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:52 Limiting domain/ip: @modelspacenyc.com/80.98.68.83  (113 >= 4)
May-28-07 04:32:52 id-03447723 80.98.68.83 <[hidden email]> PB: 80.98.68.83
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:55 Limiting domain/ip: @regions.com/87.0.21.207  (10 >= 4)
May-28-07 04:32:55 id-03447754 87.0.21.207 <[hidden email]> PB:
                   87.0.21.207 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:04 Limiting domain/ip: @modelspacenyc.com/194.208.162.82  (114 >= 4)
May-28-07 04:33:04 id-03447845 194.208.162.82 <[hidden email]> PB: 194.208.162.82
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:14 Limiting domain/ip: @modelspacenyc.com/85.102.109.62  (115 >= 4)
May-28-07 04:33:14 id-03447949 85.102.109.62 <[hidden email]> PB: 85.102.109.62
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:15 Limiting domain/ip: @modelspacenyc.com/81.49.114.171  (116 >= 4)
May-28-07 04:33:15 id-03447951 81.49.114.171 <[hidden email]> PB: 81.49.114.171
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:21 Admin connection from 189.138.125.102:4454; page:/edit; reading
                   file:listas/frases_noprocesar.txt
May-28-07 04:33:41 Limiting domain/ip: @regions.com/82.53.93.147  (11 >= 4)
May-28-07 04:33:41 id-03448215 82.53.93.147 <[hidden email]> PB:
                   82.53.93.147 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:54 Limiting domain/ip: @modelspacenyc.com/87.202.54.117  (117 >= 4)
May-28-07 04:33:54 id-03448348 87.202.54.117 <[hidden email]> PB: 87.202.54.117
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:15 Limiting domain/ip: @modelspacenyc.com/207.68.253.23  (118 >= 4)
May-28-07 04:34:15 id-03448550 207.68.253.23 <[hidden email]> PB: 207.68.253.23
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:18 Limiting domain/ip: @modelspacenyc.com/71.241.164.243  (119 >= 4)
May-28-07 04:34:18 id-03448581 71.241.164.243 <[hidden email]> PB: 71.241.164.243
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:11 Limiting domain/ip: @modelspacenyc.com/65.188.203.244  (120 >= 4)
May-28-07 04:35:11 id-03449110 65.188.203.244 <[hidden email]> PB: 65.188.203.244
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:14 Limiting domain/ip: @modelspacenyc.com/81.213.111.213  (121 >= 4)
May-28-07 04:35:14 id-03449141 81.213.111.213 <[hidden email]> PB: 81.213.111.213
                   score: 0+150 => 150 reason:LimitingDomain


   
   
       
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel


       
       
               
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Miguel Angel Mtz
In reply to this post by Miguel Angel Mtz
Ok, don't work 1.3.1 with localdomains active.
Attack began after upgrade 1.3.1 again
Downgrade to 1.2.6 again attack stops

I saw my Firewall logs and noted that the IP that send is different from ASSP show as source. there is a way to catch the real IP and if they says that is from another IP terminate connection?

Thanks



----- Mensaje original ----
De: Miguel Angel Mtz <[hidden email]>
Para: ASSP Development Discussion <[hidden email]>
Enviado: lunes, 28 de mayo, 2007 23:57:55
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


I downgraded to 1.2.6 and the attack stoped.

I really like the new version 1.3.1 is so complete, I'm reading the source code and I guess that delay is after PB, RBL, Session IP, Limit IP, i think that delay need to be the first thing to check.

Antother thik to say, about localdomain, I left unactivated to let my mailserver do this, but i see that if is not active a message have to pass for all the filters and then the mailserver decide if is local or not. I will try to upgrade again to 1.3.1 with localdomains active and see what happen


----- Mensaje original ----
De: Miguel Angel Mtz <[hidden email]>
Para: ASSP Development Discussion <[hidden email]>
Enviado: lunes, 28 de mayo, 2007 4:47:12
Asunto: [Assp-devel] Delay failing in 1.3.1 ?


Hello, recently updated to 1.3.1 from 1.2.6 an noted that i have too many attacks (in 1.2.6 whre stoped correctly) i have enabled delaying, RBL, SPF, IP per deomain limits, and this kind of attak don't stop! i have 1000s can you tell me why? I tryed to answer 250 ok from penalty error, but without luck

Please help

May-28-07 04:32:01 Limiting domain/ip: @modelspacenyc.com/196.202.14.97  (112 >= 4)
May-28-07 04:32:01 id-03447213 196.202.14.97 <[hidden email]> PB: 196.202.14.97
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:32:01 Limiting domain/ip: @regions.com/201.3.93.76  (8 >= 4)
May-28-07 04:32:01 id-03447214 201.3.93.76 <[hidden email]> PB:
                   201.3.93.76 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:28 Limiting domain/ip: @regions.com/85.178.214.5  (9 >= 4)
May-28-07 04:32:28 id-03447488 85.178.214.5 <[hidden email]> PB:
                   85.178.214.5 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:52 Limiting domain/ip: @modelspacenyc.com/80.98.68.83  (113 >= 4)
May-28-07 04:32:52 id-03447723 80.98.68.83 <[hidden email]> PB: 80.98.68.83
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:55 Limiting domain/ip: @regions.com/87.0.21.207  (10 >= 4)
May-28-07 04:32:55 id-03447754 87.0.21.207 <[hidden email]> PB:
                   87.0.21.207 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:04 Limiting domain/ip: @modelspacenyc.com/194.208.162.82  (114 >= 4)
May-28-07 04:33:04 id-03447845 194.208.162.82 <[hidden email]> PB: 194.208.162.82
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:14 Limiting domain/ip: @modelspacenyc.com/85.102.109.62  (115 >= 4)
May-28-07 04:33:14 id-03447949 85.102.109.62 <[hidden email]> PB: 85.102.109.62
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:15 Limiting domain/ip: @modelspacenyc.com/81.49.114.171  (116 >= 4)
May-28-07 04:33:15 id-03447951 81.49.114.171 <[hidden email]> PB: 81.49.114.171
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:21 Admin connection from 189.138.125.102:4454; page:/edit; reading
                   file:listas/frases_noprocesar.txt
May-28-07 04:33:41 Limiting domain/ip: @regions.com/82.53.93.147  (11 >= 4)
May-28-07 04:33:41 id-03448215 82.53.93.147 <[hidden email]> PB:
                   82.53.93.147 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:54 Limiting domain/ip: @modelspacenyc.com/87.202.54.117  (117 >= 4)
May-28-07 04:33:54 id-03448348 87.202.54.117 <[hidden email]> PB: 87.202.54.117
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:15 Limiting domain/ip: @modelspacenyc.com/207.68.253.23  (118 >= 4)
May-28-07 04:34:15 id-03448550 207.68.253.23 <[hidden email]> PB: 207.68.253.23
                   score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:18 Limiting domain/ip: @modelspacenyc.com/71.241.164.243  (119 >= 4)
May-28-07 04:34:18 id-03448581 71.241.164.243 <[hidden email]> PB: 71.241.164.243
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:11 Limiting domain/ip: @modelspacenyc.com/65.188.203.244  (120 >= 4)
May-28-07 04:35:11 id-03449110 65.188.203.244 <[hidden email]> PB: 65.188.203.244
                   score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:14 Limiting domain/ip: @modelspacenyc.com/81.213.111.213  (121 >= 4)
May-28-07 04:35:14 id-03449141 81.213.111.213 <[hidden email]> PB: 81.213.111.213
                   score: 0+150 => 150 reason:LimitingDomain


   
   
       
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel


   
   
       
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel


      Llama gratis a cualquier PC del mundo.
Con una excelente calidad de sonido.
http://mx.messenger.yahoo.com/

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Fritz Borgstedt
In reply to this post by Miguel Angel Mtz
ASSP Development Discussion <[hidden email]>
schreibt:
>I really like the new version 1.3.1 is so complete, I'm reading the
>source code and I guess that delay is after PB, RBL, Session IP,
>Limit IP, i think that delay need to be the first thing to check.

It is done immediately when the necessary informations has arrived.
RBL is not before Delaying, RBL-Cache is.

fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Fritz Borgstedt
In reply to this post by Miguel Angel Mtz
What is in your smtpDestination field?



fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Miguel Angel Mtz
In reply to this post by Miguel Angel Mtz
I have my mailserver on localhost 127.0.0.1:25


Internet/Myusers -> ASSP publicIP:25 -> mailenable (127.0.0.1:25) - > UserInbox



scripts -> Mailenable(127.0.0.1) otherpublicIP -> Internet (Outbound)



----- Mensaje original ----
De: Fritz Borgstedt <[hidden email]>
Para: ASSP Development Discussion <[hidden email]>
Enviado: martes, 29 de mayo, 2007 16:11:18
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


What is in your smtpDestination field?



fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel


      Llama gratis a cualquier PC del mundo.
Con una excelente calidad de sonido.
http://mx.messenger.yahoo.com/

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel
Reply | Threaded
Open this post in threaded view
|

Re: Delay failing in 1.3.1 ?

Miguel Angel Mtz
In reply to this post by Miguel Angel Mtz
Sorry, smtpDestination 127.0.0.1:25



----- Mensaje original ----
De: Fritz Borgstedt <[hidden email]>
Para: ASSP Development Discussion <[hidden email]>
Enviado: martes, 29 de mayo, 2007 16:11:18
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


What is in your smtpDestination field?



fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel


       
       
               
___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx 


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-devel