Timeout of ispip

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Timeout of ispip

Matti Haack
Hello,

As I din't ger any reply on this, I post it again:


I   am   not   shure  if  my  Problem  is  connectet  to  the  version
(1.3.3.2(38)) or a
general setup problem, so I postet it to the test list.
I am not shure, but I don't think that I had this problem in (26)

It  looks as mails from an relaying server in ispip get stuck if it is
in BombDataRegEx

85.10.201.53 is in ispip
I  had  to remove some letters from the BombDataRegEx in the log, as it was blocked by
the mailing list - it was these litte blue pill -
The mail was already tagged as spam from the relaying Spamassasin.

Aug-17-07 10:29:54 id-9394c12012 85.10.201.53 <> to: [hidden email] recipient accepted: [hidden email]
Aug-17-07 10:29:55 id-9394c12012 85.10.201.53 <> to: [hidden email] Message-Score: 0+15 (bombSuspiciousRe)
Aug-17-07 10:29:55 id-9394c12012 85.10.201.53 <> to: [hidden email]  Regex:Suspicious 'X-Spam-Level: *****'
Aug-17-07 10:29:55 [BombData][scoring] id-9394c12012 85.10.201.53 <> to: [hidden email] scoring BombDataRegEx: 'Via '
Aug-17-07 10:29:55 [BombData][scoring] id-9394c12012 85.10.201.53 <> to: [hidden email] Message-Score: 15+80 (BombData)
Aug-17-07 10:29:55 [URIBL][montoring] id-9394c12012 85.10.201.53 <> to: [hidden email] URIBL montoring Received-URIBL: pass
Aug-17-07 10:29:55 [MessageLimit] id-9394c12012 85.10.201.53 <> to: [hidden email] Message Limit  _SPAM_failure_notice_

The connection stays open until timeout. No further logentry with id id-9394c12012


Matti






-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Registergericht Passau HRB 5678
USt. ID: DE195625715



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Fritz Borgstedt
[hidden email] schreibt:
>Aug-17-07 10:29:55 [MessageLimit] id-9394c12012 85.10.201.53 <> to:
>[hidden email] Message Limit  _SPAM_failure_notice_
>
>The connection stays open until timeout. No further logentry with id
>id-9394c12012

But the MessageLimit  log entry is the normal last log entry for that
method of blocking.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Matti Haack
Yes, but
a)  the connection still stays open (inactiv), until the timeout. So I
have  lots  of  open connections from my relay server, which slows down
ASSP sometimes so mauch, that it would not process any other request.

b)  the server is in ISPIP and is a relaying server - which should not
produce  any  bounces, if he accepted the mail once.
So  it  would be good if ASSP would mark these
mails  as  SPAM and accept them anyway.
Now it will be retried from my relaying server again and again until
it got bounced from the relaying server.

Is there a way to prevent servers in Ispip from getting blocked (beside
puting it into NoProcessing)?

matti





> [hidden email] schreibt:
>>Aug-17-07 10:29:55 [MessageLimit] id-9394c12012 85.10.201.53 <> to:
>>[hidden email] Message Limit  _SPAM_failure_notice_
>>
>>The connection stays open until timeout. No further logentry with id
>>id-9394c12012

> But the MessageLimit  log entry is the normal last log entry for that
> method of blocking.


> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test


-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Registergericht Passau HRB 5678
USt. ID: DE195625715



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Fritz Borgstedt
check your bomb settings

Do Regular Expressions Checks for Local Mails ?????


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Matti Haack
No,

bombrelocal is unchecked

Matti
> check your bomb settings

> Do Regular Expressions Checks for Local Mails ?????


> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test


-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Registergericht Passau HRB 5678
USt. ID: DE195625715



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Matti Haack
In reply to this post by Fritz Borgstedt
Attached are my changed defaults:

S e c t i o n: Network Setup
listenPort -- SMTP Listen Port: 25  
SMTPDESTINATION -- SMTP Destination: 127.0.0.1:225 (Default: 125)
smtpDestinationRT -- SMTP Destination Routing Table**:  
LISTENPORT2 -- Second SMTP Listen Port: 125 (Default: )
smtpAuthServer -- Second SMTP Destination:  
EnforceAuth -- Force SMTP AUTH on Second SMTP Listen Port:  
smtpReportServer -- SMTP Reporting Destination:  
S e c t i o n: SMTP Session Limits
MAXERRORS -- Maximum Errors Per Session: 3 (Default: 10)
maxSMTPSessions -- Maximum Sessions: 32  
MAXSMTPIPSESSIONS -- Maximum Sessions Per IP Address: 10 (Default: 5)
MAXSMTPIPCONNECTS -- Maximum SMTP Connections Per IP Address Frequency: 30 (Default: 5)
MAXSMTPIPDURATION -- Maximum SMTP Connections Per IP Address Frequency Duration: 60 (Default: 90)
MAXSMTPIPEXPIRATION -- Maximum SMTP Connections Per IP Address Frequency Expiration: 300 (Default: 3600)
MAXSMTPDOMAINIP -- Limit Subnet IPs  Per Domain : 20 (Default: 0)
maxSMTPdomainIPExpiration -- Limit Different IPs  Per Domain Expiration: 7200  
maxSMTPdomainIPWL -- Do Not Limit Different IPs For These Domains*: yahoo.com|hotmail.com  
SMTPIDLETIMEOUT -- SMTP Idle Timeout: 60 (Default: 300)
S e c t i o n: SPAM Control
blackRe -- BlackRe - Regular Expression to Identify Spam* : file:identspam.txt  
redRe -- Regular Expression to Identify Redlisted Mail*: file:redre.txt  
SpamGTUBE -- Generic Test for Unsolicited Bulk Email: XJS\*C4JDBQADN1.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C.34X  
SPAMERROR -- Spam Error: 500 Mail appears to be unsolicited spam -- send error reports to [hidden email] (Default: 554 5.7.1 Mail appears to be unsolicited -- send error reports to [hidden email])
blackListedDomains -- Blacklisted Addresses/Domains*: file:blacklistedDomains.txt  
contentOnlyRe -- Regular Expression to Set Contents Only Checks*:  
noGriplistUpload -- Don't Upload Griplist Stats:  
noGriplistDownload -- Don't auto-download the Griplist file:  
ADDSPAMPROBHEADER -- Add Spam Probability Header: 1 (Default: 0)
ADDINTENDEDFORHEADER -- Add Envelope-Recipient Header: 1 (Default: 0)
NoExternalSpamProb -- Block Outgoing Spam-Prob header: 1  
AddSpamHeader -- Add Spam Header: 1  
AddCustomHeader -- Add Custom Header: X-SMSMSE-SCL: 9  
AddLevelHeader -- Add Graphical Level Header: 1  
CUSTOMIZESTARS -- Customize Graphical Level Header: 10 (Default: 5)
AddSpamReasonHeader -- Add Spam Reason Header: 1  
S e c t i o n: CC Mail
sendAllSpam -- Copy Spam and Send to this Address:  
ccMaxBytes -- Restricts Copy Spam to MaxBytes: 1  
ccSpamFilter -- Copy Spam Filter*:  
ccSpamAlways -- Copy Spam to these Recipients always*:  
sendAllPostmaster -- Catchall Address for Postmaster Mail:  
sendAllPostmasterNP -- Skip Spam Checks for Postmaster Catchall:  
sendAllAbuse -- Catchall Address for Abuse Mail: [hidden email]
sendAllAbuseNP -- Skip Spam Checks for Abuse Catchall: 1  
sendAllDestination -- Copy Mail SMTP Destination:  
SPAMSUBJECTCC -- Prepend Spam Subject to Copied Spam: 1 (Default: 0)
spamTagCC -- Prepend Spam Tag to Copied Spam: 1  
sendHamInbound -- Copy Incoming Not-Spam and Send to this Address:  
sendHamOutbound -- Copy Outgoing Not-Spam and Send to this Address:  
ccHamFilter -- Copy Not-Spam Filter*:  
S e c t i o n: SPAM Lover/No Processing
spamLovers -- All Spam-Lover*:
spamHaters -- All Spam-Haters*:  
baysSpamLovers -- Bayesian Spam-Lover*: file:baysianlovers.txt  
baysSpamHaters -- Bayesian Spam-Hater*:  
blSpamLovers -- Blacklisted Spam-Lover*:  
bombSpamLovers -- Bomb Spam-Lover*:  
hlSpamLovers -- HELO Blacklisted Spam-Lover*:
attachSpamLovers -- Bad Attachment Spam-Lover*:  
spfSpamLovers -- SPF Failures Spam-Lover*:  
rblSpamLovers -- DNSBL Failures Spam-Lover*: file:spamlovers-rbl.txt  
uriblSpamLovers -- URIBL Failures Spam-Lover*:  
srsSpamLovers -- Not SRS Signed Bounces Spam-Lover *:  
delaySpamLovers -- No Delaying Spam-Lover*:  
isSpamLovers -- Invalid Sender Spam-Lover*: file:spamlovers-rfc.txt  
mxaSpamLovers -- Missing MX/A Spam-Lover*:  
ptrSpamLovers -- Invalid/Missing PTR Spam-Lover*:  
pbSpamLovers -- Penalty Box Blocking Spam-Lover *: file:spamlovers-pb.txt  
slRe -- Regular Expression to Identify Spam-Lover*:  
slScoringMode -- Message Scoring: 1  
SPAMSUBJECTSL -- Suppress Spam Subject and Tag to Spam-Lover-mail: 1 (Default: 0)
noProcessing -- Unprocessed Addresses*: [hidden email]  
noProcessingDomains -- No Processing Domains*: sourceforge.net  
noProcessingIPs -- Unprocessed IPs*: file:files/ipnp.txt  
npRe -- Regular Expression to Identify No Processing Mail*: lists\.sourceforge\.net  
NPSIZE -- No Processing for Messages  larger this SIZE: 100000 (Default: 500000)
processOnlyAddresses -- Process Only
Addresses*:  
poTestMode -- Enable Process Only Addresses:  
S e c t i o n: Whitelisting
whiteRe -- Regular Expression to Identify Non-Spam* : file:nospamregex.txt  
whiteListedIPs -- Whitelisted IPs*: file:files/ipwl.txt  
whiteListedDomains -- Whitelisted Domains*: file:whitelist.txt  
VALIDATERWL -- Enable Realtime Whitelist Validation: 1 (Default: 0)
RWLServiceProvider -- RWL Service Providers*: file:data/lists/RWLServiceProvider.txt  
RWLMAXREPLIES -- Maximum Replies: 5 (Default: 3)
RWLminhits -- Minimum Hits: 1  
RWLMAXTIME -- Maximum Time: 5 (Default: 10)
AddRWLHeader -- Add X-Assp-Received-RWL Header: 1  
NORWL -- Don't Validate RWL for these IPs*: 127.0.0.1 (Default: )
MAXWHITELISTDAYS -- Max Whitelist Days: 365 (Default: 180)
WhitelistOnly -- Reject All But Whitelisted Mail:  
NoMaillog -- Don't log mail:  
NoAutoWhite -- Only Email-Interface Addition to Whitelist.:  
NotGreedyWhitelist -- Only the envelope-sender is added/compared to the whitelist:  
WHITELISTLOCALONLY -- Only local or authenticated users contribute to the whitelist.: 1 (Default: 0)
WHITELISTLOCALFROMONLY -- Only users with a local domain in mailfrom contribute to the whitelist.: 1 (Default: 0)
WHITELISTAUTH -- Whitelist authenticated users.: 1 (Default: 0)
UpdateWhitelist -- Save Whitelist: 3600  
S e c t i o n: Relaying
acceptAllMail -- Accept All Mail* : file:acceptmail.txt  
localDomains -- Local Domains*: file:domains.txt  
nolocalDomains -- Skip Local Domain Check:  
ldLDAP -- Do LDAP lookup for local domains:  
ispip -- ISP/Secondary MX Servers*: file:relayfor.txt  
ispgreyvalue -- ISP/Secondary MX Grey Value: 0.5  
BounceSenders -- Bounce Senders*: postmaster|mailer-daemon  
PopB4SMTPFile -- Pop Before SMTP DB File:  
PopB4SMTPMerak -- Pop Before SMTP Merak Style:  
relayHost -- :  
relayPort -- Relay Port:  
relayPortNP -- Relay Port Noprocessing:  
NoRelaying -- : 530 Relaying not allowed - Benutzen Sie SMTP-Auth (Benutzername u. Password wie bei POP3) wenn Sie über mail.internethit.de Emails versenden möchten.  
defaultLocalHost -- Default Local Host:  
localDomainsFile -- Local Domains File:  
relayHostFile -- Relay Host File - OBSOLETE:  
S e c t i o n: Validate Local Addresses
DoRFC822 -- Validate local addresses to conform with RFC 822: 1  
DoLocalSender -- Do Local Addresses Check for Local Sender :  
DoLDAP -- Do LDAP lookup for valid local addresses:  
LocalAddresses_Flat -- Lookup valid Local Addresses from here*: file:users.txt  
LOCALADDRESSESVALID -- Accept Remote Sender with  Valid Local Addresses : 1 (Default: 0)
CatchAll -- Send Invalid Recipients To This Address*:  
InternalAddresses -- Accept Mail from Local Domains only*:  
SepChar -- Separation Character for Subaddressing: +  
NoValidRecipient -- No-Valid-Local-User Reply: 550 5.1.1 User unknown - Sorry, but <EMAILADDRESS> is no valid user.  
S e c t i o n: Penalty Box
DoPenalty -- Penalty Box : 2  
DoPenaltyMessage -- Message Mode: 1  
PENALTYMESSAGELOW -- Low Threshold for Combined Scores per Message: 39 (Default: 40)
PENALTYMESSAGELIMIT -- High Threshold for Combined Scores per Message: 79 (Default: 50)
NOPB -- Don't do Black Box for these IP's* : 85.10.201.53 (Default: )
AddScoringHeader -- Add PB Scoring Header: 1  
pbdb -- Penalty Box Database: pb/pbdb  
spamtrapaddresses -- Penalty Trap Addresses * : file:spamtrapblock.txt  
sendAllTraps -- Catchall Address for Trap Addresses:  
PenaltyUseNetblocks -- Use IP Netblocks:  
PENALTYERROR -- Penalty Reply: 554 5.7.1 Error You are on the Penalty list because you violated our Anti-Spam policy. Ihre IP Adresse wurde vorrübergehend gesperrt. Verwenden Sie SMTP-Auth und ueberpruefen Sie die einstellungen Ihres eMail Servers. (Default: )
PENALTYDURATION -- Scoring Interval: 1440 (Default: 60)
PENALTYLIMIT -- Threshold: 120 (Default: 50)
PenaltyExpiration -- Expiration Time: 360  
PENALTYEXTREME -- Extreme Threshold: 250 (Default: 150)
DoExtremeWL -- Penalize Whitelisted:  
DoExtremeNP -- Penalize NonProcessing:  
ExtremeExpiration -- Expiration Time for Extreme Penalties: 7  
WHITEEXPIRATION -- Expiration Time for WhiteBox Entries: 30 (Default: 90)
exportExtremeFile -- Exported Penalty Black Box Extreme IPs *:  
denyUseNetblocks -- Use IP Netblocks in Deny Connections: 1  
exportExtremeFileAppend -- Append Exported Extreme File:  
EXPORTEXTREMEFILEMAX -- Maximum Entries in Extreme File: 10000 (Default: 100000)
exportExtremeFileDeny -- Use Exported Extreme File for SMTP Denying:  
denySMTPConnectionsFrom -- Deny SMTP Connections from these IP's*:  
denySMTPConnectionsFromAlways -- Always Deny SMTP Connections from these IP's*:  
DoNotPenalizeRed -- Do Not Penalize Redlisted Mails:  
DoNotPenalizeBounces -- Do Not Penalize Bounced Mails: 1  
BAVALENCEPB -- Bad Attachment: 30 (Default: 20)
SATVALENCEPB -- Scoring Attachment*: 25 (Default: 20)
BAYSVALENCEPB -- Bayesian*: 40 (Default: 45)
BLACKVALENCEPB -- BlackRe Expression*: 30 (Default: 20)
BLVALENCEPB -- Blacklisted Domain: 45 (Default: 20)
BOMBVALENCEPB -- Bomb Expression: 80 (Default: 25)
bombTestValencePB -- Bomb Test Expression: 0  
BOMBSUSPICIOUSVALENCEPB -- Bomb Scoring Only Expression*: 15 (Default: 20)
ERVALENCEPB -- Empty Recipients**: 31 (Default: 5)
FHVALENCEPB -- Forged HELO: 30 (Default: 150)
FLVALENCEPB -- Forged Local Sender: 30 (Default: 20)
HLVALENCEPB -- Blacklisted HELO: 80 (Default: 20)
IAVALENCEPB -- Internal Only Address: 30 (Default: 25)
IDVALENCEPB -- IP Subnet Changing Per Domain**: 20 (Default: 150)
IFVALENCEPB -- Connection per IP Frequency Limit**: 71 (Default: 150)
IHVALENCEPB -- Invalid HELO: 30 (Default: 20)
ILVALENCEPB -- Parallel Sessions per IP Limit**: 5 (Default: 10)
IRVALENCEPB -- Invalid Recipient: 31 (Default: 5)
MEVALENCEPB -- Max Errors Exceeded**: 40 (Default: 15)
MXVALENCEPB -- Missing MX/A Record: 35 (Default: 20)
PTVALENCEPB -- Missing/Invalid PTR Record: 35 (Default: 20)
RBLNVALENCEPB -- DNSBL Neutral: 0 (Default: 25)
RBLVALENCEPB -- DNSBL Failed: 45 (Default: 100)
RLVALENCEPB -- Failed Relay Attempt**: 25 (Default: 15)
saValencePB -- Spam Collect Address**: 25  
SCRIPTVALENCEPB -- Script Expression: 30 (Default: 25)
SPFNVALENCEPB -- SPF Neutral: 0 (Default: 5)
SPFSVALENCEPB -- SPF Softfailed: 15 (Default: 5)
SPFVALENCEPB -- SPF Failed: 35 (Default: 10)
STVALENCEPB -- Penalty Trap Address**: 25 (Default: 50)
URIBLNVALENCEPB -- URIBL Neutral*: 0 (Default: 20)
URIBLVALENCEPB -- URIBL Failed*: 35 (Default: 20)
URIMAXVALENCEPB -- Max URIs exceeded*: 15 (Default: 20)
URIOBFVALENCEPB -- URI Obfuscated*: 35 (Default: 20)
vsValencePB -- Virus suspicious*: 25  
VDVALENCEPB -- Virus detected: 80 (Default: 50)
S e c t i o n: Validate Sender
USEHELOBLACKLIST -- Use the Helo Blacklist: 1 (Default: 3)
DoFakedLocalHelo -- Block Forged Helos: 1  
DOFAKEDWL -- Do Not Block Whitelisted: 1 (Default: )
DoFakedNP -- Do Not Block Noprocessing:  
myServerRe -- Local IP's and Hostnames*: mail.internethit.de|internethit.de|internethit.info|mail.internethit.info|212.227.101.191|82.165.35.80  
heloBlacklistIgnore -- Don't block these HELO's*: file:helo-white.txt  
DOVALIDFORMATHELO -- Validate Format of HELOs: 1 (Default: 3)
validFormatHeloRe -- Regular Expression to Validate Format of HELO*: ^(([a-z\d][a-z\d\-]*)?[a-z\d]\.)+[a-z]{2,6}$  
DoInvalidFormatHelo -- Regular Expression to Invalidate Format of HELOs: 3  
invalidFormatHeloRe -- Regular Expression to Invalidate Format of HELO*: file:invalidHelos.txt  
DONOVALIDLOCALSENDER -- Validate Remote Sender with Local Domain Address: 3 (Default: 1)
DoNoSpoofing -- Block All Remote Sender  with Local Domain Address:  
DoReversed -- Reversed Lookup: 3  
DoInvalidPTR -- Reversed Lookup FQDN: 3  
invalidPTRRe -- Regular Expression to Invalidate Format of PTR*: file:\files\invalidptr.txt  
DoDomainCheck -- Validate Sender Domain MX/A: 3  
SenderInvalidError -- Sender Validation Error: 554 5.7.7 REASON .  
S e c t i o n: Delaying/Greylisting
EnableDelaying -- Enable Delaying/Greylisting: 1  
DelayWL -- Whitelisted Delaying:  
DelaySL -- Spamlovers Delaying:  
DelayAddHeader -- Add X-Assp-Delayed Header: 1  
DELAYEMBARGOTIME -- Embargo Time: 2 (Default: 5)
DelayWaitTime -- Wait Time: 28  
DELAYEXPIRYTIME -- Expiry Time: 90 (Default: 36)
DelayUseNetblocks -- Use IP Netblocks: 1  
DelayNormalizeVERPs -- Normalize VERP Addresses: 1  
DelayExpireOnSpam -- Expire Spamming Whitelisted Tuplets: 1  
CleanDelayDBInterval -- Clean Up Delaying Database: 3600  
noDelay -- Don't Delay these IPs*: file:nodelay.txt  
DelayError -- Reply Message to Refuse Delayed Email: 451 4.7.1 Please try again in three minutes - Greylisting  
S e c t i o n: SPF
VALIDATESPF -- Enable SPF Validation: 3 (Default: 0)
SPFWL -- Whitelisted SPF Validation:  
SPFNP -- noProcessing SPF Validation:  
SPFtrusted -- Use Trusted Forwarder List: 1  
AddSPFHeader -- Add Received-SPF Header: 1  
SPFERROR -- SPF Failed Reply: 550 5.7.1 failed SPF: SPFRESULT (Default: 554 5.7.1 failed SPF: SPFRESULT)
LocalPolicySPF -- Local SPF Policy: v=spf1 a/24 mx/24 ptr ~all  
noSPFRe -- Skip SPF Processing Regex*:  
strictSPFRe -- Strict SPF Processing Regex*:  
SPFsoftfail -- Fail SPF Softfail Validations:  
SPFneutral -- Fail SPF Neutral Validations:  
SPFtemp -- Fail SPF Temperror  Validations:  
SPFperm -- Fail SPF Permerror Validations:  
DebugSPF -- Enable SPF Debug output to ASSP Logfile:  
S e c t i o n: SRS Options
ENABLESRS -- Enable Sender Rewriting Scheme: 1 (Default: 0)
SRSAliasDomain -- Alias Domain: internethit.de  
SRSSecretKey -- Secret Key: Eurocheque$  
SRSTimestampMaxAge -- Maximum Timestamp Age: 21  
SRSHashLength -- Hash Length: 4  
SRSValidateBounce -- Enable Bounce Recipient Validation: 1  
NOSRS -- Don't Validate Bounces From these IPs*: 127.0.0.1|212.227.101.191|82.165.35.80|62.159.145.82|85.10.201.53|145.253. (Default: )
S e c t i o n: DNSBL
ValidateRBL -- Enable DNS Blacklist Validation : 1  
noRBL -- Don't do DNSBL for these IPs*: file:excludeFromRBL.txt  
RBLWL -- Whitelisted DNSBL Validation:  (Default: 1)
AddRBLHeader -- Add X-Assp-Received-DNSBL Header: 1  
RBLERROR -- DNSBL Failed Reply: 550 5.7.1 Blacklisted by RBLLISTED - please contact [hidden email] (Default: 554 5.7.1 DNS Blacklisted by RBLLISTED)
RBLServiceProvider -- RBL Service Providers* : file:rblprovider.txt  
RBLMAXREPLIES -- Maximum Replies: 4 (Default: 3)
RBLMAXHITS -- Maximum Hits: 2 (Default: 1)
RBLMAXTIME -- Maximum Time: 3 (Default: 10)
RBLSOCKTIME -- Socket Timeout: 5 (Default: 1)
DoRBLCache -- Cache DNSBL Hits : 1  
ForceRBLCache -- Enforce DNSBL Cache : 1  
RBLCACHEREFRESH -- DNSBL Cache Refresh Interval: 6 (Default: 24)
S e c t i o n: URIBL
VALIDATEURIBL -- Enable URI Blocklist Validation : 3 (Default: 1)
URIBLWL -- Do URI Blocklist Validation for Whitelisted:  
URIBLNP -- Do URI Blocklist Validation for No Processing:  
URIBLLocal -- Do URI Blocklist Validation for Local Mails:  
URIBLServiceProvider -- URIBL Service Providers*: file:data/lists/URIBLServiceProvider.txt  
URIBLCCTLDS -- URIBL Country Code TLDs*: file:data/lists/URIBLCCTLDS.txt  
VALIDATEMAXURI -- Enable maximum number of URI domains check: 3 (Default: 1)
URIBLMAXURIS -- Maximum URIs: 200 (Default: 25)
URIBLMAXDOMAINS -- Maximum Unique Domain URIs: 180 (Default: 15)
URIBLNOOBFUSCATED -- Disallow Obfuscated URIs :  (Default: 1)
URIBLMAXREPLIES -- Maximum Replies: 2 (Default: 1)
URIBLMAXHITS -- Maximum Hits: 2 (Default: 1)
URIBLMAXTIME -- Maximum Time: 15 (Default: 10)
URIBLSOCKTIME -- Socket Timeout: 5 (Default: 1)
URIBLwhitelist -- Whitelisted URIBL Domains*: doubleclick.net  
noURIBL -- Don't Check Messages from these Addresses*:  
URIBLPOLICYERROR -- URIBL Policy Abuse Reply: 550 5.7.1 Message rejected by domain policy: Bad or Blocked URL in this mail. Contact the [hidden email] . This attempt has been logged. (Default: 554 5.7.1 Message rejected by domain policy. Contact the postmaster of this domain for resolution. This attempt has been logged.)
AddURIBLHeader -- Add X-Assp-Received-URIBL Header: 1  
DoURIBLCache -- Cache URIBL Hits : 1  
DoURIBLCacheNoHit -- Cache URIBL Misses : 1  
URIBLCACHEREFRESH -- URIBL Cache Refresh Interval: 4 (Default: 6)
URIBLERROR -- Reply Message to refuse failed URIBL Email: 550 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged. (Default: 554 5.7.1 Blacklisted by URIBLNAME Contact the postmaster of this domain for resolution. This attempt has been logged.)
S e c t i o n: Attachments & Viruses  
DOBLOCKEXES -- External Attachment Blocking : 3 (Default: 0)
BlockExes -- External Attachment Blocking Level: 0  
BlockWLExes -- Whitelisted &amp; Local Attachment Blocking: 0  
BlockNPExes -- NoProcessing Attachment Blocking: 0  
BadAttachL1 -- Level 1 rejected File Extensions: pdf\.exe  
BadAttachL2 -- Level 2 rejected File Extensions:  
BadAttachL3 -- Level 3 rejected File Extensions:  
GoodAttach -- Level 4 Allowed File Extensions: doc|xls|ppt|pdf|zip|rtf|txt  
SuspiciousAttach -- Suspicious File Extensions: pdf|zip  
ATTACHMENTERROR -- Reply Message to Refuse rejected Attachments: 552 These attachments are not allowed -- Compress before mailing :: Die Mail enthaelt Anhaenge, deren Dateityp nicht zulässig ist (.*.exe) (Default: 550 These attachments are not allowed -- Compress before mailing.)
BLOCKUUENCODED -- Refuse Uuencoded Mails:  (Default: 1)
UuencodedError -- Reply to Refuse Uuencoded Mails: 554 5.7.1 This mail is uuencoded and will be blocked.  
USEAVCLAMD -- Use ClamAV: 1 (Default: 0)
NoScanRe -- Skip ClamAV RegEx*:  
SuspiciousVirus -- Suspicious Virus Scoring Regex:  
SCANWL -- Scan Whitelisted Senders: 1 (Default: 0)
ScanNP -- Scan No Processing Senders:  
SCANLOCAL -- Scan Local Senders: 1 (Default: 0)
AVCLAMDPORT -- Port or file socket for ClamAV: 3310 (Default: /tmp/clamd)
AvError -- Reply Message to Refuse Infected Email: 554 Mail appears infected with '$infection' -- disinfect and resend :: Die Mail enthaelt vermutlich einen Virus oder Spam und kann daher nicht versendet werden  
EmailVirusReportsTo -- Virus Report Mail Address:  
EmailVirusReportsHeader -- Add Full Header To Virus Report To Mail Address Above:  
EmailVirusReportsToRCPT -- Virus Report To Recipient:  
ClamAVBytes -- ClamAV Bytes: 100000  
S e c t i o n: Regex Filters / Spambomb
bombReWL -- Do Regular Expressions Checks for Whitelisted:  
bombReNP -- Do Regular Expressions Checks for No Processing:  
bombReLocal -- Do Regular Expressions Checks for Local Mails:  
DOBOMBSENDERRE -- Use BombSender Regular Expression: 1 (Default: 0)
bombSenderRe -- BombSender Blocking Regular Expression *: file:blockedsender.txt  
DOBOMBHEADERRE -- Use BombHeader Regular Expressions on Header: 3 (Default: 0)
bombHeaderRe -- Regular Expression to Identify Spam in Header*: file:blockedheader.txt  
bombSubjectRe -- Regular Expression to Identify
Spam in Subject*:  
bombCharSets -- Regular Expression to Identify Spam in Characterset* :  
DOBOMBRE -- : 3 (Default: 0)
bombRe -- BombRaw Regular Expression in Header and Data*: file:bombregex.txt  
bombSuspiciousRe -- Regular Expression for Message Scoring Only*: file:bombsuspicious.txt  
bombDataRe -- BombData Regular Expression in Data*: file:files/bombre.txt  
noBombScript -- Don't Check Messages from these Addresses*:  
DoTestRe -- BombTest Regular Expression:  
testRe -- BombTest Regular Expression*:  
BOMBERROR -- Spam Bomb Error: 550 Your message was rejected because it appears to be part of a spam bomb -- . (Default: 554 5.7.1 Delivery not authorized, message refused -- .)
bombErrorReason -- Add Reason: 1  
DoScriptRe -- Use Regular Expression to Identify Mobile Scripts: 0  
scriptRe -- Regular Expression to Identify Mobile Scripts*:  
SCRIPTERROR -- Script Error: 550 Your email contains html scripting code -- please resend as plain text. (Default: 554 5.7.1 Your email contains html scripting code -- please resend as plain text.)
S e c t i o n: Bayesian Options
DOBAYESIAN -- Bayesian Check : 3 (Default: 0)
noBayesian -- Skip Bayesian Check*:  
BAYSSPAMLOVERSRED -- Do not store Bayesian SpamLover in SpamDB: 1 (Default: 0)
baysConfidence -- Bayesian Confidence Threshold (experimental):  
baysConfidenceHalfScore -- Reduce Scoring for Low Confidence: 1  
NoTagInTestmode -- No Subject Tag in Testmode:  
ADDCONFIDENCEHEADER -- Add Bayes Confidence Header: 1 (Default: 0)
S e c t i o n: TestModes
spamSubject -- Prepend Spam Subject : ***** Spam *****  
spamTag -- Prepend Spam Tag:  
testScoringMode -- Message Scoring : 1  
BAYSTESTMODE -- Bayesian Test Mode:  (Default: 1)
blTestMode -- BlackDomain Test Mode:  
hlTestMode -- Helo-Blacklist Test Mode:  
sbTestMode -- Spam Address Test Mode:  
spfTestMode -- SPF Test Mode:  
rblTestMode -- DNSBL Test Mode:  
attachTestMode -- Bad Attachment Test Mode:  
uriblTestMode -- URIBL Test Mode:  
srsTestMode -- SRS Test Mode:  
bombTestMode -- Bomb Regex Test Mode:  
scriptTestMode -- Script Regex Test Mode:  
mxaTestMode -- Missing MX/A Record Test Mode:  
ptrTestMode -- Reversed Lookup Test Mode:  
ihTestMode -- Invalid Helo Test Mode:  
fhTestMode -- Forged Local Helo Test Mode:  
flsTestMode -- Forged Local Sender Test Mode:  
msTestMode -- Message Scoring Test Mode:  
pbTestMode -- Penalty Box Test Mode:  
S e c t i o n: Email Interface
EmailInterfaceOk -- Enable Email Interface: 1  
EmailSenderOK -- Accept Emails (Reports) from these external addresses*: file:acceptexternal.txt  
EmailAdminReportsTo -- Admin Mail Address: [hidden email]  
EmailHelp -- Help Address: assphelp  
EmailSpam -- Report Spam Address: spam  
EmailHam -- Report not-Spam Address: notspam  
EMAILERRORSREPLY -- Reply to Spam/Not-Spam Reports: 3 (Default: 1)
EmailErrorsTo -- TO Address for Spam/Ham-Reports: [hidden email]  
EmailWhiteRemovalToRed -- Add  Whitelist Removals To Redlist :  
EMAILERRORSMODIFYWHITE -- Combined Spam/Ham Report & Whitelist Add/Remove: 1 (Default: 0)
EmailWhitelistAdd -- Add to Whitelist Address: white  
EmailWhitelistRemove -- Remove from Whitelist Address: notwhite  
EMAILWHITELISTREPLY -- Reply to Add to/Remove from Whitelist: 3 (Default: 1)
EmailWhitelistTo -- To Address for Whitelist-Reports: [hidden email]  
EmailRedlistAdd -- Add to Redlist Address: red  
EmailRedlistRemove -- Remove from Redlist Address: notred  
EmailRedlistReply -- Reply to Add to/Remove from Redlist: 1  
EmailRedlistTo -- To Address for Redlist-Reports: [hidden email]  
EmailFrom -- From Address for Reports: [hidden email]  
NoHaiku -- Legacy: Don't reply to messages to the Email Interface:  
S e c t i o n: File Paths
base -- Directory Base: h:\assp  
spamlog -- Spam Collection: spam  
notspamlog -- Not-spam Collection: notspam  
incomingOkMail -- OK Mail:  
viruslog -- Attachment/Virus Collection: virus  
correctedspam -- False-negative Collection: errors/spam  
correctednotspam -- False-positive Collection: errors/notspam  
maillogExt -- Extension for Mail Files: .eml  
spamdb -- Spam Bayesian Database File: spamdb  
whitelistdb -- Email Whitelist Database File: whitelist  
redlistdb -- Email Redlist Database File: redlist  
griplist -- GReyIPlist Database: greylist  
delaydb -- Delaying Database: delaydb  
myhost -- MySQL hostname or IP:  
mydb -- MySQL database name:  
myuser -- MySQL username:  
mypassword -- MySQL password:  
logfile -- ASSP Logfile: maillog.txt  
pidfile -- PID File:  
S e c t i o n: Collecting
spamaddresses -- Spam Collect Addresses* : file:spamcollect.txt  
sendAllCollect -- Catchall Address for Collect Addresses: [hidden email]  
UseSubjectsAsMaillogNames -- Use Subject as Maillog Names:  
DoNotCollectRed -- Do Not Collect Redlisted Mails: 1  
DoNotCollectBounces -- Do Not Collect Bounced Mails: 1  
MAXFILES -- Max Files: 20000 (Default: 14000)
FILESDISTRIBUTION -- Files Distribution: 0.4 (Default: 0.5)
MAXBYTES -- Max Bytes: 5000 (Default: 4000)
ERRORMAXBYTES -- Error Max Bytes: 20000 (Default: 10000)
WLATTACHLOG -- Whitelisted rejected Attachments: 7 (Default: 5)
npAttachLog -- No Processing rejected Attachments: 7  
extAttachLog -- External rejected Attachments: 7  
SpamVirusLog -- Virus Infected: 6  
spamBombLog -- Spam Bombs: 6  
scriptLog -- Scripts: 3  
baysNonSpamLog -- OK Mail: 4  
NonSpamLog -- Non Spam: 2  
blDomainLog -- Blacklisted Domains: 3  
SPAMHELOLOG -- Spam Helos: 7 (Default: 6)
forgedHeloLog -- Forged Helos: 6  
SPAMBUCKETLOG -- Spam Collect Addresses: 3 (Default: 1)
baysSpamLog -- Bayesian Spams: 3  
SPFFailLog -- SPF Failures: 3  
RBLFailLog -- DNSBL Failures: 3  
URIBLFailLog -- URIBL Failures: 3  
SRSFailLog -- SRS Failures: 3  
spamPTRLog -- Missing/Invalid Pointer : 3  
spamMXALog -- Missing MX/A Record : 3  
SPAMISLOG -- Invalid Sender Failures: 7 (Default: 6)
spamMSLog -- Message Scoring Blocks: 3  
SPAMPBLOG -- PB Blocks: 7 (Default: 6)
freqNonSpam -- Non Spam Collection Frequency: 1  
freqSpam -- Spam Collection Frequency: 1  
S e c t i o n: Logging
FILELOGGING -- File name logging: 1 (Default: 0)
SUBJECTLOGGING -- Subject logging: 1 (Default: 0)
regexLogging -- Regex Match logging: 1  
ADDREGEXHEADER -- Add  RegEx Match Header: 1 (Default: 0)
UNIQEIDLOGGING -- Unique ID logging: 1 (Default: 0)
uniqueIDPrefix -- Prepend Unique ID logging: id-  
tagLogging -- Spam Tag Logging: 1  
SYSLOG -- SYSLOG Centralized Logging: 1 (Default: 0)
sysLogPort -- Syslog Port (UDP): 514  
SysLogFac -- Syslog Facility: mail  
sysLogIp -- Syslog IP: 127.0.0.1  
asspLog -- ASSP local logging: 1  
LogRollDays -- Roll the Logfile How Often?: 7  
silent -- Silent Mode:  
DEBUG -- Debug Mode:  
noLog -- Don't Log these IPs*:  
CONNECTIONLOG -- Connections Logging: 1 (Default: 0)
SessionLog -- Session Limit Logging: 1  
DENYSMTPLOG -- Enables Logging for 'Deny SMTP Connections From':  (Default: 1)
RWLLOG -- Enable RWL logging: 1 (Default: 0)
LDAPLog -- Enable LDAP logging:  
VALIDATEUSERLOG -- Enable User Validation logging: 2 (Default: 1)
PENALTYLOG -- Enable PenaltyBox logging: 2 (Default: 1)
MessageLog -- Enable Message Scoring logging: 1  
ValidateSenderLog -- Enable Validate Sender Logging: 1  
DELAYLOG -- Enable Greylisting/Delaying logging: 1 (Default: 0)
SPFLog -- Enable SPF logging: 1  
RBLLog -- Enable DNSBL logging: 1  
URIBLLog -- Enable URIBL logging: 1  
ScanLog -- Enable ClamAV logging: 1  
BayesianLog -- Enable Bayesian Logging: 1  
MaintenanceLog -- Enable Maintenance logging: 1  
Showmaxreplies -- Show All Possible Hits :  
RegExLength -- RegEx Length in Log: 32  
SENDNOOPINFO -- Send NOOP Info: 1 (Default: 0)
S e c t i o n: LDAP Setup
LDAPHost -- LDAP Host(s): localhost  
LDAPLogin -- LDAP Login:  
LDAPPassword -- LDAP Password:  
LDAPRoot -- LDAP Root container: DC=mail.internethit.de  
ldLDAPFilter -- LDAP Filter for Local Domains:  
LDAPFilter -- LDAP Filter for Local Addresses:  
LDAPFail -- LDAP failures return false:  
S e c t i o n: Server Setup
ASASERVICE -- Run ASSP as a Windows Service**: 1 (Default: 0)
AsADaemon -- Run ASSP as a Daemon**:  
runAsUser -- Run as UID**:  
runAsGroup -- Run as GID**:  
ChangeRoot -- Change Root**:  
myName -- My Name: Internethit.nospam  
proxyserver -- Proxy Server:  
OutgoingBufSize -- Size of TCP/IP Buffer: 102400  
webAdminPort -- Web Admin Port: 55555  
webAdminPassword -- Web Admin Password: Eurocheque$  
ALLOWADMINCONNECTIONSFROM -- Only Allow Admin Connections From*: 127.0.0.1|82.165.35.80 (Default: )
HEADERMAXLENGTH -- Maximum Header Size: 32000 (Default: 100000)
HeaderMaxLocal -- Check Header Size for Locals: 1  
SaveStatsEvery -- Statistics Save Interval: 0  
totalizeSpamStats -- Upload Consolidated Spam Statistics: 1  
RestartEvery -- Restart Timeout**: 0  
OrderedTieHashSize -- Ordered-Tie Hash Table Size: 20000  
EnableHTTPCompression -- Enable HTTP Compression in GUI: 1  
ENABLEFLOATINGMENU -- Enable Floating Menu Panel in GUI:  (Default: 1)
EnableInternalNamesInDesc -- Show Internal Names Below Descriptions in the GUI: 1  
MAILLOGTAILJUMP -- Jump to the End of the Maillog: 1 (Default: 0)
MaillogTailBytes -- Maillog Tail Bytes: 10000  
MaillogTailWrapColumn -- Maillog Tail Wrap Column: 80  
UseLocalTime -- Use Local Time: 1  

> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Assp-test mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-test


-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de

Registergericht Passau HRB 5678
USt. ID: DE195625715



Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit:
http://www.inn.de 


-- Ausgehende E-Mail wurde auf Viren gescannt  --


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test
Reply | Threaded
Open this post in threaded view
|

Re: Timeout of ispip

Fritz Borgstedt
Yes , ASSP is working as announced.

No changes in that for ages.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Assp-test mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-test