new quick fixup release 2.5.3 build 16318 available at sourceforge

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

new quick fixup release 2.5.3 build 16318 available at sourceforge

Thomas Eckardt/eck
I released an unpdated fixup version 2.5.3 build 16318 at sourceforge assp file download.

https://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/2.5.3%20latest%20fixup/

the ReadMe file:

This folder contains the latest patched production version of ASSP V2 in assp.pl.gz.
If there are currently no fixes for the latest patched production version of ASSP V2 available,
no download file is provided.

If there is an issue in the latest production release and the provided fix(es)
seems to work, but it is not fully tested to become a production release,
it is provided here.

Please read the fix list. If you find your problem fixed, please switch to this release.
To install the fixed version, download and extract the assp.pl.gz and replace the
assp.pl file in your assp V2 installation. If any additionally Perl module is required or
an upgrade of a Perl module is required, this information is provided in the fix list below.

latest production version        : assp 2.5.3 build 16294
current fix list                        : assp 2.5.3 build 16318:

- if the connection to a peer used SSL/TLS and
 - a mail was larger than the maximum SSL-send-buffer-size
 - and 8BITMIME was enabled and used with any charset
 - or the mail was malformed encoded in any part
 - or a regex match contained UTF8 multibyte characters and the result was added to the X-ASSP headers
 - and also some other rare cases
the IO-byte-count provided by IO::Socket::SSL and the IO-buffer-content recalculation done by assp was inconstent.
This may have caused malformed 8BITMIME mails and destroyed attachments.

- after an upgrade of ASSP to the latest version without upgrading the perl modlues to the recommended version
  for example Net::DNS::Question::name is missing and causes an exception
  ASSP is changed to use Net::DNS::Question::qname, which is also available in older versions of this module!
  HOW EVER, it is strongly recommended to keep ALL used perl modules at least at the recommended version level
 
- the encrypted configuration export caused an endless loop, if an include file was used in a secured
  configuration file

- a 'Wide character in syswrite' exception may caused worker restarts in some cases

- design improvement for the left 'search index' in the GUI - two new icon files are available

images/nosearchIcon.png  
images/searchIcon.png  
 

Thomas



DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no known virus in this email!
*******************************************************


------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Check Weights

Robert K Coffman Jr. -Info From Data Corp.
What adjustment should I make here to catch more of these?  This message
had so much wrong with it that I can't believe it got through...

- Bob Coffman


Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] [isbounce] 5.116.246.132
bounce message detected
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132
Message-Score: added 5 (fiphValencePB) for Suspicious HELO - contains
IP: '[5.114.196.25]', total score for this message is now 5
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 [scoring]
(Suspicious HELO - contains IP: '[5.114.196.25]')
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132
Message-Score: added 5 (fiphmValencePB) for IP in HELO '[5.114.196.25]'
does not match IP in connection '5.116.246.132' , total score for this
message is now 10
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 [scoring] (IP
in HELO '[5.114.196.25]' does not match IP in connection '5.116.246.132' )
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 spambomb
Regex: invalidFormatHeloRe 'PB 5: for 5.114.196'
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132
Message-Score: added 5 for invalid HELO: '[5.114.196.25]', total score
for this message is now 15
Nov-21-16 17:03:08 m1-65786-05105 [Worker_2] 5.116.246.132 to:
[hidden email] info: skip SPF check - domain [5.114.196.25] is
not a FQDN
Nov-21-16 17:03:08 m1-65786-05105 [Worker_2] 5.116.246.132 to:
[hidden email] Message-Score: added 10 for Foreign IP-Country IR
(IRAN CELL SERVICE AND COMMUNICATION COMPANY), total score for this
message is now 25
Nov-21-16 17:03:08 m1-65786-05105 [Worker_2] [PTRmissing] 5.116.246.132
to: [hidden email] [scoring] (PTR missing) - Cache
Nov-21-16 17:03:08 m1-65786-05105 [Worker_2] 5.116.246.132 to:
[hidden email] Message-Score: added 10 (ptmValencePB) for PTR
missing, total score for this message is now 35
Nov-21-16 17:03:10 m1-65786-05105 [Worker_2] 5.116.246.132 to:
[hidden email] Bayesian Check  - Prob: 0.00000 => ham -
answer/query relation: 68% of 25
Nov-21-16 17:03:10 m1-65786-05105 [Worker_2] 5.116.246.132 to:
[hidden email] [Plugin] calling plugin ASSP_AFC
Nov-21-16 17:03:10 m1-65786-05105 [Worker_2] [MessageOK] 5.116.246.132
to: [hidden email] message ok [Invoice 1F34139]






------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Check Weights

Doug Lytle
On 11/22/2016 08:33 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] [isbounce] 5.116.246.132 
bounce message detected
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 
Message-Score: added 5 (fiphValencePB) for Suspicious HELO - contains 
IP: '[5.114.196.25]', total score for this message is now 5
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 [scoring] 
(Suspicious HELO - contains IP: '[5.114.196.25]')
Nov-21-16 17:03:06 m1-65786-05105 [Worker_2] 5.116.246.132 

Your scoring seems to be quite low.  I'd review the section: PenaltyBox / Message and IP Scoring

And take the default values, unless you're sure.

My scoring for the above is set to 39

Doug





------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Check Weights

Robert K Coffman Jr. -Info From Data Corp.

> And take the default values, unless you're sure.
>
> My scoring for the above is set to 39
>
> Doug

Thanks Doug - My ASSP.CFG has been around forever.  I have no idea why
or if I would have changed that from the default, but I've changed it to
match the recommendations and confirmed the remaining settings are set
to the defaults as well.

- Bob Coffman


------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: Check Weights

James Moe-2
In reply to this post by Robert K Coffman Jr. -Info From Data Corp.
On 11/22/2016 06:33 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
> What adjustment should I make here to catch more of these?  This message
> had so much wrong with it that I can't believe it got through...
>
  Keep reporting them as Spam Errors (ham false positives). The Bayseian
db takes a while to catch up.

--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user