August 16th, 2011· The mail analyzer leads some times in to a stuck Worker or MainThread, if the analyzed mail content is too
· long the analyze is now restricted to MaxBytes to prevent this.
· The regular expression optimization causes different content related problems.
· The structure of domain and user related regular expressions is internaly changed.
· Now the processing of the regular expressions takes much less time, because Perl needs no backtracking
· the memory usage is the same like before. It is save to use the Regex.Optimizer modules with this release!
· If the regex optimizer modules are used, it was possible that 'strong' optimized regular expressions
· (like localaddresses_flat) have lost there function, if the file size is very large.
· There is no known limit of the file size, where the regexes are still working well.
· For this reason, the 'strong' optimization is removed for all regular expressions and the 'simple'
· optimization is used instead.
· if 'removeDispositionNotification' was set to on, the related headers where not removed from forwarded,
· copied and resend mails in every case.
· if a bounce mail was detected as 'lowlimit' but the final check for the FBMTV has failed the mail was passing assp
· a change of the 'localDomainsFile' was not detected
· a change of the 'relayHostFile' was not detected
· the output of the message reason in case of a URIBL neutral state was wrong
· the GUI text for POP3file was partly wrong
changed:
· A new ASSP_OCR.pm plugin version 1.22 is available. A possible performance issue is solved there.
The delay behavior in 2.0.2_1.1.20 is changed for the following cases:
· Delaying for 'SPF-Cache-OK' (1) and 'White-SenderBase-Cache-OK' (2) will be skipped, if 'DelayWL' is switched off.
· The SPF-Cache is changed from 'IP only' to a 'IP+domain' base (which was an issue all the time for the complete
· SPF-Cache management).
· If the senders domain differs from the one in the 'White-SenderBase-Cache-OK' entry, the senders domain will be
· set to a temporary equal state to the orig 'White-SenderBase-Cache-OK' entry.
· This entry (state) will be lost after each assp restart or if the SB-Cache entry is deleted by the
· cache cleanup routine.
· (1) skip if: 'DelayWL' is switched off -and the cached SPF result is 'pass' -and the used HELO is equal to the SPF-cached HELO -and the IP is not in PBBlack (has no historical score)
· (2) skip if: 'DoOrgWhiting' is set to 'whiting' -and 'DelayWL' is switched off -and the domain is in the whiteSenderBase-Cache -and the IP is not in PBBlack (has no historical score)
added:
· the admin users interface allows now the LDAP query of userid's if a new admin user should be created (LDAP must be possible and 'LDAPhost' must be configured)
· the admin users interface allows now (on a per user base) to hid disabled configuration values in the GUI
· the admin users interface now has an option to disallow a user to show/edit the internal caches
· BerkeleyDB engine version 5.0.26 support on module version 0.42 is available. An upgrade of the engine is
· detected by ASSP and will reset all temporary BDB-files.
July 5th, 2010· security fix: a workstation behind a NAT network is able to adopt the user credentials from an other (GUI)
· logged in workstation in the same network
· ASSP now uses HTTP-Session-ID's to prevent this. Browser cookies must be enabled for the GUI-URL to make sure,
· that assp generates absolute unique session ID's
May 4th, 2010· wrong output for the optimizer module in the 'Infos and Stats' GUI
· the output of the CIDR result for matching IP's now works
· the performance of 'matchIP' and 'matchSL' is improved
· if BerkeleyDB is used for LDAPlist or the AdminUsersDB the store to disk (db_sync) throws an error
· it was possible that the worker calculation causes a division by zero exception (very rare)
· increase the workernumber in the GUI, results in a wrong JAVA message in the GUI (even if the value was changed)
April 30th, 2010· wrong output for the optimizer module in the 'Infos and Stats' GUI
· the output of the CIDR result for matching IP's now works
· the performance of 'matchIP' and 'matchSL' is improved
· if BerkeleyDB is used for LDAPlist or the AdminUsersDB the store to disk (db_sync) throws an error
· it was possible that the worker calculation causes a division by zero exception (very rare)
· increase the workernumber in the GUI, results in a wrong JAVA message in the GUI (even if the value was changed)
changed:
· memory usage is improved
· updated bombre.txt (version 1.01)
· the BerkeleyDB cache has now a maximum limit of 100MB per hash
· the recovery procedure for damaged BerkeleyDB's is improved
· damping is now switched off if an IP is RWL listed
· the RWL check is optimized (memory leak is removed) - this version will reset the RWLcache at the first cleanup, after the first startup
April 26th, 2010· 'If a STARTTLS command is received on a port that is defined here,
· the connection will be moved in to the transparent proxy mode every time -
· independend from the setting of DoTLS . This option works for listenPort , listenPort2 and relayPort .
· The listener definition here has to be the same like in the port definitions.
· Separate multiple entries by "|".Examples: 25, 127.0.0.1:25, 127.0.0.1:25|127.0.0.2:25
March 24th, 2010· fixed an error in rebuildspamdb.pm 'global symbol "$VerBerkeley" requires explicit package name'
· 'TLStoProxyListenPorts','Force TLS to Proxy on this Ports',
· 'If a STARTTLS command is received on a port that is defined here,
· the connection will be moved in to the transparent proxy mode every time -
· independent from the setting of DoTLS . This option works for listenPort , listenPort2 and relayPort.
· The listener definition here has to be the same like in the port definitions.
· Separate multiple entries by "|".Examples: 25, 127.0.0.1:25, 127.0.0.1:25|127.0.0.2:25
March 8th, 2010· security fix: a workstation behind a NAT network is able to adopt the user credentials from an other (GUI)
· logged in workstation in the same network
· ASSP now uses HTTP-Session-ID's to prevent this. Browser cookies must be enabled for the GUI-URL to make sure,
· that assp generates absolute unique session ID's
· if any bomb regular expression contains a regex '^$' to check for an empty string (eg. bombSubjectRe),
· no result is found
· if a wrong search query is used in MaillogTail and the option 'show ..... results' is set to 'all matches',
· it is possible that the MainThread needs a very long time (30 min or more) to process the query.
· For this reason the option 'all matches' is changed to '2000'.
· There are also two search timeout values used: 30s for the search in the log files
· and 30s for rendering the HTML for the output.
· if in MaillogTail a selection for a list of file to search in was made,
· it was possible, that the timeline of the output was broken,
· because of a wrong sort of the filenames (numbers).
changed:
· the default value for 'LogRollDays' is changed from 7 to 1.
· if FBMTV is used and an incoming not-bounce message is received, which contains a valid FBMTV-tag,
· the message is considered 'whitelisted' if it is not taged otherwise (red,contentonly, noprocessing... by assp
added:
· 'httpRequireCookies','HTTP and HTTPS require enabled browser cookies',0,\&checkbox,'1','(.*)',undef,
· 'Cookie based http session ID\'s are used by assp to handle different requests from the same IP (eg behind NAT).
· Switch this off, if you are unable to use cookies in your browser. If switched off,
· a security hole is opened for connection that are using NAT - it could be possible that a second workstation (behind NAT) is able to login to the GUI, without user credentials if the same OS and browser version is used.'
March 2nd, 2010· worker 10000 dies on a gone MySQL connection if an export or backup is done
March 1st, 2010· the cleanup of the whitelist was not working
· if STAT-interface was queried from an external tool, 'an unexpected signal SEGV' was detected on some systems
· damping was some times done on a ISP connection
· the 'From:' address was some times wrong MIME encoded in notification mails and the notification stucks in the resend folder
· assp tried to resend the dirs '.' and '..' if 'maillogExt' is set to empty (which is not recommended)
· the MaintThread was unexpected restarted if any HTML download was not successful or incomplete
· ForgedHelo was not using the 'cip' on an ISP connection
· the forwarding of a resend request to an other assp was not working because of a wrong IP address resolving
· if spamdb and/or whitelistdb was configured to use a database and the BerkeleyDB driver was used,
· assp completely stucks on a BerkeleyDB lock
· the generic hash (domain*=>....) procedure for 'DomainVRFYMTA' and 'FlatVRFYMTA' was not working correct
February 16th, 2010· Automatic Corpus Correction (autoCorrectCorpus)
· (Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5 - too much ham) or greater than "b" (1.5 - too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder and will never delete files that are younger than "d" days. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!
· Allow Whitelist Removals for Admins only (EmailWhiteRemovalAdminOnly)
· Only the users defined in EmailWhitelistTo, EmailAdmins and EmailAdminReportsTo are able to remove addresses from the whitelist.
· Copy Spam and Send to this Address per Domain* (ccSpamInDomain)
· ASSP will deliver an additional copy of spam emails of a domain to this address - if the domain of the recipient-address is matched. For example: monitorspam@example1.com|monitor@example2.com.
· Wildcard is supported: spamcopyfordomain@* will send a additionallyspamcopy to spamcopyfordomain@alldomains
· SSL Error Cache Refresh Interval (SSLCacheExp)
· If a connection fails with 'TSL negotiation with client failed' or 'Connection idle .. timeout' the connecting IP will be stored into this cache. ASSP will not offer STARTTLS to IPs in the error cache. The entry will be removed after this interval in hours. 0 will disable the error cache.
· Default MTA for DoVRFY* (VRFYMTA)
· Put here the local MTA which should be used for DoVRFY. It will be used if no information from localDomains about a domain is available. For example: 'smtp.mydomain.com ' or '10.1.1.2:125 '.
· Blacklisted Addresses & Domains** (blackAddresses)
· Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards/Weight is supported : @*.biz=>0.5
February 11th, 2010· SSL Error Cache Refresh Interval (SSLCacheExp)
· If a connection fails with 'TSL negotiation with client failed' or 'Connection idle .. timeout' the connecting IP will be stored into this cache. ASSP will not offer STARTTLS to IPs in the error cache. The entry will be removed after this interval in hours. 0 will disable the error cache.
· TLS Greylisting (DelayTLS)
· Enable TLS connections for Greylisting.
· SSL/TLS connection (tlsValencePB)
· Message & IP scoring bonus for SSL/TLS connections
· Default MTA for DoVRFY* (VRFYMTA)
· Put here the local MTA which should be used for DoVRFY. It will be used if no information from localDomains about a domain is available. For example: 'smtp.mydomain.com ' or '10.1.1.2:125 '.
· Blacklisted Addresses & Domains** (blackAddresses) Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards/Weight is supported : @*.biz=>0.5
· Local IMail domains (DoLocalIMailDomains) Consider domains in the IMail registry to be local
· Automatic Corpus Correction (autoCorrectCorpus)
· (Syntax: a.a[a]-b.b[b]-cccc or empty - default is "0.6-1.4-4000") If the corpus norm (the weight between spamwords/hamwords) is less than "a" (0.6 too much ham) or greater than "b" (1.2 - too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ).
· ASSP will keep a minimum of "c" (4000) files in the folder and will never delete files that are younger than two weeks. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!
February 8th, 2010· Default MTA for DoVRFY* (VRFYMTA)
· Put here the local MTA which should be used for DoVRFY. It will be used if no information from localDomains about a domain is available. For example: 'smtp.mydomain.com ' or '10.1.1.2:125 '.
· Blacklisted Addresses & Domains** (blackAddresses)
· Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards/Weight is supported : @*.biz=>0.5
· Local IMail domains (DoLocalIMailDomains)
· Consider domains in the IMail registry to be local
· Automatic Corpus Correction (autoCorrectCorpus)
· (Syntax: a.a[a]-b.b[b]-cccc or empty - default is "0.6-1.4-4000") If the
· corpus norm (the weight between spamwords/hamwords) is less than "a" (0.6
· - too much ham) or greater than "b" (1.2 - too much spam), assp will
· delete the excess (oldest) files from the corresponding folder ( spamlog ,
· notspamlog ). ASSP will keep a minimum of "c" (4000) files in the folder
· and will never delete files that are younger than two weeks. This cleanup
· will run at the end of the rebuildspamdb task. So the corrected file
· corpus will take effect at the next rebuildspamdb!
· SSL Certificate File (PEM format) (SSLCertFile)
· Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem. A general cert.pem file is already provided in './certs/server-cert.pem'. For defining any full filepathes, always use slashes ('/') not backslashes. If './certs/server-cert.pem' is set and is not found, assp will try to use openssl to generate one.
· SSL Key File (PEM format) (SSLKeyFile)
· Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem. A general key.pem file is already provided in './certs/server-key.pem'. If './certs/server-key.pem' is set and is not found, assp will try to use openssl to generate one.
January 27th, 2010· RBL Service Providers** (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
· zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>0.5|ix.dnsbl.manitu.net=>0.5|dnsbl-1.uceprotect.net=>0.5.
· If the weight is less 1 it acts as a multiplier of RBLmaxweight. If RBLmaxweight = 50 (default) bl.spamcop.net=>1 will score 50 for a hit, ix.dnsbl.manitu.net=>0.5 will score 25. Values above 6 are used as weight. So an entry like dnsbl-2.uceprotect.net=>10 would mean that a hit on the above DNSBL will result in a score increase of 10 spam points. To accommodate the old (obsolete) notation, values over 1 are used as dividers. ix.dnsbl.manitu.net=>2 is the same as ix.dnsbl.manitu.net=>0.5!
· If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If it does not surpass and is not 0, the DNSBL check is scored as "neutral" even with RBLmaxhits reached. If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If it does not surpass and is not 0, the DNSBL check is marked as "neutral" even with RBLmaxhits reached.
· Charset for STDOUT and STDERR (ConsoleCharset)
· Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!
· Charset for Maillog (LogCharset)
· Set the characterset/codepage for the maillog output to your local needs. Default (and best) on non Windows systems is "UTF-8" if available or "System Default" - no conversion. On Windows systems set it to your local codepage or UTF-8. requires ASSP restart
· Decode MIME Words To UTF-8 (decodeMIME2UTF8)
· If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Bombs , Scripts , Spamdb , Logging. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.
· LocalDomains Cache (LocalDomainsDB)
· the directory/file with the localdomains cache. Disabled if localdomainsdb is not set. This file is automatically filled with local domains not found in localDomains, ldLDAP or localDomainsFile. This is done by using mx-records pointing to the IP where ASSP is listening.
· Trap Addresses* (spamtrapaddresses)
· Mail to any of these addresses will be blocked right away and the scoring value is added. This scoring value (stValencePB) is usually much higher than the usual irValencePB (Invalid Recipient) and will push the sending IP faster above PenaltyExtreme. Use this only if you use DoPenaltyExtreme. Entries are separated by '|' where '*' can be used as a match anything wildcard. Entries that start with '@' indicate that all addresses with that domain should match. Entries without '@' indicate the user part of email addresses with any domain.
· Valid entries are: john.doe@example.tld|jane.doe|@example.tld|*.department@example.tld
· Do Deny Connections from these IP numbers (DoDenySMTP)
· If activated, the IP is checked against denySMTPConnectionsFrom. Scoring is set with ipValencePB.
· Use Invalid Addresses for Spamaddresses (MakeSpamaddresses)
· This feature will only work when LocalAddresses_Flat , doLDAP or doVRFY is used.
· Invalid Address Frequency (MakeFrequency)
· Minimum frequency per hour before an invalid address will be used as Spamaddresses. For example 5. This frequency ist set per default relatively high, try to lower it and look for the results,
· Skip Message-ID signing, mail content dependend* (noMSGIDsigRe)
· Use this to skip the Message-ID tagging depending on the content of the email. If the content of the email matches this regular expression (checking MaxBytes only), FBMTV will not be done. For example: 'I am out of office' .
· Skip Message-ID signing for Redlisted mails (noRedMSGIDsig)
· If selected, FBMTV will not be done for redlisted emails!
· assp.pl 1.6.5.0
· Regular Expression to Identify Non-Spam** (whiteRe)
· If an incoming email matches this Perl regular expression it will be considered non-spam.
· For example: Secret Ham Password|307D{0,3}730D{0,3}4[12]dd
(Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weigted regex has to be followed by '=>' and the weight value. For example:
· Phishing.=>1.45|~Heuristics|Email~=>50
· The multiplication result of the weight and the penaltybox valence value will be used for scoring.)
· Maximum Hits in whiteRe (whiteReMaxHits)
· Number of matches to be scored. If the total sum of matches is >= whiteValencePB the message will be considered 'whitelisted'.
· MessageScoring Extreme Limit (MessageScoringExtremeLimit)
· MessageScoring will block spamlover messages whose score exceeds this threshold. A value of 0 here will disable this option. For example: 75
· Strict SpamLover* (strictSpamLovers)
· Ignore MessageScoringExtremeLimit
· Detect Possible Mailloop (detectMailLoop)
· If set to a value higher than 0, ASSP count it's own Received-header in the header of the mail. If this count exceeds the defined value, the transmission of the message will be canceled.
January 8th, 2010· RBL Service Providers** (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
· zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>0.5|ix.dnsbl.manitu.net=>0.5|dnsbl-1.uceprotect.net=>0.5.
· DNSBL providers can get a "weight" like bl.spamcop.net=>1. The weight is a multipler of RBLmaxweight. So if RBLmaxweight = 50 (default) bl.spamcop.net=>1 will score 50 for a hit, ix.dnsbl.manitu.net=>0.5 will score 25 for a hit. If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If it does not surpass and is not 0, the DNSBL check is marked as "neutral" even with RBLmaxhits reached.
· Charset for STDOUT and STDERR (ConsoleCharset)
· Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!
· Charset for Maillog (LogCharset)
· Set the characterset/codepage for the maillog output to your local needs. Default (and best) on non Windows systems is "UTF-8" if available or "System Default" - no conversion. On Windows systems set it to your local codepage or UTF-8. requires ASSP restart
· Decode MIME Words To UTF-8 (decodeMIME2UTF8)
· If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Bombs , Scripts , Spamdb , Logging. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.
· LocalDomains Cache (LocalDomainsDB)
· The directory/file with the localdomains cache. Disabled if localdomainsdb is not set. This file is automatically filled with local domains not found in localDomains, ldLDAP or localDomainsFile. This is done by using mx-records pointing to the IP where ASSP is listening.
· Trap Addresses* (spamtrapaddresses)
· Mail to any of these addresses will be blocked right away and the scoring value is added. This scoring value (stValencePB) is usually much higher than the usual irValencePB (Invalid Recipient) and will push the sending IP faster above PenaltyExtreme. Use this only if you use DoPenaltyExtreme. Entries are separated by '|' where '*' can be used as a match anything wildcard. Entries that start with '@' indicate that all addresses with that domain should match. Entries without '@' indicate the user part of email addresses with any domain.
· Valid entries are: john.doe@example.tld|jane.doe|@example.tld|*.department@example.tld
· Use Invalid Addresses for Traps (MakeTraps)
· If set to 'make traps', the frequency of Invalid Addresses is stored, no other action taken. if set to 'use traps only' or 'make traps and use them', addresses in heavy use will act like spamtrapaddresses. This feature will only work when LocalAddresses_Flat , doLDAP or doVRFY is used.
· Invalid Address Frequency for Traps (MakeTrapsFrequency)
· Minimum frequency per hour before an invalid address will be used as Trap. For example 5.
· Do Deny Connections from these IP numbers (DoDenySMTP)
· If activated, the IP is checked against denySMTPConnectionsFrom. Scoring is set with ipValencePB.
January 4th, 2010· Charset for STDOUT and STDERR (ConsoleCharset)
· Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!
· Charset for Maillog (LogCharset)
· Set the characterset for the maillog output to your local needs. Default is "System Default" - no conversion. Restart is required!
· Decode MIME Words To UTF-8 (decodeMIME2UTF8)
· If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Regular Expression Filters. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.
· Regular Expression to Identify Non-Spam** (whiteRe)
· If an incoming email matches this Perl regular expression it will be considered non-spam.
· For example: Secret Ham Password|307D{0,3}730D{0,3}4[12]dd
(Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weigted regex has to be followed by '=>' and the weight value. For example:
· Phishing.=>1.45|~Heuristics|Email~=>50
· The multiplication result of the weight and the penaltybox valence value will be used for scoring.)
· Maximum Hits in whiteRe (whiteReMaxHits)
· Number of matches to be scored. If the total sum of matches is >= whiteValencePB the message will be considered 'whitelisted'.
· MessageScoring Extreme Limit (MessageScoringExtremeLimit)
· MessageScoring will block spamlover messages whose score exceeds this threshold. A value of 0 here will disable this option. For example: 75
· Strict SpamLover* (strictSpamLovers)
· Ignore MessageScoringExtremeLimit
· Detect Possible Mailloop (detectMailLoop)
· If set to a value higher than 0, ASSP count it's own Received-header in the header of the mail. If this count exceeds the defined value, the transmission of the message will be canceled.
· NotifyRe now accepts comma separated recipients in every regex
line - for example:
· warning:=>user1@yourdomain.com,user2@yourdomain.com
· If such recipients are defined, this will override the default recipients
· in 'Notify' for this entry.
· If 'EmailFrom' is not defined it will be set to 'postmaster@domain'
· where domain is 'defaultLocalHost' or 'EmailBlockReportDomain' what ever
· is defined.
· the default value for 'defaultLocalHost' is set to 'assp.local'
December 9th, 2009fixed:
· Invalidhelo regex check
· Senderbase has done checks after no result was received from DNS
added:
· HomeCountry Pass Greylisting (DelayHC)
· Enable Greylisting for HomeCountry based IPs.
· Don't do Blacklisted for these Addresses and Domains* (noBlackDomain)
· Allow Relay Connection from these IP's* (allowRelayCon)
· Enter any addresses that are allowed to use the relayPort , separated by pipes (|). If empty, any ip address is allowed to connect to the relayPort. If this option is defined, keep in mind : Addresses defined in acceptAllMail are NOT automaticly included and have to be also defined here, if them should allow to use the relayPort. For example: 127.0.0.1|172.16..
changed:
· analyze via email interface supports now multiple attached files (.eml)
November 30th, 2009· Compress::Zlib version 2.015 - HTTP compression
· Digest::MD5 version 2.36 - delaying can use MD5 keys for hashes
· Digest::SHA1 version 2.11
· Email::MIME::Modifier version 1.442 - attachment detection
· Email::Send - resend mail & block reporting
· Email::Valid version 0.179
· File::ReadBackwards version 1.04 - searching of log files
· IO::Socket::INET6 - IP6 support
· IO::Socket::SSL - native SSL support
· LWP::Simple version 1.41 - griplist
· Mail::SPF version 2.005
· Mail::SRS version 0.31 - Sender Rewriting Scheme
· Net::CIDR::Lite version 0.20 - hyphenated IP address range
· Net::DNS version 0.63
· Net::IP::Match::Regexp version 1.01 - CIDR notation for IP range
· Net::LDAP version 0.33
· Net::SenderBase version 1.01 - countrycode checks
· Net::SMTP version 2.31 - Verify Recipients
· Net::Syslog version 0.03 - network Syslog logging
· Sys::Syslog version 0.27 - Unix centralized logging
· Time::HiRes version 1.9715 - CPU usage statistics
November 19th, 2009· Compress::Zlib version 2.015 - HTTP compression
· Digest::MD5 version 2.36 - delaying can use MD5 keys for hashes
· Digest::SHA1 version 2.11
· Email::MIME::Modifier version 1.442 - attachment detection
· Email::Send - resend mail & block reporting
· Email::Valid version 0.179
· File::ReadBackwards version 1.04 - searching of log files
· IO::Socket::INET6 - IP6 support
· IO::Socket::SSL - native SSL support
· LWP::Simple version 1.41 - griplist
· Mail::SPF version 2.005
· Mail::SRS version 0.31 - Sender Rewriting Scheme
· Net::CIDR::Lite version 0.20 - hyphenated IP address range
· Net::DNS version 0.63
· Net::IP::Match::Regexp version 1.01 - CIDR notation for IP range
· Net::LDAP version 0.33
· Net::SenderBase version 1.01 - countrycode checks
· Net::SMTP version 2.31 - Verify Recipients
· Net::Syslog version 0.03 - network Syslog logging
· Sys::Syslog version 0.27 - Unix centralized logging
· Time::HiRes version 1.9715 - CPU usage statistics
November 5th, 2009· Local Frequency Interval (LocalFrequencyInt)
· The number of seconds in which the LocalFrequencyNumRcpt (number of envelope recipients per sending address) should not be exceeded.
· Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature.
June 30th, 2009· IO::Socket::SSL - native SSL support
· IO::Socket::INET6 -
· Email::Send - resend mail & block report
April 2nd, 2009· Email::MIME::Modifier version 1.442 - attachment detection
· Mail::SPF version 2.005
· Net::CIDR::Lite version 0.20 - hyphenated IP address range
· Net::IP::Match::Regexp version 1.01 - CIDR notation for IP range
· Net::SenderBase version 1.01 - countrycode checks
· IO::Socket::SSL - native SSL support
· IO::Socket::INET6 -
· Email::Send - resend mail & block report
· Net::LDAP version 0.33
· Net::DNS version 0.63
· Email::Valid version 0.179
· Mail::SPF::Query version 1.999001
· Mail::SPF version 2.005
· Mail::SRS version 0.31 - Sender Rewriting Scheme
· Compress::Zlib version 2.015 - HTTP compression
· Digest::MD5 version 2.36 - delaying can use MD5 keys for hashes
· Digest::SHA1 version 2.11
· File::ReadBackwards version 1.04 - searching of log files enabled
· Time::HiRes version 1.9715 - CPU usage statistics
· Sys::Syslog version 0.27 - Unix centralized logging possible
· Net::Syslog version 0.03 - network Syslog logging possible
· Tie::RDBM - mysql usage
· Net::IP::Match::Regexp version 1.01 - CIDR notation for IP range
· Net::CIDR::Lite version 0.20 - hyphenated IP address range
· Net::SenderBase version 1.01 - countrycode checks
· LWP::Simple version 1.41 - griplist
· Email::MIME::Modifier version 1.442 - attachment detection
· Net::SMTP version 2.31 - Verify Recipients
· How ASSP will identify itself when connecting to the target MTA.
· transparent - the Helo of the sender will be used
· use myName - use myName
· use FQDN - fully qualified domain name of the host assp is running on
· Use File System Virus Scanner (DoFileScan)
· If activated, the message is written to a file inside the 'FileScanDir' with an extension of 'maillogExt'. After that ASSP will call 'FileScanCMD' to detect if the temporary file is infected or not. The temporary created file(s) will be removed.
· The viruses will be stored in a special folder if the SpamVirusLog is set to 'quarantine' and the filepath to the viruslog is set.
· File Scan Directory (FileScanDir)
· Define the full path to the directory where the messages are temporary stored for the file system virus scanner. This could be any directory inside your file system. The running ASSP process must have full permission to this directory and the files inside!
· File Scan Command (FileScanCMD)
· ASSP will call this system command and expects a returned string from this command. This returned string is checked against 'FileScanBad' and/or 'FileScanGood' to detect if the message is OK or not! If the file does not exists after the command call, the message is consider infected. ASSP expects, that the file scan is finished when the command returns!
· The literal 'FILENAME' will be replaced by the full qualified file name of the temporary file.
· The literal 'FILESCANDIR' will be replaced with the value of FileScanDir.
· All outputs of this command to STDERR are automatic redirected to STDOUT.
· FileScan will not run, if FileScanCMD is not specified.
· If you have your online/autoprotect file scanner configured to delete infected files inside the 'FileScanDir', define 'NORUN' in this field! In this case FileScanGood and FileScanBad are ignored. If there is a need to wait some time for the autoprotect scanner, write 'NORUN-dddd', where dddd are the milliseconds to wait!
· Depending on your operating system it may possible that you have to quote (' or ") the command, if it contains whitespaces. The replaced file name will be quoted by ASSP if needed.
· Native SSL support added!
· (new module necessary: IO::Socket::SSL)
· - manage & resend spam & notspam from maillog tail
· user blocking report
· Request Block Report (EmailBlockReport)
· Any mail sent by local/authenticated users to this username will be interpreted
· as a request to get a report about blocked emails. Leading digits/numbers in the
· mail subject will be interpreted as "report request for the last number of
· days". If the number of days is not specified in the mail subject, a default of
· 5 days will be used to build the report. Only the users defined in EmailBlockTo,
· EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses
· in the mail body. If such an Admin wants to request a report like it is done
· using the BlockReportFile, '=>' must be used in any of the request lines (body)
· - please read the section BlockReportFile for more details and syntax.
· Queue User Block Report Requests (QueueUserBlockReports)
· How to process block report requests for users (not EmailBlockTo, EmailAdmins,
· EmailAdminReportsTo).
· 'run immediately' - the request will be processed immediately (not stored).
· 'store and run once at midnight' - the request will be stored/queued, runs at
· midnight, and will be removed from queue after that
· 'store and run scheduled' - the request will be stored/queued, runs permanently
· scheduled at midnight until it will be removed from queue - a '+' in the subject
· is not needed
· To add a request to queue the user has to send an email to EmailBlockReport.
· Leading digits/numbers in the mail subject will be interpreted as "report
· request for the last number of days". If the number of days is not specified in
· the mail subject, a default of 5 days will be used to build the report.
· If 'run immediately' or 'store and run once at midnight' is selected, but a user
· wants to schedule a permanent request, a leading '+' before the digits in
· subject is required.
· To remove a request from queue the user has to send an email to EmailBlockReport
· with a leading '-' in the subject.
· File for Blockreportrequest (BlockReportFile)
· A file with BlockReport requests. ASSP will generate a block report for every
· line in this file (file:files/blockreportlist.txt - file: is required if
· defined!) every day at midnight for the last day. The perl modules Net::SMTP and
· Email::MIME::Modifier are required to use this feature. A report will be only
created, if there is at least one blocked email found! The syntax is:
· QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations
of this three parameters. For example:
· user@domain and user@domain=>user@domain - will send a report for this user to
· this user
· *@domain (better use) *@domain=>* - will send a report for every blocked user in
· this domain to this user
· user@domain=>recipient@any-domain - will send a report for user@domain to
· recipient@any-domain
· *@domain=>recipient@any-domain - will send a report for every blocked user in
· this domain to recipient@any-domain
· A third parameter is possible to set, which defines the number of days for which
· the report should be created. The default (if empty or not defined) is one day.
This value is used to calculate the 'next run date'. For example:
· *@domain=>recipient@any-domain=>2 - creates a report for two days.
· *@domain=>*=>14 - creates a report for 14 days.
· user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The
· second parameter is here empty or *!
· - user can add/remove himself to redlist, spamlover, noprocessing via
· email-interface
· - admin(s) can add/remove any address to redlist, spamlover, noprocessing via
· email-interface
· -DNSBL providers can get a "weight" like bl.spamcop.net=>1.
· The value of the weight can be set directly like=>45 or as a divisor of
· RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50 (default)
· bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2
· would be the same as bl.spamcop.net=>25.
· If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If not,
· the DNSBL check is scored as "neutral" even with RBLmaxhits reached.
· It is possible to use all hits regardless of maxhits.-> Showmaxreplies
For example:
· RBLmaxhits=2
· RBLmaxweight=50
· zen.spamhaus.org=>1
· bl.spamcop.net=>1
· safe.dnsbl.sorbs.net=>1
· combined.njabl.org=>1
· dnsbl-1.uceprotect.net=>2
· dnsbl-2.uceprotect.net=>2
· dnsbl-3.uceprotect.net=>3
· ix.dnsbl.manitu.net=>2
· psbl.surriel.com=>2
· 2.apews.org=>3
· blackholes.five-ten-sg.com=>10
A "fail" will result of:
· 2 hits in group 1
· 1 hit in group 1 and 1 hit in group 2
· 2 hits in group 2
· 1 hit in group 1
Find us on Google+
