I downgraded to 1.2.6 and the attack stoped.

I really like the new version 1.3.1 is so complete, I'm reading the source code and I guess that delay is after PB, RBL, Session IP, Limit IP, i think that delay need to be the first thing to check.

Antother thik to say, about localdomain, I left unactivated to let my mailserver do this, but i see that if is not active a message have to pass for all the filters and then the mailserver decide if is local or not. I will try to upgrade again to 1.3.1 with localdomains active and see what happen


----- Mensaje original ----
De: Miguel Angel Mtz <***@yahoo.com>
Para: ASSP Development Discussion <assp-***@lists.sourceforge.net>
Enviado: lunes, 28 de mayo, 2007 4:47:12
Asunto: [Assp-devel] Delay failing in 1.3.1 ?


Hello, recently updated to 1.3.1 from 1.2.6 an noted that i have too many attacks (in 1.2.6 whre stoped correctly) i have enabled delaying, RBL, SPF, IP per deomain limits, and this kind of attak don't stop! i have 1000s can you tell me why? I tryed to answer 250 ok from penalty error, but without luck

Please help

May-28-07 04:32:01 Limiting domain/ip: @modelspacenyc.com/196.202.14.97 (112 >= 4)
May-28-07 04:32:01 id-03447213 196.202.14.97 <***@modelspacenyc.com> PB: 196.202.14.97
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:32:01 Limiting domain/ip: @regions.com/201.3.93.76 (8 >= 4)
May-28-07 04:32:01 id-03447214 201.3.93.76 <***@regions.com> PB:
201.3.93.76 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:28 Limiting domain/ip: @regions.com/85.178.214.5 (9 >= 4)
May-28-07 04:32:28 id-03447488 85.178.214.5 <***@regions.com> PB:
85.178.214.5 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:52 Limiting domain/ip: @modelspacenyc.com/80.98.68.83 (113 >= 4)
May-28-07 04:32:52 id-03447723 80.98.68.83 <***@modelspacenyc.com> PB: 80.98.68.83
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:55 Limiting domain/ip: @regions.com/87.0.21.207 (10 >= 4)
May-28-07 04:32:55 id-03447754 87.0.21.207 <***@regions.com> PB:
87.0.21.207 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:04 Limiting domain/ip: @modelspacenyc.com/194.208.162.82 (114 >= 4)
May-28-07 04:33:04 id-03447845 194.208.162.82 <***@modelspacenyc.com> PB: 194.208.162.82
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:14 Limiting domain/ip: @modelspacenyc.com/85.102.109.62 (115 >= 4)
May-28-07 04:33:14 id-03447949 85.102.109.62 <***@modelspacenyc.com> PB: 85.102.109.62
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:15 Limiting domain/ip: @modelspacenyc.com/81.49.114.171 (116 >= 4)
May-28-07 04:33:15 id-03447951 81.49.114.171 <***@modelspacenyc.com> PB: 81.49.114.171
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:21 Admin connection from 189.138.125.102:4454; page:/edit; reading
file:listas/frases_noprocesar.txt
May-28-07 04:33:41 Limiting domain/ip: @regions.com/82.53.93.147 (11 >= 4)
May-28-07 04:33:41 id-03448215 82.53.93.147 <***@regions.com> PB:
82.53.93.147 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:54 Limiting domain/ip: @modelspacenyc.com/87.202.54.117 (117 >= 4)
May-28-07 04:33:54 id-03448348 87.202.54.117 <***@modelspacenyc.com> PB: 87.202.54.117
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:15 Limiting domain/ip: @modelspacenyc.com/207.68.253.23 (118 >= 4)
May-28-07 04:34:15 id-03448550 207.68.253.23 <***@modelspacenyc.com> PB: 207.68.253.23
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:18 Limiting domain/ip: @modelspacenyc.com/71.241.164.243 (119 >= 4)
May-28-07 04:34:18 id-03448581 71.241.164.243 <***@modelspacenyc.com> PB: 71.241.164.243
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:11 Limiting domain/ip: @modelspacenyc.com/65.188.203.244 (120 >= 4)
May-28-07 04:35:11 id-03449110 65.188.203.244 <***@modelspacenyc.com> PB: 65.188.203.244
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:14 Limiting domain/ip: @modelspacenyc.com/81.213.111.213 (121 >= 4)
May-28-07 04:35:14 id-03449141 81.213.111.213 <***@modelspacenyc.com> PB: 81.213.111.213
score: 0+150 => 150 reason:LimitingDomain





___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
Assp-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-devel





___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx

Ok, don't work 1.3.1 with localdomains active.
Attack began after upgrade 1.3.1 again
Downgrade to 1.2.6 again attack stops

I saw my Firewall logs and noted that the IP that send is different from ASSP show as source. there is a way to catch the real IP and if they says that is from another IP terminate connection?

Thanks



----- Mensaje original ----
De: Miguel Angel Mtz <***@yahoo.com>
Para: ASSP Development Discussion <assp-***@lists.sourceforge.net>
Enviado: lunes, 28 de mayo, 2007 23:57:55
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


I downgraded to 1.2.6 and the attack stoped.

I really like the new version 1.3.1 is so complete, I'm reading the source code and I guess that delay is after PB, RBL, Session IP, Limit IP, i think that delay need to be the first thing to check.

Antother thik to say, about localdomain, I left unactivated to let my mailserver do this, but i see that if is not active a message have to pass for all the filters and then the mailserver decide if is local or not. I will try to upgrade again to 1.3.1 with localdomains active and see what happen


----- Mensaje original ----
De: Miguel Angel Mtz <***@yahoo.com>
Para: ASSP Development Discussion <assp-***@lists.sourceforge.net>
Enviado: lunes, 28 de mayo, 2007 4:47:12
Asunto: [Assp-devel] Delay failing in 1.3.1 ?


Hello, recently updated to 1.3.1 from 1.2.6 an noted that i have too many attacks (in 1.2.6 whre stoped correctly) i have enabled delaying, RBL, SPF, IP per deomain limits, and this kind of attak don't stop! i have 1000s can you tell me why? I tryed to answer 250 ok from penalty error, but without luck

Please help

May-28-07 04:32:01 Limiting domain/ip: @modelspacenyc.com/196.202.14.97 (112 >= 4)
May-28-07 04:32:01 id-03447213 196.202.14.97 <***@modelspacenyc.com> PB: 196.202.14.97
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:32:01 Limiting domain/ip: @regions.com/201.3.93.76 (8 >= 4)
May-28-07 04:32:01 id-03447214 201.3.93.76 <***@regions.com> PB:
201.3.93.76 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:28 Limiting domain/ip: @regions.com/85.178.214.5 (9 >= 4)
May-28-07 04:32:28 id-03447488 85.178.214.5 <***@regions.com> PB:
85.178.214.5 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:52 Limiting domain/ip: @modelspacenyc.com/80.98.68.83 (113 >= 4)
May-28-07 04:32:52 id-03447723 80.98.68.83 <***@modelspacenyc.com> PB: 80.98.68.83
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:32:55 Limiting domain/ip: @regions.com/87.0.21.207 (10 >= 4)
May-28-07 04:32:55 id-03447754 87.0.21.207 <***@regions.com> PB:
87.0.21.207 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:04 Limiting domain/ip: @modelspacenyc.com/194.208.162.82 (114 >= 4)
May-28-07 04:33:04 id-03447845 194.208.162.82 <***@modelspacenyc.com> PB: 194.208.162.82
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:14 Limiting domain/ip: @modelspacenyc.com/85.102.109.62 (115 >= 4)
May-28-07 04:33:14 id-03447949 85.102.109.62 <***@modelspacenyc.com> PB: 85.102.109.62
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:15 Limiting domain/ip: @modelspacenyc.com/81.49.114.171 (116 >= 4)
May-28-07 04:33:15 id-03447951 81.49.114.171 <***@modelspacenyc.com> PB: 81.49.114.171
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:21 Admin connection from 189.138.125.102:4454; page:/edit; reading
file:listas/frases_noprocesar.txt
May-28-07 04:33:41 Limiting domain/ip: @regions.com/82.53.93.147 (11 >= 4)
May-28-07 04:33:41 id-03448215 82.53.93.147 <***@regions.com> PB:
82.53.93.147 score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:33:54 Limiting domain/ip: @modelspacenyc.com/87.202.54.117 (117 >= 4)
May-28-07 04:33:54 id-03448348 87.202.54.117 <***@modelspacenyc.com> PB: 87.202.54.117
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:15 Limiting domain/ip: @modelspacenyc.com/207.68.253.23 (118 >= 4)
May-28-07 04:34:15 id-03448550 207.68.253.23 <***@modelspacenyc.com> PB: 207.68.253.23
score: 0+150 => 150 reason:LimitingDomain
May-28-07 04:34:18 Limiting domain/ip: @modelspacenyc.com/71.241.164.243 (119 >= 4)
May-28-07 04:34:18 id-03448581 71.241.164.243 <***@modelspacenyc.com> PB: 71.241.164.243
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:11 Limiting domain/ip: @modelspacenyc.com/65.188.203.244 (120 >= 4)
May-28-07 04:35:11 id-03449110 65.188.203.244 <***@modelspacenyc.com> PB: 65.188.203.244
score: 150+150 => 300 reason:LimitingDomain
May-28-07 04:35:14 Limiting domain/ip: @modelspacenyc.com/81.213.111.213 (121 >= 4)
May-28-07 04:35:14 id-03449141 81.213.111.213 <***@modelspacenyc.com> PB: 81.213.111.213
score: 0+150 => 150 reason:LimitingDomain





___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
Assp-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-devel





___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
Assp-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-devel


Llama gratis a cualquier PC del mundo.
Con una excelente calidad de sonido.
http://mx.messenger.yahoo.com/

I have my mailserver on localhost 127.0.0.1:25


Internet/Myusers -> ASSP publicIP:25 -> mailenable (127.0.0.1:25) - > UserInbox



scripts -> Mailenable(127.0.0.1) otherpublicIP -> Internet (Outbound)



----- Mensaje original ----
De: Fritz Borgstedt <***@iworld.de>
Para: ASSP Development Discussion <assp-***@lists.sourceforge.net>
Enviado: martes, 29 de mayo, 2007 16:11:18
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


What is in your smtpDestination field?



fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
Assp-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-devel


Llama gratis a cualquier PC del mundo.
Con una excelente calidad de sonido.
http://mx.messenger.yahoo.com/

Sorry, smtpDestination 127.0.0.1:25



----- Mensaje original ----
De: Fritz Borgstedt <***@iworld.de>
Para: ASSP Development Discussion <assp-***@lists.sourceforge.net>
Enviado: martes, 29 de mayo, 2007 16:11:18
Asunto: Re: [Assp-devel] Delay failing in 1.3.1 ?


What is in your smtpDestination field?



fritz


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Assp-devel mailing list
Assp-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-devel





___________________________________________________________
Do You Yahoo!?
La mejor conexión a Internet y <b >2GB</b> extra a tu correo por $100 al mes. http://net.yahoo.com.mx