2011/05/10

V2.0 is closed - v2.1.1 is released

fixed in 2.0.1_3.3.01:

changed:

- The EarlyTalker check could now be disabled by setting 'etValencePB' to zero

- The AUTHError counters are no longer related to 'PenaltyUseNetblocks' - a /24 IP-mask is used in every case

- If a network /24 has reached the value of 'MaxAUTHErrors' , assp will drop the connection on the next AUTH request
and will send '521 $myName does not accept mail - closing transmission - too many previouse AUTH errors from network $ip' to the client.
The AUTHError counter for this network will be inreased by 1 and 'autValencePB' will be added to the IP score.

The AUTHError counter for every network is decreased by one every 5 minutes.
So, after 'MaxAUTHErrors' is reached by a network, the AUTH lookup (harvest) frequence is limited to one every 5 minutes.
How ever, 'autValencePB' should set high enough, to block such harvesters early.
 

fixed in 2.0.1_3.2.29:

- an untie to 'orderedtie' in the rebuild thread caused an error message because of a still existing reference
- regex optimization is now back enabled for perl 5.14 and higher
- regex status was not shown for not weighted regular expressions


fixed in 2.0.1_3.2.28:

- an untie to 'orderedtie' caused an exception because of a still existing reference
- stucking workers in 'bodyWrap' was not completely fixed
- the TopTen statistic has some times IP addresses interpreted as domains
- a regular expression with escaped '\(' and '\)', caused an exception

changed:

- the hashes used for the TopTen statistic are now cleanup from records that are not stated for 25 hours


fixed in 2.0.1_3.2.27:

- it was possible that workers stucks in 'bodyWrap'
- some URI's in URIBL are wrong detected


fixed in 2.0.1_3.2.26:

- on windows the line ending of the maillog.txt was possibly wrong  (0D 0D 0A)
- better error handling for RBL, RWL, URIBL


fixed in 2.0.1_3.2.25:

- the mail header parsing was not working correct in several features
- unexpected signals SIGALARM are now captured
- some minor code improvements
- some optimization for Perl 5.14
- some optimization for BerkeleyDB
- if assp.cfg was modified outside assp with an UTF-8 compatible editor and an UTF-8 BOM was written to the file, 
assp was no longer starting
 

changed:

- if used, AsspSelfLoader.pm 2.03 is required
- the regex optimization is skipped, if assp is running on Perl 5.14 or higher



fixed in 2.0.1_3.2.24:

- if TLD's and sub domains are configured to use different MTA's to VRFY user names, 
in some cases a wrong MTA was used for the VRFY


added:

- Blockreports to admins now contains a TOP TEN statistic at the bottom
- the same TOP TEN statistic is available in the left GUI menu and by clicking the (i) icon, 
right to the 'Info Stats' top GUI menu link.



fixed in 2.0.1_3.2.23:

- because of a high CPU workload at startup, some times DB connections where failed
- depending on the configuration and mail order, it was possible that assp has scrambled .eml file names
- a failed DKIM check caused possibly a wong scoring value calculation
- if the sender validation using LDAP and/or VRFY was not possible because the LDAP-server/MTA where not available - 
  assp has possibly build trap addresses
- if a trap address was switched to a valid local email address - this was not detected by assp in every case - 
  the trap address is now removed
- a failed STARTTLS command caused some times a worker restart

- updated AsspSelfloader.pm version 2.03 fixes an overload issue and some error messages

- mod_inst.pl 1.43 (+assp.mod.zip) fixes an issue for the installation of Time::modules on nix systems


changed:

- improved error recovery from BerkeleyDB errors
- updated ASSP-MIB file
- updated assp-mrtg.cfg
- the Mail-Analyzer now also shows information about noDelay, noBlockingIPs and droplist matches
- updated assp.mod.zip now contains mod_inst.pl 1.43 and NetSNMP modules for Perl 5.14


added:

- Additional Bayes valence value for local and outgoing mails.
'baysValencePB_local','Bayesian for Local Messages, default=44','Message/IP scoring'



fixed in 2.0.1_3.2.22:

- if 'SSLPKPassword' and/or 'SSLCaFile' are not configured, some STARTSSL commands are failing - 
which was not the case before these parameter where implemented
- some confusing log lines for the OIP detection are corrected


fixed in 2.0.1_3.2.21:

- penalty trap addresses are now stored and checked in lower case only
- IP-scoring was some times done for the connected IP instead for the originated IP


fixed in 2.0.1_3.2.20:

- adding the SSL-cipher to the received header line was not working in every case

changed:

- the detected enhanced originated IP's (IP's on the mail routing path) are now also used for the IP-frequency feature

added:

'SSLPKPassword','SSL Privat Key Password'
  "Optional parameter. If your privat key ' SSLKeyFile ' is password protected, assp will need this password to decrypt 
  the server\'s SSL privat key file."

!!! the value for this password is stored encrypted and will never shown in clear text - even not if root is logged in !!!


'SSLCaFile','SSL Certificate Authority File'
  "Optional parameter to enable chained certificate validation at the client side. Full path to the file containing 
  the server's SSL certificate authority, for example : /usr/local/etc/ssl/certs/assp-ca.crt or 
  c:/assp/certs/server-ca.crt. A general ca.crt file is already provided in '$dftCaFile'. 
  The default value is empty and leave it empty as long as you don't know, how this parameter works."


changed:

- the 'X-Assp-Intended-For:' and 'X-Assp-Envelope-From:' headers are now added to all mails

- the additional headers 

'X-Assp-OIP:'    - the IP connected to the ISP
'X-Assp-Detected-RIP:'    - the IP's on the mail routing path
'X-Assp-Source-IP'   - the first detected IP at the mail routing path

are now added to all outgoing mails if those values are available



fixed in 2.0.1_3.2.18

- The SMTP reply logging for level 0 plugins was not working.

changed:

The behavior of  'MaxAllowedDups' has been changed.

'MaxAllowedDups','Max Number of Duplicate File Names'
  'The maximum number of logged files with the same filename (subject) that are stored in the spam folder (spamlog), 
  if UseSubjectsAsMaillogNames is selected. Default is 0. A low value reduces the number of possibly duplicate mails, 
  assuming that mails with the same subject will have the same content. A value of 0 disables this feature. 
  If this number of files with the same filename is reached, the oldest file with the same subject will be moved 
  to the discarded folder, which has to be defined ( in addition to spamlog ) for this feature to work.'


added:

For new parameters makes it possible to fine tune the maxSize parameters for different addresses. 

MaxRealSizeAdr, MaxRealSizeExternalAdr, MaxSizeAdr, MaxSizeExternalAdr

'MaxRealSizeAdr','Max Real Size of Local Message Adresses*'
'Use this parameter to set individual maxRealSize values for email addresses, domains, user names and IP addresses. 
A file must be specified if used.
Accepts specific addresses (user@domain.com), user parts (user), entire domains (@domain.com) and 
IP addresses (CIDR notation like 123.1.101/32 is here not supported!) - group definitions could be used. 
Use one entry per line. Wildcards are supported (fribo*@domain.co?). A second parameter separated by "=>" specifies 
the size limit. 
For example:
fribo*@thisdomain.co?=>1000000
jhanna=>0
@sillyguys.org=>500000
101.1.2.*=>0
[admins]=>0 
If multiple matches (values) are found in a mail for any IP address in the transport mail chain, 
any envelope recipient and the envelope sender, the highes value or 0 (no limit) will be used! If no match (value) 
is found in a mail, the definition in maxRealSize will take place.'


fixed in 2.0.1_3.2.17:

- in case of a resend the first choice for TO: and FROM: are now the 'X-Assp-Intended-For:' and 'X-Assp-Envelope-From:' 
header lines if available.

fixed in assp_pop3.pl 1.10:

- if the 'POP3server' definition included a port number [:xxx] the script was failing.

added:

- assp_pop3.pl now supports POP3 SSL connections (POP3S)

...
POP3SSL=0/1
...
  If POP3SSL is set to 1 - POP3S will be done! The Perl module IO::Socket::SSL is required for POP3S!
...



fixed in 2.0.1_3.2.16:

- In some cases assp has not removed crash analyzer files, if a mail was finished processed.




2.0.1_3.2.15 is published as 2.0.1_3.2.15



2011/15/08


fixed in 2.0.1_3.2.14:

- the X-ASSP-ID header was possible added multiple times


changed:

- the our headers are now added to all messages
- better stripping of HTML tags for Bayes analyzer



fixed in 2.0.1_3.2.13:

- sending notifications could faile if 'relayHost' and 'EmailReportDestination'  or  
  'relayHost' and 'smtpDestination' are equal

changed:

- the Bayesian analyze is amazing improved if the ASSP_WordStem.pm 1.07 is installed - 
  Bayes uses now more word pairs and eliminates more unneeded HTML tags


fixed in 2.0.1_3.2.12:

- URIBL has stripped the first character from some uris found in the mail header  (like  google.com => oogle.com) - 
  which has caused possibly an wrong URIBL hit.

changed in

- ASSP_WordStem.pm 1.06 caused some times stucking workers - new version 1.10
- If the resend of a file failed for any reason, in addition to renamed resendmail/file.err, the modified 
  contents of the message ist stored in resendmail/file.err.modified.
  The top of the file contains also some information about the errors.


fixed in 2.0.1_3.2.11:

- MIME converted TNEF parts are shown as simple text in the received mail

- the enhanced Originated IP detection has detected several version- and ID- stings as IP-addresses, which where possibly (wrong) blocked by assp IP-blocking

- the ASSP_WordStem.pm has sometimes caused a timeout -> new version is 1.05


fixed in 2.0.1_3.2.09 2.0.1_3.2.10:

- mails where unexpected blocked by denySMTPConnections if an ecelerity 2.2.x.x server was in mail transport chain


fixed in 2.0.1_3.2.08:

- the GRIPLIST upload URL was wrong calculated - the upload was not working
- the Bayes check is using only the first 30 unique words but was iterating all of the mail body, 
  even if these 30 words where already found

ASSP_AFC 1.22:

- the plugin (1.21) has disabled it self after any GUI change, because of a wrong init sequence - 
  please update the plugin and (re)set 'DoASSP_AFC' to enabled

 ASSP_WordStem 1.03:

- The rebuild spamdb task has taken too long if a previouse version was used.
- While the rebuild is running a caching mechanism speeds up the word stemming - 
  how ever more RAM is used and freedup at the end of the rebuild spamdb
- the number of words used to detect the language of a mail is now limited to the first 100
- the number of words are stemmed is now limited to 60 (the Bayes check uses only the first 30 unique)


fixed in 2.0.1_3.2.07:

- the DNSBL check was not working for OIP addresses

new in 2.0.1_3.2.07:

- An new module ASSP_WordStem.pm version is available.
  If installed in the '[asspBase]/lib' path, this module converts words to its stem from, for example plural, 
  sigular,future,present,past ....
  This should improve the ASSP-Bayes-engine.

The following stemmers are available (as of Lingua::Stem::Snowball 0.95):

    |-----------------------------------------------------------|
    | Language   | ISO code | default encoding | also available |
    |-----------------------------------------------------------|
    | Danish     | da       | ISO-8859-1       | UTF-8          |
    | Dutch      | nl       | ISO-8859-1       | UTF-8          |
    | English    | en       | ISO-8859-1       | UTF-8          |
    | Finnish    | fi       | ISO-8859-1       | UTF-8          |
    | French     | fr       | ISO-8859-1       | UTF-8          |
    | German     | de       | ISO-8859-1       | UTF-8          |
    | Hungarian  | hu       | ISO-8859-1       | UTF-8          |
    | Italian    | it       | ISO-8859-1       | UTF-8          |
    | Norwegian  | no       | ISO-8859-1       | UTF-8          |
    | Portuguese | pt       | ISO-8859-1       | UTF-8          |
    | Romanian   | ro       | ISO-8859-2       | UTF-8          |
    | Russian    | ru       | KOI8-R           | UTF-8          |
    | Spanish    | es       | ISO-8859-1       | UTF-8          |
    | Swedish    | sv       | ISO-8859-1       | UTF-8          |
    | Turkish    | tr       | UTF-8            |                |
    |-----------------------------------------------------------|
 
Undetected and unsupported languages will be processed the same way, like the module is not available.

  Download the module from assp CVS http://assp.cvs.sourceforge.net/viewvc/assp/assp2/lib/

  For this module to work, the Perl modules Lingua::Stem::Snowball and Lingua::Identify must be installed. To install -

on windows:
- ppm install Lingua-Stem-Snowball
- ppm install Lingua-Identify

on all other platforms:
- cpan install Lingua::Stem::Snowball
- cpan install Lingua::Identify

if ask - follow the installation on all dependend modules.



fixed in 2.0.1_3.2.06:

- the enhanced mail routing IP-address-detection now cares about blacklisted dynamic IP-ranges 
(like pbl.spamhaus.org) and skips this IP's on the DNSBL check
- strange output on orginating HELO detection in 2.0.1_3.2.05


fixed in 2.0.1_3.2.05:

- adding extracted and converted TNEF MIME parts to the email, caused an referncing error in the Email::MIME module
- hostname resolving for destination definitions that contains a hostname instead of an ip-address was not working 
for IPv6
- the detection of ip-addresses in 'Received:' header lines was not working if the line was very  long

changed:

- improve output for the mail analyzers
- improved detection of ip-addresses in the mail routing path


fixed in 2.0.1_3.2.04:

- the orginating IP detection was broken since any of last versions
- some wrong outputs of the analyzer features 
- a memory leak on some anonymous arrays

changed:

- improved/enhanced information at the analyzer features
- the GRIPLIST download is changed to run also at a changed download host


added:

- enhanced orginating IP address detection:
  ASSP parses the received header lines and some other common OIP lines for IP-addresses. 
  The detected IP addresses are checked against the IP-Blocking features and DNSBL in the same way like 
  an OIP address would be checked for an ISP-email.
  This will help to detect bots that are using different gateways or open SMTP-relay servers. 
  This feature will also detect host that are abusing ISP-servers like AOL,gmal,hotmail .....
  Simply add the source IP or any other 'IP on the way to you' to the IP-Blocking features .


fixed in 2.0.1_3.2.03:

- if 'spamSubject' was defined containing non ASCII characters, the subject was not correct MIME-encoded
- setting 'TNEFDEBUG' to on, has some times caused unexpected errors in the conversion routine even if there was all OK
- if  'relayAuthUser and relayAuthPass' where configured, assp was not using authentication, 
if a resend-mail or a BlockReports was sent to a non-local email address via 'relayHost' 
- if 'EmailErrorsModifyWhite' was set to on, attached emails where not process for spam and ham reports 
- the subject logging was not working for the crash analyzer
- if there where NON-ASCII characters defined in an attachment name (f.e. GB2312) - it was possible that assp 
was crashing in the Level-regexes - for this reason
  the ASSP_AFC.pm plugin is updated to version 1.21
- if  MIME-encoded characters in a SMTP-reply where not handled by assp
- if a definition for a SMTP-reply inside assp contains NON-ASCII characters, assp has not MIME-encoded the reply - 
encoding is now done using UTF-8
- reply sequences like:
502- any text
502- other text
502  last reply line
  where not handled correct.
- the regular expression for the attachment blocking where some times incorrect build


changed:

- resending mails and sending blockreports uses TLS if 'DoTLS' is set to 2 (DoTLS)

- The GUI mail analyzer now has a link to check and modify IP-addresses -  the same like the links in MaillogTail
- the unneeded link on privat-address-range IP's in the BlockReport is removed (URIBL or RBL check)
- the autoupdate version check is changed to reflect the new anounced version numbering

At the begin of the year 2012, the version numbering of V2 will be changed - all assp versions before 2.0.1_3.3.01 and 
2.0.1_3.3.01 will possibly not make any autoupdate after 2011/12/31!
The new version numbering will be:

FAMILY.MAJOR.MINOR_BUILD[.PATCH]  

where the BUILD number is build from the two digit year and the three digit day of the year. 
If there are more than one patches available for one day, a dot + PATCH number with one or two digits will be appended.
The MINOR number indicates: odd - production version , even - development version
The version number for today (2011/21/07) would be : dev - 2.0.1_11202 and prod - 2.0.1_11202


changes in 2.0.1_3.2.02:

- assp now dowloads in addition to the version.txt and assp.pl.gz the last changelog.txt to the docs folder, 
if the autoupdate feature is used
- links for the current local and the current downloadable changelog.txt are now shown in the 
'Infos and Stats' -> 'Server Information' screen of the GUI
- 'discarded' must be configured to use the 'crash analyzer'
- The 'crash analyzer' no longer blocks an email by sending a '5xx..' reply to the sender, 
instead it collects the complete detected mail to the 'discarded' folder without any filter action.
   A logline 

[spam found] (crash analyzer said: 'this mail will possibly crash ASSP', will no longer analyze and forward but collect the mail) ->filename

  will be written to maillog.txt which could be detected by the Block Report feature to inform the user about 
  the blocked mail and to makes a resend possible.
  The sender will always get a '250 OK' for that mail.




2.0.1_3.2.01 is published as 2.0.1_3.2.01



2011/10/07


fixed in 2.0.1_3.2.01:

- assp has not used the folder 'debug' for the debug files in every case.
- if 'DoAdditionalAnalyze' was set to ON , the mail was modified by the analyzer before it was stored to the corpus.

changed:

- The crash analyzer will now block all mails that are detected as possible bad.
  If the internal variable '$CrashAnalyzerWouldBlock' is set to 0, assp will not block a mail - but will start a 
  partial debug for that mail.
  'Infos and Stats' now shows a line for the crash analyzer.

The 'crash analyzer' has reached the 'experimental' state. It could be used in production mode. How ever, 
it has to be configured via commandline parameter or 'CorrectASSPcfg.pm' 
(see the change log for 2.0.1_3.1.08 - experimental).
The crash analyzer is disabled per default.



fixed in 2.0.1_3.1.11:

- fixes a regex issue for assp on Perl 5.14
- if a header tag has included a message-id-signature not in the first line, the signature was not removed
- the link to the AsspSelfLoader.pm in the 'Infos and Stats' screen was wrong
- the analyze features have not detected a match for bombCharSet
- the attachment detection has some times crashed assp, if the MIME-header was trunced by 'maxBytes'

changed:

- improved the charset detection for 'bombCharSet'
- debug outputs are now written to  assp-base/debug
- the analyzer now shows if the mail would be blockedby the HMM crash analyzer
- the crash analyzer now tags randomly changed header lines to get much better detection results



fixed in 2.0.1_3.1.10:

- A code change in 3.1.04 for adding our header lines has caused in some cases that the mail header was destroyed. 
So the MIME content was no longer valid.


fixed in 2.0.1_3.1.09:

- the order of multiple notification messages was not the same like the order of the loglines that causes the 
notification
- trunking the email data to 'MaxBytes' has some times destroyed the base64 encoding of text or attachments, 
which caused some times a crash of Perl - the trunk in now done to the last line break within 'MaxBytes' bytes .
- the BlockReportFilter was not working


new:

- For those of you, who are coding inside assp or who knows more than basics about the internal usage of variables : 
It is now possible to use internaly defined variables in regular expression defintions. 
The link to such a variable inside a regex is done using the following syntax

  ${$variable_name}

So for example: using   ${$EmailDomainRe}   iside a regex, will replace the string with 
  (?:\w[\w\.\-]*\.\w\w+|\[[\d\.]*\.\d+\])  , which is defined in the code of assp.pl .

- If 'MaintenanceLog' is set to verbose and the crashAnalyzer is used and the module 'Devel::Size' is installed - 
the startup sequence will show tthe memory usage of the 'Hidden-Markov-Model'.
- Improved the crash detection, if exact matches are found in the HMM.



fixed in 2.0.1_3.1.08:

- in several parts of the code the IPv6 detection was not working correct in every case

- the usage of &main::mlog in CorrectASSPcfg.pm caused the call to  CorrectASSPcfg::set() to fail

- an unneeded growing cache Hash in Tie::RDBM is removed

- if the body of a mail contains very long strings without a line break - this was possibly the reason for crashing ASSP/Perl - the body is now wrapped for the contents spam checks 


changed:

- if an IPv6 address like '::FFFF:100.101.102.103' is defined in an IP-regex, the IPv4 part is included in the regex in addition

- if an IPv6 address like '::FFFF:100.101.102.103' is detected as orginated IP (mail from ISP) , the IPv4 part is used for the IP checks

- it is now possible to use the '--variable:=value' commandline switch to setup any global defined variable (in addition to overwrite the configuration variables of assp.cfg).
  for example : --enableCrashAnalyzer:=1

- if assp is unable to find any foreign 'Received:..' header line, it will increases the spamprob value of the mail


new:

- A new ASSPSelfLoader.pm version 2.01 is available. The new module uses an autosplit mechanism, needs less memory and produces much less memory fragmentation.
  The folder 'base/sl_cache' is used to store the splitting results.
  The startup of assp will take 1 to 3 seconds longer than with version 1.xx. 



experimental:

- ASSP now has an automatic self learning crash detection system included. This feature uses the folder 'base/crash_repo' as crash respository.
From the time a new connection is astablished for an incoming mail, a unique file is opend in the crash respository and all received data (and some other stuff) is stored there.
These files are removed from the folder, if the message is finished processed anyway.
If Perl/ASSP is crashing, the crash respository will contain all files, that where opened at crash time.

If assp is (re)starting, it will look in to the crash respository, will clean up the folder from unneeded (too short) files and read all header lines from all remaining files in to a HMM
'Hidden-Markov-Model'. The HMM is used to compute the likelihood of possible word or string combinations.
So we can "ask" the HMM: "what words will possibly follow this word or word combination ?". HMM will "answer" with a list of words and there likelihood, that it expects to follow our string.

ASSP will compute a crash likelihood value for each incoming mail, if the header is received and  -  it will block the mail, if it expects, that further processing the mail, will cash assp.

This feature is disabled per default. To enable it, you have three options:

1. change line 193 of assp.pl to:   our $enableCrashAnalyzer = 1;
2. use the commandline switch :   --enableCrashAnalyzer:=1
3. add the line :  $main::enableCrashAnalyzer = 1;   to the stub  set  in  CorrectASSPcfg.pm

For extended information about what this feature is doing, set 'ConnectionLog' to on (better to verbose or diagnostic -> more info)

Currently this feature is EXPERIMENTAL !!! It will not block any mail. If you want this feature to block mails, you must uncommend the line 46760 of assp.pl (remove the # from
#    return 1 if $value > $limit;      )

The number of files used from the crash respository to build the HMM is restricted to a value of (NumComWorkers * 10), because the HMM needs alot of memory.

please follow this recommendations:

1. keep an eye on the crash respository - to prevent to high memory usage
2. never copy  .eml  files to the crash respository - instead duplicate possible very bad files in the crash respository to speed up the HMM learning process
3. it is often smarter to look in to the crash respository files and to build a preHeaderRe to block such mails


fixed in 2.0.1_3.1.06:

- TNEF conversion has failed under certain conditions
- assp has forced worker restarts if 'DoDomainCheck' was configured 
(Error: Worker_5: Not a SCALAR reference at assp.pl line 20526)


changed:

- If bcc lines, with non-local addresses, are found in the header of an incoming mail - 
such attemps are now classified as 'RelayAttempt' and the message will be rejected independend of 
any noprocessing or whitelist settings.


changed in 2.0.1_3.1.05:

- improvements/additions for MaillogTail address and IP actions
- the behavior of 'DoDomainCheck' - MX and A record check has changed:

 If activated, the sender address and each address found in the following header lines (ReturnReceipt:, 
 Return-Receipt-To:, Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, Errors-To:, List-...:) 
 is checked for a valid MX or A record. Scoring is done for non existing MX record and non existing A record - 
 a messages failes (block), if both records are not found.'

- BCC: header lines are now removed from the mail header for all incoming/foreign mails - 
this belongs also to resent mails

- if a DELETE SQL statement fails for a RDB record, assp now captures the event from Tie::RDBM and keeps 
the process working


fixed in 2.0.1_3.1.04:

- the mailloop detection was not working
- some X-ASSP- header lines are added multiple times

changed:

- free worker detection is improved


fixed in 2.0.1_3.1.03:

- changing some values via GUI, unexpected results in a maillog line  like 'AdminInfo: .... changed from 'On' to 'On' 

changed:

- If the MTA closes the connection unexpected, without sending a reply (like 4xx or 5xx)  in the DATA part of a mail - 
assp has also simply closed the connection to the client. This is changed: assp now sends a reply 
'451 Requested action aborted: local error in processing'
to the client before closing the connection

- If an incoming  messages reaches any of maxSizeExternal or maxRealSizeExternal, assp now writes a line including 
the [spam found] tag in to the maillog.txt file. How ever, because the mail content was OK, 
the possibly created file 'notspam/filename' is keeped. This makes it possible to inform the recipient about 
this blocked message in the BlockReport and to request a resend for the (possibly uncomplete) mail.


fixed in 2.0.1_3.1.02:

- ReservedOutboundWorkers was no more working since 2.0.1_3.0.24
- unexpected restarts without writing an exception log since 2.0.1_3.0.24
- unexpected high memory consumption since 2.0.1_3.0.24


fixed in 2.0.1_3.1.01:

- after editing address or ip lists via MaillogTail the dropdown menu was not changed correctly
- if a MTA has denied a mail inside the DATA part for any reason without sending an acceptable reply code 
(4xx 5xx) by simply closing the connection - assp has produced a memory leak and the connection was not closed by assp.


changed:

- email addresses could now be added to and removed from preHeaderRe via MaillogTail



fixed in 2.0.1_3.0.28:

- In case of an assp shutdown, the archive request (from ASSP_ARC.pm) was not processed by the MaintThread, 
because this thread was terminated bfore the smtp-workers.
The shutdown sequence is change to solve this.


fixed in 2.0.1_3.0.27:

- 'BlockReportFilterRe' was no longer working correct.


fixed in 2.0.1_3.0.26:

- bomb regex are blocking even if according valence value is not reached but the according  ..maxhits is reached

fixed in 2.0.1_3.0.25:

- If an ADO connection is configured for a DB - possibly a wrong table structure (the default SQL-ANSI92 
  instead of MSSQL) is initialized by ASSP, which leads into DB errors in ASSP.

changed:

- If editing a regex leads in to a regex-error, this will be shown after saving or opening the file, 
  by a red line at the top of the EDITOR-browser window.
  If you don't know the mistake, investigate the MaillogTail for the detailed error message.


fixed in 2.0.1_3.0.24:

- IPv6 NetBlocks are calculated only with a 64 bit mask
- if flat files are used for hashes and lists, the risk of getting errors about a stucking MainThread was too high


new:

- new Plugin "ASSP_DCC"  V1.01 is available. It uses services from "Distributed Checksum Clearinghouses" 
  (http://www.rhyolite.com/dcc/) to detect spam at a statistical base (like Razor).
  Please read the GUI after installing. Read the manuals at http://www.rhyolite.com/dcc/ to install and configure 
  the core components of DCC.
  Notice, that ASSP-Windows-Installations needs a linux (dccifd supported) host with the installed DCC core components, 
  to use this plugin.






2.0.1_3.0.23 is published as 2.0.1_3.0.23



2011/14/05

fixed in 2.0.1_3.0.23:

- if the CIDR modules are not available, a trailing IPv4 address in an IPv6 address was not detected

changed:

- improved the check and cache cleaning for addresses in 'noPB' and 'noPBWhite'


fixed in 2.0.1_3.0.22:

- changing to or from HTTPS for webadminPort or webstatPort has no longer renewed the listener
- if BerkeleyDB was used for the rebuildSpamdb temporary hashes and a rebuild was crashing for any reason, 
the next rebuild was possibly running in to a BerkeleyDB-Env error because of damaged ENV-files
- tasks that could be started form the GUI caused an log entry like  
'error: coding error: config value is not equal config hash in .....' 


2.0.1_3.0.21 is published as 2.0.1_3.0.21



2011/11/05
fixed in 2.0.1_3.0.21:

- if in a configuration was defined '# assp-no-sync' to skip synchronization, a sync-slave has even received the file.
- the output of assp in the analyzer and log was a bit confusing if a regex for an empty or space only 
string was used in a bomb definition (^$ or ^\s*$)
- adding the spamprobe to the mail header gas done some unneeded regexes on the mail contents


fixed in 2.0.1_3.0.20:

- the synchronization feature was not working correct for some config values, if the value was changed - 
a changed file for such a value was synchronized correct
  assp now checks that the 'onchange' subroutines are working well. If a mistake is detected, assp will log a message 
  'Error: coding error: config value is not equal config hash in $name - please report to development!' 
  and the GUI will show a javascript popup with that message. PLEASE report such messages as as possible to me - thank you!
- the native SSL (listenerSSL) was not working correct if IPv6 was enabled but a IPv4 connection was used for 
the underlying socket
- 'testRe' was executed even if 'DoTestRe' was not set


changed:

It is now possible to prevent config synchronization for specific files. The change GUI text is below.

 If set, the configuration value and option files synchronization will be enabled. 
 This synchronization belong to the configuration values, to the file that is possibly defined in a 
 value and to the include files that are possibly defined in the configured file. 
 If you don't want a specific configuration or include file to be synchronized, write

# assp-no-sync

as a comment anywhere in the file. An possible reason could be for example 'localDomains' - 
if ASSP1 is hosting DOMAIN1 and DOMAIN2 but ASSP2 is hosting only DOMAIN2 - 
so the entry for DOMAIN2 could be put in a not synchronized include file on ASSP1 and the synchronized 
main config file contains the entry for DOMAIN1.



fixed in 2.0.1_3.0.19:

- native SSL connection (at 'listenPortSSL') caused an error like
Error: Worker_2: Use of fdopen() not allowed with SSL at h:\assp\assp.pl line 43267 thread 4
in 2.0.1_3.0.18


fixed in 2.0.1_3.0.18:

- if only a port was defined for a listener and IPv6 was enabled, it was possible that new IPv4 connections 
were failed because of using the wrong socket Domain AF_INET6 .
- if IPv6 was disabled, but all modules and the OS supports IPv6 and SSL was configured, IO::Socket::SSL 
was using the IPv6 modules for all sockets - IO::Socket::SSL is now also switched to use the right modules.
- accepting IPv4 connections has taken too long if IPv6 modules are used - assp now sets the right socket Domain 
depending on the used IP address (IPv4/IPv6)
- the GRIP value for ISP connections was not handled correct
- DoFrequencyIP and  DoDomainIP are not working correct for ISP connections
- a memory leak in the configuration of the SenderBase feature is fixed
- the download interval for the griplist was ignored at startup


changed:

 - several code changes to improve IPv6 support
- if the modules IO::Socket::INET6 and Socket6 are installed and useIOSocketINET6 is enabled and 'enableIPv6' 
is selected , assp will check the system (kernel) for IPv6 support by creating (and closing) a IPv6 listener at 
port 51965. If this test failes, Iv6 support will be disabled in assp and a startup logline is written to maillog.txt .
- It is no longer required to restart assp if 'enableIPv6' is changed. How ever - on nix systems this requires 
assp to run as root if ports below 1025 are used for listeners!
- if assp is upgraded from V1 to V2 - 'webSecondaryPort' (from V1) is now appended  to 'webadminport' 


fixed in 2.0.1_3.0.17:

- hex resolution of an IPv4 in the header was not detected correct


fixed in 2.0.1_3.0.15:

- If the MaintThread saves a file based hash/list and the MainThread is doing the same at the same time - 
the hash/list could be destroyed
- an IPv6 address with a trailing IPv4 address like '2001:1::12.2.6.123' not correct detected and handled 
by all features - those addresses now converted to native IPv6 addresses 
- the personal black list as flat-file was not saved scheduled - this is now done after the penaltybox was saved

changed:

- assp is now able to detect IPv6 addresses in the header
- assp now knows privat IPv6 addresses
- the IP-in-HELO feature now also detect IPv6 addresses and possible missmatches beween IP-in-HELO and the connected IP


2.0.1_3.0.14 is published as 2.0.1_3.0.14



2011/23/04
2.0.1_3.0.14 

fixed in 2.0.1_3.0.13

- assp is unable to load the rebuildspamdb.pm module with :

error: rebuildspamdb failed - Attempt to reload rebuildspamdb.pm aborted.
Compilation failed in require at (eval 6582) line 1.
BEGIN failed--compilation aborted at (eval 6582) line 1.


#fixed in 2.0.1_3.0.12:

- the rebuildspamdb task terminates with

error: rebuildspamdb failed - Not a CODE reference at lib/rebuildspamdb.pm 
line 1013.

and no GRIIPLIST upload is done - 2.0.1_3.0.11


fixed in 2.0.1_3.0.11:

- it was possible that assp has stopped collecting mails, if low values are configured for 'freqNonSpam' or 'freqSpam'


new:

- if a message is received with a SSL-connection, the assp received header contains now the use enryption ciffer

- IPv6 is now supported

'enableINET6','Enable IPv6 support','For IPv6 to be enabled, check this box. NOTE: Changing this requires a restart
 of ASSP. This option requires an installed 
 <a href="http://search.cpan.org/search?query=IO::Socket::INET6" rel="external">
 IO::Socket::INET6</a> module in PERL and your system has to support IPv6 sockets!'


fixed in 2.0.1_3.0.10

- a BlockReport request with an '*' in it caused the MaintThread to die.


fixed in 2.0.1_3.0.09:

- parameter parsing in BlockReports was wrong in 3.0.08 - some BlockReports were unexpected empty

changed:

- in case of a stucking MainThread - the information in 'MainThread_stuck_err.log' are more detailed


fixed in 2.0.1_3.0.08:

- if 'LocalAddresses_Flat' contains a correct entry with 'domain=>MTA' an error about a wrong entry is shown and the etry is ignored.


fixed in 2.0.1_3.0.07

- using AsspSelfLoader.pm 1.11 with assp.pl 2.0.1_3.0.06 causes an exception 'Illegal declaration of 
subroutine main::CheckAttachments at sub main::whitebodyNoExe line 118' in all SMTP workers - 
this is fixed in assp.pl 3.0.07 and AsspSelfLoader.pm 1.12 (both versions are required !!)


fixed in 2.0.1_3.0.06:

- 'smtpDestinationRT' was no more changeable
- errors in the RBL package are now better logged
- BlockReports for nonlocal domains are not processed correctly
- the rebuild-spam-db has forced the Encode module to warn about uninitialized variables
- the MessageID and possibly the version number was shown and handled as IP address in MaillogTail


changed:

- if used, AsspSelfLoader 1.11 is required.
- the resend links are now removed from the BlockReports if the mail file contains no body - in this case a hint 
'no message body received' is added to the BlockReport line


fixed in AsspSelfLoader 1.11:

- global package variables and 'use' statements are not processed
- assp.pl 2.0.1_3.0.06 is required


fixed in 2.0.1_3.0.05:

- assp is unexpected crashing because of no existing symbol table entrys
- the Encode module is no longer working and causes errors with  'Wide character in .....'


fixed in 2.0.1_3.0.04:

- The OIP IP-address was not made a link in Blockreports.


changed:

- The blockreport.css file is changed - it contains now a section for the IP-address link.


fixed in 2.0.1_3.0.03:

- 2.0.1_3.0.02 was not running on Perl 5.10.0 (5.010000) , and also not on darwin with perl 5.8.8
- a character conversion mistake has removed text from the mail for bomb checks, if javascript was used in the mail
- If no Plugin for level 2, no DKIM check, no DKIM signing and no character conversion was configured, 
the X-ASSP headers were not added to large whitelisted and noprocessing mail.
- The rebuild task was crashing with 'Error: rebuildspamdb failed - Wide character in subroutine entry' , 
if a mail file was destroyed or contained unencoded UTF-8 data.

added:

- It is now possible to click on IP and email addresses in the MaillogTail dialog. This action will open a new 
browser dialog with several actions for the addresses.
- The same dialog could be started from left Main Menu (work with addresses - work with IP's).
- The same action could be used by admins from BlockReports - click on the IP or the '@' after any email address.

changed:

- Depending on the Bomb features configuration,  not all bomb checks were done. 


fixed in 2.0.1_3.0.02:

- changing the DNS servers in 2.0.1_3.0.01 was no more possible.
- in on case assp has sent a sequence '250 STARTTLS\r\r\n' to the MTA - this is fixed ('250 STARTTLS\r\n')
- the SIZE extension of the EHLO reply was wrong parsed for the value
- If a group was defined in more than one config parameter, it was possible that the order of the reloadof the 
config values was wrong.


added:
- An new module 'lib/AsspSelfLoader.pm' is available at sourceforge CVS download. This module reduces the memory 
usage of assp by 10 - 15 percent.
- Improved syntax check for 'localDomains' and 'localAddresses_Flat'


changed:

- the overwrite of the default BlockReportFilter is changed
>GUI text

 If an admin emails a block report request and specifies a filter in the subject of the email and a fourth parameter 
 in the body, both regular expressions will be merged in to a single regex for each line.
 If you or a user want the default BlockReportFilter to become part of the overwrite regex, the literal '$BRF' 
 should be inluded in the regex like:
 *@domain=>*=>14=>virus|$BRF|newsletter - or even in the subject of the email
 In this case the literal '$BRF' will be replaced by the BlockReportFilter.



fixed in 2.0.1_3.0.01:

- some config parameter validations where not working well
- the automatic calculation of the number of recommended SMTP-worker was not working well
- if 'ChangeRoot' , 'runAsUser' or 'runAsGroup' is configured and the change failed, assp was dieing without 
shutting down all processes and databases
- forwared ham/spam connection where running in to timeout
- the LDAPList hash was used , even if 'ldaplistdb' was not configured
- the MXACache was not working OK in every case
- malformed mails (\n instead of \r\n multiple times ) caused assp to stop Bomb checks - for example in HTML scripts
- the URIBLCache cleaning was not working for every entry type correct




changed:

- some obsolet sub's are removed from the code
- DoMaxDupRcpt now also checks mails that are 'noprocessing' only because of there size
- DoPenalty now also checks mails that are 'noprocessing' only because of there size
- BlockReports now contains a line, which informs the user about the count of skipped lines, because of the 
'BlockReportFilter' (privat or global)
- an AutoUpdate of the assp.pl script could now be forced by changing 'AutoUpdateASSP' to 'download and install'(2->1->2)
- BlockReport-requests now supports a fourth paramter to overwrite the global BlockReportFilter - the GUI text is changed:
........
 Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". 
 If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. 
*******
 All characters behind the "number of days" will be interpreted as a regular expression to overwrite the BlockReportFilter - 
 leading and trailing white spaces will be ignored.
*******
 Users defined in EmailBlockTo, EmailAdmins and EmailAdminReportsTo are \'Admins\' and can request a report for multiple users. 
 They have to use a special syntax with \'=>\' in the body of the report request. The syntax is: 
.........
******
 To overwrite the defined BlockReportFilter, you can define a fourth parameter, which contains the regular expression to use.
 *@domain=>*=>14=>virus|newsletter - creates a report for 14 days and skippes all lines that contains the words 'virus' or 'newsletter'.
 If both, the fourth parameter and the extension in the subject, are defined, both regular expressions will be 
 merged in to a single regex for each line.
******

These changes belongs to file and email based requests.


added:

- If there is an error in any regex, the green status 'bull' in the GUI is change to red, a more detail report will be shown in the 'Worker/DB/Regex' Status screen and an alert will be shown if the GUI is loaded.

- ASSP is now able to work with user groups - groups from mail/ldap servers could be imported if needed, The GUI has a new section 'Goups' to do the configuration of the groups (read the GUI):

# groups.txt version 1.00 - 2011/23/02
###############################################################################################
# Group definitions could be used in any other configuration value where multiple user names, 
# email addresses or domain names could be defined.
# Groups are defined and used using the syntax [group-name] in a single line. 
# In the configuration parameters, the line [group-name] will be replaced by the content of the group definition, 
# that is done here.
# All group definitions are case sensitive. Group names can only contain the following characters: 
# A-Z, a-z, 0-9, - and _ 
# The structure of this file has to be as follows:
# 
# [super_spamlovers]
# myBoss
# ldap:{host=>my_LDAP_server:389,user=>admin,password=>pass,timeout=2,scheme=ldap,STARTTLS=>1,version=>3},{CN=management}{member},{%USERID%}{mailaddress}
# entry
# exec:/usr/bin/list_postfix_users --domain mydomain --group postoffice
# entry
# ...
# 
# [admins]
# ldap:{host=>domino1.mydomain.com:389,user=>Administrator,password=>pass,timeout=2,scheme=ldap,STARTTLS=>1,version=>3},{CN=LocalDomainAdmins}{member},{%USERID%}{mailaddress}
# entry
# entry
# ...
# 
# Every content behind a # is consider a comment. Empty lines will be ignored. An group definition stopps, 
# if a new group definition starts or at the end of the file.
# 
# There are two possible methodes to import entries from an external source in to a group - 
# the execution of a system command or a LDAP query.
# To import entries via a system command like (eg. cat|grep or find or your self made shell script), 
# write a single line that begins with exec: followed by the command to be executed - like:
# exec:cat /etc/anydir/*.txt|grep '@'
# The executed system command has to write a comma(,) or pipe(|) or linefeed(LF,CRLF) separated list of entries to STDOUT, 
# that should become part of that group, where this line is used. There could be multiple and any combination 
# of entry types in one group definition.
# 
# If you are familar with the usage of LDAP, you can define LDAP querys to import entries from one or more LDAP server. 
# This is done, defining one query per line. The syntax of such a line is:
# 
# ldap:{host_and_protocol},{LDAP_group_query_filter}{LDAP_group_query_attribut_to_return},{LDAP_entry_query_filter}{LDAP_entry_query_attribut_to_return}
# 
# If the 'host_and_protocol' part is empty {}, the default LDAP configuration will be used. 
# An 'host_and_protocol' part should contain the following entries in the following structure:
# 
# {host=>127.0.0.1:389,user=>...,password=>...,timeout=..,scheme=ldap/ldaps,STARTTLS=>0/1,version=>2/3}
# 
# The 'host' has to be set, if you want to define any other LDAP parameter. If any other parameter is not defined, 
# the default LDAP configuration value will be used, except user and password. The port definition (:xxx) in the 
# host setting is optional - if not defined, the default LDAP ports 389(LDAP) and 636(LDAPS) will be used. 
# It is possible to define a pipe(|) separated list of hosts for failover functionality like 
# 'host=>localhost:389|192.168.1.1:389|....'
# The 'LDAP_group_query_filter' and 'LDAP_group_query_attribut_to_return' are used to query a LDAP group for it's 
# members (users). The resulting list will contain the userid's (uid) of all group members. The definition of these 
# two parameters could look as follows:
# {CN=management)}{member}
# The 'LDAP_entry_query_filter' and 'LDAP_entry_query_attribut_to_return' are used to query each member from the 
# first query, for it's email address. The literal '%USERID%' in the 'LDAP_entry_query_filter' will be replaced by 
# each result of the first query. The definition of these two parameters could look as follows:
# 
# {%USERID%}{mailaddress}
# 
# If you are able to get all results (eg. email addresses or domain names) with the 'LDAP_group_query' query, 
# leave the definition of 'LDAP_entry_query_filter' and 'LDAP_entry_query_attribut_to_return' empty {}{}.
# 
# The result of each group definition will be stored in a file in files/group_export/GROUPNAME.txt.
# The groups are build at every start of assp and if the defined file is stored (changed file time). 
# To force a reload of all groups, open the file and click 'Save changes' or change the file time with an 
# external shell script.
###############################################################################################




2011/23/01
fixed in 2.0.1_2.0.19:

- If any text part of a mail was base64 encoded, the 'bombDataRe' check was done on that encoded data - 
now this parts are decoded before this check is done.
- If an email address is part if the 'BlockReportFilter' , assp will ignore this filter if a BlockReport is 
requested for this email address.
- The email interface has processed the same email address multiple times (multipart alternative MIME) , 
which was resulting in confusing replys. 
- Adding an email address to any list via email interface was some times leading in to entrys with a double dot 
like : name@anydomain..com
- Adding an email address to the whitelist by a simple user via email interface, was leading in to two reply line, 
one for the global and one for the privat entry. The line for the privat entry is now sent only to 'EmailAdmins'.
- If a user has requested a resend of a blocked mail and the file no longer exists, the full path to the missing 
file was shown in the reply. Now only the assp-sub-folder and filename is shown.
- It was possible if 'ccMaxBytes' is used, that a copied mail was shorter than 'ccMaxBytes'  

changed:

- 'URIBLCCTLDS' is not changeable anymore
- if 'AutoUpdateASSP' is set to 'download only' - the new assp.pl file will be syntax checked and a backup 
of the currently running script will be done in 'download' folder. 
The file of this backup contains the version number.
- If a mail has passed assp with any passing reason [spam passed] , the file name will be shown in orange 
color in the MaillogTail.
- The download of the 'URIBLCCTLDS' file is now only done, if 'ValidateURIBL' is set to on.
- If 'MaintenanceLog' is set to verbose or diagnostic, the rebuildspamdb task will show all helos that are 
new added to the HeloBlackList.


fixed in 2.0.1_2.0.18:

- some confusing warnings inside the rebuild spamdb thread should be removed
- if a user has sent a request to remove an entry from the block report queue, he got a reply that the entry was removed,
 even the entry was not existing


fixed in 2.0.1_2.0.17:

- changing 'AddCustomHeader' was not possible
- changing 'updatePenaltyDuration' or 'updatePenaltyExpiration' was leading in to an exception 'undefined subroutine CleanPB'


fixed in 2.0.1_2.0.16:

- the signing (numbering) of non local X-ASSP- header lines was also done in the body of a mail if sent from SF
- if very large spam mail where forwarded - it was possible that not the complete mail was delivered to the 
spam account (sendAllSpam)
- the SPFCache (SPF) matching was not working in both analyzers after changing the cache structure
- the SBCache (SenderBase) matching was not working in both analyzers after changing the cache structure
- if 'MaxAllowedDups' was configured - the used MD5-Hash-cache was not refreshed after the file collection cleanup 
was running (and has possibly removed files from the spam folder)
- depending on the queried DNS-Server software and some assp configuration settings, it was possibe that maxhits, 
maxreplys and Showmaxreplies was not working correct for DNSBL,RWL and URIBL
in most cases this was more a 'display' issue than a functional bug

changed:

- The 'MaxEqualXHeader' check is now skipped for outgoing, noprocessing and whitelisted mails, because it was 
impossible, even with a setting of 20, to deliver appointments and other groupware stuff between Lotus-Domino, 
MS-Exchange and Groupwise
- 'LocalAddressesValid','Accept Remote Sender with Valid Local Addresses '  is obsolet and was removed from the code
- The automatic addition for authenticated local sender addresses and local domains to the LDAPList is now resticted 
to connections at the relayPort and the listenPort2 for security reasons. Because a hacked or cracked or 
"wrong published" valid authentication at the default listen port, has made it possible to register any 
domain and useraccount and to abuse ASSP as spambot.


added:

- the MXACache (MX record) matching is added to both analyzers 



fixed in 2.0.1_2.0.15:

- the 'bombSubjectRe' analyzing in both analyzing tools was no working correct (length detection and UTF-8 decoding 
for non single byte character sets)

added:

- both analyzing tools are now able to detect 'personal blacklisted addresses' and 'personal removed whitelist entrys'
- after extracting the email addresses from the header, both analyzing tools removes now all local X-Assp- headers 
before checking the mail / text
- some more minor improvements for both analyzing tools


fixed in 2.0.1_2.0.14

- Symbol.pm was not working correct in 5.10.0 - it is removed from the code
- both analyzing tools have not detected if a combination of 'text=' , 'ip=' and 'helo=' where used 


added:

- both analyzing tools have not detected 'preHeaderRe'


fixed in 2.0.1_2.0.13:

- The URIBL-check detected wrong URI's if the '@' in an email address was HTML-encoded as '%40' or '&#064'
- If a bomb-check has mached on a non-ASCII string, it was possible that the 'X-ASSP-Spam-Reason:' header was wrong 
MIME encoded
- If a level 2 Plugin has returned data for the URIBL-check and this check has failed, the '55x ...' reply to the 
sending server was not containing the blocking reason 'listed by ....'

changed:

- The verbosity of the URIBL reply was depending on the setting of 'URIBLLog' - this reply is now every time 
verbose as possible, containing the 'URIBLSP<-returncode'
- If the autoupdate feature is used, it now possible to modify ASSP settings via the version.txt file, before a 
possible restart is done
- The cleanup of unneeded subroutines and modules in threads now uses the module 'Symbol.pm' to cleanup the Perl 
symbol table (the module Symbol.pm is part of the default distribution - so no action has to be taken to enable 
or to install it)
- The order of some sub routines inside the main code was changed to make the code more readable



2010/24/12
released development version 2.0.1_2.0.12 as stabil version 2.0.1_2.0.12

fixed in 2.0.1_2.0.12:

- it was possible that assp has unexpexted changed the used SMTP destination IP:PORT when a Worker was 
interrupted to get a new connection, because of a wrong defined global variable.

changed:

- the order of the email addresses in an admin BlockReport is now alphabetical
- the time calculation for HTTP downloads is now more flexible to prevent load peeks at the SF-server


fixed in 2.0.1_2.0.11:

- if the recipient verification was configured to be done by the MTA, BlockReports for users where not 
processed correctly



2010/17/12
released development version 2.0.1_2.0.10 as stabil version 2.0.1_2.0.10

fixed in 2.0.1_2.0.10:

- The GUI description for SNMPbaseOID was wrong.
- If SNMP was used, the CPU usage was a bit too high in idle looping.
- If any reported email address was containing an '+' or '?' (a regex quatifier) , 
the workers where run in to an exception '<--HERE in Regex'.


changed:

- If assp is running as Windows Service STDOUT,STDIN and STDERR are closed in every case - no output will be available. 
Until now this was only the case if syslog was configured and used.

- bombRe and bombDataRe now able to search for attachment name - the GUI description has changed as follows:

'bombRe','BombRaw Regular Expression for Header and Data Part**'' .........
 If you want to search for attachment names, define a line with \'attachment:the_attachment_name\'.

'bombDataRe','BombData Regular Expression for Data Part**.............
  If you want to search for attachment names, define a line with \'attachment:the_attachment_name\'

The attachment will be found in any type of MIME header (attachment, inline, application ....).


added:

- SNMP supports now the sub-OID's 5.0 and 5.1 - which are an API to execute any perl code inside assp 
(set variables, call subroutines .... ). System calls like [system , qx , Ã‚Â´...Ã‚Â´] are only allowed, if the 
SNMPuser is set to 'root'.

GUI changes for this are:

.5.0 - SNMP-API : is writeable - accepts internal subroutine command/call to be executed
.5.1 - the result of the last SNMP-API call (success or error)



fixed in 2.0.1_2.0.08:

- depending on the running OS, not all Perl module informations where available via SNMP
- large speed improvement for a sequence of GETNEXT querys via SNMP

added:

- An MIB file (ASSP-MIB) is provided, to be used with MIB-browsers.


fixed in 2.0.1_2.0.07:

- If Plugins in level 2 are used, it was possible that a mail was signed as 'OK' even if it has exceeded the MessageLimit.
- If ClamAV was temporary off - this Status in the GUI was not updated after ClamAV was back up.
- Modifying a list via EmailInterface could assp cause to die, because of an undefined subroutine.
- If any maintenance task has taken more than an hour, some scheduled tasks where possibly skipped.

added:

- An new section 'SNMP' is added to the GUI. Runtime , Config, Module and Stats informations can be queried via SNMP-agentX. The configuration values are changeable via SNMP. For more informations, read the GUI.


fixed in 2.0.1_2.0.06:

- If a domain is not configured in 'localDomains' and 'LDAPfail' is set to on, the domain is added to LDAPCache even if 
the user verification has failed.

added:

- The configuration sync feature is now able to use a secured connection (TLS - STARTTLS), to transfer the configuration changes 
to the sync peers. ASSP will try to do this automaticaly - if:
- SSL/TSL is available
- 'DoTLS' is set to 'do TLS'
- the perl module 'Net::SMTP' is installed
- the perl module 'Net::SMTP::TLS' is installed
- the sync peer offers '250 STARTTLS' in the EHLO-reply

To support this, the mod_inst.pl (in assp.mod.zip) has been updated to version 1.24.
How ever, this module is only required for this usage - you don't need to install it, if you don't use the sync feature. 

The module 'Net::SMTP::TLS' is available for Windows (Perl 5.10) installations via PPM from trouchelle respository

>ppm install Net-SMTP-TLS

and for nix and MAC via cpan

>cpan install Net::SMTP::TLS



fixed in 2.0.1_2.0.05:

- Report mails are running in to the SMTPTimeout.
- After reseting the Stats in the GUI, the internal mail counter was set to zero which could lead in to unwanted (overwritten) 
duplicate file names in the corpus.


changed:

- assp now produces unique (number based) files names in the corpus if 

MaintBayesCollection
MaxBayesFileAge
MaxNoBayesFileAge

are set and  'UseSubjectsAsMaillogNames' is not set. Unsetting the three values above, leads in to the 'oldstyle' behavior of assp, 
where files will be randomly overwritten in the corpus.

- If a user name is verified via LDAP or VRFY, the domain part of the email address is added to the LDAPCache and from there 
this domain is considered to be a local domain, even it is not listed in 'localDomains'.



2010/19/11
released development version 2.0.1_2.0.04 as stabil version 2.0.1_2.0.04

fixed in 2.0.1_2.0.03:

- BlockReports causing an exception in regular expression if the sending email address of a blocked mail contains a '+'

fixed in 2.0.1_2.0.02

- if the search range in MaillogTail is defined as 'search in this number of lines' - the defined number of 
lines was some times ignored


fixed in 2.0.1_2.0.01:

- the GUI 'Infos and Stats' has shown some lines without a number (0) if the Stat was never counted for this check


fixed in 2.0.1_1.2.34

- a line counting problem in MaillogTail is fixed
- changing the config as 'non-root' user corrupts the assp.cfg file (the encrypted and disallowed parameters)


changed:

- improved GUI security if browser cookies are disabled
- improved GUI performance for 'non-root' users in the GUI - the users permissions are set at users logon time - 
changes to the users permissions are used, at the next logon


fixed in 2.0.1_1.2.33:

- in case of a blockreport resend request, assp has searched for a moved file even if 'doMove2Num' was set to on and 
has possibly resent a wrong mail

changed:

- the default for 'doMove2Num' is set to zero (off)

added:

- It is now possible to reset the stats in the 'Info and Stats' view of the GUI by clicking on the links at the first 
line (run time). If reseting the global stats. the current 'asspstats.sav' file is renamed to 
'asspstats-YYYY-MM-DD-hh-mm-ss.sav' using the current date and time.



fixed in 2.0.1_1.2.32:

- the check for a available threaded Perl (iThreads) was done a bit too late


changed:

- the default for  'URIBLServiceProvider' is changed to 'file:files/uribls.txt'

- 'EmailSenderNotOK' is changed to :
  'Mail from any of these addresses are not accepted from Email Interface, except "Help Report", "Analyze Report" and 
  "Block Report/Resend". Accepts specific addresses (user@example.com), user parts (user) or entire domains 
  (@example.com). The user will get informed about the denied request.
 The file 'reports/denied.txt\' will be used to inform the user.

- if a 'RBLServiceProvider' is removed from the list, a cache cleanup is done, which removes this RBLSP from every 
cache entry.

- if a 'URIBLServiceProvider' is removed from the list, a cache cleanup is done, which removes this URIBLSP from 
every cache entry.


added:

'EmailSenderIgnore','Ignore Not Authorized Addresses*',
  'Mail from any of these addresses are not accepted from Email Interface, except "Help Report", "Analyze Report" and 
  "Block Report/Resend". Accepts specific addresses (user@example.com), user parts (user) or entire domains 
  (@example.com). The user will get not informed about the denied request.',



fixed in 2.0.1_1.2.31:

- some code for the GPB was not executed like expected in linux and MAC
- the complete command sequence was not shown for reports

changed:

- NullAddresses are now working independend from CatchAll and CatchAllAll

>ASSP will dump a message silently when encountering such an address in "MAIL FROM:" or "RCPT TO:". ....



changed in 2.0.1_1.2.30:

- It is now possible to define configuration parameters at the commandline. You have to use the following syntax:

perl assp.pl baseDir --configParmName:=configParmValue --cPN:=cPV ....

baseDir has to be defined, if any config parameter is defined at the commandline.
The defined parameter/value will overwrite the current value in the assp.cfg file and will be saved in to that file! 
Both, the parameter name and the value are case sensitive.


fixed in 2.0.1_1.2.29:

- assp has written empty lines in the maillog.txt - empty line are now skipped
- the URL detection for URIBL is more exact

changed:

- the BlockReport resend feature is improved: 
  1. it was possible for a user to request a resend of a virus infected mail - this no more possible - 
  only EmailAdmins could do tis request - the user will get informed about this in the reply mail
  2. if a file was moved after the blockreports where generated, the user has got a reply that the requested file 
  is no more available - this is changed: if the file is not found on its original location, assp will try to find 
  it in every other possible log-location and will resend the found file, except it was found in the 'viruslog' 
  folder than (1.) will take place


fixed in 2.0.1_1.2.28

- on some installations MIME::Bases64 was not in namespace of assp.pl - caused an exception at the call to this 
module in 1.2.27
- using 'dbl.spamhaus.org' as URIBLSP produces false positives if an URL with an IP address is checked - such URL's 
are no more sent to this URIBLSP
- if the config-sync feature is used, an update of a file (regex) via GPB-server could lead in to a unneeded 
synchronization of all file based config values


fixed in 2.0.1_1.2.27:

- If in 'RBLServiceProvider' a global entry for a service provider was not set, but instead a single or more dedicated 
entries (like: sp=>127.0.0.4=>3) are defined, hits where counted even if the responds has not matched any of the 
dedicated entries.  

- It was possible that a whitelisted mail causes an exception like 'substring out of range in assp.pl line ....' - 
if the ClamAV/File scanning for whitelisted mails was enabled.

- If the 'Content-Type:' MIME-part-header of an attachment had both, the 'name' and the 'filename' tag, and the 'name' 
tag had no file extension - the attachment blocking feature was using the wrong file name and was not working for this 
reason. This belongs also for the ASSP_AFC.pm and ASSP_OCR.pm Plugins. Both Plugins are updated to solve this problem. 

- Adding an entry to 'noprocessing' domains/addresses via Email-Interface could lead in to a destroyed file in 2.0.1_1.2.26

- Under rare conditions it was possible, that a mail, that was blocked by any Plugin in scoring mode was stored in 
the 'mailok' folder. 


added:

An automatic update of Plugins, ASSP-modules (../lib) and all file based lists and regular expressions is now available 
for users of the Global-PenaltyBox. The update of Plugins and ASSP-modules is version dependend - only higher version 
will be installed. The update of lists and regular expressions is done line based - independend from the 
installed/modified file version. ASSP will assume that the distributed file version is installed. This update 
feature will remove records (lines) only if they are active (not commended out) and will add records (lines) only if 
they are not found or not commended out.

'GPBDownloadLists','Download List and Regex Updates from GPB-Server','0:no download|1:download|2:download and install',
'Select, if assp should download updates for lists and regular expressions from the global penaltybox server. 
Downloads will be done to the 'download' folder. If install is selected, the downloaded lines will merged in to the 
defined files (file:...). If you want to disable a specific line in any of your files, do not delete the line, instead 
commed it out - putting an '#' or ';' in front of the line. If any list is not configured using the 'file:...' option, 
only the download will be done, even if install is selected.'

'GPBautoLibUpdate','Download Plugin and Library Updates from GPB-Server','0:no download|1:download|2:download and install',
'Select, if assp should download updates for Plugins or Library-Files (../lib) from the global penaltybox server. 
Downloads will be done to the 'download' folder. If install is selected, the downloaded Plugins and/or modules will be 
installed in to there original location, if an older version of the file still exists. If an older version is not found, 
only the download will be done. To activate updated Plugins or modules a restart of assp is required. This feature will 
not force an automatic restart of assp!.


changed:

- the field specification for MS-SQL-Server ODBC access to the main hashes is changed from 'varbinary' to 'varchar'.



changed in 2.0.1_1.2.26:

- If a mail file is moved to 'correctedspam' or 'correctednotspam' using the GUI file editor and any of 
'EmailErrorsModifyWhite' or 'EmailErrorsModifyNoP' is set to 'modify ...' (1), adding,reporting and removing 
mail addresses is supported the same way like using the email-interface.


fixed in 2.0.1_1.2.25:

- if 'EmailErrorsModifyWhite' or 'EmailErrorsModifyNoP' is used, it was possible, that unwanted email address like 
informations (for example the message-id) where added to the lists - this is no more the case.
- if a report mail to 'asspnotspam' or 'asspspam' was sent HTML encoded, it was possible that not all informations where 
processed by assp - the MIME+HTML decoded mail is now processed.


fixed in 2.0.1_1.2.24:

- fixes some Perl warning about incorrect operations
- if 'LogDateFormat' was set to a value other than default - the syslog output was possibly not correct

changed:

- because of a unicode bug in Perl 5.10 the 'EURO' sign is decoded using a workaround - this workaround is now disabled 
if Perl 5.12 or higher is used (the unicode bug is fixed there)
- if the MIME-decoded subject of a mail is longer than 100 characters, the maillog shows now only the first 50 and the 
last 50 characters (50...50)
- if 'MaxFileNameLength' was not defined or set to 0, a very long subject could lead in to a too long filename if  
'UseSubjectsAsMaillogNames' was selected - the filename is now trunked to 50 characters in this case
- the HTML entity '&shy;' (soft hyphen) is now decoded to the ascii '-' hyphen for bomb checks - until now is was 
decoded to hex 'AD' or dec '173'

added:

'maxSubjectLength','Maximum allowed Subject Length','If set to a value greater than 0, assp will check the length of 
the Subject of the mail. If the Subject length exceeds this value, the message score will be increased by 
'bombValencePB' and the string that is checked in 'bombSubjectRe' will be trunked to this length. 
It is possible to define a special weight using the syntax 'length=>value', in this case the defined absolute 
value will be used instead of 'bombValencePB' to increase the message score. 
If the subject is too long and this weight is equal or higher than 'bombMaxPenaltyVal' no further bomb checks will be 
done on the subject.',


fixed in 2.0.1_1.2.23:

- depending on settings for the logging and blocking options, it was possible that an entry  '*@*=>*' 
in the blockreportlist.txt file was leading in to BlockReports to not existent local email addresses.


changed in 2.0.1_1.2.22:

- optimized DB-connection check
- optimized memory consumtion

- An new Perl module  'Convert::Scalar' is supported by assp to reduce the memory consumtion.

nix and Mac user should install the module via CPAN
>get Convert::Scalar
>make Convert::Scalar
>test Convert::Scalar
>install Convert::Scalar

Windows user can install this module via ppm - it is available in the ActiveState and Trouchelle respository
>ppm-shell
>install Convert-Scalar

The installation of the module is recommended - not needed. If the module is not installed, the old style memory 
preallocation mode is used.

The assp.mod.zip (mod_inst.pl version 1.23) is updated to support the installation of that module.


2010/19/11

updated Plugins:

ASSP_AFC.pm 1.18
ASSP_ARC.pm 1.14
ASSP_OCR.pm 1.25
ASSP_Razor.pm 1.07


2010/05/10

updated Plugins:

ASSP_AFC.pm 1.17
ASSP_ARC.pm 1.13
ASSP_OCR.pm 1.24
ASSP_Razor.pm 1.06

all Plugins are optimized to reduce memory consumtion


2010/04/10

fixed in 2.0.1_1.2.20:

- in some cases the auto whitelist addition has mangled email addresses and has parsed the header lines wrong - 
so wrong email addresses where added to whitelist

changed:

- The BlockReport design has changed. It is now possible to change the complete design to your needs, 
using an html-css file. An default css-file 'blockreport.css' is in the image folder (sourceforge-CVS). 
There you can also find a default icon file 'blockreporticon.gif' and a default header-image-file 'blockreport.gif' - 
which is the same like 'logo.gif'.  There is no need to install that fles. If assp can not find this files in its 
image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' 
will be used.
To change any contents, use the Blockreport::modify module in the lib folder. This module (skeleton) is updated 
for this major change of the BlockReports.

Thanks to Dale for his contribution to the css file and the HTML-layout.


fixed in 2.0.1_1.2.19:

- To support the 'complex AND-NOT' regular expression, assp uses a new syntax ('?|') in Perl versions 5.10 and higher. 
This new syntax could cause a stack overflow or out of memory error in Perl 5.10.x . In some cases it could lead in to 
an unresponsive assp, with out any error to see. This Perl bug  ([RT #59734]) is solved in Perl 5.12 . For this reason, 
the new syntax is now only used, if the  'complex AND-NOT' regex is defined in a file. As long as I know, it is save 
for all nix and Mac users to upgrade to Perl 5.12 - windows users should wait until all needed modules are available 
as ppd for 5.12. 

- if 'DoDKIM' was set to 'score' and the message score was less than the 'penaltyLimit' before the DKIM check but higher 
than the 'panaltyLimit' after the DKIM check - the mail was not blocked.

- if a virus was detected and the complete mail was already received, the informational mail to the 
'EmailVirusReportsTo' caused a SMTP syntax error '500 unimplemented' on the MTA

- some lines written to the maillog.txt for the DKIM checks are now more exact.

- the first run with an installed ASSP_Razor.pm plugin could fail (runs fine on second start of assp) - this was 
leading in a missing GUI section for the plugin
This is fixed in ASSP_Razor plugin version 1.05


fixed in 2.0.1_1.2.17:

- if a level 2 plugin was set to score and retuned a 'failed' status , no further plugin was 
called
- fixed a possible (realy old) memory leak in several calls to pbWhiteDelete

updated:

- ASSP_Razor.pm 1.03 - fixes bad logging messages



fixed in 2.0.1_1.2.15:


added:

- ldLDAPRoot','LDAP Root container for Local Domains','The LDAP lookup will use this container and all sub-containers to match the local domain query.The literal DOMAIN is replaced by the domain part of SMTP recipient (eg. domain.com) during the search.For example: DC=yourcompany,DC=com. If you use DOMAIN here, you must check "LDAP failures return false" below or non local domains will be treated as local. If not defined, LDAPRoot will be used.'

- new available module 'lib/Blockreport/modify.pm' : An modification of the Blockreports could done, by calling the (if installed in the lib path) 'BlockReport::modify' module (sub modify) - which is available as sceleton and has to be coded by you or anyone else. ASSP will give the complete BlockReport mail to the module and want's back the new (modifed) complete mail.

- new available plugin - ASSP-Razor: This Plugin uses a service provided by www.cloudmark.com to detect spam on a statistical base.

Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

To use this plugin, you have to install the Razor2 modules, that are modified for ASSP - do not use the original Razor2 installation, it will not work with assp. The source (for nix and mac) and the PPM for Windows are available at sourceforge CVS
http://assp.cvs.sourceforge.net/viewvc/assp/assp2/razor2_for_assp/




fixed in 2.0.1_1.2.14

changed:

- the resonse '127.0.x.0' (trust = 0) of 'list.dnswl.org' for RWL leads no more in to RWL=OK


fixed in 2.0.1_1.2.13

- URI with authentication and an IP like http://user:password@1.1.1.1 are not detected by URIBL
- the RBL return stings from blackholes.five-ten-sg.com where changed and no more exact 
received by ASSP

changed:

- URIBL now supports the same syntax like RBL : URIBL-Service-Provider=>result-to-watch=>weight
- URIBL stores now the query results in addition to the URIBLSP in the URIBLCache


fixed in 2.0.1_1.2.11:

- assp could hang at startup - the startup sequence is changed, the listeners are opend at a 
later state
- assp could hang s shutown - shutdown signal handling is changed

changed:

- all HTML entities in the mail body are now decoded before the bomb checks are running. 
Regular expressions must no more contain checks for HTML encoded text.
- BlockReport MIME-headers have now a 'date: ...'  line.


fixed in 2.0.1_1.2.10:

- this version requires the new Optimizer.pm module 1.07 - Optimizer 1.07 could and should be used for all versions of assp.

changed:

Enhanced regular expression usage - it is now possible to overwrite the default noprocessing, 
whitelisted, localmail and ISP options for every single regular expression and/or a complete 
definition file.

single line - :>N[+-]W[+-]L[+-]I[+-]
file -  !!!N[+-]W[+-]L[+-]I[+-]!!!

here is the changed GUI text:

Fields marked with two asterisk (**)  ......

For all "bomb*" regexes and "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is 
possible to define a third parameter (to overwrite the default options) after the weight like: 
Phishing\\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-], where the characters and the 
optional to use + and - have the following functions:
use this regex (+ = only)(- = never) for: N = noprocessing , W = whitelisted , L = local , 
I = ISP mails . So the line ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex 
with a weight of 50, never scan noprocessing mails, never scan whitelisted mails, 
scan local mails and mails from ISP's (and all others). The line 
~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a weight of 3.2 as factor, 
never scan noprocessing mails, scan only whitelisted mails even if they are received from an ISP .
If the third parameter is not set or any of the N,W,L,I is not set, the default configuration 
for the option will be used unless a default option string is defined anywhere in a single line 
in the file in the form !!!NWLI!!! (with + or - is possible).
.......



fixed in 2.0.1_1.2.09:

- the syntax <<<...>>> for skiping a line of a regex file from optimization was not working 
in every case - new Optimizer.pm 1.06 is fixing that

changed:

- the alpha index in the GUI has now a 'select' field (regex is possible) to reduce the listed 
values as wanted - this makes it possible to fastly find a config value by parts of its name.

- the GUI now returns after 'apply' or a switch to another screen and back, to the last focused,
 jumped or changed config value - this option needs enabled 'Cookies' in the browser
'RememberGUIPos','Remember the last GUI position',0,\&checkbox,1,'
  'If selected, the GUI will remember the last topic of the main menu, that had the focus, 
  was changed, that where jumped to or that where clicked on.',

- If a file is resent, the non local sender (from:) will be added to whitelist if 
'autoAddResendToWhite' is set to 'admins only' or 'admins and users'.
- If a file is copied (GUI) to the correctednotspam folder, the non local sender  (from:) 
of that file will be added to Whitelist  if 'EmailErrorsModifyWhite' is set to 'admins only' or 'admins and users'.
- If a file is copied (GUI) to the correctedspam folder, the non local sender  (from:) of that 
file will be removed from Whitelist  if 'EmailErrorsModifyWhite' is set to 'admins only' or 
'admins and users'.



fixed in 2.0.1_1.2.08

- some weights (RBL URIBL) where wrong calculated
- new regex Optimizer.pm module 1.05 

changed:

- a single regex can be exluded from optimization by putting  <<<  in front  and  >>>  at 
the end of the line
- URIBL: if an URI is obfuscated and it is reported by a Service Provider as bad , 
the double weight will be used for this URI



fixed in 2.0.1_1.2.07:

- URIBL has not detected URI's with an IP
- the hitrate in URBL was too less - depending on the configuration

changed:

- better URI detection in URIBL
- better obfuscated URI detection in URIBL
- RBL check has returned 'rblnValencePB' if no weight was defined for an RBLSP - now it 
returns   RBLmaxweight / RBLmaxhits
- URIBL check has returned 'uriblnValencePB' if no weight was defined for an URIBLSP - now it 
returns   URIBLmaxweight / URIBLmaxhits


fixed in 2.0.1_1.2.06:

- some regexes missed the /o switch
- some counters where wrong used in conditional code  ($var++ <=> ++$var)
 
added:

- The GUI now shows the timestamp of opened (edit/show) hashes human readable 

If a time is shown human readable, you can change the date or time,<br />
but leave the format as it is ([+]YYYY-MM-DD,hh:mm:ss) and leave a possible '+' in front.

changed:

it is possible to define different weights for different results for different RBL Service 
Providers. This will be added to the description of the 'RBLServiceProvider'

------
 Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes 
 in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type 
 (or what ever) of the returned entry. 
 If you want to care about special return codes, or if you want to use different weights 
 for different return codes, you should use the following enhanced entry syntax:

 RBL-Service-Provider=>result-to-watch=>weight (like:)
 blackholes.five-ten-sg.com=>127.0.0.2=>3
 blackholes.five-ten-sg.com=>127.0.0.5=>4
 blackholes.five-ten-sg.com=>127.0.?.*=>5

 You can see, the wildcards * (multiple character) and ? (single character) are possible to 
 use in the second parameter. Never mix the three possible syntax types for the same 
 RBL Service Provider. An search for a match inside such a definition is done in 
 reverse ASCII order, so the wildcards are used as last.




added in 2.0.1_1.2.05:

'DelayIP','Simple IP Greylisting
  'Enable simple delaying for IP\'s in black penaltybox with totalscore above this value.'

'DelayIPTime','Simple IP Greylisting Embargo Time'
  'Enter the number of minutes for which delivery, related with IP address of the sending host, 
  is refused with a temporary failure. Default is 5 minutes.',


changed:

The 'MaxAUTHErrors' feature now also detects AUTH errors if the MTA response is 5xx 
(not only 535).



fixed/changed in 2.0.1_1.2.04:

It was possible that a SPAM has passed, because the sending server has anounced a message 
size above 'npSize' in the 'mail from' command - even if the mail is much shorter.
For this reason the function of 'npSize' has been changed. 
If a message get the 'noprocessing' state only because of the anounced message size, 
delaying and all IP and header checks will be done (like configured). 
If the header part of the mail is checked successful, the message will be (no)processed 
like before.

'npSize','Message Size Limit',10,'ASSP will treat incoming 
messages larger than this SIZE (in bytes) as \'No Processing\' mail, 
after the header part of the mail is received without any error. 
Empty or 0 disables the feature.'


added:

MaxAUTHErrors','Max Number of AUTHentication Errors',
 'If an IP exceeds this number of authentication errors (535) the transmission of the current 
  message will be canceled and any new connection from that IP will be blocked for 5-10 minutes.
  Every 5 Minutes the \'AUTHError\' -counter of the IP will be decreased by one. autValencePB is 
  used for the penalty box.
  No limit is imposed by ASSP if the field is left blank or set to 0. 
  This option allows admins to prevent external bruteforce or dictionary attacks via 
  AUTH command. Whitelisted and NoProcessing IP\'s and IP\'s in npPB are ignored like 
  any releayed connection.



fixed in 2.0.1_1.2.03

- If DoPenaltyExtremeSMTP was set, ExtremeWL and/or ExtremeNP where not working like expected
- Because of a Perl codepage bug - if LogCharSet was set to cp1250 or cp1252 and a Euro sign was
 part of the mail subject , the Euro sign was replaced with \x{0080} - 
 the replacement is now (EUR)
- If a malformed subject contains not MIME encoded (raw) characters  hex 7F-FF - 
 these characters are now removed for logging and corpus file names
- The MIME 'Content-Transfer-Encoding: 7bit' line was missing in the HTML-Part of the 
 BlockReports - so some mail clients has wrong assumed an encoding of 'Quoted-Printable' 
 for a 'charset=US-ASCII' and the BlockReport was malformed displayed.
- Under some conditions it was possible, that a bidirectional config synchronization was 
leading in to a sync loop.
- If ASSP has started a restart sequence for any reason, and an external watchdog has detected
 a unreponsive ASSP at this moment, an additional SIG{INT} from the watchdog or ServiceManager
  was leading in to a stucking ASSP



added:

'noExtremePB','Don\'t do Extreme Profiling for these IP\'s*'
 'Enter IP\'s that you don\'t want to be extreme penalized. IP\'s in noPB are already included.
  For example: 127.0.0.1|172.16.'

'noExtremePBAddresses','Don\'t do Extreme Profiling for Mails from any of these Addresses*'
 'Mails from any of these addresses will not be extreme profiled if DoPenaltyExtremeSMTP is not
  set. Accepts specific addresses (user@domain.com), user parts (user) or entire domains 
  (@domain.com).  Wildcards are supported (fribo*@domain.com).'

'webStatHealthyResp','Status Response Literal for a Healty State of ASSP'
  'This option must be set and it must be different to webStatNotHealthyResp. This literal
   will be given back in stat requests, if ASSP is working healty.'

'webStatNotHealthyResp','Status Response Literal for a Not Healty State of ASSP'
  'This option must be set and it must be different to webStatHealthyResp. This literal will
   be given back in stat requests, if ASSP is working not healty.'


If the sync feature is used, it is now possible to edit the single sync configuration of 
a config parm, by clicking at the bull or link. The permission of this option is configurable 
in the 'ManageAdminUsers' interface.


changed:

- The synchronization GUI section is moved to the top of the GUI. This is required to get the
 actual sync settings working for the GUI.



fixed in 2.0.1_1.2.02:

- Depending on some unwatched module version in 'Net::', it was possible that legal config 
sync requests where rejected.


fixed in 2.0.1_1.2.01:

- If a regular expression (or file) was syntactical wrong (Perl has thrown an error about this), the resulting regex was empty and has matched all strings. In this case the reges is now set to a never matching value.
for example: the whiteorg regex was wrong and the Senderbase check is used, all mails where matching 'whiteorg' and where whitelisted.

- Depending which parameter was changed first after a assp restart, it was possible that the GUI has trown errors about varius '***Invalid' configuration values with no detectable reason

- If multiple parameters where synchronized at the same time, it was possible that the change order at a syncSlave was not the one, that is defined by the GUI. This order is important for some parameters.

changed:

- the GUI view of the sync status is now configurable: 'syncShowGUIDetails'

- if a regex is invalid the parameter the related files will not be synchronized

- the subject is now shown bold in a new line at BlockReports for local domains,

- the lines of the html part of a BlockReport are now wraped to a lenght of ~76 byte to prevent the automatic wrapping by a MTA



fixed in 2.0.1_1.2.00:

- some Blockreports contains a double MIME header
- if the resulting scrore of a level 2 Plugin exceeds the penalty limit, the mail was not blocked


added:

'noMaxSMTPSessions','No Maximum Sessions IP numbers*','Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145',

'noBackSctrRe','Regular Expression to Skip all BackScatter Checks*',  'If the contents of a mail matches these regular expressions, all BackScatter checks will be skipped.'

New heading : 'Configuration Synchronization and Sharing'

'enableCFGShare','Enable Configuration Sharing','<b>Read all positions in this section carefully (multiple times is recommended!!!)! A wrong configuration sequence or wrong configuration values can lead in to a destroyed ASSP configuration!</b>
  If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file.
  If the configuration of all values in this section is valid, the synchronization status will be shown in the GUI for each config value that is, or <b>could be shared</b>. There are several configuration values, that could not be shared. The list of all shareable values could be found in the distributed file assp_sync.cfg

  For an initial synchronization setup set the following config values in this order: setup syncServer, syncConfigFile, syncTestMode and as last syncCFGPass (leave isShareSlave and isShareMaster off). Use the default (distributed syncConfigFile assp_sync.cfg) file and configure all values to your needs - do this on all peers by removing lines or setting the general sync flag to 0 or 1 (see the description of syncConfigFile ).
  If you have finished this initial setup, enable isShareMaster or isShareSlave - now assp will setup all entrys in the configuration file for all sync peers to the configured default values (to 1 if isShareMaster or to 3 if isShareSlave is selected). Do this on all peers. Now you can configure the synchronization behavior for each single configuration value for each peer, if it should differ from the default setup.<br />
  For the initial synchronization, configure only one ASSP installation as master (all others as slave). If the initial synchronization has finished, which will take up to one hour, you can configure all or some assp as master and slave. On the initial master simply switch on isShareSlave. On the inital slaves, switch on isShareMaster and change all values in the sync config file that should be bedirectional shared from 3 to 1. As last action enable enableCFGShare on the SyncSlaves first and then on the SyncMaster.
  After such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfigFile)! To add or remove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file manualy.

  This option can only be enabled, if isShareMaster and/or isShareSlave and syncServer and syncConfigFile and syncCFGPass are configured!
  <b>Because the synchronization is done using a special SMTP protocol (without "mail from" and "rcpt to"), this option requires an installed <a href="http://search.cpan.org/search?query=Net::SMTP" rel="external">Net::SMTP</a> module in PERL. This special SMTP protocol is not usable to for any MTA for security reasons, so the "sync mails" could not be forwarded via any MTA.
  For this reason all sync peers must have a direct or routed TCP connection to each other peer.</b>

'isShareMaster','This is a Share Master', 'If selected, ASSP will send configured configuration changes to sync peers.'

'isShareSlave','This is a Share Slave', 'If selected, ASSP will receive configured configuration changes from sync peers. To accept a sync request, every sending peer has to be defined in syncServer - even if there are manualy made entrys in the sync config file for a peer.

'syncServer','Default Sync Peers','Define all configuration sync peers here (to send changes to or to receive changes from). Sepatate multiple values by "|". Any value must be a pair of hostname or ip-address and :port, like 10.10.10.10:25 or mypeerhost:125 or mypeerhost.mydomain.com:225. The :port must be defined!
  The target port can be the listenPort , listenPort2 or relayPort of the peer.'

'syncTestMode','Test Mode for Config Sync', 'If selected, a master (isShareMaster) will process all steps to send configuration changes, but will not realy send the request to the peers. A slave (isShareSlave) will receive all sync requests, but it will not change the configuration values and possibly sent configuration files will be stored at the original location and will get an extension of ".synctest".

'syncConfigFile','Configuration File for Config Sync*,'Define the synchronization configuration file here (default is file:assp_sync.cfg).
 This file holds the configuration and the current status of all synchronized assp configuration values.
 The format of an initial value is:  "varname:=syncflag" - where syncflag could be 0 -not shared and 1 -is shared - for example: HeaderMaxLength:=1 . The syncflag is a general sign, which meens, a value of 0 disables the synchronization of the config value for all peers. A value of 1, enables the peer configuration that possibly follows.
 The format after an initial setup is: "varname:=syncflag,syncServer1=status,syncServer2=status,......". The "status" could be one of the following:

 0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change requests for this value from there
 1 - I am a SyncMaster, the value is still out of sync to this peer and should be synchronized as soon as possible
 2 - I am a SyncMaster, the value is still in sync to this peer
 3 - I am not a SyncMaster but a SyncSlave - only this SyncMaster (peer) knows the current sync status to me
 4 - I am a SyncMaster and a SyncSlave (bidirectional sync) - a change of this value was still received from this syncServer (peer) and should not be sent back to this syncServer - this flag will be automaticaly set back to 2 at the next synchronization check

'syncCFGPass','Config Sync Password','The password that is used and required (additionaly to the sending IP address) to identify a valid sync request. This password has to be set equal in all ASSP installations, from where and/or to where the configuration should be synchronized.
  The password must be at least six characters long.
  If you want or need to change this password, first disable enableCFGShare here an on all peers, change the password on all peers, enable enableCFGShare on SyncSlaves then enable enableCFGShare on SyncMasters.


2010/19/08

fixed in 2.0.1_1.1.28:

- if the resulting scrore of a level 2 Plugin exceeds the penalty limit, the mail was not blocked

- Depending which parameter was changed first after a assp restart, it was possible that the GUI has 
  trown errors about varius '***Invalid' configuration values with no detectable reason



2010/06/08

fixed in 2.0.1_1.1.27:

- VRFY was not working - recipients where not verified in 1.1.23 - 1.1.25.
- 'FileScanRespRe' was not working correct

added:

- The literal 'MYNAME' will be replaced by the configuration value defined in 'myName' in every SMTP error reply.

changed:

- 'FileScanRespRe' must be now a real perl regular expression - all metacharacters has to be escaped.


2010/04/08

fixed in 2.0.1_1.1.25

- Because of an issue in MS-Windows and Perl (kill(0,PID)) , it was possible that a restart of assp was failed
  after a 'crash' . This is solved for all Windows version XP and higher, where the 'tasklist.exe' exists.
- It was possible to delete the PID file while assp was running
- If no destination was available, ASSP has returned a permanent SMTP-Errorcode '554 <$myName> Connection aborted, unable to forward message' - this is changed to a temp failed reply '421 <$myName> service temporarily unavailable'
- In case of a denied 'VRFY' command (DisableVRFY) - ASSP has replied with a wrong SMTP-Errorcode '552 ...' - 
  this is changed to '502...' .


2010/03/08

fixed in 2.0.1_1.1.24:

- the RBL cache returned only tree results, even if the original DNS-query has got more results

- a restarted stucking Worker could be terminated before the restart was successfull

- The mail analyzer leads some times in to a stuck Worker or MainThread, if the analyzed mail content is too 
long - the analyze is now restricted to MaxBytes to prevent this.

- The regular expression optimization causes different content related problems. 
The structure of domain and user related regular expressions is internaly changed. 
Now the processing of the regular expressions takes much less time, because Perl needs no backtracking - 
the memory usage is the same like before.  It is save to use the Regex.Optimizer modules with this release!

- If the regex optimizer modules are used, it was possible that 'strong' optimized regular expressions 
  (like localaddresses_flat) have lost there function, if the file size is very large.
  There is no known limit of the file size, where the regexes are still working well.
  For this reason, the 'strong' optimization is removed for all regular expressions and the 'simple' 
  optimization is used instead.

- if   'removeDispositionNotification'   was set to on, the related headers where not removed from forwarded, 
  copied and resend mails in every case.

- if a bounce mail was detected as 'lowlimit' but the final check for the FBMTV has failed - the mail was passing assp

- a change of the 'localDomainsFile' was not detected

- a change of the 'relayHostFile' was not detected

- the output of the message reason in case of a URIBL neutral state was wrong

- the GUI text for POP3file was partly wrong



changed in 2.0.1_1.1.23:

- A new ASSP_OCR.pm plugin version 1.22 is available. A possible performance issue is solved there.
The delay behavior in 2.0.1_1.1.20 is changed for the following cases:

Delaying for 'SPF-Cache-OK' (1) and 'White-SenderBase-Cache-OK' (2) will be skipped, if 'DelayWL' is switched off. 
The SPF-Cache is changed from 'IP only' to a 'IP+domain' base (which was an issue all the time for the complete 
SPF-Cache management).
If the senders domain differs from the one in the 'White-SenderBase-Cache-OK' entry, the senders domain will be 
set to a temporary equal state to the orig 'White-SenderBase-Cache-OK' entry. 
This entry (state) will be lost after each assp restart or if the SB-Cache entry is deleted by the 
cache cleanup routine.

(1) - skip if: 'DelayWL' is switched off    -and-    the cached SPF result is 'pass'    -and-     the used HELO is equal to the SPF-cached HELO  -and-    the IP is not in PBBlack (has no historical score)

(2) - skip if: 'DoOrgWhiting' is set to 'whiting'  -and-   'DelayWL' is switched off   -and-   the domain is in the whiteSenderBase-Cache  -and-    the IP is not in PBBlack (has no historical score)




added in 2.0.1_1.1.23:

- the admin users interface allows now the LDAP query of userid's if a new admin user should be created (LDAP must be possible and 'LDAPhost' must be configured)

- the admin users interface allows now (on a per user base) to hid disabled configuration values in the GUI

- the admin users interface now has an option to disallow a user to show/edit the internal caches

- BerkeleyDB engine version 5.0.26 support on module version 0.42 is available. An upgrade of the engine is
detected by ASSP and will reset all temporary BDB-files.





2010/05/07

fixed in 2.0.1_1.1.15:

- in case the local MTA has closed the connection, the peer could get a wrong SMPT reply from ASSP '554 5.7.1 Misbehaved SMTP session (EarlyTalker)'

- in some case the hintbox in the GUI was shown outside the browser window or was too large to be shown correctly

- if (for what ever reason) the MainThread was unable to write an optimized regex in to the ...../files/optRE folder, the workers where using the old files, instead compiling the regex by them self

- if 'URIBLCCTLDS' was not set - the download of the TLDS file was done every 5 seconds.

- rebuildspamdb has made mistakes building the HeloBlack list  (thanks to Victor for coding and testing)

- in some cases assp was not running without setting DoDamping to on

- our header where not correctly added or wrong MIME encoded (belongs also to : crash in Email::MIME)

- a unneeded additional VRFY with the quoted address is removed

- if more than one mail was processed in one connection, the counting for dupplicate X-header-lines was not cleaned up after the first mail

- the orginated helo was not stripped out in every case for ISP connections

- the added DKIM signature was not wrapped

- the BombOK check was not running for data extraced from level 2 plugins (OCR)

- if a local IP was used as ISP (e.g. POP3collector) Blockreports and rebuildspamdb  where missing such connection/mails

- if a worker has lost his DB connection in a special moment, it was possible that he was never more used by the MainThread

- URIBLCCTLDS where handled incorrect, which results in too much false positives

- if a message has passed the standard checks with a passing reason , it was possible that the mail has passed the level 2 plugins even if there check has failed.

- if a level 2 plugin has made extensions or changes to 'our' headerlines, it was possible that the headelines where not added/updated

- if 'INBOUND' is used as smtp-destination a resend of a mail could fail

- if the A-record of a mailexchanger (MX) point to more than one IP-address the MXAOK check failes with a hint that the IP is wrong or empty

- local mail addresses where added to the personal black list

- RBLmaxweight is used instead of URIBLmaxweight for URIBL weighting

- if ':=' is used inside a config value, this results in a destroyed assp.cfg file

- a domain defined in 'URIBLWL' and 'URIBLNP' was skipped if it was found in the body of the mail - but it was not skipped if it was the senders domain

- some times an unexpected SIG TERM where found in workers if ASSP got a SIG TERM

- if the 'change user' feature is used in 1.1.04 on nix boxes the listeners could be possibly not created

- if blockreports where scheduled at midnight - it was possible that this task was going in to collision to the logrotate task and so some lines where missed in the first report

- the VRFY and EXPN offer, was not removed from the HELP reply (211,214)  if 'DisableVRFY' was enabled

- the CHUNKING,PIPELINING and XEXCH50 offer, was not removed from the HELP reply (211,214)

- in some cases the 'open file' link was in the block report - even if the recipient was not an email admin

- in some cases the 'bombSubjectRe' was not working

a new ASSP_OCR.pm version 1.21
- ASSP_OCR.pm - has not processed PDF-files using 'PDF::OCR2' -  version 1.21 is fixing this - If assp is running on MS-Windows and the PDF::OCR2 installation is used for the ASSP_OCR.pm plugin, the extraction of text from images inside a PDF file, is currently not supported (no data will be returned ans checked) - this belongs not to the simple text inside PDF files.

a new ASSP_OCR.pm (version 1.20) plugin is avalable for download
- it is now possible to use the plugin without installed tesseract an/or ImageMagick - in this case the image processing is switched off and only the PDF-Text processing will be done.



changed in 2.0.1_1.1.15:

-  GUI  - whitelist/redlist add/remove/verify:  a leading single quote (') 
will be removed from the user part of the email address, if there is a 
trailing single quote (') found after the domain part of the email address

- if a mail had a Bayes - lowconfidence, it has been passed, even if the messagescore was above the limit - this is changed

- if the AUTH login/plain command was used in a connection, it was possible that the base64 encoded username and password was logged to maillog.txt. This is removed for security reasons. The user and password are stored in clear text in internal connection variables, and could be used in a level 0 or 1 plugin to check for example the weakness of the password.
The user data could be also written to external files or databases (with a plugin) - note that the developer is not responsible for the dubios usage of this data.

$Con{$fh}->{userauth}{user}    =: user name
$Con{$fh}->{userauth}{pass}  =: user password

- POP3collector 1.07  feature enhancement:
.....
  SMTPsendto=email_address or <TO:> or <TO:email_address><br />
.....
  If the <TO:> syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.<br />
  If the <TO:email_address> syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.<br />
  For example: <TO:NAME@mydomain.com>  or  <TO:NAME@subdomain.DOMAIN>  or  <TO:central-account@DOMAIN><br />
  If the <TO:> or <TO:email_address> syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!<br />

- rebuildspamdb now uses much less memory, if BerkeleyDB is used for Spamdb

- rebuildspamdb.pm is now written to the .../lib folder - it will be never more overwritten, if the version of the module is the same or newer than the 'build in' version - this makes it possible to make your own changes to this module

- assp now tries to compact BerkeleyDB's every hour

- if expandedLogging is selected, assp now writes the orginating IP to the log   [OIP: x.x.x.x]

- a passing reason line is now added to our headers for noprocessing mails

- the default value of 'DoTLS' is changed from '1 - TLS to Proxy' to '0 - drop TLS'

- if upgrading from V1 the V1-setting of 'enableSSL == 1' is used to set 'DoTLS' to '2'

- our headers are now also added to noProcessing mails

- merging our headers in to the mail has taken too much memory, if the original mail header was very large - the merge code has been changed

- the 'bomb weight search' is now more save for high load systems (possible out of memory)

- if a logline contains the name of a valid configuration value, the 'MailLogTail' now shows a link and hint like the configurattion dialog

- it is now possible to use complex '... AND NOT ...' logic in regular expressions:

################################
## complex AND-NOT of match and notmatch words
## to activate this regex, remove the ; in front of the lines
## and change/add/remove the words/regexes to your needs
#
## the regex will match if:
## - the count of match- words/regexes is reached AND
##   the count of notmatch- words/regexes is NOT reached
## - OR any other defined match- word/regexes  matches
#
## It is possible to define more than one of these regexes in one file.
## Notice, that if you define single words between two of these regexes,
## these regexes will processed first (before any single words outside the regexes).
## Doing this, could lead in confusing output of the assp-analyzing tools.
#
## It is possible to define such complex regex in a include file.
#
# the next line prevents assp from optimizing this complex regex
;assp-do-not-optimize-regex
# if it is possible and you want to weigth the regex (**)
# write the needed ~ in front of the next line
;^(?=.*?(((?!)   
# write your match words or regexes in the next lines
;\bmatch1\b
;\bmatch2\b
# end of the match words
;(?!)).*?(?!\g{-1})){1})(?!.*?(((?!) 
#                    ^
#                    |
#    minimum count of needed different match words to match the regex
#
# not-match words or regexes follows
;\bnotmatch1\b
;\bnotmatch2\b
;\bnotmatch3\b
;\bnotmatch4\b
# end of not-match words
#
# write a possible weigth extension ~=>number
# at the end of the next line
;(?!)).*?(?!\g{-1})){2})  
#                    ^
#                    |
#      minimum count of needed different not-match words to fail the regex
#
# end of the complex AND-NOT regex
# any other match word or regexes or complex regex can follow here
#
;nextmatch1
;nextmatch2
################################

- the comma separator is no more needed to add a tuplet in GUI

- the open for all listeners is moved to a later state (time) - this prevents clients from waiting too long for an answer of assp at startup

- if 'BombLog' is set to verbose, all hits (not only the highest one)  will be reported in the log file, the GUI and the X-ASSP-score: header

- if 'DisableVRFY' is used and a client tries the 'VRFY' command, ASSPhas dropped the connection immediately - this is a wrong behavior and it has changed.
  now ASSP sends a '552 - unsupported command' and increases the Error counter (MaxErrors).

- the damping count in the GUI-Stats now shows the %avg to

- POP3: - a new parameter 'SMTPsender' is available to define the used SMTP FROM: address. If this parameter is not defined, the original (collected) FROM: address is used - if this is not found, the POP account will be used.

- assp now uses an additional personal whitelisting.
  - a global WL entry is only removed if there is no other active personal entry in the WL
  - an admin is able to cleanup the whitelist for a specific address, by sending a line 'address@domain.foo,*' to the 'EmailWhitelistRemove' address. This notation works also in the GUI. 

It should be now possible to use weighted values for URIBL like in RBL.

 'URIBLServiceProvider','URIBL Service Providers*','multi.surbl.org|black.uribl.com',
 'Domain Names of URIBLs to use separated by "|". You may set for every provider a weight like multi.surbl.org=>50|black.uribl.com=>25.
 The value of the weight can be set directly like=>45 or as a divisor of URIBLmaxweight . Low numbers < 6 are divisors . So if URIBLmaxweight = 50 (default) multi.surbl.org=>50  would be the same as multi.surbl.org=>1, multi.surbl.org=>2 would be the same as multi.surbl.org=>25.
 If the sum of weights surpasses URIBLmaxweight, the URIBL check fails.  If not, the URIBL check is scored as "neutral"  even with URIBLmaxhits reached. Setting Showmaxreplies will allow ALL replies to contribute to the total weight regardless of URIBLmaxhits.
 Default is: multi.surbl.org|black.uribl.com'

 'URIBLmaxweight','URIBL Maximum Weight','A weight is a number representing the trust we put into a URIBL.
  The URIBL module will check all of the URIBLs listed under URIBLServiceProvider for every URI found in an email. If the total of weights for an URI is greater or equal this Maximum Weight, the email is flagged <b>Failed</b>. If the total of weights is greater 0 and less Maximum Weight, the email is flagged <b>Neutral</b> . If not defined or set to zero only the hit count will used to detect a fail or neutral state.'


added in 2.0.1_1.1.15:

- If the configured value of a config parameter differs from the default value, the name of the config variable is shown light blue in the GUI.

- If the internal name is shown in light blue like <span style="color:#8181F7">(uniqueIDPrefix)</span> , this indicates that the configured value differs from the defaut value. To show the deafult value, move the mouse over the internal name. An click on the internal name will reset the value to the default.<br /><br />

- a click on the small new (i) icon between the 'logout' and 'apply' button opens a new browser window (remember me) with four textboxes. These could be used to copy and past any kind of data, without loosing the UTF-8 encoding. The icon could also be found in every 'Edit' window at the top-left.

- URIBLCCTLDS for level 2 and level 3 are now downloaded automaticly

'POP3KeepRejected','POP3 Keep Rejected Mails on POP3 Server', 'If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.'

'POP3fork','POP3 Collector forks to a new Process', 'If selected, the POP3 collection will be started in a new process (fork). This prevents the MaintThread from waiting until the POP3 collection has finished. Do not select this option, if you are testing the POP3 collection - to get all output from the collector! It is recommended to set this option after you\'ve verified that the POP3 collector is running well.'

- It is now possible to use a 'personal blacklist'. The add and remove is done via email-interface, by sending specific email addresses to 'EmailPersBlackAdd'  and 'EmailPersBlackRemove'.
A local user can force a complete report about all his personal black list entries by defining an email address that begins with 'reportpersblack' in a remove request : eg: reportpersblack@anydomain.com
Only an admin can force a complete cleanup of all personal black entries for a specific email address for all local users - sending an email to 'EmailPersBlackRemove' with the address followed by ',*' in the body
eg: address_to_remove@the_domain.foo,*

- The check of the personal black list is done shortly after the RCPT TO: command. This command will be rejected if an entry  is found - any other setting except send250OK and send250OKISP will be ignored.
Personal Black List entries are valid for one year from last found or renew.

How ever, use the personal black list only, if you can not use 'blackDomains' for any reason - 'blackDomains' is the better choice, if you want to block complete domains.

'persblackdb','Personal Blacklist Database File',40,\&textinput,'persblack','(\S+)','configChangeDB','The file with the personal blacklist.<br />
  Write only "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters below.',


'EmailPersBlackAdd','Add to Personal BlackListed  Addresses',
  'Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the personal blackListed addresses. Do not put the full address here, just the user part. 
For example: assp-black. !
'EmailPersBlackRemove','Remove from Personal BlackListed Addresses',
  'Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from the personal blackListed addresses .
  Do not put the full address here, just the user part.
  For example: assp-notblack.!







2010/04/05

fixed in 2.0.1_1.1.02:

- a regex in bombs to capture an empty value (^$) does not work


2010/30/04

fixed in 2.0.1_1.1.01:

- If someone uses 'web.de' as ISP - assp was unable to detect the orginating IP and helo - because the received header of web.de is somehow different..

changed :

'bombCharSets','Regular Expression to Identify Foreign Charsets**'
 Part of DoBombHeaderRe: header will be checked against this Regex if DoBombHeaderRe is enabled.<br />
 Part of DoBombRe : every MIME-part header will be checked against this Regex if DoBombRe is enabled.<br />

So if DoBombRe is enabled and bombCharSets is defined, all MIME-headers will be checked against bombCharSets !

 

added:

A new file 'assp_pop3.pl' version 1.00 is available at SF-CVS. This file is a POP3 collector for assp. A new section 'POP3 collecting' is available in the GUI to configure this feature.
The configuration file will be stored encrypted, because it contains user accounts and passwords.

'POP3ConfigFile','POP3 Configuration File*',
  'The file with a valid POP3 configuration. Only the file: option is allowed to use. <br />
  If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers. 
  Each line in the config file contains one configuration for one user.
  All spaces will be removed from each line.
  Anything behind a # or ; is consider a comment.
  If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
  e.g: pop3user<1> will result in pop3user  -  or  - myName@pop3.domain<12> will result in myName@pop3.domain
  It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
  A commonly set parameter could be overwritten in every user definition.<br />
  Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=<br />
  This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are sepatated by "=". 
  e.g.: POP3-username<num>:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@demo_smtp.local,......
  The following case sensitive keywords are supported in the config file:<br />

  POP3password=pop3_password
  POP3server=POP3-server or IP[:Port]
  SMTPsendto=email_address
  SMTPserver=SMTP-server[:Port]
  SMTPHelo=myhelo
  SMTPAUTHuser=smtpuser
  SMTPAUTHpassword=smtppass

  SMTPHelo, SMTPAUTHuser and SMTPAUTHpassword are optional.
  If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
  To use this feature, you have to install the perl script "assp_pop3.pl" in the assp- base directory.'

'POP3Interval','POP3 Collecting Interval','The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.'

'POP3debug','POP3 debug','If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!'


2010/26/04


fixed in 2.0.1_1.0.13

- wrong output for the optimizer module in the 'Infos and Stats' GUI
- the output of the CIDR result for matching IP's now works
- the performance of 'matchIP' and 'matchSL' is improved

- if BerkeleyDB is used for LDAPlist or the AdminUsersDB the store to disk (db_sync) throws an error
- it was possible that the worker calculation causes a division by zero exception (very rare)

- increase the workernumber in the GUI, results in a wrong JAVA message in the GUI (even if the value was changed)



changed:

- memory usage is improved
- updated bombre.txt (version 1.01)

- the BerkeleyDB cache has now a maximum limit of 100MB per hash
- the recovery procedure for damaged BerkeleyDB's is improved
- damping is now switched off if an IP is RWL listed
- the RWL check is optimized (memory leak is removed) - this version will reset the RWLcache at the first cleanup, after the first startup

- assp now tries to optimize all regular expressions to force Perl to use less memory - 
if the optimization failes the original regexes will be used
I recommend to do the optimization manualy by changing the regex terms in the following manner:

(abcde)  -> (?:abcde) 
((abcde)...(xyz)...)  ->   (?:(?:abcde)...(?:xyz)...)

This will prevent Perl from capturing unneeded results if a regex matches and from reserving memory
for such results.

- NotifyRe - is enhanced - 

  As third parameter after a second (\'=>\') you can define the subject line for the notification message.
  for example: adminupdate:=>user1@yourdomain.com,user2@yourdomain.com=>configuration was changed
  or: adminupdate:=>=>configuration was changed.

- The modules Regex::Optimizer and Regex::List are improved to version 1.01

- the following was added to the common description text in the GUI

If the regular expression optimization is used - ("./lib/Regex/Optimize.pm" installed and enabled) - 
and you want to disable the optimization for a special regular expression, set on line (eg. the first one) 
to a value of 'assp-do-not-optimize-regex' or 'a-d-n-o-r' (without the quotes)!

- If LDAP and/or VRFY/RCPT TO is used to verify a mail address and the verification failes because of an 
unavailable hosts - a possible configured SMTP reply '55x ......'  will be changed to a tempfail reply '450 ...' 

- a new default     bomre.txt     is available at cvs


- if VRFY or RCPT TO check is used and the MTA is not available - assp now uses 'LDAPFail' to decide
if the adrress is valid or not.

'LDAPFail','LDAP/VRFY failures return false',20,\&checkbox,'','(.*)',undef,'If checked, when an error
occurs in LDAP or VRFY lookups, the test fails.


- if VRFY or RCPT TO is used to verify the recipient address and the MTA is not available the address
was rejected - it is now accepted in this case

- the usage of the precompiled regular expressions is improved by a major code change


added:

- There are two new modules available 

./lib/Regex/List.pm
./lib/Regex/Optimize.pm

download both files and place them in to same directory (case sensitive and downlevel to the assp folder) 
on your system

If both modules are installed and 'Regex::Optimize' is enabled in the 'Module Setup' section of the GUI,
ASSP tries to optimize all regular expressions. The optimized versions are exported to the

./files/optRE 

folder. 
The optimized regexes are running faster and needs less memory!
If any regex fails to optimize, the default regex will be used.
Because of the optimization of the regexes, ASSP will need significant more time at startup!


'relayAuthUser','User to Authenticate to Relay Host',80,\&textinput,'','(\S*)',undef,
'The username used for SMTP AUTH authentication to the relayhost  - 
for example, if your ISP need authentication on the SMTP port! Supported authentication methodes are
PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest
security option will be used. The Perl module 
<a href="http://search.cpan.org/search?query=Authen::SASL" rel="external">Authen::SASL</a> 
must be installed to use this feature! The usage of this feature will be skipped, 
if the sending MTA uses the AUTH command. Leave this blank, if you do not want use this feature.',


'relayAuthPass','Password to Authenticate to Relay Host',80,\&textinput,'','(\S*)',undef,
'The password used for SMTP AUTH authentication to the relayhost ! 
Leave this blank, if you do not want use this feature.'


'ThreadStackSize','Stack Size use by every Thread',5,\&textinput,0,'(\d+)',undef,'The stack size in MB 
that is used by every thread. Default is 0, which meens to use the default system stack size. 
16 MB is the default system stack size on windows platforms. 
This system value may differ on different platforms. 
To get the default stack size on linux use the shell command "ulimit -a". 
Try to increase this value, if you get "out of memory" errors while running assp. 
Changing this value requires an assp restart to take effect.'


'MaxEqualXHeader','Maximum Equal X-Header Lines',
  'The maximum allowed equal X-header lines - eg. "X-SubscriberID:". 
If the value is set to 0 the header will not be checked for equal X-header lines.',





2010/22/03

fixed in 2.0.1 1.0.06

- fixed an error in rebuildspamdb.pm 'global symbol "$VerBerkeley" requires explicit package name'


added in 2.0.1 1.0.06


'TLStoProxyListenPorts','Force TLS to Proxy on this Ports',
  'If a STARTTLS command is received on a port that is defined here, 
  the connection will be moved in to the transparent proxy mode every time - 
  independend from the setting of DoTLS . This option works for listenPort , listenPort2 and relayPort . 
  The listener definition here has to be the same like in the port definitions. 
  Separate multiple entries by "|".Examples:</i> 25, 127.0.0.1:25, 127.0.0.1:25|127.0.0.2:25




2010/21/03

fixed in 2.0.1 1.0.04

- it was possible that some of our 'X-Assp-...' headers where unneeded MIME-encoded - this is fixed

- The "AutoWhite" feature has not written (updated)  the current time to the whitelistdb, 
if the recipient was already whitelisted

- the 'webAdminPassword' was used to create a HTTP-cookie for session authentication - 
this is changed to prevent offline brutforce attacks against the password

- it was possible that a "add to whitelist" does not results in a line in the file "admininfo.txt"- 
it is now possible to track every change to any list in that file

- it was possible that the module "Tie::RDBM" dies/croaks , if it was unable to get a result on a 
'FETCH (fetch_arrowref)', because on a too havy workload on the DB engine.

- if the IO-Select engine is used - a 'not a hash reference' exception could be thrown


changed in 2.0.1 1.0.04

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- This version and all subsequent versions require a Perl version 5.10.0 (5.010000) or higher !
- only the development versions will accept, that assp is running on Perl 5.8.8 if the OS is 'darwin'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


- 'DisableVRFY' belongs now also to the 'EXPN' command
>If you have enabled VRFY and/or EXPN on your MTA to make assp able to verify addresses and you do not 
want external clients to use VRFY and EXPN - select this option.

- all BerlekeleyDB hashes will synchronized to disk every 15 minutes, to prevent lost data if assp 
crashes for any reason
- if assp is unable to init a BerkeleyDB - Env or Database - it now tries to recover this situation:
   - for internal hashes - the complete Env and BDB will be deleted and recreated
   - for Griplist and BackDNS2 - the complete Env and BDB will deteted and a recreation (
    via redownload these hashes ) will be started
   - for Main-Hashes - the Env will be deleted and if an backup of the failed DB is available, 
    the BDB will be deleted and an import of the last backup will be done

- The module BerkeleyDB.pm version 0.42 is now available at CPAN and in the assp.mod.zip file (windows). 
Paul Marquess, the developer of that module, was so friendly to fix some code for us in that version - 
thanks Paul.

- If 'WorkerLogging' is set to on, four additional taggs will be added to the log lines 
[TLS-in] - indicates a non SSL "client to assp" connection that was switched to SSL via 'STARTTLS'
[SSL-in] - indicates a SSL "client to assp" connection on the SSL-port
[TLS-out] - indcates an "assp to server" connection that was switched to SSL via 'STARTTLS'
[SSL-out] - indicates an native SSL "assp to server" connection

for example :
Mar-20-10 13:11:19 M1-87064-13233 [Worker_3] [TLS-in] [InvalidAddress] 124.60.176.149

- for TLS/SSL connections an extra 'X-Assp-[Client/Server]-[TLS/SSL]: yes' header line is added
for example :    X-Assp-Client-SSL: yes

- the SMTP - reply:
  "550 5.5.3 too many recipients";
is changed to 
  "452 too many recipients";
which is more RFC conform

- The procedure in sub 'BombWeight' runs now smarter and faster and it needs much less system resources 
(to prevent "out of memory" exceptions on large regular expressions)




added in 2.0.1 1.0.04 :

- 'allowAdminConnectionsFromName','Allow Admin Connections From These Hostnames*',
  'An optional additional list of Hostnames from which you will accept web admin connections. 
   Blank means accept connections from any IP address in allowAdminConnectionsFrom or any connection 
   if nothing is set there.<br /> <span class="negative">Note: if you make a mistake here, 
   you may disable your web administration interface and be forced to manually edit your configuration 
   file to fix it.</span><p><small><i>Examples:</i></small></p> localhost , host.anydomain.com'





2010/06/03

fixed in 2.0.1 1.0.03

- security fix: a workstation behind a NAT network is able to adopt the user credentials from an other (GUI)
 logged in workstation in the same network
 ASSP now uses HTTP-Session-ID's to prevent this. Browser cookies must be enabled for the GUI-URL to make sure,
 that assp generates absolute unique session ID's 

- if any bomb regular expression contains a regex  '^$'  to check for an empty string (eg. bombSubjectRe),
  no result is found

- if a wrong search query is used in MaillogTail and the option 'show .....  results' is set to 'all matches',
  it is possible that the MainThread needs a very long time (30 min or more) to process the query.
  For this reason the option 'all matches' is changed to '2000'.
  There are also two search timeout values used: 30s for the search in the log files
  and 30s for rendering the HTML for the output.

- if in MaillogTail a selection for a list of file to search in was made,
  it was possible, that the timeline of the output was broken,
  because of a wrong sort of the filenames (numbers).

changed:

- the default value for 'LogRollDays' is changed from 7 to 1.
- if FBMTV is used and an incoming not-bounce message is received, which contains a valid FBMTV-tag,
  the message is considered 'whitelisted' if it is not taged otherwise (red,contentonly, noprocessing...)
  by assp


added:

- 'httpRequireCookies','HTTP and HTTPS require enabled browser cookies',0,\&checkbox,'1','(.*)',undef,
 'Cookie based http session ID\'s are used by assp to handle different requests from the same IP (eg behind NAT).
  Switch this off, if you are unable to use cookies in your browser. If switched off,
  a security hole is opened for connection that are using NAT - it could be possible that a second workstation
  (behind NAT) is able to login to the GUI, without user credentials if the same OS and browser version is used.'



2010/02/03

fixed in 2.0.1 1.0.02

- Worker 10000 dies on a gone MySQL connection if an export or backup is done

2010/01/03
first public release 2.0.1 1.0.1 published on sourceforge

########################################################
development version history
########################################################

fixed in 2.0.1 0.7.08:

- the cleanup of the whitelist was not working
- if STAT-interface was queried from an external tool, 'an unexpected signal SEGV' was detected on some systems
- damping was some times done on a ISP connection
- the 'From:' address was some times wrong MIME encoded in notification mails and the notification stucks 
in the resend folder
- assp tried to resend the dirs '.' and '..' if 'maillogExt' is set to empty (which is not recommended)
- the MaintThread was unexpected restarted if any HTML download was not successful or incomplete
- ForgedHelo was not using the 'cip' on an ISP connection
- the forwarding of a resend request to an other assp was not working because of a wrong IP address resolving
- if spamdb and/or whitelistdb was configured to use a database and the BerkeleyDB driver was used, 
assp completely stucks on a BerkeleyDB lock
- the generic hash (domain*=>....) procedure for 'DomainVRFYMTA' and 'FlatVRFYMTA' was not working correct

 

changed:

- if 'MaxAllowedDups' is used, the startup of assp could take too long - the fillup of the filename hash is 
moved in to the MaintThread - the feature will not be used as long as the filename hash is not finished to build
- the rebuildspamdb code is partly redisigned to reduce the used memory
- rebuildspamdb code is now exported to the file 'rebuildspamdb.pm' and will be called as module from inside assp
- the rebuildspamdb  thread now only loads the needed main hashes


added:

- 'fillUpImportDBDir','Fill the Import Folder',10,\&textinput,'','If set to a value between 1 and 9, 
the corresponding backup file for any list/hash that configured to use a database will be copied 
from the backupDBDir to the importDBDir. The resulting file name will has an extension of ".rpl", 
so a possible import will replace the current table content. If a value of "L" is defined, 
the last backup will be used. Possible values are L or 1 - 9 or blank. 
Any configured value will be reset to blank after the copy is finished.



changed in 2.0.1_0.7.07:

autoCorrectCorpus is changed to:

['autoCorrectCorpus','Automatic Corpus Correction',60,\&textinput,'0.6-1.4-4000',
'(\d\.\d\d?-\d\.\d\d?-(?:[4-9]\d{3}|\d{5,})|)',
'(Syntax: a.a[a]-b.b[b]-cccc or empty - default is "0.6-1.4-4000") If the corpus norm 
(the weight between spamwords/hamwords) is less than "a" (0.6 - too much ham) or greater 
than "b" (1.4 - too much spam), assp will delete the excess (oldest) files from the corresponding folder 
( spamlog , notspamlog ). ASSP will keep a minimum of "c" (4000) files in the folder and will never delete 
files that are younger than two weeks. This cleanup will run at the end of the rebuildspamdb task. 
So the corrected file corpus will take effect at the next rebuildspamdb!'


fixed in 2.0.1_0.7.06:

- rebuildspamdb has blocked all threads in checkDBCon if BerkeleyDB was used for spamdb
- the locktimeout for BerkeleyDB was to long and could result in blocked whitelistdb
- the lock policy for  BerkeleyDB's lock_detect in CDB mode is change from 
 DB_LOCK_YOUNGEST to  DB_LOCK_DEFAULT to prevent too early lock timeouts
- 'wildcardUser' was not working in the GUI MailAnalyzer if set to other than '_ALL_' 

changed:

- assp now prevents the output of unwanted carp messages on the console like:
Illegal Content-Type parameter =_NextPart_000_0023_92_EF537373.28F750D4 
at /usr/share/assp/assp.pl

-Attention - this parameter has the defaut value of 1 !

'autoCorrectCorpus','Automatic Corpus Correction',0,\&checkbox,'1','If the corpus norm (the weight between spamwords/hamwords) is less than 0.6 (too much ham) or greater than 1.4 (too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ). ASSP will keep anyway 4000 files in the folder and will never delete files that are younger than two weeks. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!'

- A new directory ...../lib will be created and used as first folder in Perl's module search path (@INC). So it is possible to overwrite default Perl modules with temporary or permanently changed module variants if needed.


fixed in 2.0.1_0.7.05

- a record by record DB-import is running in to an exception if more than 1000 records are imported
- if the Message-ID header line was written over more than one line, the Message-ID was failed
even if the Message-ID was correct
- typos in javascript are corrected


changed:

- on startup the ASSP version and directory, the Perl version and the path to the executable, 
and the host name are shown
- our received header shows no the exact protocol that was used  SMTP , SMTPS , ESMTP , ESMTPS


fixed in 2.0.1_0.7.04

- URIBL was doing unneeded lookups anm checks for hostnames and domains that where found inside the 
'Received:' header lines
- the spamlover check inside the 'unique recipient number' feature was not correct


changed:

- both autoupdate download URL's could be modified by the version.txt file content - 
this does not meen, that you should change this file, but on an update we are able to 
relocate to a new download location


fixed in 2.0.1_0.7.03:

- some bomb regexes that should check the complete mail, where only checking the body of the mail


changed:

- the exported 'default_en_msg....txt' file now contains also all other GUI text that is available for translation

-   If any parameter that allowes the usage of weighted regular expressions is set to "block", 
but the sum of the resulting weighted penalty value is less than the corresponding "Penalty Box Valence Value"
(because of lower weights) - only scoring will be done!


added:

DoMaxDupRcpt','Block Max Duplicate Recipients','0:disabled|1:block|2:monitor|3:score',
  'Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt
in the RCPT TO: command. Scoring is done with mdrValencePB . 
This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. 
If a message has to be delayed, this check will score before the delay, if set to block or score - 
and score and/or block on the next server request.'

MaxDupRcpt','Maximum Allowed Duplicate Recipient Adresses',
'The maximum number of duplicate recipient addresses that are allowed in the sequence of the RCPT TO: commands!
The number per mail is calculated by 'number of RCPT TO: commands  -  number of unique recipient addresses'.
For example: if one address is used three times or two addresses are used each two times,
will result in the same count - 2. Or if both is the case in one mail, the count will be 4.'

'mdrValencePB','Duplicate Recipient, default=10','Message/IP scoring'

'noCollectRe','Do Not Collect Messages - Content Based*','If the content of a collected file 
(incl. X-ASSP-... headers) matches this regular expression, it will be deleted from the collection after the mail is completely processed.
If the ASSP_ARC plugin is used, the file will be delete from the collection after it was archived. 
This is the only "no collect" option which removes an already collected file, 
all other options will prevent assp from creating a collection file - if set to "no collection". 
The check is limited to MaxBytes or at max 100000 Bytes.'
ASSP_ARC.pm version 1.12 is required to use this function together with the archiv function.

changed in 2.0.1_0.7.02:

- the reply on a local frequency blocking has shown the addresses defined in 'EmailAdmins' - 
the reply is changed to

554 5.7.1 too many recipients for ....... - please try again not before ....... or send a notification message to your postmaster or local administrators

Fixed in 2.0.1_0.7.01

The following could be happen if https was used for the GUI or SSL/TLS was used for SMTP:
- the GUI is shown incomplete
- submitting any changes in the GUI results in a waiting or empty browser window
- SMTP SSL/TLS connections are unexpected dropped in the middle of a transmission

The reason for this was a requested SSL-re-handshake from the peer (browser or SMTP).
The result was a non-readable and/or non-writable state of the connection,
which causes ASSP to assume that the connection was closed by the peer (read zero bytes).
This special state of a SSL connection is now detected and handled by ASSP.
An other reason for this behavior was the read of too less bytes (less than available) from the systems IO-buffer.
On a SSL-re-handshake request of the peer, ASSP was some times unable to read the rest of the available data
from the IO-buffer. ASSP tries now every time to read the maximum (16384) or the pending size of data
from the IO-buffer. Until a SSL-re-handshake request is pending at the SSL-librarys and the
SMTP session-timeout is not reached, ASSP will not close the connection.

Fixed in 2.0.1_0.7.00

- users other than root getting a Syntax error on the page (MSIE) - and the MaillogTail display is incomplete

changed / added:

- Depending on the ASSP - system OS , your workstation OS , the used browser , the used web protocol (http/https),
the used webproxy and possibly some other reasons, it could be needed to switch between the socket-blocking-mode
and the socket-nonblocking-mode for the GUI. Because this setting is session dependend, it is not possible to
make it configurable in the GUI. The default blocking-mode for both, http and https, is 'nonblocking (0)'.
To switch between the blocking-modes, define the blocking in the URL - like:

https://myassphost:55555/?blocking=1
https://myassphost:55555/?blocking=0

In normal case, http should never need to set the blocking-mode to '1'.

If set one time, ASSP will remember the blocking-mode until the session (IP) is logged off or the blocking-mode is redefined.
How ever, switching the blocking-mode to '1' could cause in a stucking MainThread, if there is any communication issue between ASSP and the browser.
If the blocking mode of the current session is currently overwritten, this is shown in the headline of the main configuration page:

ASSP (console mode) - Configuration (root -blocking)
ASSP (console mode) - Configuration (root -nonblocking)


fixed in 2.0.1_RC0.6.38

- resend function uses the envelope sender (X-Assp-Envelope-From) if it should not be done

fixed in 2.0.1_RC0.6.37

- a wrong parameter check in 0.6.34 causes a setup of 'DBdriver' to 'mysql' if it is set to 'BerkeleyDB' in assp.cfg
- GUI could be shown incomplete if the GUI traffic is routed 

fixed in 2.0.1_RC0.6.35

- scrollbars where not shown in IE8 if a file was open in GUI

fixed in 2.0.1_RC0.6.34:

- since 0.6.31 it was possible to get empty pages in the GUI if HTTPS was 
used - this is fixed

changes in 2.0.1_RC0.6.33
added:
'noMSGIDsigRe','Skip Message-ID signing, mail content dependend*'
'Use this to skip the Message-ID tagging depending on the content of the 
email. If the content of the email matches this regular expression 
(checking MaxBytes only), FBMTV will not be done. For example: \'I am out 
of office\' .

'noRedMSGIDsig','Skip Message-ID signing for Redlisted mails'
'If selected, FBMTV will not be done for redlisted emails!'

'UseUnicode4SubjectLogging','Use Unicode to build Subjects in Maillog'
  'If you have switched on UseUnicode4SubjectLogging and decodeMIME2UTF8 
and your default (local language) characterset (please setup 
ConsoleCharset and LogCharset) needs 8 Bit like 
"KOI8-r","CP-866","Windows-1251","Windows-1252","ISO-8859-X","X-Mac-Cyrillic","JIS_X0201" 
or any other (or is UTF-8) - and you want to have a readable subject in 
the maillog and on the console screen, you can switch on this option. The 
resolution of some characters written to the console could be incorrect 
depending on your operating system. This requires an installed <a href="
http://search.cpan.org/search?query=Email::MIME::Modifier" 
rel="external">Email::MIME::Modifier</a> module in PERL.'

On upgrade to 0.6.33  'UseUnicode4SubjectLogging' will set to value of 
'UseUnicode4MaillogNames' !


changed:

'UseUnicode4MaillogNames','Use Unicode to build Maillog Names',
  'If you have switched on UseSubjectsAsMaillogNames and decodeMIME2UTF8 
and your default (local language) characterset (please setup 
ConsoleCharset and LogCharset) needs 8 Bit like 
"KOI8-r","CP-866","Windows-1251","Windows-1252","ISO-8859-X","X-Mac-Cyrillic","JIS_X0201" 
or any other (or is UTF-8) - and you want to have readable filenames in 
the maillog and on the console screen, you can switch on this option. The 
resolution of some characters written to the console could be incorrect 
depending on your operating system. This requires an installed <a href="
http://search.cpan.org/search?query=Email::MIME::Modifier" 
rel="external">Email::MIME::Modifier</a> module in PERL.
changed in 2.0.1_RC0.6.32

-changed GUI handling

changed in 2.0.1_RC0.6.31

- improved support for native UTF-8 systems (Blockreport , MaillogTail)
- GUI connections now running in nonblocking mode per default


added:

- added STATS for preHeader check

fixed in 2.0.1_RC0.6.30 :

- subject logging was not working for noprocessing mails (incomplete 
changes in 0.6.28)


changed :

- implemented two GUI suggestions :
  - Browser title shows the current ASSP page name
  - modulenames are shown in red color if the module is not installed or 
disabled

fixed in 2.0.1_RC0.6.29
- some special character combination where not shown correctly in 
MaillogTail - for example \b
- binmode was switched of for maillog.txt if LogCharset was not defined
- the X-ASSP-Original-Subject: header was not added in some rar cases

changed:

- the default value for LogCharset is set to the most strict utf8 charset 
(utf-8-strict) if available
- if copyDbToOrgLoc was set, an unneeded additional export was done - the 
file is now copied from the last backup

fixed in 0.6.28:

- The MIME encoding of our headers caused that some of the lines where 
shown in the body of the mail.


changed:

- If the MTA rejects the mail after the DATA part is started, a log line 
is written that indicates this, if ConnectionLog is set to on.

fixed in 2.0.1_RC0.6.27
- message header parsing was wrong in some cases
- our own headers where not mangled correctly in to CCSPAM-mails in every 
case

changed:

- remindeBATVTag was used for all outgoing mails - this is now only done 
for outgoing bounce mails
- syslog has produces too much IP-connections

fixed in 2.0.1_RC0.6.26

- an empty Subject: header value cause assp to use the next header value 
for file name
- our own headers are not MIME encoded if  a spam or bomb reason contains 
non ascii (utf8) characters

fixed in 2.0.1_RC0.6.25

-    STATS where uploaded even if  totalizeSpamStats was not set

changed:

- sendAllSpam accepts now multiple entries (separated by comma or space)
- if possible (from address is equal to the envelope address) the sender 
name is included in the 'From:' header tag on a resend
- X-ASSP header lines are no longer removed on a resend
- too expanded logging for BATV maintenance is corrected


added:

'ccSpamInDomain','Copy Spam and Send to this Address per Domain*'
 'ASSP will deliver an additional copy of spam emails of a domain to this 
address (even if sendAllSpam is not set) - if the domain of the 
recipient-address is matched. For example: 
monitorspam@example1.com|monitor@example2.com.
fixed in 2.0.1_RC0.6.24:

- loading large lists, files or hashes in GUI caused a long runtime of the 
javascript in the browser - both: assp internal processtime and the time 
the  javascript needs to render the HTML are significant reduced.

fixed in 2.0.1_RC0.6.23:

- noprocessing mails are not scanned by FileScan if ClamScan is not 
enabled
fixed in 2.0.1_RC0.6.22:

- 'DelayShowDB' and 'DelayShowDBwhite' does not show the content if the 
config - parm is set to 'DB:'
- the Import of a DB at startup could cause an exception in 
threads::shared
- too much logging in header-conversion


changed:

- the version check for the thread related modules is changed  - only the 
check (recommendation) is changed - not the required version

added:

'detectMailLoop','Detect Possible Mailloop'
 'If set to a value higher than 0, ASSP count it\'s own Received-header in 
the header of the mail. If this count exceeds the defined value, the 
transmission of the message will be canceled.'


idleValencePB','Timeout Score', 'For IP scoring with smtpIdleTimeout.'
(penalizing is not done, if the connection is in damping mode)

changed in 2.0.1_RC0.6.21

- NotifyRe now accepts comma separated recipients in every regex 
line - for example:

warning:=>user1@yourdomain.com,user2@yourdomain.com

If such recipients are defined, this will override the default recipients 
in 'Notify' for this entry.


- If 'EmailFrom' is not defined it will be set to 'postmaster@domain' 
where domain is 'defaultLocalHost' or 'EmailBlockReportDomain' what ever 
is defined.
- the default value for 'defaultLocalHost' is set to 'assp.local'

- The value check for parameters where only one full email addresse is 
allowed is more strictly.

fixed in 2.0.1_RC0.6.20

- changing 'RestartEvery' could cause an immediately restart of ASSP 
without saving the configuration
- if 'EmailFrom' is not configured and the notify feature uses 'ASSP <>' 
as from address, the resend function logs 'From: headertag not found' and 
the resend is not done
- noLogLineRe does not detect prepend tags
- in some cases a wrong passing reason was logged


added:

'DoVRFY','Verify Recipients with SMTP-VRFY','  'If activated and the 
format \'Domain=>MTA\' is encountered in
 localDomains recipient addresses will be verified with SMTP-VRFY (if VRFY 
is not supported \'MAIL FROM:\' and \'RCPT TO:\' will be used).
 If you know that VRFY is not supported with a MTA, you may put the MTA 
into VRFYforceRCPTTO.'

This makes it possible to disable VRFY without changing 'localdomain', or 
to configure VRFY before it should be used.

changed:

If a main hash is too large and is not stored in a database a information 
or warning message will be logged.

The VRFY feature now allows the usage of wildcards (* ?) for domains 
(*domain.com=>mx.domain.com).
fixed in 2.0.1_RC0.6.18:

- the PID-file exists after a mainexception - assp does not restart
- noProcessingIPs are not detected in any case



changed:

'ASSP <>' will be used for notifications if emailfrom is not defined


added:

'convertNP','convert NoProcessing mails',  'Set this to on, if 
noprocessing mails should be converted, which is normaly not the case.'


fixed in 2.0.1_RC0.6.17:

- using NC (netcat) on statport cause assp exception in regex
- illegal instruction is thrown in BayesOK
- if assp is unable to delete the PID-file on shutdown a log line is now 
written

changed in 2.0.1_RC0.6.16 :

- Bayes- and Bomb - checks have now an alarm timer to prevent stucking 
workers (on regular expressions)
- at startup assp validates all defined config values and writes a log 
lines if an invalid value is found

changed in 2.0.1_RC0.6.15

'webStatPort','Raw Statistics Port',
  'The port on which ASSP will listen for http or telnet connections to 
the statistics interface. You may also supply an IP address to limit 
connections to a specific interface. Only one value is supported!<br />
   The stats are available via browser or telnet (or telnet similar 
socket). Using telnet, press ENTER two times to get the healthy state 
(\'healthy[CRLF]\' or \'not healthy[CRLF]\' in a single line), this is the 
   recommended methode to get the \'UP\'-state of assp from nagios or any 
other external script.<br />
   Type \'stat[ENTER][ENTER]\' to get the STATS in raw text where each 
line is terminated with \'[CR]LF\' (CR is send in any case, if the request 
contains CR).<br />
   The HTML output are LF terminated STAT lines.<p><small><i>Examples:</i> 
55553, 192.168.0.5:12345</small></p>'

How ever, the external script should close the connection after reading 
all data from the socket. ASSP will close the connection if all data where 
sent - ASSP will not wait for a QUIT!

changed in 2.0.1_RC0.6.14

- localFrequency limiter now shows the connected IP in the notification 
message
- autoupdate now checks also the version of the downloaded assp.pl (not 
only the content of the version.txt)

fixed in 2.0.1_RC0.6.13

- if a weighted regex has a wrong syntax that results in invalid partial 
regexes, all changes to that value will be ignored and an error line is 
written to the log
- the description in ASSP_ARC.pm was changed and a 'AdminUpdate' line is 
written to the log if 'StoreCompleteMail' was changed by the plugin
 ('StoreCompleteMail' is changed by this plugin to 'no limit' [999999999] 
if it is installed - even it is disabled in configuration !!!)

fixed in 2.0.1_RC0.6.12
- coloring good(green) and bad(red) mails in MaillogTail was not correct 
on some systems
- weighted regex for invalidFormatHeloRe was not working like expected
- autoupdate 'download and install' was not working on all systems


fixed in 2.0.1_RC0.6.11

- reduces the memory usage of the ARC plugin (only if both are 
upgraded !)

fixed in 2.0.1_RC0.6.10
 new -> assp_db_import.cfg 
 new -> assp_database_readme.txt 
- Postgres DB Bulk import failes - switching to this version requires an 
export of all data, drop all tables and reimport of all data if Pg is used
- Pg is unable to process binary data stored in AdminUser DB's - if this 
is happen, switch on 'adminusersdbNoBIN'
- connections in listener2 where accepted to relay even if the 
authentication was not processed
- autoupdate was not working in Windows Service mode (depending on the 
commandline that was used)

fixed in 2.0.1_RC0.6.09

- Pg - DB cause rebuild task to terminate unexpected


added:

- allowRelayCon','Allow Relay Connection from these IP\'s*','Enter any 
addresses that are allowed to use the relayPort , separated by pipes (|). 
If empty, any ip address is allowed to connect to the relayPort. If this 
option is defined, keep in mind : Addresses defined in acceptAllMail are 
<b>NOT</b> automaticly included and have to be also defined here, if them 
should allow to use the relayPort. For example: 127.0.0.1|172.16..'

This could be used to protect the relayPort from local abuse. Even if this 
option is defined, it is not recommended to open access from a public 
network (internet) to the relayPort (DoS).

changed:

- the local frequency check now writes an additional log line

notification: too many recipients .....

This log line is written once a day per sender - so if the notify feature 
is used to get informed about local frequency abuse, I recommend to watch 
this message instead of 

warning: too many recipients .....

which is written for every attemp. This will prevent too many notification 
mails in the admins mailbox.
fixed in 2.0.1_RC0.6.08

- URIBL is out of function since 0.6.07 (sorry)
- Gripvalue{x} does not exist - only valid if 'ispgripvalue' is not set

2.0.1_RC0.6.07
 assp_database_readme.txt 

fixed:

- BlockReport failed if the simple syntax ('user@mydomain') is used in the 
BlockReportFile
- DB errors in INSERT or UPDATE could cause a WorkerRestart - this is now 
done in an eval{} - on DB-error the record will not be written, but the 
worker will run - the next DB-check will switch the worker to use the 
failover files if the DB is gone (like before)

added:

 ['URIBLcheckDOTinURI','Check for \'DOT\' in 
URI',0,\&checkbox,'','(.*)',undef,
  'When enabled, assp will also check for the used word \'DOT\' instead of 
a \'.\' in URI\'s like \'example<b>dot</b>com or example<b>!d 
o-t_</b>com\' .<br />
   Enable this feature only, if you don\'t expect any problems in your 
national language (using \'dot\' + a toplevel domain in any 
words).',undef,undef,'msg008820','msg008821'],

any combination of   ?d?o?t? + TLD, where ? could be any NOT [a-zA-Z0-9.], 
will be detected


changed:

- some small design changes in HTML BlockReports

2.0.1_RC0.6.06
- searching for a single character or word that is used in HTML-tags with 
enabled highlighting in MaillogTail could cause scrambled lines in view
- version check and autoupdate are more correct - log lines are changed 
(info: autoupdate: ....) to better configure notifications 'notify'
- "Bareword found where operator expected ..." shown in console when a 
single quote is in the file name

2.0.1_RC0.6.05:
added:

- AutoUpdateASSP','Auto Update the Running Script (assp.pl)','0:no auto 
update|1:download only|2:download and install',
 'No action will be done if \'no auto update\' is selected.<br />
  If \'download only\' is selected and a new assp version is available, 
this new version will be downloaded to the directory ' . $base . 
'/download (assp.pl).<br />
  If \'download and install\' is selected, the running script will be 
saved to download directory and replaced by the new version.<br />
  Configure ( AutoRestartAfterCodeChange ), if you want the new version to 
become the active running script.<br />
  The perl module <a href="http://search.cpan.org/dist/Compress-Zlib/" 
rel="external">Compress::Zlib</a> is required to use this feature.


changed (!!!!):

- AutoRestartAfterCodeChange','Automatic Restart ASSP on new or changed 
Script',20,\&textinput,'','^(|immed|[1-9]|1[0-9]|2[0-3])$',undef,
'If selected, ASSP will restart it self, if it detects a new or changed 
running script. An automatic restart will not be done, if ASSP is not 
running as daemon on linux/MAC ( AsADaemon ) or as a service on windows 
and AutoRestartCmd is not configured. Leave this field empty to disable 
the feature. Possible values are \'immed and 1...23\' . If set to 
\'immed\', assp will restart within some seconds after a detected code 
change. If set to \'1...23\' the restart will be scheduled to that hour. A 
restart at 00:00 is not supported.


fixed in 2.0.1_RC0.6.04:
- if tagging mode was used, it was possible that a wrong passing reason 
was logged

changed:

- DoNoSpoofing was not done if a mail got the 'whitelisted' flag - this is 
changed. For noprocessing mails this is not changed, they will pass the 
spoofing test.

ASSP 2.0.1 RC 0.6.03
fixed :
- analyze interface does not work or returns wrong values

ASSP 2.0.1 RC 0.6.02
fixed :

- Pg-DB was defined with wrong data types
- Netblocks (/24 , /32) where not correctly calculated in some cases
- analyze via email interface does not work or returns wrong values
- syslog caused assp to stop working if characters are not printable
- Senderbase has done checks after no result was received from DNS

changed:

- analyze via email interface supports now multiple attached files (.eml)

ASSP 2.0.1 RC 0.6.01
fixed:
SenderBase error

ASSP 2.0.1 RC 0.6.00 
fixed:

- MaillogTail has not shown results, if unicode charcters like \x{0080} 
(for example the euro symbol) where in the maillog.txt - which caused a 
javascript error


changed:

- the memory and CPU usage of ASSP is reduced - some loop iterations where 
done with 'foreach' which requires large extra temporary memory - these 
loops are iterated now with 'while', which does not need extra temporary 
memory

- Tie::RDBM has filled up an unneeded internal cache, which has looked 
like ASSP leaks some memory - this cache is now cleaned up every ~ 90 
seconds


added:

- the left menu contains now links at the bottom to show and edit internal 
caches - this feature requires professional knowledge about ASSP !

ASSP 2.0.1 RC 0.5.26
fixed :

- if an ISP connection was going in to error mode and the ISP has tried to 
go further with the next mail in the same connection - the ASSP connection 
to the MTA was already gone. The ISP connection was running in to timeout.
- URIBL has not found local LDAP-domains to skip them from the check


added:

- ASSP now has a short time (5 minutes) negative LDAP cache - to prevent 
too much traffic to the LDAP and/or VRFY server, because ASSP uses the 
local addresses/domains check very often.
 This cache is not configurable and is completely cleaned on every 
GUI-Main-Window-request. A stored negative LDAP/VRFY result is valid for 5 
minutes.

- If more than one ASSP are acting in a chain, it was impossible to detect 
which ASSP has written which X-Assp- header. For this reason every found 
strange X-Assp- header will be updated to for example :

X-Assp-Spam(1): yes  or
X-Assp-Version(7): 2.0.1 ....

The number (x) will be included and increased by every ASSP in the chain. 
So, the headers with the highest numbers are written by the most far ASSP. 
The headers without such a number, are from the last ASSP in chain.

ASSP 2.0.1 RC 0.5.25
fixed:

- GreedyWhitelistAdditions has shown wrong options in GUI
- Attachment SpamLover flag was not reset in case of a second mail in the 
same connection
- 'all SpamLover'-Flag was not reset, if a any of the envelope recipients 
was not a 'all SpamLover' - so the message was delivered
- if 'catchallallisp2null' was used and the ISP has tried to send a second 
mail in the same connection - this second mail failed
- a matching 'baysSpamLoversRe' has set the 'all SpamLovers'-flag not the 
check specific spamlover flag
- the interval for the download of the 'BackDNSFile' was to short and was 
some times resulting in a 'http 403' error - the interval is now between 
20 and 28 hours


added:

- groupSpamLovers',"Group SpamLovers and Not SpamLovers per mail",
 'If set, the first envelope recipient consider a mail to be for 
spamlovers or not. If the first envelope recipient is any SpamLover, all 
other (following) envelope recipients must be also any SpamLover (or 
reverse) - if not, their address will be not accepted by ASSP for this 
single mail and \'550 5.5.3 too many recipients\' will be sent.'

- the locaFrequencyCache could now be shown and edited in 
'localFrequencyInt' and 'localFrequencyRcpt' (GUI), to be able to reset 
the Cache-entry for single addresses.


changed:

- dnsbl-2.uceprotect.net=>2 and dnsbl-3.uceprotect.net=>2 are removed from 
the default setting of RBLServiceProvider
- 'EmailFrom' now also bypasses the localFrequency check (to and from)
- in case of a bypassing mail because of  'all spamlovers' , the log line 
now shows the reason for the spamlover-flag ('all SpamLovers' or 
'SpamLoverRe')
ASSP 2.0.1 RC 0.5.23
bug in notification mails fixed

ASSP 2.0.1 RC 0.5.22
fixed:

-  X-Assp-Envelope-From: and   X-Assp-Intended-For: where not processed in 
every resend-mail case
- ISP connections where closed after an detected SPAM even if a '250 OK' 
was sent and ISP tried to sent more than one mail inside a connection


fixed in ARC-plugin:

- openssl was unable to decrypt encrypted archive files

ASSP 2.0.1 RC 0.5.21


ASSP 2.0.1_RC0.5.20

fixed:

- plugin reload failes in Perl 5.10.1
- wrong subjects are used if more than one mail is delivered inside a 
single connection

fixed in 2.0.1_RC0.5.19

- the submit button in MaillogTail was not working in every case with FF
- scrambled filenames and subjects - should be fixed, but extra debug code 
is added - if the filenames and subjects differs, a file debug_sub.txt 
with debug infos will be created in the base folder
- the code to detect local addresses was outdated -> new code is 
implemented
- wildcards in Redlist where not working



changed:

- DoLocalSender is obsolet and is removed (use DoLocalSenderAddresses and 
DoLocalSenderDomains)
- ValidateUserLog can be setup to 'diagnostic'
- the scrollbar on the left menu is only shown if the mouse cursor is on 
it

fixed in 2.0.1_RC0.5.18

- GUI was not correctly shown in IE6 (possibly also in IE7) and IE8 in 
compatibly(5/6/7) mode - a browser and javascript engine detection is done 
to correct the wrong parsing of the old MS stuff
- a clean untie of BerkeleyDB hashes was not possible because of an 
existing reference (removed)
- BATV Tags where not removed for some checks
- OCR-Plugin caused an exception because of a wrong subroutine call

fixed in 2.0.1_RC0.5.17:

- batvTag was not removed for local sender check
- EmailFrom was blocked by localFrequency
- Redlist in BerkleyDB has caused an error
- If a reply from a server contains  45x in the text - the connection is 
dropped
- spamreport reply from users contains a analyse report
- "........   is not on Whitelist" could shown multiple times in a report
 

changed:

- design changes in GUI
- resendMail now checks also for 'X-ASSP-Envelope-For' and 
'X-ASSP-Envelope-From'
- rebuild spamdb shows description of corpus norm

- ASSP_OCR.pm (1.18)  -  the plugin now uses PDF::OCR2  if installed

- assp.mod - module installation 1.12 now includes PDF::OCR2

ASSP 2.0.1 RC 0.5.16

fixed:


- filenames of reportfiles could be wrong
- complete report section (show/add/remove) changed (adapted from V1 - 
maintent by Fritz)

changed :

'GreedyWhitelistAdditions','How add Greedy Senders to 
Whitelist','0:none:1:envelope only|2:all senders',
  'Defines what sender addresses are added to the whitelist if a message 
is considered to be from a whitelisted sender. NotGreedyWhitelist is 
considered in determining if a message is from a whitelisted sender.'

MaillogTail - Loglines in separate <div> with separate scrollbar


added:

'EmailErrorsModifyNoP','Combined Spam Report and NoProcessing 
Deletion','0:disabled|1:modify noprocessing|2:show noprocessing'
  'If set to \'modify noProcessing\' Spam Reports will remove addresses 
from noProcessing list. If set to \'show noProcessing\' Spam Reports will 
show if addresses are on noProcessing list.','Basic'

ASSP 2.0.1 RC 0.5.15
- GeedyWhitelist - a spelling mistake in the CVS version
- some language tags where missing
- Blockreport has shown invalid addresses from DKIM tags


changed:

- better memory handling by predefining the key count for some hashes
- MaillogTail has now enabled and colored file links, if a search string 
is used - highlighting is no more automatic switched off if 'files only' 
is selected
- database backups are now available in 'mysqlslavemode'


added:

'StoreASSPHeader','Store Assp-Header into Spam Collection', 'Add "X-Assp-" 
to the collected spam-mails.' (adapted from V1)

'GreedyWhitelistAdditions','How add Greedy Senders to 
Whitelist','0:envelop only|1:all'  'In addition to the setting in 
NotGreedyWhitelist , you can define what addresses will be added to 
whitelist.

ASSP 2.0.1 RC 0.5.14
fixed:

- BATV-tag is added if the sender and the recipient are local accounts 
(Email Interface) - the report could not be sent
- ( , , , , , , , ,) is shown in Blockreport lines
- UserBlockReportInstantQueue.txt - Invalid argument; - because the base 
directory was added to the filename two times


ASSP 2.0.1 RC 0.5.13
fixed:

- the interrupt handling design has changed (adapted from next 
dev-version) to fix scrambled files names in maillog.txt (and MaillogTail)
- Net::Senderbase::Result has no DESTROY methode - assp does this now
- removed a backreference from a global variable (memory leak)
- untieing global hashes has caused warnings if assp was stopped
- several warnings about wrong argument usage are fixed
- warnings about writing to a closed filehandle while maillog rollover are 
fixed
- memory leaks because of wrong filehandle references are fixed
- if a messag failes after it passes because of testmode or spamlover, the 
message file was stored in a wrong location 
- BlockReports has shown a wrong message count in subject
- the link in Blockreports to open a file in a browser was shown in user 
Blockreports (should be admins only)
- the logout browser screen reported a javascript error
- if a file was opened with a browser from inside a Blockreport, a the 
needed logout was not possible - a logout button is added to this window

changed:

-LocalFrequencyInt + LocalFrequencyNumRcpt : .............To give users 
the chance to inform an admin about such blocked mails, local mails to 
EmailAdmins are never blocked because of that feature.
(The EmailAdmins addresses are written in to the 5xx reply which is send, 
if such mail is blocked.)

- debug and maillog outputs from inside a interrupt cycle are delayed to 
prevent wrong changes of local variable in interrupt routines

- the recommendation for the minimum version has changed for the following 
modules (requirement is not changed):
threads->1.74
threads::shared->1.32
Thread::Queue->2.11

- the link in Blockreports to open a file in a browser is added to the 
text-only part of the report

- if NoGreedyWhitelist is set to the first option, the Blockreports 
contains now links to (from|sender|reply-to|errors-to|list-...) if any of 
these addresses differ from the envelop sender


ASSP 2.0.1 RC 0.5.12
ASSP 2.0.1 RC 0.5.11
- ['BlockReportHTTPName','My HTTP Name','The hostname for HTTP(S) links in 
AdminUsers Blockreports. If not defined the local hostname will be used.',

The date in every HTTP-AdminUsers-Blockreport line contains a http link to 
open the .eml file like in MaillogTail, if the file exists.
fixed:

- MaillogTail has no output if a search string is used
- analysing tools reporting wrong file lines for feature matches
- since 0.5.09 the syntax check for a replaced assp.pl has failed every 
time if a instance of assp was still running
- #included files where not correct processed if the first line of such 
file is not empty
- uploadGriplist is processing all log files, even if only the last four 
are needed
- files attached to a notification mail are not shown correct in outlook 
(test needed!)


changed:

- testRe is now able to test weighted regular expessions 

- ['NotGreedyWhitelist','Only the envelope-sender is added/compared to the 
whitelist','0:check all addresses - one match for white - add 
all|1:envelope-sender only|2:check all addresses - all matches for white - 
add all','Normal operation includes addresses in the FROM, SENDER, 
REPLY-TO, ERRORS-TO, or LIST-* header fields.<br />
  This allows nearly all list email to be whitelisted. If set to 
\'envelope-sender only\', only this address is compared/added.<br />
  If set to \'check all addresses - one match for white - add all\', one 
match in any of this fields is enough to get white and all addresses will 
be added to whitelist.<br />
  If set to \'check all addresses - all matches for white - add all\', all 
defined addresses in all of these fields have to match to get white and 
all addresses will be added to or updated in whitelist.<br />
  If any address is found in redlist, no whitelist addition will be done 
and the message gets not white. Will not do anything if you add/remove 
whitelist entries via email-interface.'

- rebuild spamdb will add a "bounce mail report" to the output file. This 
report contains the absolute number of received bounces in the last two 
days and a list of local addresses which has received at least 10 bounces 
in the last two days. In combination with 'LocalFrequencyInt' and 
'LocalFrequencyNumRcpt' this should able the admins to detect and prevent 
local abuses. 


added:

['LocalFrequencyInt','Local Frequency Interval','The time interval in 
which the number of envelope recipients per sending address has not to 
exceed a specific number ( LocalFrequencyNumRcpt ).<br >
  Use this in combination with LocalFrequencyNumRcpt to limit the number 
of recipients in a given interval, to prevent local abuse - for example 
from highjacked local accounts. A value of 0 (default) will disable this 
feature. It is recommended to enable DoLocalSenderAddress and/or 
DoLocalSenderDomain, if you want to use this feature.'

['LocalFrequencyNumRcpt','Local Frequency Recipient Number','The number of 
envelope recipients per sending address that has not to exceed in a 
specific time interval ( 
LocalFrequencyInt ).<br >
  Use this in combination with LocalFrequencyInt to limit the number of 
recipients in a given interval, to prevent local abuse - for example from 
highjacked local accounts. A value of 0 (default) will disable this 
feature. It is recommended to enable DoLocalSenderAddress and/or 
DoLocalSenderDomain, if you want to use this feature.'

['LocalFrequencyOnly','Check local Frequency for this Users only*',
 'A list of local addresses, for which the \'local frequency check\' 
should be done. Leave this field blank (default), to do the check for 
every address.<br />
  Accepts specific addresses (user@domain.com), user parts (user) or 
entire domains (@domain.com).  Wildcards are supported 
(fribo*@domain.com).<br />
  For example: fribo*@thisdomain.com|jhanna|@sillyguys.org '

['NoLocalFrequency','Check local Frequency NOT for this Users*' 'A list of 
local addresses, for which the \'local frequency check\' should not be 
done. Noprocessing messages will skip this check.<br />
  Accepts specific addresses (user@domain.com), user parts (user) or 
entire domains (@domain.com).  Wildcards are supported 
(fribo*@domain.com).<br />
  For example: fribo*@thisdomain.com|jhanna|@sillyguys.org ',

ASSP 2.0.1 RC 0.5.09
changed :

- MaillogTail: the time order of the lines could be switched (up and down)
- ClamScan should no more block any worker, if Clamd is not anwering to a 
command

ASSP 2.0.1 RC 0.5.08
fixed:
gripupload/blockreporting

ASSP 2.0.1 RC 0.5.07
fixed:

- Blockreports and upload Griplist having no results
- error in plugin call level 2, if a message is markt as suspect in AFC 
plugin


changed:

- the realtime MaillogTail now uses the selected values for 'color lines' 
and 'wrap lines'
- new submit button at the end of the MaillogTail
ASSP 2.0.1 RC 0.5.05
fixed :

- notifications mails are wrong encoded
- notification mails showing a dot at the end
- if assp is started without defining the base directory '.' was maybe 
assumed - this is now changed to the real/abolute directory name
- spamSubject that contains a reserved character caused an exception
- a notspam report caused whitelist additions even if 
EmailErrorsModifyWhite is set to 2

added:

['LogDateFormat','Date/Time Format in LogDate','Use this option to set the 
logdate. The default value is \'MMM-DD-YY hh:mm:ss\'. The following (case 
sensitive !) replacements will be done:
 YYYY - year four digits
 YY - year two digits
 MMM - month (three charactes) alpha numeric - like Oct Nov Dec
 MM - month numeric two digits
 DDD - day (three charactes) alpha numeric - like Mon Tue Fri
 DD - day numeric two digits
 hh - hour two digits
 mm - minute two digits
 ss - second two digits
 A value has to be defined for every part of the date/time. Allowed 
separators in date part are '_ -./' - in time part '-_.:' .

['LogDateLang','Date/Time 
Language','0:English|1:Franï¿½ais|2:Deutsch|3:Espaï¿½ol|4:Portuguï¿½s|5:Nederlands|6:Italiano|7:Norsk|8:Svenska|9:Dansk|10:suomi|11:Magyar|12:polski|13:Romaneste',
  'Select the language for the day and month if LogDateFormat contains DDD 
and/or MMM.'

['noLogLineRe', 'Regular Expression to Identify skipped Log Lines*'
 'Put anything here to identify log Lines that you don't want to be 
logged.
ASSP 2.0.1 RC 0.5.04
fixed: 

- whitelisted from is not detected 
- mails with no subject, produces a large subject if passing because of messagelow 
- includes could not be open 

changes: 

- MaillogTail is more functional and nice 

ASSP 2.0.1 RC 0.5.03
cosmetic changes
ASSP 2.0.1 RC 0.5.02
cosmetic changes
ASSP 2.0.1 RC 0.5.01
fixed:

- subject header lines are wrong parsed if the subject is multiline  eg.

Subject: some text[CRLF]
 =?ISO-8859-1?Q?Text1?=[CRLF]
 =?ISO-8859-1?Q?Text2?=[CRLF]
.....
or

Subject:[CRLF]
 =?ISO-8859-1?Q?Text1?=[CRLF]
 =?ISO-8859-1?Q?Text2?=[CRLF]
.....

- MSOL 2007 HTML Mails are wrong DKIM signed -> all HTML parts (text/html) 
are converted to base64 before the DKIM signature is calculated


changed

- some small changes in MaillogTail design

ASSP 2.0.1 RC 0.5.00
fixed:

- wrong maillog output for message score reasons

changed:

- If a server replies with 421 or 45x in (or to) the DATA part of the 
client, assp stores the messages as OK, if no check was failed.
  Now, in this case, assp will log [MessageOK] because the messages was ok 
for ASSP - but a logline for the reply [4xx] will be written and the .eml 
files will be deleted. 

There is still a problem generating DKIM signatures with assp for outlook 
2007 HTML messages. To prevent this, set the messages encoding in outlook 
2007 to base64 (thanks to Marco for testing). I'll try to implement an 
automatic encoding conversion to base64 for such messages if DKIM is used, 
but it will take some time.

ASSP 2.0.1 RC 0.4.32
fixed:

- EmailAdmins are unable to modify Blacklist via email interface
- text for helo blacklist in rebuild is not correct



changed:

- improvements in MaillogTail view:
  - better definition of the search target (number of lines and files)
  - used definitions are stored for AdminUsers (not root !!) and are 
reused if the page reopened
  - tail bytes are setable per session
  - the defined values are no more reset to defaults after a search


new:

'MaxAllowedDups','Max Number of Duplicate File Names'  'The maximum number 
of logged files with the same filename (subject) that are stored in the 
spam folder (spamlog), if UseSubjectsAsMaillogNames is selected. Default 
is 0. A low value reduces the number of possibly duplicate mails, assuming 
that mails with the same subject will have the same content. A value of 0 
disables this feature. If this number of files with the same filename is 
reached, new files will be stored in the discarded folder, which has to be 
defined for this feature to work.', 


'MaxKeepDeleted','Max Days of Keep Deleted',  'The maximum number in days 
deleted files in the bayesian collection folders ( spamlog , notspamlog ) 
will be kept. This is necessary when EmailBlockReport is used to handle 
the file and the file is meanwhile deleted. The list of files that are 
maked for deletion is stored in trashlist.db .'

Delete files will no more get a filedate in future!
Files there filedate is expired, will be deleted by the rebuild task 
before the rebuild of the spamdb is done.


ASSP 2.0.1 RC 0.4.31
fixed :

- wrong logline for rebuild HeloBlack 
- some links in  the GUI are wrong

new:

- the wrap position for the "Maillog Tail" could be changed per session - 
the startup value is used from 'MaillogTailWrapColumn' .

ASSP 2.0.1 RC 0.4.30 
fixed:

- wrong weight calculation if a negative value was used for the weight
- mistake in rebuild the HeloBlack list (wrong output)
- files in 'discarded' folder contains no subject in filename

changed:

- behavior and text changed to 'maxSMTPSessions'
...........  If the value is reached, assp will wait until the number of 
simultaneous SMTP sessions is lower than  (value - 20) or (value * 0.75).

ASSP 2.0.1 RC 0.4.29
fixed:
logging AFC plugin

ASSP 2.0.1 RC 0.4.28
fixed:
- MSGID - check results in a 'regex' exception if the from address 
contains a reserved character
- wrong logging if a plugin check failed
- .eml files where some times stored with zero byte length and/or in a 
wrong folder, if the AFC-plugin has found spam
ASSP 2.0.1 RC 0.4.27
fixed:
Quit/Reports

ASSP 2.0.1 RC 0.4.26
fixed:
- Analyze tool did not handle include files correctly

ASSP 2.0.1 RC 0.4.25
fixed:
- bomb features where not working correctly in every case

added:
'maxSize','Max Size of Local Message',
 'If the value of ([message size]) exceeds maxSize in bytes the 
transmission of the local message will be canceled. No limit is imposed by 
ASSP if the field is left blank or set to 0. This option allows admins to 
limit useless bandwidth wasting based on the transmit 
size.'msg008620','msg008621'],

'maxSizeExternal','Max Size of External Message,
 'If the value of ([message size]) exceeds maxSizeExternal in bytes the 
transmission of the external message will be canceled. No limit is imposed 
by ASSP if the field is left blank or set to 0. This option allows admins 
to limit useless bandwidth wasting based on the transmit 
size.'msg008630','msg008631'],

'maxSizeError','max message size Error' - '552 message exceeds MAXSIZE 
byte (size)','SMTP error message to reject maxSize / maxSizeExternal 
exceeding mails. For example:552 message exceeds MAXSIZE byte (size)! 
MAXSIZE will be replaced by the value of maxSize / 
maxSizeExternal.'msg008640','msg008641'

ASSP 2.0.1 RC 0.4.24

changed:
regex weight

ASSP 2.0.1 RC 0.4.23
noDelayAddresses - Do not Delay these Addresses - Enter senders email addresses that you don't want to be delayed, separated by pipes (|). You can list specific addresses (user@anydomain.com), addresses at any domain (user), or entire domains (@anydomain.com).  Wildcards are supported (fribo*@domain.com). (|). 
For example: fribo@anydomain.com|jhanna|@sillyguys.org or place them in a plain ASCII file one address per line:file:files/nodelayuser.txt. 


ASSP 2.0.1 RC 0.4.22
added:

- ASSP now automaticly checks the assp-CVS repository on sourceforge for a 
new available version every some hours (12...24).

You can see, that a new version is available - on an added menu entry in 
the top menu (green), which shows the new available version number and is 
a link to the download of assp.pl.
This menu entry is only shown, if the version on sourceforge is newer than 
the running one.
If assp finds a newer version, a message like:

............ Info: new assp version 2.0.1(RC .....) is available for 
download at sourceforge

is written to the maillog and could be watched by the notify feature to 
inform you by email about this event.

All future version will be available on this web page and in the CSV 
respository. As long as V2 is not published on SF, this is only a test 
balloon and could be changed at any time.
To check the version, assp mirrors the file 'version.txt' to the 
assp-base-directory. If a download is needed, it will be only some byte 
long (20 + html header).
To force a check, delete the file 'version.txt' from the base directory 
and restart assp.

Currently there will be no other files, plugins, information and change 
logs available in the assp-CVS repository. 

ASSP 2.0.1 RC 0.4.21
fixed:

- validHelo-check was running on an empty value since 4.19/4.20
- using TLS with authentication results in a wrong SMTP-command sequence, 
which could cause a connection running in to timeout
- some changes in 4.19 caused some features to do wrong things (sendspam) 
- mistake was a wrong case change of the senders address
- some PB-valence values have not shown the default value in the GUI
- recipient addresses where not translated by the RecipientReplacment 
feature, if the senders address is checked in rule and the senders address 
was signed with a BATV-tag
- RWL-check was done on an CIP, even if this IP was defined in noRWL


changed:

- improved VRFY check - RCPT TO is now only done if : ASSP is unable to 
detect anyway (EHLO or HELP) that VRFY or EXPN are supported by the MTA  - 
 or VRFYforceRCPTTO is set for the MTA
- MSGID-check improved for mails comming from an ISP   (CIP)

ASSP 2.0.1 RC 0.4.20
fixed:

- PTR cache was not working correct

changed:

- invalidMsgIDRe, invalidFormatHeloRe and invalidPTRRe accept now the 
weighted regex syntax (**)

ASSP 2.0.1 RC 0.4.19
fixed:

- resend in maillog tail was not working (no local to: and from:)
- wrong CIP handling in the case of the mailflow   ISP[->...]->ISP->ASSP

changed:

- enhanced CIP handling for all IP and HELO checks

ASSP 2.0.1 RC 0.4.18
fixed:

- ^C (sig(int)) in console mode has not stopped damping


changed:

- an info line in module list for Net::SSLeay is added
- a statistic line in "SMTP Connection Statistic" is added for stolen time 
by damping
- DoDomainIP and DoFrequencyIP are now also done for domains and IP's 
behind your ISP (ispip , ispHostnames)
ASSP 2.0.1 RC 0.4.17
fixed:

- the config check for all port definitions is improved for the case, that 
more than one port is defined
- some not nice line breakings in rebuild report are fixed
- add/remove to blacklistedDomains was not working correct
- LDAPShowDB '-showlist' button has not shown the hash/list if the value 
was set to 'DB:' (same like ldaplistdb)
- build heloblacklist reported xxx/yyy records


changed:

- noGriplistUpload must no be set to download the GripList even if 
noGriplistDownload is unset
- SMTP-Connection screen is more readable (header part with the 
performance data)
- extra link to start the SMTP-Connection screen with infinity refresh 
(click on the 'i' icon - read the hintbox)  --- for language file 
mainteners: the hintbox text has the message number msg500100 - see below)
- the topmenu shows the version number
- the current time is added in front of every line in rebuild report (like 
in maillog.txt)


the following should be added to the main_default_en.txt  file if you 
maintain a language file:

# SMTP Connection - link - hintbox
msg500100=Click here to open a SMTP-Connections-Window that never stops 
refreshing. Do not make any changes in the main window, while this 
SMTP-Connections-Window is still opened! A SMTP-Connections-Window which 
is started with the default (left beside) link, will stop refreshing if it 
is not in forground. 

ASSP 2.0.1 RC 0.4.15
fixed:

- if two windows (main and connections or status) are opened in  GUI and 
an action was taken in the main window - this window was also switching to 
the connection/status state
(this is fixed by stopping the refresh cycle for the connection/status 
windows as long as it has lost the focus - sorry no other possible way)

- noGroupListUpload was not working correct


changed:

- more nice top menu


added:

- rebuildspamdb now also uses 'ispHostnames' to detect the HELO's for 
heloblack list.

ASSP 2.0.1 RC 0.4.14
fixed

- MainThread and MaintThread running in  to a collision saving 
asspstats.sav
- the '.' in ConfigMakeSlRe is not masked - 'i.a' and 'ira' are detected 
as equal

changed:

- some not important changes in GUI text

added:

- a menu at the top of the GUI was added
(to prevent/answer questions: it is not possible to move the 'language 
select option' in to the HTML-header part -[ the left and the top menu]!)

- DisableVRFY  -  Disable VRFY for External Clients  - If you have enabled 
VRFY on your MTA to make assp able to verify addresses and you do not want 
external clients to use VRFY - select this 
option.',undef,undef,'msg008600','msg008601'
(This will also remove '250-VRFY' from the EHLO-reply of your MTA)

ASSP 2.0.1 RC 0.4.13 
-  The W32 Service Registration is moved to the most early point in code - 
5-10s after Perl starts.

ASSP 2.0.1 RC 0.4.12
fixed:

- for some messages the mail header was transfered two times
- changing the display language was not working in any case
- the hintbox in the config part of the GUI has shown wrong 
updated/changed values

added:

MaxCorrectedDays
msg008590=Max Corrected File Age
msg008591=This is the number of days a error report will be kept in the 
correctednotspam and correctedspam folders. These folders are the longterm 
memory of ASSP, therefore the default is 1000 days.

changed::

- the change language part is moved to the main config form !

ASSP 2.0.1 RC 0.4.11
fixed 
- under rar condition it was possible that the assp-Virus check was 
producing a large amount of log entries

added/changed:

- the MX check now checks the IP of the resolved MX against privat IP 
ranges
- it is possible for every User (also root) to switch between language 
files per GUI session 'on the fly'

ASSP 2.0.1 RC 0.4.10
Language support enhanced. It is now also 
possible to translate some other hints and descriptions in the GUI.
The english version of this text parts could be found in the file 
'main_default_en.txt' - the translated version sould become part of the 
language file.

ASSP 2.0.1 RC 0.4.08
ASSP 2.0.1 RC 0.4.07
fixed

- incomplete LDAP/VRFY logging
- URIBLOK parses email addresses wrong
- processing mails was not stopped in some cases

added:

- preparation for archive plugin
- some more debug information

ASSP 2.0.1 RC 0.4.06

- It is possible to include custom-designed files at any line of such a file, using the following directive 

# include filename 

where filename is the relative path (from $base) to the included file like   files/inc1.txt    or    inc1.txt   (one file per line). The line will be internaly replaced by the contents of the included file! 

an example bomb file could be: 

\bmy bad word\b  # your comment 
any other words 
# include files/bombinc1.txt   # any comment 
or an other word 
; a comment 
.... 
#include sync/bombReInc1.txt 
# a comment 
... 
... 
The included files are also watched by assp for changes like any other option file. 

ASSP 2.0.1 RC 0.4.05
If your ISP is writing a headerline like (for example): 

Received: from gold.dnsstuff.com ([75.125.82.251]:59117 helo=main) by astaro1.bordo.com.au with esmtp (Exim 4.69) (envelope-from <emailavtest@dnsstuff.com>) id 1Mg52q-0004vU-1K for me@bordo.com.au; Wed, 26 Aug 2009 09:03:17 +1000

ASSP was using 'gold.dnsstuff.com' as orginated HELO - now if 'helo=the_hosts_helo' is found in that line, ASSP uses this string ('the_hosts_helo') for the HELO-verification 


2.) 

The 'Received:' line that is written by ASSP in to the header (for example): 

Received: from astaro1.bordo.com.au ([192.168.1.2] helo=astaro1.bordo.com.au) by ASSP-nospam; 26 Aug 2009 09:03:20 +1000
 
is changed for incoming mails. ASSP was using the string in the HELO command to write 'from .....' and the 'helo=....' 
Now ASSP uses the HELO-string for 'helo=....' - but the PTR to the connected IP in 'from ....' if it finds a PTR record. If no PTR is found the HELO-string is used (like before). 
For outgoing (relayed) mails nothing has changed. 


fixed: 

- The STAT for damping was not set to 0 at startup -> wrong count. 
- The 'AutoRestartAfterCodeChange' feature was not working in nondefault installations (assp.pl not in $base) 

ASSP 2.0.1 RC 0.4.04

- some connections are not dropped and shown in a state of  'QUIT(error)' 
in last command
- DoDamping is temporary switched off, if the configured maximum number  of 
SMTP-connection is reached. If the number of SMTP-connections goes below 
the maximum, damping starts again.

ASSP 2.0.1 RC 0.4.02
SSL Fix for Windows
ASSP 2.0.1 RC 0.4.01
fixed:

- not existing files are shown as link in 'Maillog Tail'

new:

- AutoRestartAfterCodeChange - Automatic Restart ASSP on new or changed 
Script - If selected, ASSP will restart it self, if it detects a new or 
changed running script. An automatic restart will not be done, if ASSP is 
not running as daemon on linux/MAC ( AsADaemon ) or as a service on 
windows and AutoRestartCmd is not configured.

ASSP 2.0.1 RC 0.4.00
- mails ending after the DATA command or host getting 5xx errors - mails 
are resend infinity - TLS/SSL session are broken or timedout
- if send250ok or send250okISP is used, the QUIT command is ignored by 
ASSP
- DoNotCollectBounces is not working

changed:

- the resend function in maillog tail now checks the message for a local 
TO: address and warns on this

added:

- the literal 'SESSIONID' will be replaced in all configurable replies by 
the unique message identifier 

ASSP 2.0.1 RC 0.3.26
- unneeded Charsets are no more selectable
- DKIM signature is now also created for noprocessing messages - so the 
_adsp._domainkey.[your sub domains].[your domain].[top level] 
TXT=[dkim=all] policy is no more broken
- DoDamping now works correct
- DoLDAP supports now also TLS-mode not only native SSL , this belongs 
also to AdminUsers authentication
- SSLTimeout could be set to large values (up to 999 seconds)
- URIBL check is now using the full MIME encoded mail to search for URI's
- Systems with native UTF8 environment should no longer have problems with 
non ASCII characters
- processing large mails is much faster than in 2.0.1_RC0.3.19 (too slow 
3.23 was a bug)
- STAT traffic caused MainThread to stuck because of IO-blocking mode
- DKIM check is now done before Plugin-Calls at level 2
- ASSP adds the 'CRLF.CRLF' to the mail, if this was removed by some 
modules
- resend function now uses 'myName' as HELO to the MTA
- message scoring is now OK for Plugins at level 2 (var typo)
- messages without any mail header are now processed correct - a second 
'CRLF.CRLF' was needed
- DKIM check is now skipped if a message-ID-signature was removed
- the MTA was some times receiving the '250-STARTTLS' offer two times
- auto whitelisting was broken (or done multiple times) in 3.23
- FileScan in 'NORUN-xxxx' mode was not working well
- the 'noprocessing' state of a mails is now shown in Connection-Screen
- the 'damping' state of a mails is now shown in Connection-Screen

ASSP 2.0.1 RC 0.3.19

- subject of previous message was shown in maillog if two connections from 
same IP where handled in the same worker
- wrong encoding in maillog tail if NLS was enable
- wrong encoding for MIME contents in bomb check and rebuild spamdb
- wrong encoding HTML contents in Blockreports
- header bombs where not working correctly
- wrong typos and links in GUI
- corrected some log lines from error: to info: for conversions
- DKIMpreCheck has ignored DKIM-policy in DNS
- DKIM was calculating a wrong body RSA hash
- DKIM on remote side failed, because ASSP has some times done a wrong 
headerwrap in the DKIM-signature
- bombSubjectRe was not working because of wrong charset conversion to 
UTF8
- the original subject assp header tag (X-Assp-Original-Subject:) was 
written unencoded even if the real subject was MIME encoded

- the link in GUI to the 'Worker Status' is renamed to 'Worker/DB Status' 
and shows failed database tables (if some are failed)
- the edit windows which is opend if an eml file is selected in 'Maillog 
Tail' has an additional button which enables the MIME decoded view of the 
eml file

- SSLtimeout','SSL Timeout (2-9)' 'SSL/TLS negotiation will timeout after 
this many seconds. default is : 5 seconds.
This value was previously hard coded to 2 seconds - increase the value if 
you often get 'SSL wants a read first' errors.

changes:

- GUI: only UTF-8 enabled browsers are supported
- using non ASCII characters in an configuration value is only supported 
using the 'file:.....'  option
- editing any files that contains non ASCII characters with an editor that 
is not UTF-8 enabled could cause assp to crash or to do wrong things
  (the assp.cfg is not stored in UTF-8 format for backward compatibly)
ASSP 2.0.1 RC 0.3.18
- SSLRetryOnError','Retry SSL on "SSL want a read first" error,  'If 
selected, ASSP retries one time to establish a SSL connection with one 
second delay, if the peer was not ready after STARTTLS because of a "SSL 
want a read/write first" error.'

until 0.3.17 - this retry was hard coded, which could cause problems with 
hanging connections on some systems!
ASSP 2.0.1 RC 0.3.17
fixed:

- SSL negotation failes on SSLlistenPort because of too early handshake
- unsuccessful transfer of a SSL-connection to a Worker was resulting in 
stucking Workers and ASSP restart after 2 minutes
- STARTTLS - session failes to postfix because of too late resend of the 
last EHLO answer line
- in some cases (configuration,mailllength ... ) it was possible that some 
checks where made multiple times on the same mail
ASSP 2.0.1 RC 0.3.16
fixed:
suspiciousvirus.txt -> files 09-07-09
the following is fixed in 2.0.1_RC0.3.16

- adminusersdb is now a security value and could only be change by root
- if the MainThread has taken more than 60 seconds to initialize an error 
message was shown
- SMTPsessionLimt was not working like expected - this was possibly a 
reason for unexpected restarts of ASSP (overload on DoS)
- local registered AdminUser was able to logon with wrong password
- local registered AdminUser was unable to change his local password
- ASSP was crashing on signals abrt,break,quit,kill,term in any worker


the following should be fixed - tests are necessary

- wrong file name was used for collected files (wrong subject) - James!



new (improved) in this release:

-'smtpDestinationSSL','SSL Destination',  'The IP address and port number 
to connect to when mail is received on the SSL listen port. If the field 
is blank, the primary SMTP destination will be used. 
Examples:127.0.0.1:565, 565'

-'maxSMTPSessions' does no more restrict connections on relayPort - the 
connections will be counted but not blocked because of too many SMTP 
connections

-'tlsValencePB','OK, Is a SSL/TLS connection, default=-10 Message Scoring 
& IP scoring Bonus for SSL/TLS connections

-'adminusersdbNoBIN','Admin Users Database uses no Binary Data (ASCII 
only)','Select this, if adminusersdb is set to "DB:" and your database 
engine does not accept or has problems with binary data. If you change 
this value, you have to stop all assp and to cleanup both tables 
(adminusers and adminusersright)'

-'NoTLSlistenPorts','Disable SSL support on listenPorts'  'This disables 
TLS/SSL on the defined listenPorts, if DoTLS is set to "do TLS". All other 
SMTP listeners will support TLS/SSL, if DoTLS is set to "do TLS". This 
option works for listenPort , listenPort2 and relayPort . The listener 
definition here has to be the same like in the port definitions. Separate 
multiple entries by "|". 25, 127.0.0.1:25, 127.0.0.1:25|127.0.0.2:25'


ASSP 2.0.1 RC 0.3.15
new:
ReStartSchedule - Schedule Cron time for ASSP Restart  -  If set (empty is default), ASSP uses scheduled times to shutdown or restart ( AutoRestartCmd )! The syntax is the same like in Vixie cron! To disable this Scheduler leave this field blank! Never write quotes in to this field! 
This requires an installed Schedule::Cron module in PERL.
ASSP 2.0.1 RC 0.3.14
fixed:
- running more than 5 workers and using BerkeleyDB for all hashes could 
result in BerkeleyDB errors because of reaching a technical limit of a 
single BerkeleyDB-CDB-Env .
- 'BerkeleyDB' implementation is redesigned because of the above reason! 
- 'fileLogging' is automaticly set to on, if 'inclResendLink' is not set 
to disabled.
changed:
- 'BerkeleyDBcache' is removed  -  ASSP calculates the optimum cache for 
each DB on each start
- For hashes and lists that where configured to use a database 'DB:',  the 
contents shown in GUI was the contents of the last backup - now the real 
hash or list is shown in GUI.
  It is not recommended to edit large hashes (fe: spamdb) with this 
function. Better use the last backup file, edit the file to your needs and 
import the file.
  Some times it looks like IE is freezing, if you click in to the edit 
window that shows a large hash - just wait some time if this is happen. 

new:

- The file/hash/list   edit/show-browser-window now has a text-replace 
function

ASSP 2.0.1 RC 0.3.08
- admin users password expiration date was not updated in case of a 
successful LDAP login
- if BerkeleyDB was used and under some other conditions, it was possible 
that a restarted worker was stucking because of uninitialized variables
- the format of the debug log time was not correct
- the BerkeleyDB lock-timeout was not working
- internal hashes that uses BerkeleyDB where not included in DB-check 
interval
- the internal file counter was not loaded at startup
- Mail Analyzer was running in a 'undefined subroutine SeachBomb' error
- the cleanup of the hashes for 'DoFrequencyIP' and 'DoDomainIP' was wrong
 
new:

in GUI:
- debugNoWriteBody:  Do not write Body to Debug   -    If selected, the 
sent message body data will not be written to the debug file.
- MaxFinConWaitTime: Maximum time to wait for SMTP-Workers to finish 
connections   -   The maximum time in seconds to wait for SMTP-Workers to 
finish connections, in case of a shutdown or restart of ASSP. Default is 
45. Configurable values are 10 to 599.
------
- if a worker is restarting because of an exception, the reason is logged 
to the file   exception.log
- enhanced BerkeleyDB error logging

changed:

- passwords are shown in clear text in GUI if root (only root) is logged 
on
(Do not not logon as root, as long no security value has to be 
changed. Instead use an other admin user with full rights!)

ASSP 2.0.1 RC 0.3.07

fixed:

- ASSP restarts unexpected on : main exception: Can't call method "c_get" 
on an undefined value at h:/Perl/site/lib/BerkeleyDB.pm line 1318.


new:

- The GUI shows the current healthy status in headline with a green or red 
dot.
- The Status output on 'webStatPort' contains the healthy status:

Current healthy status | healthy
or
Current healthy status | not healthy

This could be used to monitor the ASSP heathy status with external tools 
like "Nagios"

ASSP 2.0.1 RC 0.3.04
fixed:

- High CPU usage and stucking workers if 
'DoBackSctr','BackDNSInterval','downloadBackDNSFile','localBackDNSFile' 
and 'useDB4IntCache' are configured - caused by too less BerkeleyDB cache. 
The used BerkeleyDB cache is set to at least  50MB in this case - if the 
configured value is too less. 

- GUI text for 'relayPort'  -  multiple entry support - sorry, the 
function is available for a long time, I forgot to change the GUI text.

- After each start the file counter was reset to 1. So it was possible 
that some file where overwritten, because of the same resulting file name. 
The counter value is now stored in the asspstats.sav file and will turn 
over to 1 after 999.999 stored mails. This belongs to all discarded mails 
and to all other collected mails if 'UseSubjectsAsMaillogNames' is 
configured.

- Both mail analyzing features now able to report weighted regex results

- BlockReports now working correct if 'ExtraBlockReportLog' is set to on

- attachment detection (also AFC-Plugin) is working, even if it is 
processing a digital signed mail

- all Attachment-, Bomb....-, Script and Bayes checks are now using the 
full decoded header and body

- the subject logging was not working for noprocessing and whitelisted 
mails 

ASSP 2.0.1 RC 0.3.03
ASSP_AFC.pm (v1.11) -> assp/plugins New 09-06-29

- resend does not work if a "Reply-To:" lines was before a "To:" line
- the blockreport log files are not correct handled if 'logfile' contains 
a directory
- the SSL-failed-Cache and ''noTLSIP" does not work in every case


Removed:

Text::iconv - is removed !

News:

'noBlockingIPs','Do not block Connections from these IP\'s*' 'Manually 
maintained list of IP\'s which should not be blocked.  For example: 
145.145.145.145|145.146.','','7'
(adapted from V1)


----> national language support

'UseUnicode4MaillogNames','Use Unicode (8 Bit) to build Maillog Names',
  'If you have switched on UseSubjectsAsMaillogNames and decodeMIME2UTF8 
and your default (local language) characterset needs 8 Bit like 
"KOI8-r","CP-866","Windows-1251","ISO-8859-5","X-Mac-Cyrillic","JIS_X0201" 
or any other - and you want to have readable subject and filenames in the 
maillog, you can switch on this option. The resolution of some characters 
written to the console could be incorrect depending on your operating 
system. This requires an installed <a 
href="http://search.cpan.org/search?query=Email::MIME::Modifier" 
rel="external">Email::MIME::Modifier</a> module in PERL.

I'm unable to check if 16/32 Bit character sets are working - but this 
should be possible.


'decodeMIME2UTF8','Decode MIME Words To UTF-8'  'If selected, ASSP decodes 
MIME encoded words to UTF8. This enables support for national languages to 
be used in Bombs , Scripts , Spamdb , Logging and File Names. If not 
selected, only US-ASCII characters will be used for this functions. To 
enable national languages for file names, you must also switch on 
UseUnicode4MaillogNames . This requires an installed <a 
href="http://search.cpan.org/search?query=Email::MIME::Modifier" 
rel="external">Email::MIME::Modifier</a> module in PERL.'

Be carefull using special characters in bomb-regexes.  Perl is unable to 
detect those characers in "words" like    \b..your..special...word..\b   !
so : \bï¿½rger\b  will not work  -  but    ^ï¿½rger$  will work.



'ConsoleCharset','Charset for STDOUT and STDERR'
 'Set the characterset for the console output to your local needs. Default 
is "System Default" - no conversion. Restart is required!'

'LogCharset','Charset for Maillog',
'Set the characterset for the maillog output to your local needs. Default 
is "System Default" - no conversion. Restart is required!'


These 4 options could be used to support special national languange 
characters (character sets). To support this also in 'Maillog Tail', 
'BlockReports' and 'Notifications' the following general changes take 
place.
- Blockreports and Notifications are send in UTF-8
- filenames are converted to unicode

It could be usefull to configure 'ConsoleCharset' and 'LogCharset' to 
different values. For example: to support german 'Umlauts' on "Windows" in 
"Maillog Tail", "BlockReports", Console and Maillog - ConsoleCharset 
should be set to 'cp850' and 'LogCharset' should be set to 'cp1250'.

If  'LogCharset' is set to a wrong value, "Maillog Tail", "BlockReports" 
and "Resend" will show wrong characters and possibly submitt wrong 
filenames.

All possible (installed) character sets will be shown as an optionlist in 
'ConsoleCharset' and 'LogCharset' . As long as your national characterset 
is available in such list, these options should work for you.

(subversion 2.0.1_RC 0.2.17)
fixes:

- [no Stats] assp detects now an unclean shutdown (pidfile exists) and if 
so, all temporary BerkyleyDB files will be cleared
- [exception on unquoted regex in BATV] - the regex is now quoted
- [unexpected die within 5 minutes after start] - LWP was the reason for - 
downloads of the optionfiles are queued now a bit longer
- internal signalhandling is fixed/improved - ASSP will return the 
following values to the shell
0 - on : install and remove service, stop from ServiceControlManager 
(SCM), after fork in linux if started 'asdaemon'
2 - on : stop request from GUI
1 - on : internal detected exceptions and signals - and ^C in console mode
9 - on : external signals like 'KILL' - any external signal to ASSP could 
result in an unexpected die of ASSP under Windows. Test have shown, that 
such signals are not catchable in ASSP V2. I recommend to start ASSP as 
service and configuring the recovery feature in SCM or to start ASSP from 
a cmd batch with a loop.

- the maintenance thread is redesigned - time critical requests like 
resend and Blockreports are executed with higher priority - more debug and 
'Worker Status' information added


improvements:

-in Virus Section

'noScanIP','Do Not Scan Messages from these IP\'s*'
'Enter IP addresses that you don\'t want to be scanned for virus , 
separated by pipes (|). For example: 145.145.145.145|145.146.'

in Backscatter section

'downloadBackDNSFile','Download the Backscatterer DNS-IP-List',
'If selected, the complete IP-list is downloaded to a local file. If 
useDB4IntCache is set, the list is stored in a BerkeleyDB database 
(BackDNS2). Otherwise the records will be stored in the pbdb cache BackDNS 
. The download will be skipped, if useDB4IntCache is not set and 
mysqlSlaveMode is set. IP\'s are checked on this file first, if the IP is 
not found on this list, a DNS query is done. It is recommended to use this 
option for ISP\'s and users with more than 1000 bounced mails a day. See 
wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz'

'localBackDNSFile','Local File for the Backscatterer DNS-IP-List',
'The name of the local file that is used for this IP-list. The content of 
this file is filled in to the \'Backscatter-DNS Cache\' ( BackDNSInterval 
). IP\'s from this list will be removed after one day from the cache.


- in Blockreport Section

'ExtraBlockReportLog','Enable extra Logging for BlockReports',
'Maillogs could grow to a very large size. Enable this feature to log only 
loglines with blocking informations to an extra file. The files will be 
named as "b" + logfile . Using this option will speed up Block Reporting. 
Before you switch on this option, you should run "grep"[linux/MacOS] or 
"find"[Windows] to create the "b" - file from the maillog\'s.
linux/MacOS - grep "\[spam found\]" *maillog.txt > bmaillog.txt
Windows - find "[spam found]" *maillog.txt > bmaillog.txt'

'BlockMaxSearchTime','Max Search time per log File',
'The maximum time in seconds, the Blockreport feature spends on searching 
in one log file. If this value is reached, the next log file will be 
processed. Default is 0. A value of 0 disables this feature and all needed 
log files will be fully processed.'



Because of the new plugin name, the names of the config variables will be changed! 
To replace the plugin: 
- write down your settings for the ASSP_AttachmentFullCheck plugin 
- stop assp 
- remove ASSP_AttachmentFullCheck.pm from the Plugins folder 
- copy ASSP_AFC.pm to the Plugins folder 
- start assp 
- reconfigure the ASSP_AFC plugin variables to your needs 

There is no change in the functionality of the plugin - only the names of the variables where changed! 



the following bugs are fixed in 2.0.1_RC0.2.10

- weighted regexes now OK for SuspiciousVirus
- weighted regexes are no more case sensitive
- the behavior/definition for weighted regexes is changed 

Fields marked with two asterisk (**) contains regular expressions (regex) 
and accept a second weight value. Every weighted regex that contains at 
least one '|' has to begin and end with a '~' - inside such regexes it is 
not allowed to use a '~', even it is escaped - for example:  <span 
class="negative">~abc\~|def~=>23 or ~abc~|def~=>23</span>. Every weigted 
regex has to be followed by '=>' and the weight value. For example: 
Phishing\\.=>1.45|~Heuristics|Email~=>50  or 
~(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.~=>4.6|Spam=>1.1|~Spear|Scam~=>2.1 
. The multiplication result of the weight and the penaltybox valence value 
will be used for scoring, if the absolute value of weight is less or equal 
6. Otherwise the value of weight is used for scoring.

- for old configured regexes no change is needed
- GUI Analyser was broken
- Mail-Analyser was broken

2.0.1_RC0.1.06

fixed Database-Update-Error 


2.0.1_RC0.1.07
New: 

['VRFYforceRCPTTO','Force the usage of RCPT TO*',80,\&textinput,'','(.*)','ConfigMakeSLRe','Define here MTA\'s for which you want ASSP to force the usage of MAIL FROM:,RCPT TO: and to skip the VRFY command for the verification of local recipients in LocalAddresses_Flat and/or LocalAddresses_Flat_Domains. The definition of the MTA has to be the same, like defined in LocalAddresses_Flat and/or LocalAddresses_Flat_Domains (after the \'=>\') for example: smtp.mydomain.com|mx.other.com:port|10.1.1.1|10.1.1.2:125 .'], 


changed:

['DoPenaltyMakeTraps','Do Heavy Used Invalid Addresses as PenaltyBox Trap Addresses','0:disabled|1:make traps and block them|2:make traps, only collect them|3:do not make them but block',\&listbox,2,'(.*)',undef, 
  'If set to \'make traps, only collect them\', the frequency of Invalid Addresses is stored, no other action taken. If set to \'do not make them but block\' or \'make traps and block them\', addresses in heavy use will act like spamtrapaddresses (PenaltyBox Trap Addresses).'], 



['UseTrapToCollect','Use Penalty Trap Addresses To Collect',0,\&checkbox,'','(.*)',undef, 
  'If set ASSP will use addresses from DoPenaltyMakeTraps and spamtrapaddresses to collect spams.'], 



2.0.1_RC0.1.08

ldapcrosscheck

2.0.1_RC0.1.09

URIBL - fix 

checkOptionList - fix 

2.0.1_RC0.1.10



NoSpoofing - wie V1 
LDAPoffline 

2.0.1_RC0.1.11



Fix fï¿½r localdomains. 

2.0.1_RC0.1.13

New: 

proxyuser 
proxypass 


Fix: 

Outlook timeout. 



change in rebuild for redlist  


2.0.1_RC0.1.15



fix in localvrfy2MTA 


2.0.1_RC0.1.16


sub localvrfy2MTA changed



2.0.1_RC0.1.17


New: 
- 'MaxLogAge' and 'MaxLogAgeSchedule' to delete old maillog files 

['MaxLogAge','Max Age of Logfiles',10,\&textinput,0,'(\d+)',undef, 
  'The maximum file age in days of logfiles. If a logfile is older than this number in days, the file will be deleted. Default is 0 - recommended is 30. A value of 0 disables this feature and no logfile will be deleted because of its age.'], 
['MaxLogAgeSchedule','Runtime MaxLogAge',4,\&textinput,'1','(.*)',undef, 
  'Runtime hour for deleting old logfiles. Set a number between 0 and 23. 0 means midnight, 1 is default.'], 


- 'MaxFileAge' and 'MaxFileAgeSchedule' to delete old collected files 

['MaxFileAge','Max Age of Files',10,\&textinput,0,'^([1-5][0-9]|[0-9])$',undef, 
  'The maximum file age in days of every file in every collection folder (1 - 59). If a file is older than this number in days, the file will be deleted. Default is 0 - recommended is 30. A value of 0 disables this feature and no file will be deleted because of its age.'], 
['MaxFileAgeSchedule','Runtime MaxFileAge',4,\&textinput,'1','(.*)',undef, 
  'Runtime hour for deleting old collected files. Set a number between 0 and 23. 0 means midnight, 1 is default.'], 


CHANGED: 
- the rebuild task will set the filedate of 'to delete' files 60 days in future (old is 30 days) 
- the rebuild task takes care about 'MaxFileAge' and will also delete old collected files if 'MaxFileAge' is not 0 ! 


2.0.1_RC0.1.19
['debugCode', 'Run this Code to switch on Debug',80,\&textinput,'','(.*)',undef, 
 'Put a code line here, to detect messages that you want to debug. The code line has to return 0 or 1. A return of 1 will switch on debug.<br /> 
  for example:<br /><br /> 
  return $this->{isbounce} ? 1 : 0;<br /> 
  This code line will switch on debug for all bounce messages.<br /><br /> 
  if ($this->{relayok} && $this->{isbounce}) {return 1;} else {return 0;}<br /> 
  This code line will switch on debug for all outgoing bounce messages.<br /><br /> 
  if ($this->{ispip} && $this->{cip} =~ /^193\.2\.1\./) {return 1;} else {return 0;}<br /> 
  This code line will switch on debug if the messages is from ISP and the IP of the server that was connected to the ISP begins with 193.2.1. .<br /><br /> 
  To use this option, you need to know the internal ASSP variables and there usage!'],


 
checkFilePermOnStart,Check ASSP File Permission on Startup,If set, ASSP checks the permission of all ASSP- files and directories at startup - all files must be writable for the running job - the minimum permission is 0600! 



IOEngine
Depending on your operating system and your Perl version it could be necessary to use the non default IOEngine IO::Select. Try this if you see unexpected early closed connections in the log. You have to restart ASSP, if you have changed this value.


Use File System Virus Scanner (DoFileScan)

If activated, the message is written to a file inside the FileScanDir with an extension of maillogExt. After that ASSP will call FileScanCMD to detect if the temporary file is infected or not. The temporary created file(s) will be removed.
The viruses will be stored in a special folder if the SpamVirusLog is set to quarantine and the filepath to the viruslog is set.
 
File Scan Directory (FileScanDir)

Define the full path to the directory where the messages are temporary stored for the file system virus scanner. This could be any directory inside your file system. The running ASSP process must have full permission to this directory and the files inside!
 
File Scan Command (FileScanCMD)
 
ASSP will call this system command and expects a returned string from this command. This returned string is checked against FileScanBad and/or FileScanGood to detect if the message is OK or not! If the file does not exists after the command call, the message is consider infected. ASSP expects, that the file scan is finished when the command returns!
The literal FILENAME will be replaced by the full qualified file name of the temporary file.
The literal NUMBER will be replaced by the threadnumber and could be used to name logfiles and to redirect them to STDOUT.
The literal FILESCANDIR will be replaced with the value of FileScanDir.
All outputs of this command to STDERR are automatic redirected to STDOUT.
FileScan will not run, if FileScanCMD is not specified.
If you have your online/autoprotect file scanner configured to delete infected files inside the FileScanDir, define NORUN in this field! In this case FileScanGood and FileScanBad are ignored. If there is a need to wait some time for the autoprotect scanner, write NORUN-dddd, where dddd are the milliseconds to wait!
Depending on your operating system it may possible that you have to quote ( or ") the command, if it contains whitespaces. The replaced file name will be quoted by ASSP if needed.

.
New ASSP_AttachmentFullCheck.pm -> Plugins


ASSP will generate DKIM signatures
create a directory dkim in ASSP base directory
put dkimconfig.txt into it


The additional script addservice is now gone, there is only one thing do in order to install assp as a service in Windows:
perl assp.pl c:\assp -i         will install assp
perl assp.pl -u                will uninstall assp

You  should make sure that Sys::MemInfo is installed
and have a look into the SMTP Connection screen: 
Sys::MemInfo is used to show the total amount of free and used physical memory

The old Adminusers database is obsolete.
Use user "root" to manage the web-admin interface.
There is now -> adminusersdb: Admin Users Database,
The file with the GUI-Admin-Users database - default to set is  adminusers . Write "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters.



Use SSL with LDAP (ldaps) supported.

New config values: 

-   MsgScoreOnEnd 

Message Scoring on End  :   ASSP will wait using the    DoPenaltyMessage    action, until all configured possible checks are finished. Use this, to force calculating a complete message score over all done checks (values), including all bonus values. 





(version 2.0.0.11.05)
ASSP2 is now user and password protected. The webAdminPassword is related to the user root, which is the master user!
In the Server Setup section (GUI) is a New value AdminUserFile, where additional users and passwords could be defined.

username=>password    (one per line)

As long there is root logged on to GUI, no other logons will be accepted. Please do not close the GUI without using the logout-link in the upper right corner. If root closes the browser on a workstation without logout, all GUI-sessions will be blocked until root has done a logon and logoff on the same workstation!!!!!!!!! This behavior will be not changed, it is designed this way,
to prevent overtaking root permission by other users!
Additional users can change there password using the link in the upper left corner.
The users and passwords are stored encrypted using the webAdminPassword as key. For example: You have registered additional users and you do a backup of the user-file. After that you change the master password (root webAdminPassword), this action will Newly encrypt the user-file. If you restore the backup user-file now - the data are not useable - you have to reregister
the users (or change back the root password to the old value before doing the restore of the file)!
Additional users are not able to change the webAdminPassword and to register New users, all other features are available!
All user names and passwords are case sensitive and are not related to any system user account!

The following configparms will be stored encrypted in assp.cfg for security reasons! 

LDAPLogin , LDAPPassword , myuser , mypassword 

AdminUserFile accounts are also stored encrypted - the password is not visible and could only be set by user root! 
Be carefull : if you reset (set) the webAdminPassword (root password) directly in the file assp.cfg (via EDITOR,vi,emac ......), the encrypted config parms and the AdminUserFile are no longer valid and must be deleted (and set via GUI)! In one of the next ASSP2 versions AdminUserFile will become obsolet, it will be replaced by a AdminUserDB, where could be defined the user rights for any action and config parm in GUI. Those additional users will never be able modify any security relevant config parms! 







Request Block Report (EmailBlockReport)
Any mail sent by local/authenticated users to this username will be interpreted as a request to get a report about blocked emails. Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. Only the users defined in EmailBlockTo, EmailAdmins and  EmailAdminReportsTo are able to define a list of email addresses in the mail body. If such an Admin wants to request a report like it is done using the BlockReportFile, the subject of the request email should begin with the word list, or=> must be used in any of the request lines (body) - please read the section BlockReportFile for more details and syntax. Do not put the full address here, just the user part. For example: asspblock


Queue User Block Report Requests QueueUserBlockReports)
How to process block report requests for users (not EmailBlockTo, EmailAdmins, EmailAdminReportsTo).
run immediately - the request will be processed immediately (not stored).
store and run once at midnight - the request will be stored/queued, runs at midnight, and will be removed from queue after that
store and run scheduled - the request will be stored/queued, runs permanently scheduled at midnight until it will be removed from queue - a+ in the subject is not needed
To add a request to queue the user has to send an email to EmailBlockReport. Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report.
If run immediately or store and run once at midnight is selected, but a user wants to schedule a permanent request, a leading+ before the digits in subject is required.
To remove a request from queue the user has to send an email to E mailBlockReport with a leading- in the subject.


File for Blockreportrequest (BlockReportFile)
A file with BlockReport requests. ASSP will generate a block report for every line in this file (file:files/blockreportlist.txt - file: is required if defined!) every day at midnight for the last day. The perl modules Net::SMTP and Email::MIME::Modifier are required to use this feature. A report will be only created, if there is at least one blocked email found! The syntax is: 
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which the report should be created. The default (if empty or not defined) is one day. This value is used to calculate the next run date. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The second parameter is here empty or *!




-DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50 (default) bl.spamcop.net=>50  would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. 
If the sum of weights surpasses RBLmaxweight, the DNSBL check fails.  If not, the DNSBL check is scored as "neutral" even with RBLmaxhits reached.

It is possible to use all hits regardless of maxhits.-> Showmaxreplies

For example:
RBLmaxhits=2
RBLmaxweight=50

zen.spamhaus.org=>1
bl.spamcop.net=>1
safe.dnsbl.sorbs.net=>1
combined.njabl.org=>1
bogons.cymru.com=>2
dnsbl-1.uceprotect.net=>2
dnsbl-2.uceprotect.net=>2
dnsbl-3.uceprotect.net=>3
ix.dnsbl.manitu.net=>2
psbl.surriel.com=>2
2.apews.org=>3

blackholes.five-ten-sg.com=>4

A "fail" will result of:
2 hits in group 1 ( score = 102 )
1 hit in group 1 and 1 hit in group 2 ( score = 77 )
2 hits in group 2 ( score = 52 )
1 hit in group 1 (score = 51)

A "neutral" will result of:
1 hit in group 2 and 1 hit in group 3 ( score = 43 )
2 hits in group 3 ( score = 34 )
1 hit in group 3 ( score = 17 
 )



ASSP 2.0.0 (professional) multithreaded beta : ASSP_2-Admin_GUI 
New -> How to Handle STARTTLS Requests
  If set to "drop TLS", any STARTTLS request will be removed from the protocol stack and no connection will ever go in to any TLS mode!
  If set to "TLS to Proxy" and both peers (client and server) supports TLS, both connection will be moved in to a transparent Proxy mode. All data will be encrypted and unreadable to ASSP.
  If set to "do TLS", ASSP will be the "man in the middle". ASSP will try to move both connections into TLS. All data will be readable to ASSP - so all checks could be done. If any of the peers does not support TLS, ASSP will fake this to the other peer. So it could be possible, that the connection to the client is going in to TLS mode, even if TLS is not supported by the Server. If a client does not request TLS (STARTTLS) no connection will go into TLS mode. This behavior belongs to incoming and outgoing messages.
This option requires the installed perl module IO::Socket::SSL! For "do TLS" a server-certificate-file "certs/server-cert.pem" and a server-key-file "certs/server-key.pem" must exist and must be valid! If you do not have valid certificates, you may generate both files online with www.mobilefish.com or you may use OpenSSL to generate Self-signed SSL certificates If you have installed OpenSSL (must be in PATH) and installed and enabled IO::Socket::SSL and ASSP is unable to find valid certificates - ASSP will try to create them at startup!

At least 300 MB free memory needed!
Look into ShowPerformanceData in section Server Setup  after start.
New: Sorted AlphaIndex
New: Log Tail Autorefresh

Into folder "Plugins":
ASSP_OCR.pm 1.06 ->08-28-08 New
ASSP_SkeletonTest.pm 1.05 ->08-11-08
ASSP_AttachmentFullCheck.pm 1.02 ->08-28-08 New

New modul added for https instead of http access to port 55555 & 55553 : IO::Socket::SSL
Unzip certs.zip and place server-cert.pem  & server-key.pem  into a New folder: certs

New module added in SMTP Connection screen: Sys::MemInfo
This module return the total amount of free and used physical memory
in bytes in totalmem and freemem variables.

This module has been tested on Linux 2.6.10, UnixWare 7.1.2, AIX5, OpenBSD 3.8, 
NetBSD 2.0.1, FreBSD 5.4, HPUX11, Solaris 9, Tru64 5.1, Irix 6.5, MacOS X 10.2
and Windows XP. It should work on FreeBSD 4 and Windows 9X/ME/NT/200X/Vista.


New FEATURES
- email interface for add/remove spamlovers
- cron-like scheduler for builtin-rebuildspam
- EmailBlockReport
Any mail sent by local/authenticated users to this username will be interpreted as a request to get a report about blocked emails. Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report.  

- AttachmentFullCheck Plugin:
- enables scanning of zip files
- replaces blocked attachment with textfile
- replaces infected parts with textfile

- rebuildspamdb.pl is now part of  assp.pl
- move2num too

- multiple attached mails in email-interface
- copy ham/spam with replacement rules

- handling including resend of Spam/Notspam from logfile
- FBMTV (F..ing Bounce Message-ID Tag Validation) implemented

The basic idea is to send all e-mail with a MSGID that includes a timestamp and a cryptographic token

- BATV (Bounce Address Tag Validation)  implemented

The basic idea is to send all e-mail with a return address that includes a timestamp and a cryptographic token that can not be forged.

- Backscatter blocking/scoring (NetAddr::IP needed), 
- ASSP Global-Penalty-Box  
- VRFY recipients on different servers dependig on domain ( Net::SMTP  needed) . Entries in LocalDomains can now contain hostname of responsible server: 
domain1=>smtp1.server.com
domain2
domain3=>smtp3.server.com


For 2.0.0 you need: 

- Perl version 5.8.8 (compiled for multithreading)  with the following installed modules: 

- threads 1.69
- threads::shared 1.22 
- Thread::Queue 2.06 
- Thread::State 0.09
- IO::Socket::SSL
- IO::Poll 0.07 (should be default in 5.8.8) 


 the additional features of 2.0.0 need: 
- Schedule::Cron
- Email::Send
- Email::MIME::Modifier 
- MIME::Types  
- Convert::TNEF  
- Mail::DKIM::Verifier 
- Net::SMTP 
- NetAddr::IP 

the ASSP_OCR Plugin need: 
- File::Which 0.05 (default in 5.8.8) 
- PDF::OCR 1.4 
- Email::MIME 1.861 
- installed applications: tesseract , ImageMagick (with Perl module Image::Magick 6.3.7), pdftk 

List of all modules in ASSP project:
 module installation 

ASSP supports now Plugins.
The Plugins must reside in Folder "Plugins" and must be named as ASSP_name.pm
ASSP_SkeletonTest.pm is a Demo-Example

# ASSP_OCR.pm is an OCR Plugin for ASSP - it returns OCR data for
# dcs|eps|fpx|img|psd|gif|jpg|jpeg|jpe|png|bmp|tiff|tif|pcx
# as long as youve installed the right modules
##########################################################
# to use this plugin you have to install the following :
#       Email::MIME               
#    Email::MIME::ContentType  
#    Email::MIME::Encodings    
#    Email::Simple 
#       Perl - File::Which
# 
#       PDF::OCR (all required Perl modules and software)
#        all tests for PDF::OCR must finished successful !!!!
#
# ImageMagick
# tesseract - with all resources in tesserdata you think you need
# pdftk
# ########################################################

DoDKIM-Validate DomainKeys Identified Mail
If activated, DomainKeys Identified Mails are checked for the right signature and contents.
This requires an installed Mail::DKIM::Verifier module in PERL.

DoStrictDKIM-Validate DomainKeys Identified Mail stricly
The DKIM test will fail, if the mail was modified by a mailhop. In this case the from address,the from domain, the to domain, the DKIM-signature by it self and the prefix of the digest-verification are valid, only the lower digest value differs! This may happens, if a mailhop has modified any other headerfield like X-...! If unchecked a mail will only pass, if the author policy and sender policy are accept or neutral!


Drop TLS Requests (DoNotTLS)

If defined, any STARTTLS request will be removed from the protocol stack and no connection will ever go into TLS mode! Default is off, TLS is proxied through.

Transparent SSL Proxy Table* (ProxyConf)

Define transparent Port Proxy here. ASSP will forward incomming packets to a specific destination.
For example: if you want incoming connections on port 465 (SMTP-SSL) to be forwarded to your mailserver.
Example:0.0.0.0:465=>192.168.1.25:465<=12.1.1.3,34.5.6.7,67.23.2.1|10.1.1.1:1477=>192.168.1.23:25<=120.5.1.3,134.5.19.7,67.123.221.11

The syntax is: localIP:localPORT=>forwardIP:forwardPORT<=allowfromIP1,allowfromIP2,...|next Proxy configuration|....
You have to configure the IP-address and IP-port for both - local and forward to value. AllowfromIP are comma separated values of IP-addresses from where connections are allowed. If there is no allow value defined, all connections will be allowed!

This is an example for SMTP-TLS handshake on port 25: 

            # RFC 4954 

            S: 220 mail.imc.org SMTP service ready 
            C: EHLO mail.ietf.org 
            S: 250-mail.imc.org offers a warm hug of welcome 
            S: 250 STARTTLS  or  250-STARTTLS 
            C: STARTTLS 
            S: 220 Go ahead 

            # this sets client and Server to transparent Proxy mode  
            # from here we do not care about what is done between this two peers 
            # even if the TLS negotation will fail - a SPAM comes never with TLS 

So, if the Client requests a STARTTLS  and the Server is able to do STARTTLS, the connection on port 25 will be moved in to a transparent-Proxy-mode for the futher enrypted communication.  
DropTLS will remove STARTTLS from this handshake (it is not sent to the server) - this is only usefull, if the STARTTLS confuses the server. This is done by the singlethread versions any time - because they do not have a transparent proxy! 



inbound charset conversion table* (inChrSetConv)

If defined, characterset conversion for inbound emails will be done. For example: if your mailserver does not understand UTF-8, ASSP will convert the mail parts to the characterset of your choice. The rules specified here are used to convert text parts of inbound emails from one to an other characterset.
Example:UTF-8=>ISO-8859-1|ISO-8859-2=>ISO-8859-1
This requires an installed Email::MIME::Modifier module in PERL.

outbound charset conversion table* (outChrSetConv)

If defined, characterset conversion for outbound emails will be done. For example: if your mailserver is unable to send emails in UTF-8, ASSP will convert the mail parts to UTF-8. The rules specified here are used to convert text parts of outbound emails from one to an other characterset.
Example:ISO-8859-1=>UTF-8|ISO-8859-2=>UTF-8|windows-1250=>UTF-8
This requires an installed Email::MIME::Modifier module in PERL.

convert inbound MS-TNEF attachments to MIME (doInFixTNEF)
convert inbound MS-TNEF attachments like winmail.dat to MIME parts/attachments.
This requires both installed Convert::TNEF and MIME::Types module in PERL.

keep the MS-TNEF part in inbound mail (keepInTNEF)
keep inbound MS-TNEF attachments like winmail.dat in MIME parts. If unchecked and the conversion is successfull, the original attachment will be removed from mail!

convert outbound MS-TNEF attachments to MIME (doOutFixTNEF)
convert outbound MS-TNEF attachments like winmail.dat to MIME parts/attachments.
This requires both installed Convert::TNEF and MIME::Types module in PERL.

keep the MS-TNEF part in outbound mail (keepOutTNEF)
keep outbound MS-TNEF attachments like winmail.dat in MIME parts. If unchecked and the conversion is successfull, the original attachment will be removed from mail!


added/changed in section File Path

Spam Bayesian Database File (spamdb)

The output file from rebuildspamdb.pl. Write "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters below.
In normal cases the spamdb does not change so often, so using files is recommended. Be carefull using databases for spamdb, some databases do worth things with the data in the pkey field!

Last Run Rebuildspamdb

Email Whitelist Database File (whitelistdb)

The file with the whitelist.
Write "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters below.

Email Redlist Database File (redlistdb)

The file with the redlist.
Write "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters below.

GReyIPlist Database (griplist)

The file with the current GRey-IP-List database -- make this blank if you dont use it.

Delaying Database (delaydb)

The file with the delay database.
Write "DB:" to use a database table instead of a local file, in this case you need to edit the database parameters below.

database hostname or IP (myhost)

You need Tie::RDBM to use a database instead of local files.
This way you can share whitelist, delaydb, redlist and penaltybox between servers

database driver name (DBdriver)

The database driver used to access your database - DBD-driver. The following drivers are available on your system:
DBM|ExampleP|File|Proxy|SQLite|Sponge
If you can not find the driver for your database in this list, you should install it via cpan or ppm!
- or if you have installed an ODBC-driver for your database and DBD-ODBC, just create a DSN and use ODBC.
Usefull are ADO|DB2|Informix|ODBC|Oracle|Pg|Sybase|mysql|mysqlPP - but any other SQL compatible database should also work.

syntax examples: driver,option1,option2,...,...
ADO,[DSN=mydsn]
DB2
Informix
ODBC,DSN=mydsn|driver={SQL Server},Server=server_name
Oracle,SID=1|INSTANCE_NAME=myinstance|SERVER=myserver|SERVICE_NAME=myservice_name,[PORT=myport]
Pg,[PORT=myport]
Sybase,SERVER=myserver,[PORT=myport]
mysql,[PORT=myport]
mysqlPP,[PORT=myport]

The options and there possible or required order depending on the used DBD-driver, please read the drivers documentation, if you do not
know the needed option. The username, password, host and databasename are always used from this configuration page.

database name (mydb)

This database must exist before starting ASSP, necessary tables will be created automatically into this database

this is a slave of more then one assp-computers accessing the same database (mysqlSlaveMode)
If you are running more then one assp-computers accessing the same or (better because of SPOF) a bidirectional replicated database
this is a slave-assp and no database maintenance will be done by this one!
Maintenance should only be done by the first assp - the master!
Maintenance for file based caches and lists will always be done!

export all tables from the database (ExportMysqlDB)
All table of the database will be exported to the "exportDBDir" Directory. Please define the Directory below, before using the export!

database username (myuser)

This user must have CREATE privilege on database to create tables automatically

database password (mypassword)


import directory (importDBDir)

The folder to import the used tables of the database from.
The schema of the files must be the assp-schema.
Files can be:
- pbdb.black.db.(add|rpl)
- pbdb.mxa.db.(add|rpl)
- pbdb.ptr.db(add|rpl)
- pbdb.rbl.db.(add|rpl)
- pbdb.rwl.db.(add|rpl)
- pbdb.spf.db.(add|rpl)
- pbdb.uribl.db.(add|rpl)
- pbdb.white.db.(add|rpl)
- redlist.(add|rpl)
- whitelist.(add|rpl)
- spamdb.(add|rpl)
- spamdb.helo.(add|rpl)
- delaydb.(add|rpl)
- delaydb.white.(add|rpl)
Use the extension "add" or "rpl" to add or replace the records to the tables.
Only files for database-enabled tables will be imported "pbdb|spamdb|redlist|whitelist|delaydb"!
Imported files will be renamed to *.OK !
For example: mysql/dbimport

export directory (exportDBDir)

The folder to export the used tables of the database.
The schema of the files is the assp-schema.
Ten versions of exports are available!
For example: mysql/dbexport

backup directory (backupDBDir)

The folder to backup the used tables of the database.
The schema of the files is the assp-schema.
Ten versions of backups are available!
For example: mysql/dbbackup

backup database Interval (backupDBInterval)

backup the database (all tables used by assp at the time) every this hours.
Defaults to 2 hours.



This should be a short whitepaper to configure and use ASSP with any supported database.
This whitepaper assumes, that you have the needed knowledge about databases and there management!

To use other databases then MySQL, to have import-,backup- and export functions and to use databases for the penaltybox and
spamdb you need a ASSP version 1.3.6 or above! There has to be a file assp_db_import.cfg in ASSP root directory!!!!

requirements:

- a database / tablespace whith index/key support (like MySQL,Pg,Oracle,MSSQL,Informix,DB2 and others)
- a databaseuser with read/write and Create/Alter-Table permission
- perl Tie::RDBM module (from CPAN or PPM) - all also required modules will be also installed by default
- perl DBD::(your database) driver - you can see the installed drivers in the Webinterface-section "File Path and Database"
  under DBdriver. If you can not find a perl driver for your database, you can also use ODBC or ADO - if your OS supports that.


configuration:

you have to define:

- myhost:
The host (name or ip address) to connect to the database. Some database drivers do not need this parameter - but it must be
already set.

- DBdriver: 
The database driver used to access your database - DBD-driver. The following drivers are available on your system:
ADO|AnyData|CSV|DBM|ExampleP|File|Gofer|Mock|ODBC|Oracle|Proxy|SQLRelay|SQLite|SQLite2|Sponge|mysql|mysqlPP
If you can not find the driver for your database in this list, you should install it via cpan or ppm!
- or if you have installed an ODBC-driver for your database and DBD-ODBC, just create a DSN and use ODBC.
Usefull are ADO|DB2|Informix|ODBC|Oracle|Pg|Sybase|mysql|mysqlPP - but any other SQL compatible database should also work.

syntax examples: driver,option1,option2,...,...
ADO,[DSN=mydsn]
DB2
Informix
ODBC,DSN=mydsn|driver={SQL Server},Server=server_name
Oracle,SID=1|INSTANCE_NAME=myinstance|SERVER=myserver|SERVICE_NAME=myservice_name,[PORT=myport]
Pg,[PORT=myport]
Sybase,SERVER=myserver,[PORT=myport]
mysql,[PORT=myport]
mysqlPP,[PORT=myport]

The options and there possible or required order depending on the used DBD-driver, please read the drivers documentation, if you do not
know the needed option. The username, password, host and databasename are always used from this configuration page. 

- mydb:
This database must exist before starting ASSP, necessary tables will be created automatically into this database.

- myuser:
  the database user
- mypassword:
  the password of the database user

There are more parameters to set, but this parameters have default values and they are descripted in the configuration screen!

Now define a value "DB:" for all lists and caches you want to use a database table for 
(whitelist,delaydb,pbdb,spamdb,redlist).
You do not need to use all of them, you have the choice to select!

If you are here - go back to the top and verify all your settings!

This is a good time to restart ASSP - you have to do this any time, you have changed any database related parameters listed
above!
How ever - ASSP should now be ready to work. If you have made an upgrade form an earlyer version, you can import your old
files in to the database. To do this, there are two ways: you can use the ImportMysqlDB-option in the webinterface and import
will be done by ASSP every time it starts and it finds a import-file in the import-directory.
You need to configure "importDBDir" and you have to copy all files you want to import in to this directory. Now rename this
files to *.add or *.rpl what ever you want ASSP to do - an ADD or a REPLACE records in to the database.

Files can be:
- pbdb.black.db.(add|rpl)
- pbdb.mxa.db.(add|rpl)
- pbdb.ptr.db(add|rpl)
- pbdb.rbl.db.(add|rpl)
- pbdb.rwl.db.(add|rpl)
- pbdb.spf.db.(add|rpl)
- pbdb.uribl.db.(add|rpl)
- pbdb.white.db.(add|rpl)
- redlist.(add|rpl)
- whitelist.(add|rpl)
- spamdb.(add|rpl)
- spamdb.helo.(add|rpl)
- delaydb.(add|rpl)
- delaydb.white.(add|rpl)
Use the extension "add" or "rpl" to add or replace the records to the tables.
Only files for database-enabled tables will be imported "pbdb|spamdb|redlist|whitelist|delaydb"! 

At this time all functions of ASSP are well tested with MySQL(ODBC/direct),MSSQL(ODBC/ADO) and Oracle(ODBC/direct), but it should work with any other database, as long as you have a perl driver for that. Only if you want to use the import function with your database, you may get DBI errors. In this case the file assp_db_import.cfg should be modified for your database. Please change ASSP into debug mode, stop ASSP, rename the maillog.txt, prepaire the import directory and start ASSP. Please send the following informations to ASSP group:
database type and version - and the maillog.txt with the errors.
If you have some knowledge in SQL you can try to add a section for your database to the assp_db_import.cfg file!



--------------------------------------------------------------------------------


- all plugins must reside in the directory $base/Plugins
- plugins have to register its self as "ASSP_Pluginname"
- plugins have to create (bless) and return an "New" object to its self
  or to return undef if call failes

- a call to $self->get_config has to return an ASSP-configuration-array
  there must be a parameter "PluginnamePriority" to configure the call-priority (lowest value - highest priority)
  there must be a parameter "DoPluginname" to enable and disable the Plugin

- a call to $self->get_input has to return one of three possible values
  0 - the plugin is designed for runlevel 0 and waits for SMTP-handshake-data (helo,mail from,rcpt to,... - all data before the SMTP DATA command)
  1 - the plugin is designed for runlevel 1 and waits for data in mail header
  2 - the plugin is designed for runlevel 2 and waits for complete mail data
      only in runlevel 2 data can be changed and returned to ASSP

- a call to $self->get_output has to return one of two possible values
  0 - return is boolean (mail OK = 1 - NOTOK = 0) - no data will be returned (runlevel 0,1,2)
  1 - return is boolean (mail OK = 1 - NOTOK = 0) - data can be returned (runlevel 2)
      in addition to the boolean value, data will be returned
        $self->result contains the data (as string) if OK is returned in runlevel 2

- on a call to $self->process($fh,$string), the plugin does the action on the data and
  returns the boolean value
  $fh is the global filehandle of the client-connection!
  If there are done extractions in runlevel 2 the return value should be 1,
  in this case, if there are data in $self->tocheck that data will be checked by ASSP for
  - BayesOK
  - BombOK
  - ClamScanOK
  - ScriptOK
  - URIBLok
  The original mail-data can not be changed this way (returning data to ASSP)!!!
  To change any mail-data for example in runlevel 2,
   the plugin has to change the data directly in $main::$Con{$main::Con{$fh}->{friend}}->{qdata}!
   For runlevel 0 and 1 the mail-data are available in $main::Con{$fh}!
   
- on a call to $self->errstr, the plugin returns undef or the SMTP-error-string that should be
  send to the client if $self->process($fh,$string) returned 0

- on a call to $self->tocheck, the plugin returns undef or the data to check (in runlevel 2),
  for example OCR-data

- on a call to $self->howToDo, the plugin returns the value of $main::Do__PAKAGE__ ($main::DoPluginname)
  to tell ASSP the plugin is active or not

- on a call to $self->close, the plugin closes all own filehandles and returns 1

- on a call to $self->process($fh,$string) with $string == "ASSP_Plugin_TEST",
  the plugin has to set the following values
    $self->{result}       to "ASSP_Plugin_TEST"
    $self->{errstr}       to "data processed"
    $self->{tocheck}      to "ASSP_Plugin_TEST"
    $self->{DoPluginname} to  9    (in this Skeleton called $self->{DoMe})
  This call is done by ASSP at starttime to check that the plugin is well designed!
  

 

