| View previous topic :: View next topic |
| Author |
Message |
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
 Posted: Fri Aug 17, 2007 11:19 am Post subject: Black rule - not deleting from sever |
 |
|
Hi,
I have a correctly configured black rule to catch mails with a certain word in the subject line.
ASS log shows relevant mails are being caught by the black rule but they are ending up in the junk folder.
Shouldn't these be deleted from server rather than arriving on my PC?
I usually use top option in ASS filtering mode (by headers then on client) but have tried second option (by headers on server) too - it doesn't seem to make any difference.
Any clues please?
EDIT - Sorry, forgot to add that I'm using the latest full version. |
|
| Back to top |
|
 |
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
| Posted: Fri Aug 17, 2007 6:28 pm Post subject: |
|
|
Looks like the plug-in doesn't check the headers before downloading messages. Please check the following parameters on Servers tab:
- The account settings in plug-in must have the same domain name, user name and password as in TheBat Account Properties.
- Check the port numbers on POP3 and IMAP pages. If your server uses non-standard ports, the plug-in is unable to determine the account settings automatically.
- The option "Check-up the accounts automatically, on receiving new mail" must be turned on.
Try to run checking headers from the plug-in's toolbar (press the button "Delete spam"). If the accounts settings are specified properly, the plug-in must connect to the server, filter messages by headers and display a window with the progress of this operation. If this test works properly, but the procedure is not started automatically on downloading new mail, try to turn off some of the network filtering applications: popup blockers, antivirus, firewall etc. There are applications that don't allow the plug-in to filter the mail protocols. In this case you can either resolve the conflict by turning off an application that blocks the plug-in's hooks, or execute checking headers manually from the plug-in's toolbar. |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Sat Aug 18, 2007 11:48 am Post subject: |
|
|
Thanks V,
It's looking like my Zone Alarm Pro is causing the problem but all attempts to solve it have failed thus far.
Running ASS manually results in perfect connection to all servers and deletion from server of a test SPAM mail - verified in ASS log, shown as deleted from server.
However, next time TB checks for mail the very same test SPAM email arrives in my inbox.
TB has got full access (loopback etc) according to ZAP settings but, just to be sure, I added expert rules to cover loopback and ports 40000 through 41000 - sadly no difference.
I'll do some more digging as time allows and report back if I have any success.
Thanks again. |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Tue Aug 28, 2007 4:35 pm Post subject: |
|
|
No luck solving this, V, so I've given up for now - ASS' client-side filtering is more than good enough to cope with most of my requirements.
I set up full logging in ZAP to see if I could spot where ASS was being blocked but couldn't find anything, all connections from TB were allowed.
I also checked with Port Explorer and everything looks fine in there too.
Anyway, on a different tack, could you tell me if it's possible to filter mails by the number of recipients in the 'CC' field even where some of those recipients may be white-listed (in address book)?
You see, some of my less enlightened contacts have the habit of 'CCing' jokes and so forth to many email addresses. This is bad enough from a security point of view but things get worse when one of the recipients uses 'Reply to all'.
I suspect the answer will be one of your magic regular expressions but complicated ones are a bit beyond me. 
Any pointers or suggestions please?
Thanks in advance. |
|
| Back to top |
|
|
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
| Posted: Tue Aug 28, 2007 8:27 pm Post subject: |
|
|
| Hefty Hippie wrote: | No luck solving this, V, so I've given up for now - ASS' client-side filtering is more than good enough to cope with most of my requirements.
I set up full logging in ZAP to see if I could spot where ASS was being blocked but couldn't find anything, all connections from TB were allowed.
I also checked with Port Explorer and everything looks fine in there too.
|
Confirmed. It looks like ZAP works improperly in High security mode, because it blocks the outgoing connections if they are not allowed explicitly. To make the plug-in work properly you can set the Internet Zone Security to Medium in ZoneAlarm (Firewall | Main | Internet Zone Security). Alternatively leave the mode High for Internet Zone Security, click on Custom button in Internet Zone Security section and explicitly allow the access to outgoing TCP mail ports 110 (POP3), 25 (SMTP), 143 (IMAP) and outgoing UDP port 53 (DNS) for the Internet Zone.
| Hefty Hippie wrote: |
Anyway, on a different tack, could you tell me if it's possible to filter mails by the number of recipients in the 'CC' field even where some of those recipients may be white-listed (in address book)?
You see, some of my less enlightened contacts have the habit of 'CCing' jokes and so forth to many email addresses. This is bad enough from a security point of view but things get worse when one of the recipients uses 'Reply to all'.
I suspect the answer will be one of your magic regular expressions but complicated ones are a bit beyond me.
|
Here is a black rule for blocking the messages having at least the specified number of addresses in CC field:
| Code: | | Header{CC} =~ (?:.*@.*){3} |
The number at the end of expression (3) defines the minimum number of recipients in CC field required for blocking a message. You can change it according to your preferences. |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Thu Aug 30, 2007 10:57 am Post subject: |
|
|
Thanks again, vetaltm, but sadly no luck with the ZAP issue.
I've added the custom rules that you suggested and still have expert rules under program control to give TB full access. Still no signs in ZAP log to suggest any problems, still no signs of any problems showing up in Port Explorer but still no server-side filtering.
If you can think of anything else I can try then by all means suggest it but apart from that I wouldn't worry too much - client-side filtering alone works well enough.
Cheers, |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Sun Oct 07, 2007 2:02 am Post subject: |
|
|
Vetaltm,
Just FYI, I never did manage to solve this problem but it looks like you have - I updated to the latest version of the plug-in yesterday and filtering on server is working again.  |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Mon Sep 08, 2008 12:46 pm Post subject: |
|
|
| vetaltm wrote: |
Here is a black rule for blocking the messages having at least the specified number of addresses in CC field:
| Code: | | Header{CC} =~ (?:.*@.*){3} |
The number at the end of expression (3) defines the minimum number of recipients in CC field required for blocking a message. You can change it according to your preferences. |
Vetaltm,
Should "Header{To} =~ (?:.*@.*){3}" work as well?
I only ask as I've added that rule but it doesn't seem to work at all.
Please let me know,
HH
PS
Nice work with the new version!
It's working here without trauma and it seems to be much, much faster than previous versions. |
|
| Back to top |
|
|
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
| Posted: Mon Sep 08, 2008 2:09 pm Post subject: |
|
|
| Hefty Hippie wrote: | | vetaltm wrote: |
Here is a black rule for blocking the messages having at least the specified number of addresses in CC field:
| Code: | | Header{CC} =~ (?:.*@.*){3} |
The number at the end of expression (3) defines the minimum number of recipients in CC field required for blocking a message. You can change it according to your preferences. |
Should "Header{To} =~ (?:.*@.*){3}" work as well?
I only ask as I've added that rule but it doesn't seem to work at all.
|
Yes, the rule above recognizes the messages having 3 or more addresses in To: header. Make sure you are adding the rule properly:
- Add new rule
- Add new RegExp condition
- Enter (?:.*@.*){3} as expression
- Enter To in "To header" field
It is possible to check the new rule using "Testing mode" in plug-in. |
|
| Back to top |
|
|
Hefty Hippie
Joined: 08 Aug 2006
Posts: 12
|
| Posted: Mon Sep 08, 2008 2:41 pm Post subject: |
|
|
Cheers V,
I'd set the rule in previous version of ASS and it seemed to have been imported in to new version OK.
However, just to be safe, I've just binned old, imported rules and made new rules in accord with your instructions above. I'll shout back if there are problems.
Many thanks for the quick reply.
HH |
|
| Back to top |
|
|
|
FAQ
Search
Profile
Log in
Register
