Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - What does this error means ?
  FAQ FAQ  Forum Search   Register Register  Login Login

What does this error means ?

 Post Reply Post Reply
Author
Eran View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Eran Quote  Post ReplyReply Direct Link To This Post Topic: What does this error means ?
    Posted: 11 October 2003 at 11:55pm

Hi everyone...

Recently when looking at the logs i started to notice some bizzare lines like those:

10/12/03 02:31:23:828 -- (2660) RCPT TO: spinault@dalet.com accepted
10/12/03 02:31:24:593 -- (2660) String matching error for (spinault l00king fdr a prosmerous futcre  3098810 impn0ve your 1ife, with incrrasing y0ur eyrning p0wkr fr0m a dip1oma  288449811321032441333731265674892646627760964109342715832309789054726593590011945117790031919925397947306307492013793897988 within days from a n0n-accredited univezsity based on 1ife expprience.  ca11 anytwme inc1uding ho1idays and sunxays  1-425 - 871 - 2013   c0nfideetia1ity asrured 880410114844484223424803183972760801822207755188531011339727903994076306082690443544688561251640058789497657692947406362497  bache1ors, and other higher edjcation 1eve1s in fie1ds that re1ate to you als0 avai1ab1e 661676545584249918213954590730496663327876200101022318768841881548970768388409511843729504792957745811640581442637900960330   --and-- ((<[!--]+[\x20]{0,1}[a-zA-Z0-9]{10,}[\x20]{0,1}[!--](.+)){2,})((http|3dhttp)://.{0,26}(((%.+%))|@|:)[(\d|\w)])) : TRegExpr(comp): ParseReg Unmatched () (pos 60)
10/12/03 02:31:24:593 -- (2660) String matching error for (spinault l00king fdr a prosmerous futcre  3098810 impn0ve your 1ife, with incrrasing y0ur eyrning p0wkr fr0m a dip1oma  288449811321032441333731265674892646627760964109342715832309789054726593590011945117790031919925397947306307492013793897988 within days from a n0n-accredited univezsity based on 1ife expprience.  ca11 anytwme inc1uding ho1idays and sunxays  1-425 - 871 - 2013   c0nfideetia1ity asrured 880410114844484223424803183972760801822207755188531011339727903994076306082690443544688561251640058789497657692947406362497  bache1ors, and other higher edjcation 1eve1s in fie1ds that re1ate to you als0 avai1ab1e 661676545584249918213954590730496663327876200101022318768841881548970768388409511843729504792957745811640581442637900960330   --and-- (http://+[\d]{1,3}\.{1}[\d]{1,3}\.{1}[\d]{1,3}\.{1}[\d]{1,3}) ) : TRegExpr(comp): ParseReg Unmatched () (pos 59)
10/12/03 02:31:24:609 -- (2660) EMail from lieder@pc-24-151-21-101.newt1.ct.charter.com to spinault@dalet.com was queued. Size: 1 KB
10/12/03 02:31:24:609 -- (2924) Sending email from lieder@pc-24-151-21-101.newt1.ct.charter.com to spinault@dalet.com
10/12/03 02:31:24:750 -- (2924) EMail from lieder@pc-24-151-21-101.newt1.ct.charter.com to spinault@dalet.com  was forwarded to 195.68.81.10

It means that some error happend, that caused to SpamFilter not to filter the message, and pass it

to the mail server...  any ideas?

I am using Dan's Regex expression.... (the best one i saw till now)

 

Thanks,

Eran.

 

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 12 October 2003 at 2:53am

Eran,

It usually means that the RegEx has a problem (like not the correct number of Parens) but I am not getting these except on a check for invalis email addresses when the address is WAY too long.  In that case, the entry "Loop Stack Exceeded" is in the log.  THIS IS NORMAL and prevents a high CPU condition.

If you have one message source that goes along with one of your log entries, I would send the information to support@logsat.com and ask Roberto.

One very important question ... what build of SpamFilter are you running?  There are new builds that did, in fact, correct a condition that could cause this.  I am running build 206 and the following RegEx's have been fully tested with that build.

((<[!--]+[\x20]{0,1}[a-zA-Z0-9]{10,}[\x20]{0,1}[!--](.+)){2,})
((http|3dhttp)://.{0,26}(((%.+%))|@|:)[(\d|\w)])
(http://+[\d]{1,3}\.{1}[\d]{1,3}\.{1}[\d]{1,3}\.{1}[\d]{1,3})
((http://http:/\w)|(<(\w){3,10}(\x20/>)|(\*http://w)))
(<[!--]+[a-zA-Z0-9]{2,3}(-\->))
(((natural penis)|(arge your p)|(1-4 inches)|(3 - 5 inches\!)|(generic viagra)|(123respmarket)|(herbalpillsonline)|(herbaltrials\.com)|(naturalherbal)|(pillsavings)|(gsc\-100)|(go771world)))
((text\-decoration: blink)|(click here to start)|(limited time (special|offer))|(your privacy is extremely important to us)|(this is not spam))
(((www\.)|(http://))(\w){1,20}(4u)\.(biz|com|net)|(medsonsale\.biz)|(freeandgetsave)|(opportunit12)|(thirdw\.com)|(teflondoninc)|(epromotionad))
((lsgone\.php)|(isgone\.php)|(exit\.asp)|(mc4\.idetermination)|(medsusa\.biz)|(getitwhileucan)|(\&\#105)|(4improvement\.biz)|(best\-ratez\.biz)|(genoveseinc\.biz)|(greatestoffersite\.biz)|(gootle\.us))
((remove\.php)|(hit\.php)|(re\-move))
(content\-type:\x20text/(html|plain)(;){0,1}((\r\n){0,2}|((\r\n){0,2}(\t|((\x20){0,15}))charset(.){5,20}))(\r\n){0,3}content-transfer\-encoding:\x20base64\r\n)
((you credit card has)|(card has been charged for))
((spa m kil)|(spa m bloc))

Dan S.

 

Back to Top
Eran View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Eran Quote  Post ReplyReply Direct Link To This Post Posted: 12 October 2003 at 5:06am

Thanks again Dan,

I am using 206 too, and from what i have seen, in 3 days run, i have about 9 such errors

on the log, different sources, all of them are spam mails....

As for you regex expression, can you send it to me as a text file, since i am not sure

if i got it correctly (word warps, http encoding and so on)...

my e-mail is ezeitoun@dalet.com

(your regex for the block from mail will also appricated....)

 

Its really making me crazy, SpamFilter block around 60 to 70% of the incoming mail,

(98% is really spam mails), and i still get to my mailbox around 10 spam mails a day...

everytime i manage to filter new ones, next day the find a new way how to bypass

spam filters...

 

 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.