Reply to this topicStart new topicStart Poll

> Assp, AntiSpam for Linux and Windows
NomadCF
Posted: Oct 6 2006, 06:33 PM
Quote Post


Wizard
*********

Group: Members
Posts: 428
Member No.: 434
Joined: 21-January 03



I've got to say out of all the Antispam tools using, ASSP has to be the best one so far.
And combining it with XMail easy by far the easier then working with dspam or even a plain SA setup with just rules.

It's both Windows & Linux friendly. And is completely tune-able VIA a web interface, And even learn about your SPAM/HAM message though forwarding of emails.

It can do all of the fallowing:
#1. Filtering spam
#2. Attachment blocking
#3. White listing / Blacklisting
#4. Delaying
#5. Send Validation (PTR,MX,return Domain,etc)
#6. And allot more

Also when you combine it with XMail it can fix some small "issues" that XMail has.
For example ASSP will auto append a domain. ( This helps ALOT on Linux system with mail being sent from crons or other services as you don't need to configure or export any extra vars.)

The setup for XMail is like I said easy.
#1. Download ASSP.
#2. Uncompress it, I recommend putting in a SUB of your MailRoot just for easyier backing up.
#3. Startup ASSP (It will complain about not being able to bind to port 25 and for now that a good thing).
#4. Configure It VIA the web interface (HTTP://MAILSERVER:55555)
#5 Tell ASSP to connect to your mail server at 127.0.0.1:26
#6. Setup XMail to listen on port 26 instead of 25. (Or even just 127.0.0.1:26).
#7. Setup a POSTMASTER type account it you don't have one currently (I recommend not using "postmaster" ( I know I's a standard. But It's a dumb standard. The Standard should be that your required to have a postmaster *like* account. With that account address inside every "error" email send out by your system. Which there is (And the return account address is tune-able on every mail server I've ever worked with including MS Exchange) so requiring a POSTMASTER accout is really just asking for more spam,virus,attacks on that account. But this is just my opinion).
#8. Restart XMail And Then ASSP

ASSP Website

Oh but one last thing: I don't recommend using ASSP built in *local* user validation OR it's auto white listing. And there is a really good reason on both.

If you do try using the local validation and do give it a list of users. You'll from then on need to make sure that list is up today. If it's not local users might be locked from getting email. And if Delaying becomes less effective if at the door ASSP gives the "no user here by that name" instead of a try back later (because if nothing else you just told that spammer that there is no need to try to send mail to that user again. Where as if you tell then to try again later and they don't with in X time. They'll be stuck in a I Don't WTF to do mode (This really just makes them spin there wheel for a short time. And even a short time will cost $$$))

And with ASSPs auto white listing. It's ok in the being when your training it SPAM vs NON-Spam (Ham). But once it's learned the diff I've come to find it better to not add people to it's white list but to it's unprocessed list. This will stop ASSP from learning from these message in the unprocessed list. (think of the unprocessed as a bypass for all filter except things like attachments (this to is configurable though))



UPDATE
As many have figured out ASSP & XMail with SSL over SMTP don't work well together or at all for that matter. So up till no if you had xmail 1.24+ and wanted to use ASSP you had to disable "EnableSMTP-TLS" in the server configure. But starting with 1.3.8 you won't have to do that any more (I fixed the issue in assp.pl and posted my patch witch will not be part of code tree for assp. So we should need to worry about this any more (see:http://www.asspsmtp.org/forums/index.php?topic=460.0)). OR if you don't want to wait you can't always fix the code your self. Heres how...

in assp.pl find this :

CODE
} elsif($l=~/250.*STARTTLS/i) {
return;


and replace it with this:

CODE
} elsif($l=~/250.*STARTTLS/i) {
 sendque($cli, "250 Noop\r\n");
return;




--------------------
-- Chris L. Franklin --
www.NomadCF.com

All my scripts are written for linux servers.
My XMail scripts
PMEmail PosterUsers WebsiteAOL
Top
hschneider
Posted: Oct 7 2006, 09:55 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Thanks ! This looks pretty interesting ...


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
sam karush
Posted: Oct 11 2006, 02:55 AM
Quote Post


Newbie
*

Group: Members
Posts: 11
Member No.: 2249
Joined: 11-September 06



How do I set xmail to listen on a different port?
PMEmail Poster
Top
NomadCF
Posted: Oct 11 2006, 03:09 AM
Quote Post


Wizard
*********

Group: Members
Posts: 428
Member No.: 434
Joined: 21-January 03



edit your xmail start to include the "-Sp PORT" option.

Side Note: The Manual clearly States these options and I would HIGHLY recommend you try reading it.


--------------------
-- Chris L. Franklin --
www.NomadCF.com

All my scripts are written for linux servers.
My XMail scripts
PMEmail PosterUsers WebsiteAOL
Top
sam karush
Posted: Oct 11 2006, 12:54 PM
Quote Post


Newbie
*

Group: Members
Posts: 11
Member No.: 2249
Joined: 11-September 06



My apologies, I somehow missed that.

I reference the manual daily, my lack of experience sometimes gets the better of me.

thanks, so far ASSP looks promising.
sam
PMEmail Poster
Top
Marcus Gunther
Posted: Oct 13 2006, 12:26 PM
Quote Post


Newbie
*

Group: Members
Posts: 4
Member No.: 2278
Joined: 3-October 06



I'm using it on the same server as XMail. Because it's not our public SMTP server, I'm currently using Filtering and Whitelists only. It's working well for our 7 users.
Thanks NomadCF for the instructions!
PMEmail Poster
Top
ndoeberlein
Posted: Oct 23 2006, 04:13 PM
Quote Post


Wizard
*********

Group: Members
Posts: 419
Member No.: 997
Joined: 22-March 04



This is an excellent HowTo NomadCF!!!

QUOTE
#7. Setup a POSTMASTER type account it you don't have one currently (I recommend not using "postmaster" ( I know I's a standard. But It's a dumb standard. The Standard should be that your required to have a postmaster *like* account. With that account address inside every "error" email send out by your system. Which there is (And the return account address is tune-able on every mail server I've ever worked with including MS Exchange) so requiring a POSTMASTER accout is really just asking for more spam,virus,attacks on that account. But this is just my opinion).


I'm working with the developers of PHPXMail about changing the required domain admin from postmaster to postsysop. I will keep everyone updated!

QUOTE
If you do try using the local validation and do give it a list of users. You'll from then on need to make sure that list is up today. If it's not local users might be locked from getting email.


I look at it from another point of view...

Knowing the script guru that your are cool.gif, it shouldn't be that difficult to write a pure PHP script that would 1) Pull all domain names from XMail and put them into a plain ASCII file one line per domain and 2) Pull all user addresses including aliases and put them into a plain ASCII file one line per user/alias.

The domain file would go under ASSP -> Relaying -> Local Domains.
The user address file would go under ASSP -> Validate Local Addresses -> Local Addresses.

Then a Scheduled Task(W32)/cron job (linux) could be set up every 20 minutes or whenever you like and when you add something to XMail, it will be added to ASSP in x minutes.

QUOTE
And if Delaying becomes less effective if at the door ASSP gives the "no user here by that name" instead of a try back later (because if nothing else you just told that spammer that there is no need to try to send mail to that user again. Where as if you tell then to try again later and they don't with in X time. They'll be stuck in a I Don't WTF to do mode (This really just makes them spin there wheel for a short time. And even a short time will cost $$$))


ASSP has a delay feature that works with the local addresses:
CODE
Sleep time when rejecting a recipient

Setting this slows down email address harvesters, making email harvesting against your server almost useless. For example: 5 (seconds). Make sure this sleep time is lower than the idle-timeout of the MTA behind ASSP!


And I would gues that you could also put in a 450 Greylisting - please try back in 360 seconds...
CODE
No-Valid-Local-User Reply

SMTP reply for invalid Users. Default: '550 5.1.1 User unknown'
You may reply with a 'fake OK' by entering '250 OK - Recipient <EMAILADDRESS>' to confuse address harvesters.
The literal EMAILADDRESS (case sensitive) is replaced by the fully qualified SMTP recipient (e.g. thisuser@yourcompany.com).


*Just a side note, it would also be a good idea to whitelist your RW maillist members.

Thanks again NomadCF!
PM
Top
sc4vengr
Posted: Oct 31 2006, 05:26 PM
Quote Post


Professional
*****

Group: Members
Posts: 206
Member No.: 461
Joined: 12-February 03



So if I understand correctly, using:

Validate local addresses to conform with RFC 822

is not a good idea?


--------------------
You + webcam - clothes - dignity = $
PMEmail Poster
Top
sc4vengr
Posted: Oct 31 2006, 10:43 PM
Quote Post


Professional
*****

Group: Members
Posts: 206
Member No.: 461
Joined: 12-February 03



Hello everyone, I just finished to code the script in order to keep your local domain and local users txt file updated within ASSP. This script MUST be run in command line mode.

QUOTE

Knowing the script guru that your are cool.gif, it shouldn't be that difficult to write a pure PHP script that would 1) Pull all domain names from XMail and put them into a plain ASCII file one line per domain and 2) Pull all user addresses including aliases and put them into a plain ASCII file one line per user/alias.

The domain file would go under ASSP -> Relaying -> Local Domains.
The user address file would go under ASSP -> Validate Local Addresses -> Local Addresses.

Then a Scheduled Task(W32)/cron job (linux) could be set up every 20 minutes or whenever you like and when you add something to XMail, it will be added to ASSP in x minutes.


Here is the code:

CODE

#!/usr/local/bin/php -q
<?php

/*
* This script is for user with ASSP
* It creates localdomains.txt and localusers.txt off xmail server files
* By sc4vengr
*
*/

$xmailroot = "/apps/xmail-1.22/";

$assproot = $xmailroot . "assp/ASSP/";
$localdomains = $assproot . "localdomains.txt";
$localusers = $assproot . "localusers.txt";



$users = $xmailroot . "mailusers.tab";
$useraliases = $xmailroot . "aliases.tab";

$domains = $xmailroot . "domains.tab";
$domainaliases = $xmailroot . "aliasdomain.tab";

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 1: READING AND INSERTING USER ACCOUNTS INTO " . $localusers . ".\n";

if (!$lines = file($users)) {

       echo "Cannot read from users file: " . $users;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $lines[$i] = explode(chr(9), $lines[$i]);

}

if (!$handle = fopen($localusers, 'w')) {

       echo "Cannot open file " . $localusers;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $data = str_replace("\"", "", $lines[$i][1]) . "@" . str_replace("\"", "", $lines[$i][0]) . "\n";

       if (fwrite($handle, $data) === FALSE) {

               echo "Cannot write to file " . $localusers;
               exit;

       }

}

fclose($handle);

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 1: DONE.\n";

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 2: READING AND INSERTING USER ALIASES INTO " . $localusers . ".\n";

if (!$lines = file($useraliases)) {

       echo "Cannot read from users file: " . $useraliases;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $lines[$i] = explode(chr(9), $lines[$i]);

}

if (!$handle = fopen($localusers, 'a')) {

       echo "Cannot open file " . $localusers;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $data = str_replace("\"", "", $lines[$i][1]) . "@" . str_replace("\"", "", $lines[$i][0]) . "\n";

       if (fwrite($handle, $data) === FALSE) {

               echo "Cannot write to file " . $localusers;
               exit;

       }

}

fclose($handle);

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 2: DONE.\n";

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 3: READING AND INSERTING LOCAL DOMAINS INTO " . $localdomains . ".\n";

if (!$lines = file($domains)) {

       echo "Cannot read from users file: " . $domains;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $lines[$i] = explode(chr(9), $lines[$i]);

}

if (!$handle = fopen($localdomains, 'w')) {

       echo "Cannot open file " . $localdomains;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $data = str_replace("\"", "", trim($lines[$i][0])) . "\n";

       if (fwrite($handle, $data) === FALSE) {

               echo "Cannot write to file " . $localdomains;
               exit;

       }

}

fclose($handle);

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 3: DONE.\n";

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 4: READING AND INSERTING LOCAL DOMAINS ALIASES INTO " . $localdomains . ".\n";

if (!$lines = file($domainaliases)) {

       echo "Cannot read from users file: " . $domainaliases;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $lines[$i] = explode(chr(9), $lines[$i]);

}

if (!$handle = fopen($localdomains, 'a')) {

       echo "Cannot open file " . $localdomains;
       exit;

}

for ($i = 0; $i < sizeof($lines); $i++) {

       $data = str_replace("\"", "", trim($lines[$i][0])) . "\n";

       if (fwrite($handle, $data) === FALSE) {

               echo "Cannot write to file " . $localdomains;
               exit;

       }

}

fclose($handle);

echo "[" . date("m/d/Y - H:i:s") . "] PHASE 4: DONE.\n";

?>


In order to update those files automatically:

/etc/crontab

add something like this:

*/20 * * * * root /usr/local/bin/php /apps/xmail-1.22/assp/ASSP/update_xmaildata.php > /dev/null

I hope it helps some of you!

sc4vengr


--------------------
You + webcam - clothes - dignity = $
PMEmail Poster
Top
sc4vengr
Posted: Nov 1 2006, 03:54 PM
Quote Post


Professional
*****

Group: Members
Posts: 206
Member No.: 461
Joined: 12-February 03



Wow I love this antispam software..

I installed it yesterday on my personal server, it only has like 5 accounts :

CODE

As of Wed Nov  1 09:52:51 2006 the mail logfile shows:
0 proxy / smtp connections
1 were dropped for attempted relays (0.0% of total).

171 messages, 125 were spam (73.1%) in 3 days
for 57.0 messages per day or 41.7 spams per day
11 additions to / verifications of the whitelist (3.7 per day)
125 were judged spam by the bayesian filter (100.0% of spam)
0 were to spam addresses (0.0% of spam)
0 were rejected for executable attachments (0% of spam)
0 were sent from local clients (0.0% of nonspam)
13 were from whitelisted addresses (28.3% of nonspam)
0 messages were passed to SPAMLOVERs
33 were ok after a bayesian check (71.7% of nonspam)
8 addresses are on the whitelist

0 hits on the blacklist
0 resulted in spam (0.0% of Bayesian spam, 0.0% of blacklist hits)
0 resulted in non-spam (0.000% of blacklist hits)


I CC all the emails detected as spam to a special account to review them and so far the software didn't make any mistakes.

Thanks for the heads up NomadCF!


--------------------
You + webcam - clothes - dignity = $
PMEmail Poster
Top
jiggy1com
Posted: Nov 7 2006, 07:29 PM
Quote Post


Newbie
*

Group: Members
Posts: 14
Member No.: 1575
Joined: 1-April 05



alright as far as changing the port at the command line, does this refer to "mailroot\bin\ctrlclnt -Sp 26" ? or something else

also, i believe i installed everything correctly. i changed assp to listen on port 125 in the webadmin -- is this what i want, or do i want it to listen on a different port altogether? i believe when i had it set to port 25 it interfered w/ my mail. Does it matter what port it listens on? (I'll also need to open up the port is uses on my firewall)

how do i know its working correctly? i managed to see that there were some requests coming in under the SMTP Connections but i am still receiving some spam (which i expect), but i dont see anything in the c:\assp\* folders. did i do something wrong; and what?

thanks
PMUsers WebsiteAOLYahoo
Top
Nick_Nitro
Posted: Nov 9 2006, 11:22 AM
Quote Post


Newbie
*

Group: Members
Posts: 6
Member No.: 1192
Joined: 29-June 04



I,m ussing ASSP an Xmail on 2 different systems my Xmail is on a linux system and my ASSP is on a Windows 2003 System.
ASSP is cheking the mail and then forewarding it to XMAIL.
every few hours ASSP stops allowing connections and i get errors in the log "<> max errors (10) exceeded -- dropping connection"
In the manual there is something about that kind of problem:
---------------------------------------------------------------------------------------------------

By: clayne ( christopher layne )
2003-09-23 18:43
Assp will stop forwarding new requests to Courier after about half a day (sometimes it can last 24 hours before resulting in this behaviour).

Upon manual telnet connection to port 25, I get an open connection and then an immediately closed connection. After killing and restart assp.pl, the problem goes away - for atleast 12 hours.

----------------------------------

By: ladylong ( Ruth Rogers )
2003-10-15 01:25

I had the same problem with my setup (ASSP with Merak MailServer) and finally discovered that Merak was tarpitting ASSP because of the number of connections it was attempting when things got busy. If your mail server has a similar feature, you might just need to change settings - with Merak it's a matter of telling it to bypass tarpitting for 127.0.0.1 (or wherever you have ASSP running from).

-----------------------------------
By: clayne ( christopher layne )
2003-10-29 20:31

ladylong,

Thanks for the information, this is what was happening. I adjusted courier's settings and ASSP never "hangs" now.
2003-Oct-29 12:46pm jhanna

-----------------------------------------------------------------------------------------------

Could this be the same problem with Xmail and ASSP?? and how do i change the config of Xmail for that problem?

thanks

PMEmail Poster
Top
NomadCF
Posted: Nov 11 2006, 05:50 AM
Quote Post


Wizard
*********

Group: Members
Posts: 428
Member No.: 434
Joined: 21-January 03



To : Nick_Nitro => Turn off "max errors" in ASSP.

To : sc4vengr => local validation isn't worth it due to ASSP trying to be transparent as it can passes on the each connction string as it happens. And since XMail does the vailidation it self, it will hang up the phone on a invaild local user. Thous ASSP will hang up the phone. So in the end you have gained nothing except another cron job that need to try syncing XMAIL to somthing else.

To : sc4vengr => Nice script, if your looking for something alittle simpler / faster. A cat awk script would due you just fine also (just a FYI).


--------------------
-- Chris L. Franklin --
www.NomadCF.com

All my scripts are written for linux servers.
My XMail scripts
PMEmail PosterUsers WebsiteAOL
Top
wolf8769
Posted: Nov 16 2006, 09:07 PM
Quote Post


Junior Member
**

Group: Members
Posts: 33
Member No.: 1407
Joined: 29-November 04



NomadCF,

THANK YOU!

ASSP--so far--is fantastic. It is very powerful, very flexible, very complete, very elegant in its implementation, and was relatively very easy to setup. The browser-based admin tool is of high caliber and easy to use.

Now, there are about 1,000 configuration options of which I understand only about 7! So I have a lot of reading and experimenting to do.

I started by setting it up on a test xmail server in my house. It was easy to setup, but I could not really test much since that server sees zero traffic. So I went ahead and installed on my production server which sees thousands of mail messages per day--and a LOT of spam.

Maybe this will help other noobs....when you first setup ASSP, your bayesian filter is "empty". So all messages it sees are "spam". So you want to turn on TEST mode for all the checks. (See TestMode options in the browser-based admin tool.) Also, you should blank out the "Prepend Spam Subject" value at first. Then wait until you have a few hundred messages in your assp/spam folder. Now, go through them and if they are NOT spam, move them to the assp/notspam folder. If you are not sure about a message, just delete it. Once your spam folder has about 400+ authentic spam messages in it (and hopefully no nospam messages), run 'perl rebuildspamdb.pl' which analyzes your spam to build the bayesian filters.

At this point, I set my "Prepend Spam Subject" to "[SPAM]" because now the system is actually trying to weed out spam from nonspam. My plan is to run this way for a few days and if I don't see any false positives, I'll turn off test mode and allow the system to actually block the messages it thinks are spam.

I'm very happy with the performance and robustness and so far the effectiveness after only a few hours.

-Troy

PMEmail PosterMSN
Top
SimonZarate
Posted: Nov 20 2006, 09:10 PM
Quote Post


Junior Member
**

Group: Members
Posts: 30
Member No.: 2277
Joined: 1-October 06



I am using pop3links ASSP can work for me? ASSP works with POP3?


--------------------
Simon Zarate
PMEmail Poster
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Fighting SPAM | Next Newest »

Reply to this topicStart new topicStart Poll