assp - Anti-Spam SMTP Proxy
assp [ base_dir [ admin_port ] ]
%%RC_SCRIPT%% start|stop|restart|status
Anti-Spam SMTP Proxy is a spam filter that sits on port 25 in front of
your regular SMTP server (exim(8), postfix(8), qmail(8),
sendmail(8), etc).
ASSP relays the SMTP dialog between an incoming client and
your SMTP server, intercepting the dialog as needed. ASSP performs a
number of configurable spam checks and on detecting a spam message provides
an immediate 5xx SMTP error code back to the client. Non-spam messages are
passed to your regular SMTP server for further processing and delivery. Spam
messages can be blocked from delivery or subject-tagged and delivered.
ASSP offers:
- -
- a whitelist of known good senders
- -
- Bayesian checks on message headers and contents
- -
- local user validation using RFC822 checks, flat lists or LDAP lookup
- -
- relay denial
- -
- HELO checking
- -
- SPF (Sender Policy Framework) checking
- -
- DNSBL (DNS Block List) checking using many block list services
- -
- delaying of messages from unknown senders
- -
- Virus detection
ASSP is entirely administrator-managed and is almost
totally transparent to users. In particular, users do not need to manage
procmail(1) spam filters or challenge-response systems of their
own.
The base_dir argument gives the name of ASSP's
working directory. If omitted it defaults to the current directory.
ASSP is configured using a web interface. The
admin_port argument gives the network port for accessing
ASSP's configuration menu. It defaults to 55555. To access the
configuration menu, start ASSP and then point your browser at
http://localhost:55555. The default admin password is
nospam4me.
Initial setup of ASSP involves several steps:
- 1.
- Review ASSP's configuration options and adjust as necessary. Be
sure to change the admin password. By default ASSP's filters are
all set to Test Mode which means all messages will be delivered to
their recipients. Leave everything in Test Mode for now.
- 2.
- Decide on which network port(s) ASSP will listen and on which your
normal SMTP server will listen. Typically, ASSP will listen on port
25 and your SMTP server will be moved to something like port 125 or
587.
- 3.
- Reconfigure your SMTP server to its new port.
- 4.
- Reconfigure ASSP to port 25 and restart ASSP. Since
ASSP is in Test Mode, all messages will be delivered to their
recipients.
- 5.
- Arrange for all users' outbound email to be processed by ASSP. This
is necessary for ASSP to be able to automatically maintain its
whitelist. If a user's MUA uses SMTP to port 25, this will happen without
further intervention. If an MUA invokes /usr/sbin/sendmail and
you're using the default sendmail(8) configuration with submit
queues, this will also happen without further intervention. Otherwise, you
need to take whatever steps are necessary for each MUA that's being
used.
- 6.
- Optionally, send a message containing a list of email addresses that you
want to receive email from to asspwhite@yourdomain.com. Have all
your users do this. This will seed ASSP's whitelist. Messages from
senders on the whitelist will never be blocked. An address can be removed
from the whitelist by emailing it to
asspnotwhite@yourdomain.com.
- 7.
- To set up the Bayesian word list filtering, do the following:
- 7a.
- Ensure some senders' addresses are in the whitelist, either by sending
email to them or by seeding the whilelist as described above.
- 7b.
- Allow some time (could be hours or days, depending on the volume of email
you receive) for enough email to collect. Mesages from senders on the
whitelist will be copied in the notspam directory. Other messages
will either be passed or be copied in the spam directory based on
word scores in the initial greylist.
- 7c.
- Periodically examine the messages in ASSP's notspam and
spam directories to make sure they're sorted correctly. Move any to
the other directory as needed. If you're unsure about a particular
message, just delete it. Also, examine maillog.txt for information
about what ASSP is doing.
- 7d.
- After about 400 messages have collected, filtering mode can be enabled. In
the /var/db/assp directory, run the
/usr/local/lib/assp/rebuildspamdb.pl script to create the spam
database from the logged messages. This is the part where the Bayesian
filter ``learns'' about the words in your spam and notspam
collections.
- 7e.
- Uncheck the appropriate Test Mode box in ASSP's configuration menu
to enable message blocking.
- 7f.
- It is recommended that the UseSubjectsAsMaillogNames configuration
option is eventually unchecked and that the script
/usr/local/lib/assp/move2num.pl is run in the /var/db/assp
directory. This causes messages to be stored with numeric filenames, and
overwritten after some time. The benefits of this are that the size of the
stored messages will be limited and that older messages are removed from
the collection. This keeps the Bayesian word list current. This need not
be done immediately; you can do this once you no longer feel the need to
examine the spam messages in detail.
- 8.
- ASSP's other filtering options (local user validation, RFC822
conformance, client HELO validation, SPF validation, the Delay List, the
use of DNSBLs and the ClamAV virus checker) can be enabled by examining
and adjusting their configuration options as needed and then unchecking
the appropriate Test Mode boxes.
Once ASSP is live, users should forward a copy of any spam
message that still gets through to asspspam@yourdomain.com in order
to add it to ASSP's spam database. Any non-spam that was
mis-classified as spam can be copied to
asspnotspam@yourdomain.com.
The rebuildspamdb.pl script needs to be re-run periodically
to update the spam database from the latest logged messages. There is a
periodic(8) script that will do this overnight.
For full details of using ASSP, see the ASSP website
and documentation.
The %%RC_SCRIPT%% script is run automatically at system boot time.
Several variables can be set in /etc/rc.conf to control the behavior.
- assp_enable
- set to YES to start ASSP at boot time
- assp_flags
- passed to the ASSP client, default is
assp_flags="/var/db/assp"
- assp_logexpire
- used by nightly script to expire logs, default is
assp_logexpire="45" days
- /var/db/assp
- location of ASSP config file, log file and spam databases
- /var/db/assp/notspam
- copies of non-spam messages received
- /var/db/assp/spam
- copies of spam messages received
- /var/db/assp/errors/{notspam,spam}
- messages forwarded to asspnotspam@ and asspspam@ addresses
- /var/db/assp/maillog.txt
- ASSP's log file
- /usr/local/lib/assp/freshclam.sh
- script to update virus definitions
- /usr/local/lib/assp/move2num.pl
- script to rename stored messages to numeric filenames
- /usr/local/lib/assp/rebuildspamdb.pl
- script to update spam database
- /usr/local/etc/periodic/daily/510.assp
- nightly script to invoke rebuildspamdb.pl and
freshclam.sh.
procmail(1), assplog(8), exim(8), postfix(8),
qmail(8), sendmail(8), /usr/local/share/doc/assp/ASSP
Documentation.htm
http://assp.sourceforge.net/