Frequently Asked Questions

From ASSPSMTP

On This Page 1 Antivirus 2 Installation 3 Penalty Box 4 Redlist 5 Common Problems 6 Common Questions 7 Other

Antivirus

Q: Does ASSP support antivirus scanning?

A: Yes. As of version 1.2.5, ASSP supports ClamAV as an add-on antivirus solution. To enable it, you will need to install the File::Scan::ClamAV Perl module. There is a caveat that ASSP with ClamAV cannot scan UUEncoded mails at this time. However, ASSP is able to block this very uncommon type of e-mail encoding.

Installation

Q: Which operating system is the best to run ASSP on?

A: Any. It's really whichever you are most comfortable with or are best able to support. ASSP is a Perl application that can run equally on any operating system capable of running Perl; so the best operating system is the one you or your staff are best able to support.

Penalty Box

Q: Should I use the Penalty Box?

A: Definitely. The Penalty Box is a very effective way of stopping MTAs from spamming your server with spam. The importance is to understand the way the PB works to ensure that you configure it properly for your own organization.

Q: If an email message fails several tests, are all the scores for the same email message accumulated?

A: It depends. If a particular test is Activated, ASSP will stop processing and immediately reject the email message, and consequently, only that particular test will add to the total PB Score for the IP in question. If, on the other hand, the test is in score-only mode, ASSP will continue to process the email message through the remaining tests, and accumulate any scores from any other failed tests.

Q: How does putting a feature in "Test-Mode" affect the scoring?

A: It doesn't. If the email message fails the test, the score will be accumulated. Whether the particular test in question is in Test-Mode or not, the resulting action is the same. The only difference Test-Mode makes is that the email message is still delivered to the end recipient, instead of being rejected at the source.

Q: Email messages from a particular ISP always seems to fail a certain test. How can I ensure they don't contribute to the PB Score?

A: This isn't a problem with the PB, its a problem with the feature tests that are contributing to the PB score. The only way to avoid this is to ensure that the email message doesn't fail that particular test. Look for RegExs or SpamLover addresses for the test in question to avoid it from failing the test.

If, on the other hand, you are convinced that the IP sending the email is valid, you can add the IP to the 'Don't do Black Box for these IP's*' list. That IP will then never be blocked by the penalty box (It can still fail other tests however).

Redlist

Q: What are Redlists?

A: Redlists are lists of criteria that when matched will prevent a SMTP session from contributing to the Whitelist, and ham or spam to the Bayesian corpus. Redlists are used to prevent poisoning of the Bayesian database.

More information about Redlists can be found in the Redlist glossary article.

Common Problems

Q: Why am I getting False Positives?

A: The answer can be found in this article.

Q: Why is my Bayesian database taking so long to rebuild?

A: The answer can be found in this article.

Q: Why is my Regular Expression file matching when it is empty or doesn't even exist?

A: The answer can be found in this article.

Q: Why is my Regular Expression misbehaving?

A: The answer can be found in this article.

Q: Why can't I access the web interface even though ASSP is running?

A: You most likely are not running Perl version 5.8.x or higher. This is a requirement for ASSP 1.2.x and higher.

Q: Why are DNS lookups causing ASSP to hang?

A: There is a known performance issue running version 0.59 of the Net::DNS Perl module on the Win32 platform. Version 0.57 is considered a stable alternative. Instructions on how to downgrade to an older version of a module can be found in this article.

Common Questions

Q: How does an e-mail address get whitelisted?

A: E-mail addresses are added to the Whitelist in three ways:

1. Send an e-mail to the address you want whitelisted. The message will automatically be added to the Whitelist for future ham processing.
2. Send an e-mail to the "Add to Whitelist Address" with the address to be whitelisted in the message body. The "Add to Whitelist Address" option (EmailWhitelistAdd) is in the "Email Interface" section of the ASSP web administration interface.
3. Add the address manually to the Whitelist. Addresses can be manually added to the Whitelist in the "White/Redlist/Tuplets" section of the ASSP web administration interface. Make certain that "Whitelist" and "add" are selected options in the form, add the address to the text box, and click the submit button. You can verify the addition by repeating the procedure, but choosing the "verify" option instead of the "add" option.

Q: What can I do to keep the corpus from corrupting?

A: The option Keep Whitelisted Spam (located in Whitelist Options section) must be unchecked; this will remove emails of whitelisted senders that received a Spam status before the sender was whitelisted from the spam directory when rebuildspamdb.pl runs (this ensures that the corpus is corrected).

Q: Why is saving incoming emails that receive a Mail Ok status in the notspam directory bad?

A: When rebuildspamdb.pl is run manually or by a scheduled task, the spam email that is in the notspam directory will be analyzed. The results of the analysis will be added to the good content portion of the spamdb. Having spam content in the good content portion of the spamdb will cause spam emails to get a lower score when processed by the Bayesian filter. The more spam emails that get saved to the notspam directory, the more corrupt the corpus will become.

Q: Where should incoming emails be saved?

A: First of all, emails from whitelisted users will be saved into the notspam directory. Earlier you were instructed to change the Bayesian Non Spam store location to 4. Specifying 4 as the logging path for Bayesian Non Spam will allow you to save incoming emails that receive a Mail Ok status to the directory you specify in the Bayesian Non Spam directory option (located in the Paths section).

Q: What email contributes to the corpus?

A: This depends on the settings in the Logging section of ASSP. A setting of 2 will store the email failing the test in the spam folder, whereas a setting of 3 will store the corresponding email in the nonspam folder. Furthermore, all email from local or whitelisted users will be stored in the nonspam folder; this can further be controlled by using the redlists, the noprocessing lists and the logging frequency.

Other

Q: What are the meanings of the three-digit SMTP status codes?

A: The answer can be found in this article.

Q: What exactly are the "raw" parts of e-mail body and header?

A: The answer can be found in this article.

Q: Which attachment file-types are dangerous and should be blocked?

A: The answer can be found in this article.

Q: In Imail, how can I export e-mail addresses and users to ASSP to populate "local users" and "local domains"?

A: If you store your Imail users in the registry, you can use this script to export your user data, and import that data into a text file for ASSP to use.

Q: What is the definition of a MailOK message?

A: MailOK are messages which are considered as HAM, but are not stored in the standard HAM folder because of our policy to use only confirmed HAM messages (whitelisted or local) for SpamDB.

Q: What is the difference between "Accept All Mail" and "ISP/SecondaryMX Servers" settings?

A: Servers listed under "Accept All Mail" automatically skip all tests and are automatically considered as valid email. Furthermore, any email sent from an "Accept All Mail" server will have the recipient be whitelisted. Basically, this setting allows another server to relay through ASSP with ASSP seeing all of the email as being entirely trusted - similar to any Authenticated user sending email through ASSP.

Servers listed under ISP/Secondary MX Servers will intentionally skip all connection checks (ex: RBL, Greylisting, Delaying, etc), but still performs all content checks on the incoming email (ex: Spam Bomb, Bayesian, Local Address Validation, Relaying, Validate Local Sender Address, Virus Control, etc). This setting is mainly used to avoid any any sessions delays or scrutiny for indicated IPs - to allow the connection to take place as fast as possible - and still be able to perform other types of filtering against the content of the message. A listing in ispip is to imply that the connecting server is a trusted source for e-mail (such as your ISPs mail server), but the content might not be.

Q: What is the purpose of "ISP/Secondary MX Grey Value"?

A: Since greylisting is not used for these servers, the greylist value must be determined in different way. This box gives you the option to set this value. It is recommended to set this value to 0.5.

Q: Can ASSP be run with SSL / TLS connections?

A: No - not natively. ASSP currently only works with non-SSL connections. However, there are methods to use SSL for your e-mail users to protect their authentication process. Third party utilities such as stunnel (http://stunnel.mirt.net) allow you to use SSL/TLS to encrypt connections between your outside party and ASSP. There is only one caveat; stunnel works as a proxy between your outside connection and ASSP. Consequently, ASSP sees the connection as originating from stunnel (typically 127.0.0.2), and not the sending party. This means that all connection checks (delaying, greylisting, RBL, etc) would not work with these connections. Consequently, if you want to use stunnel to protect any SMTP authentication process with your clients, you should prevent all non-AUTH connections to this port. This can be accomplished by setting the endport of stunnel to "Another Listen Port" (in Network Setup), and enabling "Enforce AUTH before MAIL FROM when connecting to second SMTP port". This will prevent any non-authenticated users from sending email through the encrypted stunnel connection.