Problems and Solutions
From ASSPSMTP
Return to Documentation Home
Problems & Solutions
How to diagnose and repair your ASSP
I don’t want to block email, I want users to filter their email. Can ASSP do that?
Yes and no. ASSP can put a "X-Assp-Spam: YES" in the message header and also put [SPAM] (or whatever you want) in the subject of spam emails, so end users can use ASSP to filter their own mail this way. However ASSP has been designed to block unsolicited email, and if you don’t want that you should probably look at another tool. If you're not blocking unsolicited email you're really not doing anything to solve the problem of spam. 2003-Sep-04 12:38pm jhanna
Can I use ASSP to scan for viruses?
There is great updated information about itegrating ClamAV into ASSP.
ClamAV Anti-virus Integration
Install the File-Scan-ClamAV Perl module on win32
Install ClamAV & clamd server on win32
ASSP’s default configuration blocks Windows-executable attachments from non-whitelisted senders.
This effectively blocks nearly all viruses. However Word-macro viruses, the Kak worm, and executables
from whitelisted senders are not blocked. I strongly recommend a client-based antivirus program,
or an antivirus program designed for your mail transport. Blocking viruses in a SMTP proxy introduces
complexities beyond the scope of ASSP’s design current goals.
As a side note, I know of one researcher who uses a program like ASSP as a virus filter. If you put at
least five copies of a virus in the spam collection, ASSP will probably block that virus the same way it
blocks spam. The researcher even had reasonalbe success with polymorphic viri. However, ASSP has been tuned
to recognize spam, and I make no guarentees that it will recognize viri.
2003-Sep-04 12:41pm jhanna
I have some users who don’t want spam blocked How can I do this with ASSP?
See the Spam Lovers configuration option. You also can use "No Processing" addresses, which not only skip whitelist additions (like the red list) but also don't contribute to the spam / nonspam database. 003-Sep-04 12:46pm jhanna
Mail is getting blocked that shouldn’t be. How do I fix that?
First, email the people who are getting mail blocked. This will add their addresses to the whitelist and their mail won’t be blocked any more. Second, put samples of the type of mail that is being blocked in your notspam or errors/notspam folders so that the filter becomes biased to accept that kind of mail -- you have to run rebuildspamdb.pl before the changes take effect. Third, look for a unique string or phrase to the type of email that is being blocked (perhaps your street address, city name, phone number) and add that to the "expression to identify nonspam" configuration option. You can also use "whitelisted domains" to help mail get through the filter. 2003-Oct-20 4:08pm jhanna If from address is already whitelisted and still triggered as spam (mostly newsletters is my experience) check the following things: If you have the following option in the configuration ON: Only the envelope-sender is added/compared to the whitelist (checked) Then ASSP only checks the header: mail from: xxxx@domain.com and not the header: from: xyz@domain.com This line is only used to communicate with the mailserver so won't be seen in your mail headers. The mail from line will be translate in the following header: Return-Path: xxxx@domain.com Whitelist xxxx@domain.com will fix this problem or you can uncheck the option "Only the envelope-sender is added/compared to the whitelist" If unchecked the following headers will be checked: From: Sender: Reply-to: Errors-to: List-*: 2004-Dec-15 2:20am luuk
Why isn’t ASSP blocking any mail?
There are three possible reasons for this: 1) You have TestMode checked, 2) Your spamdb is empty, too small or ASSP can’t find it (check your log messages in maillog.txt at the startup), 3) ASSP thinks every message is local or whitelisted (check your log). This often happens if you have || or a | at the start or end of the whitelisted domains or "Expression to Identify Non-Spam." 2003-Sep-04 12:56pm jhanna The documentation says that the trouble with my ASSP instalation is that my spamdb is too small (checked in my log messages in maillog.txt at the startup). What can I do to fix it? Best regards, Paulo. 2004-Nov-17 8:06am paulo.arruda
Why is ASSP blocking all mail?
There are two possible reasons: 1) Your non-spam collection is too small in proportion to your spam collection – add messages to it, or delete some spam and rebuildspamdb.pl. 2) You have something in Blacklisted Domains or Expression to Identify Spam that is too general -- use the analyze page to let ASSP tell you why it is blocking a message. Check for || or a | at the start or end of your expression. 2003-Sep-04 12:55pm jhanna
How do I use the email interface with Exchange, Notes, or a RelayHost / RelayPort setup?
ASSP's email interface allows you to send messages to the ASSP server to add addresses to the whitelist, report spam, or report a false-positive. If your clients do not use SMTP to deliver mail through ASSP's proxy, this feature becomes more complicated. ASSP is looking for it's command addresses at one of its localdomains. However your mail server will not accept mail for ASSP's addresses (and if it does, it will never be passed to ASSP). The work-around is to find a domain you never expect to actually send mail to, tell ASSP it is local, and use that domain for ASSP commands. So you could add spamreport.gov to ASSP's localdomains, and direct whitelist additions to assp-white@spamreport.gov. ASSP's default setting for "Email From" doesn't work with Exchange -- change it to be "postmaster <postmaster@yourdomain.com>" instead of "ASSP <>". Or you could just ignore the email interface. Please note that the assp-white address cannot see bcc addresses this way, and cannot prevent delivery to people. Consequently if you use this configuration, be sure you only put addresses in the body of your mail message. Don't include them in the delivery part of the message. 2003-Sep-04 12:58pm jhanna The problem arises only if your internal clients send mail via Outlook directly to Exchange. In this case the message does not use SMTP and therefore does not pass ASSP before it reaches the server. Exchange does not know about the "magic" names and normally should not. The key is, to convince Exchange to pass it on to ASSP which DOES know about this magic names. It can be done by the following procedure: 1) invent a "dummy" domain, like "assp-nospam.org" (seems to be an available domain name) 2) tell ASSP that this domain is one of your "local" domains 3) tell your users to send their spam to "assp-spam@assp-nospam.org"; instead of "assp-spam@yourdomain.com"; or tell your Exchange-server to forward the later to the former. If you prefer the "forwarding" approach, you can pick a dummy domain name that is more unlikely to be ever registered (like foo123blob.tac), as nobody has to remember the name. If you have ASSP on the outbound channel - as you should for the auto-whitelist function to work - and your Exchange is using the ASSP-relay-Port to deliver external mails, then the server thinks it is "external" and hands it over to delivery. ASSP thinks it's "local" and processes the magic-names as expected. Works here on two different Exchange setups (5.5 and 2k) (Robert Orso, 2003-11-17) 2004-Jan-08 1:52pm jhanna Exchange doesn't seem to like the From-address to have _any_ < or > in it. Just type in something plain, like postmaster@yourdomain.com. 2004-Jan-07 12:43pm anders.olsson The Email_Interface page is a good resource for this type of setup. 2006-Dec-11 1:54pm gedwest
Why is my whitelist empty?
The whitelist is only saved once every 3600 (user configurable) seconds (ie 1 hour). Watch your maillog.txt and look
for "Saving Whitelist", then check the stats.pl or the whitelist file.
If ASSP is set up correctly in the maillog.txt you should see something like this:
Jul-9-03 14:40:31 10.1.1.90 <jhanna@mydomain.com> to: mike@yahoo.com local or whitelisted
Jul-9-03 14:40:31 10.1.1.90 <jhanna@mydomain.com> to: mike@yahoo.com whitelist addition: mike@yahoo.com
If you don't see the first line, then you don't have "Accept all mail" correctly set up. If you don't see the second
line then you don't have "Local Domains" set correctly (note addresses in the local domain don't get added to the whitelist).
ASSP gets whitelist info from your email client. It should look like this (substitute your mail server for postfix):
Your client -> ASSP -> postfix -> queue -> remote delivery;
and
Remote mail -> ASSP -> postfix -> local storage -> local clients
With Exchange/Notes/RelayHost it's a little different:
Local Client -> Exchange -> Local Client [assp never sees these mails]
Local Client -> Exchange -> ASSP (relayPort) -> ISP relay host -> remote delivery
Remote mail -> ASSP -> Exchange (SMTP) -> Local Client
2003-Sep-04 1:01pm jhanna
My email client uses /sbin/sendmail to deliver mail. Will this work with ASSP?
Many Linux mail clients, like Pine for example, use sendmail on the localhost to put mail into the mail system. For ASSP to accurately maintain the whitelist and non-spam collections your local mail must go through ASSP. The easiest solution is to tell your mail client to use SMTP instead of sendmail. Most provide this option. Some clients have configuration options for both "Path to Sendmail" and "SMTP Server" -- in this case, make sure the "path to sendmail" is always blank (ie blank for your personal settings, and blank for your global server settings) and the "SMTP Server" is always set to ASSP's smtp port. If you must, you can use ASSP's RelayHost and RelayPort settings to allow work around this, but you must also configure your mail transport to use a Smart Host, rather than directly deliver mail. 2003-Sep-04 1:02pm jhanna
I think ASSP blocked an important message. What do I do?
First open your maillog.txt and try to find the message in question. You can search by sender or recipient. If a message has more than one recipient, only the first is shown. In the maillog you can see if the message was "message ok", "whitelisted", or if it was "bayesian spam." Note the time & date of the message. If the message in question hasn't been sent yet, email the sender so they're on the whitelist. Then it won't be blocked. If you don't know the sender's address, you can add a "whitelisted domain" or a "expression to identify non-spam" to try to ensure its delivery. If it was "Bayesian spam" then you may be able to find a copy in the base/spam directory. Sort the files by date and look at the ones closest to the date & time of your message. Any text editor should be able to open the files. Files in the spam directory randomly can be overwritten, so the older the message, the less likely it to be there. Also, only the first 10k are stored, so if you're looking for an attachment, you're out of luck. To send the message to its intended recipient do this: Copy the file to your hard drive, rename it to have an .eml extension (or whatever form your email client likes), make a new mail to the person who should get it, and attach the .eml file to it. Then click send. Of course you could make some note along the lines of, "Found this in the spam bucket -- thought you'd want to have it. If you email this person their mail will never be blocked. By the way, you owe me a beer." 2003-Sep-04 1:07pm jhanna
I'm still getting spam. What's wrong?
Make sure you have read the documentation in the "Getting Started" section. It is there to help you get going right the first time. This will help you set up a good spam and notspam collection and get the rebuildspamdb.pl script running regularly. Also see (Xref) Why isn’t ASSP blocking any mail? Look in the maillog.txt to see what it says about the message. If it says "local or whitelisted" you should verify your "hosts to allow all mail" setting, or check if the sender's address was on the whitelist. If the maillog.txt says, "message ok" then take the message and paste it into the "Analyze mail message" screen and click analyze. (There's detailed instructions at the bottom of the screen.) This will tell you how your message related to the spam database. You will get spam for one of the following reasons: 1) The spam message is unlike others in the spam database -- Solution: put a copy in the spam or errors/spam directory. 2) The spam message is like others in your nonspam database -- Solution: double check your nonspam database to make sure you didn't get some spam in there by accident. 3) The message was from a whitelisted sender -- Solution: remove the sender from the whitelist if they shouldn't be there, also put a copy of the message in the errors/spam directory. 4) The message matched your "expression to identify non-spam" setting -- Solution: double check to make sure what you have entered there is what you want; Perl "regular expressions" are not just string matches. Read the help page on Perl regular expressions. 2003-Sep-05 10:06am jhanna
How can I change the text of the messages ASSP uses to reply to email submissions?
You can't please everyone all the time. It is possible one of your users will find the text that ASSP uses to
reply to assp-spam, assp-notspam, or assp-white addresses offensive or inappropriate.
This text is easy to find by searching the source code. Just edit it to suit your situation.
2003-Sep-04 1:10pm jhanna
Look in assp.pl; you should see the text of the email there -- if you want to edit it, it's easy to change to
whatever you want. If you want to suppress it, change this line:
ReturnMail($this->{mailfrom},"Spam report: $sub",<<EOT);
to this:
ReturnMail($this->{mailfrom},"Spam report: $sub",<<EOT) if 0;
(that is, you add "if 0" before the semicolin.)
john
2003-Oct-27 2:00pm jhanna
Why does every person who posts on a maillist get added to the whitelist?
After some discussion on the ASSP-USER mail list it was determined that this is the most appropriate behavior. 1) For most maillists it is not unusual for someone on the list to mail another person on the list -- whitelisting them is appropriate. 2) Since spammers rarely use valid "from" addresses these extra whitelist entries will not likely result in your receiving spam. 3) If you don't hear from them again in about 90 days, they'll probably be trimmed of the whitelist automatically. 4) If you really don't like this behavior, add the list's "envelope sender" (you can find it in the maillog.txt) to your "No Processing" addresses. This will (a) prevent whitelisting, (b) not put mail in the spam, notspam, or other directories from the list, and (c) pass the list's messages through (ie not block them). 2003-Sep-04 1:10pm jhanna 5. Add the list address to the redlist - any address on this is passed through without being processed. This stops list mail from inclusion during a spamdb rebuild and it keeps addresses out of your whitelist. 2004-Jan-05 1:22am joe
I host maillists -- how does ASSP work together with ezmlm or other maillist software?
Running maillists behind ASSP is something of a black art yet, and an area that probably requires further research. Let's assume (for discussion) that you have this setup: The ASSP / Qmail / Ezmlm machine at 64.0.0.1 and 10.0.0.1 A local client who manages the maillist at 10.0.0.2 A maillist participant at 222.0.0.1 Many other maillist participants across the internet. Ms 10.0.0.2 sends a post to ML (the maillist) 10.0.0.1 ASSP accepts it as local, passes it to qmail which sends it to ezmlm which multiplies it by sbin/sendmail. ASSP has put a copy in the base/notspam folder (this is good -- this post is not spam). 222.0.0.1 and the other recipients receive copies (ASSP is oblivious). 222.0.0.1 replies (i.e generates a post to ML) and is not on the whitelist, but the post isn't spam because it's quite similar to 10.0.0.2's post. If you don't trust your list members to post ham (not spam) this is good behavior. Alternatively, you could put the list address on the "no processing" list so that no filtering (or influence of the spam / ham collections or whitelist) happens. However unless you can tell ezmlm to deliver by SMTP rather than by sbin/sendmail there's no way to get all list participants whitelisted. 2003-Sep-04 1:14pm jhanna
How do I set up ASSP to run with redundant MX domains?
Two options: 1) Put the important files (whitelist, spam/, notspam/, & errors/) on a shared network drive. 2) Sync files (with rsync or a similar program). Just keep the latest copy of each file, and only run rebuildspamdb on one server. You'd need to do something to keep the .cfg files and maillogs from getting clobbered. 2003-Oct-22 1:42pm jhanna
Spam/notspam report writes this in the logfile: RMabort: rcpt Expected 250?
When you send a spam report / notspam report / whitelist addition by email, ASSP tries to email you back a confirmation message. If you get this "RMabort" message, your submission was received and processed, but ASSP is failing when it's trying to confirm your submission. This error comes when ASSP posts its address to say whom the report mail is from. The default is "ASSP <>", but some mail servers, Exchange for one, won't accept an address in this form. The address with the problem is not your address, or the address in the spam you're submitting, but the address that ASSP is trying to use to send mail. Go to the web configuration page, under "Email Interface" and find the "From Address for Email" setting. To clear this error, you need to find an address that is acceptable to your mail server for ASSP to send mail. Try just postmaster@mydomain.com or spammaster <postmaster@mydomain.com> or a valid local address or other variations until it starts working. 2003-Nov-25 1:19pm jhanna
Why doesn't ASSP work with TLS or secure SMTP?
TLS is a form of encryption that allows your SMTP server to have secure communications with the SMTP client. If the communications were secure, ASSP couldn't proxy the transmission to block spam. As of version 1.0.3 ASSP disables your server's TLS conversations through the ASSP port. In theory one could use STUNNEL to still allow TLS connections to ASSP and then on to your mail transport. Also in theory one could use a version of openssl to add this capability to ASSP. If anyone does either of these please write me and I'll include it with future releases of ASSP. If you are running 1.0.2 or less I reccomend disabling TLS on your server. TLS has been reported to cause problems with ASSP. 2003-Sep-26 3:08pm jhanna Their is a thread in the mailing list archives concerning TLS here 2006-Dec-11 1:54pm gedwest
How can I manually download the greylist?
The url is http://assp.sourceforge.net/greylist.txt and the file should be saved (in binary form -- it's only a text file if your system uses LF as EOL -- CRLF [ie dos/windows] will break the file) to match your setting in the config (possibly grelyst with no extension -- or you can change your config to match your download). The file is currently about 140k, but its size will change. ASSP downloads it about every 12 hours. There's no point in downloading it more frequently than that. You can use a tool like wget to download the file, but you'll need to work out the naming scheme. This is the process you should follow: 1) Download the greylist file to a temp file 2) If the download failed, remove the temp file and quit. 3) Delete the current greylist 4) Rename the temp file to the greylist file's name When ASSP does this automatically, it also resets the greylist cache, but there's no way to do that externally. However the cache will eventually reset on its own. 2003-Oct-20 9:13am jhanna
What is the greylist and what does it do?
ASSP collects statistics from participating ASSP users to help identify mail hosts that tend to send more spam or more not-spam mail. These statistics are compiled together to create a "greylist." The greylist associates IP addresses of mail sending hosts with their recent statistical probability of sending spam or not spam. It's not a whitelist, or a blacklist, but somewhere in-between -- a grey list. Of course it is rare to find a host that sends equal amounts of spam and not-spam, so very few entries are 50/50 or completely grey. This type of information is of practically no value to traditional IP-based spam-blocking systems. However, it is ideal for a Bayesian descriminator: this probability is factored in with other probabilities associated with the mail and helps affect the outcome in the desired way -- better spam AND not-spam detection. ASSP takes some care in how the user-supplied statistics are handled in order to reduce the probability that a spammer or misconfigured host will unduely influence the statistics. Because strong security is impractical in this situation I prefer to leave the exact method obscure. Nevertheless, as the ASSP community grows the effectiveness of the greylist will also increase.
2003-Oct-29 8:54am jhanna The feature called greylist by ASSP is not to be confused with the industry term greylisting which is what ASSP calls delaying. 2006-dec-11 2:24pm gedwest ASSP has implemented a full scale version of greylisting http://projects.puremagic.com/greylisting/whitepaper.html. Internally it is called "delaying". Fritz Borgstedt Nov 23, 2006; 04:27am
After a few hours ASSP stops allowing connections. How do I fix that?
By: clayne ( christopher layne ) 2003-09-23 18:43 Assp will stop forwarding new requests to Courier after about half a day (sometimes it can last 24 hours before resulting in this behaviour). Upon manual telnet connection to port 25, I get an open connection and then an immediately closed connection. After killing and restart assp.pl, the problem goes away - for atleast 12 hours. ---------------------------------- By: ladylong ( Ruth Rogers ) 2003-10-15 01:25 I had the same problem with my setup (ASSP with Merak MailServer) and finally discovered that Merak was tarpitting ASSP because of the number of connections it was attempting when things got busy. If your mail server has a similar feature, you might just need to change settings - with Merak it's a matter of telling it to bypass tarpitting for 127.0.0.1 (or wherever you have ASSP running from). ----------------------------------- By: clayne ( christopher layne ) 2003-10-29 20:31 ladylong, Thanks for the information, this is what was happening. I adjusted courier's settings and ASSP never "hangs" now. 2003-Oct-29 12:46pm jhanna
Can I run a secondary MX without ASSP?
Spammers fake their "from" address. If you bounce a spam, the bounce will almost always bounce. This called an NDR, a non-delivery reports. ASSP avoids bouncing NDRs because it rejects mail in the SMTP conversation. This only works if the SMTP conversation is with the source of the mail. If a spam host connects to your primary site and tries to send a spam, at the end of their message they get a 550 error and the connection closes. They are both notified of non-delivery and the mail is not delivered. If a spam host connects to your secondary without ASSP, the secondary will store the message. Then it will try to deliver it to the primary which will block it. The secondary will then generate a non-delivery report that will probably bounce. This same situation can happen if you put a store-and-forward anti-virus service in front of ASSP. 2003-Nov-14 1:37pm jhanna
Why is ASSP running so slowly on my Sun / Solaris system?
We don't know. Aparently the standard Sun Perl is partially broken. Activestate perl for Solaris works the same way. To date no one has told me that they've found a solution for this. 2003-Nov-19 9:32am jhanna We had the same problem, perl was consuming about 99% CPU time. But this decrease dramatically to 2% when we set "Path to Anti-virus Databases" field to blank. 2004-Jul-02 3:08pm victor
What should I do about strange addresses on my whitelist?
"I see in the maillog that strange addresses are being added to the whitelist. What should I do about them?" You have two options: 1) Just ignore them. The odds that you'll receive a spam from one of the addresses that has been whitelisted is very low. After a while the whitelist entries will go away on their own. Having extra entries on the whitelist is not much of a performance hit, and you have better things to do with your time than mess with them. 2) Copy the section of the maillog that contains the erronious whitelist addition -- edit it to make sure there's no valid whitelisted addresses in it, then paste it into the "remove addresses" box in the ASSP config -- you don't have to clean out the other text from the maillog -- just make sure the only email addresses that appear in what you post are ones you want removed. You choose. (I'd pick the first.) 2003-Nov-14 1:42pm jhanna
How can I troubleshoot my ASSP system?
Here are some questions to help you try to isolate what's going wrong. telnet 127.0.0.1 125 (type quit) Did you get the banner from your mail transport? telnet 127.0.0.1 25 (type quit) Did you get the banner from your mail transport again? Did you see a message from ASSP on the screen or maillog.txt, "Connection from 127.0.0.1"? Are your local users in the subnet(s) listed in the "Allow All Mail" setting? When you configure your email client to connect to the ASSP box, port 25, to deliver SMTP mail, does it go through? Does the entry appear in the maillog.log: 10.x.x.x ... Local or whitelisted Is your mail MX pointing to ASSP's host? Can you send a mail through ASSP to a local address? Do they receive it? Can you send a mail through ASSP to an external address? Do they receive it? Can an external address send you a mail? How does it show up in the maillog.txt file? Is the greylist less than 24 hours old and > 50k in size? Are you seeing some email in the maillog.txt marked as "Bayesian Spam" and "Message OK"? Are files collecting in your spam and notspam folders? Is your spamdb getting rebuilt automatically? 2003-Nov-25 2:44pm jhanna
What should I do to run ASSP on an old / slow computer without much ram?
If you're running in a low ram environment (and a not so fast cpu) it's probably best to limit the size of the spam and notspam folders to MaxFiles 4000. (Lower numbers reduce accuracy, but also the size of the database.) You'll need to manually remove files to get down to the required size. Also, files in the errors/* folders take extra RAM as well, so try to keep those folders down to about 100 each. Rebuild the spamdb with the Ramsaver option. Start it running and come back in the morning. 2003-Nov-26 3:43pm jhanna
I've set spamlover addresses, ASSP in test mode. I still see no "spam lover" message in log file.
Spam lover settings don't show up in test mode -- you have to turn test mode off to see them work. 2003-Dec-10 3:34pm jhanna
I want to run as user other than root; what permissions do I need to change?
> If I have ASSP running a user other than root, should all files within > the distribution be owned by that user? assp.cfg, spam, spam/*, notspam, notspam/*, errors/*, maillog*, whitelist, redlist, greylist, spamdb, and the assp directory should all be owned by assp. (Maybe I'm missing something, but those are the files/ folders that come to mind that assp changes.) The spamdb file is actually owned by whoever owns the rebuildspamdb.pl process -- just make sure the assp user has read access. > The web interface/maillog indicates whitelist additions to but no > files are being created in the distribution for redlist or whitelist. The assp directory should be owned by the assp process. See if that fixes it. > I'm also not able to use the web interface to view log files and > apparently assp is no longer writing to the log. All of this I assume > to be permissions issues. Make sure the current maillog.txt is owned by assp 2003-Dec-15 10:04am jhanna
ASSP is rejecting all mail with Relaying denied.
Problem: All email is being rejected with the error 'Relaying denied'. Solution: Get a list of all your domains into a file, and set 'Local Domains File' to it. Problem: I copied my /etc/postfix/virtual file (list of local domains) to my assp directory, but all incoming email was still being rejected. Solution: Get rid of all comments, delete everything except for the actual domain names of emails to accept. Debugging showed that ASSP was gluing all the words on the same line together, and calling that a domain name. Alternatively, edit assp.pl to cut everything but the first word on a line when it reads the file. Problem: Still rejecting email? Solution: Since I had turned on the chroot option, instead of /usr/local/lib/assp/virtual, I should have typed /virtual into the settings. Oh, and made sure that the file was readable by the user assp. In the end, I edited assp.pl to check permissions and complain if they were wrong.
How do I use the dnsbl setting?
The dnsbl setting has been superceeded by the greylist and is only present to provide backward compatability. Its use is strongly depreciated. But I hear you say, "But I want to block mail from known-bad IP addresses." Can't ASSP do that? ASSP could do that but that is not what the DNSBL setting was used for. These are the factors involved with DNS black listing and how they relate to ASSP: 1) I used DNS black lists for a number of years before I wrote ASSP. I found that they rejected far too little spam and had far too many false positives. They change slowly, while spammers adjust quickly. There is no such thing as a "realtime" black-hole list. I also found that truely successful black-hole lists either get sued out of existance, become pay (ie for profit) services, or simply go bust too quickly. The bottom line is that an IP address alone does not give you enough information to correctly classify incoming mail. ASSP's greylist is an attempt to make use of what information is available about an IP address without creating false positives or negatives. Perhaps you'll argue that you know of a truely fantastic black hole list, and maybe times have changed and such a thing really exists. If you have one that's > 99% effective, then use it and skip ASSP. If it's less than 99% effective, then just use ASSP and forget about the black hole list -- it's unnecessary and a distraction. 2) ASSP is a multiplexed server, not multi-process or multi-threaded. This allows ASSP to be truely cross platform and quite effecient in how it handles connections. Unfortunately it means that any process that blocks will cause a temporary SMTP outage. Perl's standard DNS functions block. This means that traditional DNSBL lookups via DNS are incompatible with ASSP's multiplexed design. The alternative (and the approach in the original DNSBL and that continues in today's greylist) is to load all the DNSBL values into a file where lookups can be made in a timely fassion. However most DNSBL services only provide this option if you can prove that your load is quite high. Or you can use a tool like openrbl and update your file on a daily basis. This ends up being problematic. 3) "Spam filtering works best by combining a variety of spam-fighting technologies." And to the extent that that is true, ASSP incorporates a variety of spam-fighting technologies. However, each technology carries not just a benifit, but also a margin of error and a maintenance cost. You must be careful in combining technologies or you find that you increase your maintenance costs and increase your overall error margin without increasing your accuracy. I believe DNS blacklists fall in this category. 4) Bayesian content filtering is a fantastic tool. Generally the requests I've received from people who want DNSBL support are from those who have used it in the past and haven't used a good Bayesian content filter before. They're trying to keep doing what they've always done before. I'd encourage you to give ASSP a try. See how it performs. I expect that even without DNSBL support it will exceed your expectations in most cases. 2004-May-24 8:43am jhanna
My whitelist is not getting added to anymore
If it was working at one point then the chances are that you have a trailing pipe symbol on one of the properties in your config file. Check the field that has the expressions to identify Redlisted email. 2005-Jul-07 4:56pm mattbreedlove
Can ASSP allow certain users to receive executable attachments?
Anyone on your site’s whitelist (ie anyone who has received email from your site) can send you executable attachments. Think about it, how often have you received a VBS or PIF attachment from a stranger that wasn’t a virus? And what’s the big deal about putting it in a ZIP archive if they really need to get it through to you? You can add an address to the "no processing" list and email soley to those addresses will receive all mail, including executable attachments. There is also an option to block executable attachments from all senders. 2003-Sep-04 12:48pm jhanna
POP3 and IMAP don’t work. What’s wrong?
Nothing is wrong. ASSP proxies SMTP connections but does nothing with POP3 or IMAP connections. Adjust your mail client software to look at the POP3 or IMAP ports on your mail server’s address. 2003-Sep-04 12:51pm jhanna
How do I add / remove / verify an addresses on the whitelist / redlist?
In version 0.2.0 and higher, use the web admin interface (perhaps http://127.0.0.1:55555) and click on the "Update / Verify the Whitelist" link at the top of the page. It should be pretty clear from there. Note that 0.2.0 and 0.2.1 don't have a feature to show you the entire list. (It's in the things to do for a later version). In versions prior to 0.2.0 you can use the list.pl script. 2003-Sep-04 12:56pm jhanna
How can I make rebuildspamdb.pl use less RAM?
The rebuildspamdb.pl script has to look at every possible keyword pair in every email in your collection. This process inherantly requires a significant amount of memory. You can run the rebuildspamdb.pl script over the network on a different host than ASSP is running on if you're having trouble running out of available memory on your ASSP machine. However this requires that all the files in the spam, notspam, and errors collections must be read over the network. Note that as of version 0.3.2 rebuildspamdb requires less than half the RAM of previous versions. If you still are running low, and don't mind making the process slow down by a factor of 10, there is a line (about line 19) that you can uncomment to limit the RAM used to about 50mb. Remove the # at the beginning of this line: #$spamObject=tie %spam,orderedtie,"spamtmp"; Version 1.0.0 has a "Use less RAM to rebuild the spamdb" option. Just check it and submit the change. 2003-Sep-04 1:04pm jhanna
How do I completely empty the whitelist or redlist?
To completely empty the whitelist or redlist there are four steps: 1) Identify the file in your installation, probably whitelist or redlist. 2) Delete or rename the file. 3) In the web interface click "Show Whitelist" (or redlist) 4) Delete (or rename) the file again if it came back. 2003-Sep-04 1:04pm jhanna
Pop Before SMTP Filename field - ASSP stops accepting mail connections. What's wrong?
Your PERL probably doesn't have all the pieces of DB_File that it needs. Run ASSP from the console (i.e. not as a daemon or service) and try again -- you should see the error message as it terminates. If you rewrite the POPB4SMTP subroutine for your mailserver, please post it in the HOWTO's section, or email it to the author to post. 2003-Sep-04 1:12pm jhanna
How do I disable the web administration interface?
Put a 0 in the "web admin port" box. 2003-Sep-04 1:12pm jhanna
HOWTO: rebuild the whitelist manually from the maillog?
n *nix you can run this command to get a list of maillist additions:
grep addition maillog.txt | awk -F":" '{ print $5 }' | sort | uniq | tr -d ' '
Then you can do this to fix it:
1) Stop assp.
2) Delete the whitelist file. (Rename it if you prefer.)
3) Start assp.
4) Open the web admin interface, possibly http://127.0.0.1:55555/
5) Click on the "update whitelist" option
6) Paste the list you made above in the box and click submit. Note that if the list is larger than 100k you
should split it into smaller chunks.
2003-Sep-04 2:09pm jhanna
How do I unpack the sample spam database in .tgz format?
In Linux/Unix/OSX use: tar xzf asspsmpl-0.1.tgz In Windows use QuickZip (http://qzip.cjb.net/) or an equivelant program. Note that it takes a long while to read the directory structure, so be patient. 2003-Sep-04 1:09pm jhanna
The last line of my localdomains or relayhosts file is being ignored. What do I do?
With versions 0.3.3 through 1.0.1 the localdomains and relayhosts file required a return at the end of the last line. Lines without a return had their last byte chopped off, so mydomain.com becaome mydomain.co -- with 1.0.2 and beyond it doesn't matter. 2003-Sep-04 1:14pm jhanna
Return to Documentation Home
These icons link to social bookmarking sites where readers can share and discover new web pages.
