Sample Configurations
From ASSPSMTP
Return to Documentation Home
Sample Configurations
I asked a number of ASSP users to submit their specific ASSP configuration details. Hopefully you will be able to find similarities to your situation to make your install go more smoothly.
2003-Nov-20 4:58am jhanna
Linux, Qmail, Cyrix 233mz
Incoming Network Path:
internet -> (25) assp -> (55554) qmail -> (110) pop3 client
Outgoing Network Path:
client -> (25) assp -> (55554) qmail -> internet
Operating System: linux kernel 2.4.21, slackware 9.0.0
CPU: Cyrix M II, 233MHz (no, I am not joking)
RAM: 256M
Messages per day: 263
Load: (best guess) 0.03 (not loaded at all)
Mail Transport: qmail
smtpDestination:= 127.0.0.1:55554
listenPort:= 25
Mail Transport's Listen Port: 55554
What was the hardest part of getting ASSP working for you?
* To find out by trial and error what features that did not work for me.
* To find out which announced new features are working for me when
upgrading to newer versions.
Examples: Complete email addresses in "spamaddresses" are ignored but
username only is fine, greylist download starts every hour but no list
is saved, "redRe" is ignored and such minor quirks.
What do you wish you knew before you started that you know now?
* Exactly what files and directories that has to be owned and/or writeable
by the assp user.
* A rough estimate of how much memory "rebuildspamdb" would require
without RamSaver, in my case around 130MB with 23000 messages total.
Any other comments regarding installing / configuring ASSP?
Easy to install (compared to qmail, at least).
It works very well and does not require much maintenance.
I suspect that the files in "asspsmpl/notspam" in "asspsmpl-0.1.tgz"
are helpful for installations that handle mostly english content.
In my case it is still the major part of the files with english content
in the "notspam" directory. Over time it will be replaced with mostly
swedish content so I will have to copy it back to "notspam" from time
to time. It is the other way around in the "spam" directory, almost only
english and very little swedish content since most spam is written in
english. The consequence is that assp has a small tendency to let
swedish spam through and to classify english content as spam.
This is not a big problem though, assp works very well even with
mostly swedish notspam and english spam.
-----------------------------------------------------------------------
used assp versions: all from 0.3.1 to 1.0.7
current assp version: 1.0.7
main language in filtered mails: swedish
time to rebuild database: 2462 seconds, around 23000 messages total
Line in "/etc/rc.d/rc.firewall" to stop others from accessing qmail and
web interface directly:
iptables -A INPUT -p tcp --dport 55554:55555 -i ! lo -j DROP
(drop incoming packets that are destined to tcp port 55554 to 55555
and originates from anywhere but this machines local interface)
Lines in "supervise/qmail-smtpd/run" to get qmail to listen on port 55554:
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" \
-x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 55554 \
/var/qmail/bin/qmail-smtpd your.servername.org \
/bin/cmd5checkpw /bin/true 2>&1
-----------------------------------------------------------------------
Not used:
relayPort:=
relayHost:=
-Rutger E
To get EXIM MTA to listen on another port eg.10025 just change
the setting in /etc/services to read:
smtp 10025/tcp mail #Simple Mail Transfer
smtp 10025/udp mail #Simple Mail Transfer
then execute "killall -HUP exim"
Exim picks up the port settings here.
THanks for a super program
Exchange 2000
Incoming Network Path: Internet -> (25) ASSP -> (25) McAfee Webshield e250 -> (25) MS Exchange 2000 -> Outlook Client Outgoing Network Path: Client -> MS Exchange 2000 -> (25) ASSP -> (25) McAfee Webshield e250 -> Internet CPU: P4 2.0G RAM: 512 MB Messages per day: 1066 Load: I don't think it's even slowing my system down... Mail Transport: MS Exchange 2000 Listen Port: 25 Mail Transport's Listen Port: 25 Relay Port: 25 Relay Host: McAfee Webshield e250 -Morgan E
WinNT, Post Office, 500 mz
Incoming Network Path: Internet -> (25) ASSP -> (26) Post.Office -> (pop3) Client Outgoing Network Path: Client -> (25) ASSP -> (26) Post.Office -> Internet Operating System: WinNT CPU: 500 RAM: 512 Messages per day: 2691 Load: (best guess) Task Manager rarely shows a spike > 50% CPU. On average ~30% CPU utilization. SMTP Destination: 26 Listen Port: 25 Mail Transport's Listen Port: 26 Relay Port: none Relay Host: none What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): Post.Office (now out of buisness) Mail Transport's Smarthost / Relay Host: none If you run a virus scanner, how does it fit in? On access scanner running locally on the machine What was the hardest part of getting ASSP working for you? Getting Perl to run as a service. What do you wish you knew before you started that you know now? Not much now. The web interface has really taken care of most of my issues (how mail is scored, the maillog tail etc.) Any other comments regarding installing / configuring ASSP? For us ignorant win32 users, always use "/" for file paths instead of "\". Seems pretty obvious now, but for those of us with limited programing experience... The half gig of ram is also important for us. The rebuildspamdb used to tank our server everytime, that was back in the pre 1.0 days though... AJ
Redundant MX, Windows 2000, McAfee, Exchange
Architecture summary - two incoming lines, first is 500Mb/s leased line, second is 500Mb/s ADSL, feeding separate MX machines. Initially I set them both up with ASSP routing to the same virus scanner (on the first MX), but then I duplicated the virus scanner, as that provided greater resilience because the mail to the two MXs could be queued separately if the other machine goes down. The spam db is rebuilt on the first MX machine (after merging captured spam from the second), and then copied to the second. The MX machines both feed a third machine which rewrites addresses for internal distribution and forwards them to Exchange 2000 on a fourth machine; the third machine also has POP mailboxes for some other domains I host. Outgoing mail goes through the same route, and Weasel is the relay server (except for mailshots, which are relayed by the virus scanner on the second MX - this keeps the addresses from going into the whitelist, and sends mailshots out via the ADSL to avoid saturating the primary leased line). Four servers just for mail may sound over the top, but it works for us, and our business is critically dependent on it (if something goes wrong, I get a complaint within about 10 minutes). Anyway, we like servers; we have 15 of them; we also host our own web site, ftp and forums. If I could get a virus scanner running in a hook in Weasel, that would have the benefit of enabling me to use SMTP auth, and to reject email to invalid users immediately. ====================================== Incoming Network Paths: Internet -> [first MX] (25) ASSP -> (125) McAfee VirusScan SMTP -> [distribution server] (25) Weasel (some pop3, and:) -> [office mail server] (25) Exchange Internet -> [second MX] (25) NAPT router -> (125) ASSP -> (25) McAfee VirusScan SMTP -> [distribution server] (25) Weasel (some pop3, and:) -> [office mail server] (25) Exchange Outgoing Network Paths: [office] Outlook -> Exchange -> [first MX] (25) ASSP -> McAfee VirusScan SMTP -> [distribution server] (25) Weasel -> Internet [other] Client (SMTP) -> [first MX] (25) ASSP -> McAfee VirusScan SMTP -> [distribution server] (25) Weasel -> Internet Mailshots go out through the VirusScan on the second MX (which is why the ports are reversed there) rather than via ASSP, so that the mailing list addresses (which are not always trustworthy) don't get whitelisted. Operating System: [first MX] Windows Server 2003 [second MX] Windows XP [distribution server] OS/2 CPU: [first MX] 2 x P-II/400 [second MX] AMD K6-2/500 [distribution server] P-III/600 RAM: [first MX] 640MB [second MX] 256MB [distribution server] 256MB Messages per day: [first MX] 2200 [second MX] 750 Load: [first MX] CPU idles at 3%, peaks of 60% for a few seconds during processing of emails; average <10%. Memory committed: ~280MB normally (max ~680MB, could be either during spamdb rebuild or processing large email attachments - we send and receive software products). [second MX] CPU idles at 3%, peaks of 100% for a few seconds during processing of emails; average <10%. Memory committed: ~180MB normally (max ~230MB, presumably handling larger emails) Note that these figures include the email virus scanning as well as the spam scanning. Mail Transport: McAfee VirusScan SMTP - has rather flexible routing, but no auth :-( Weasel - an OS/2 MTU, with some features to my spec :-) Exchange - no comment What was the hardest part of getting ASSP working for you? I started trying to run it on the OS/2 machine, and the spam rebuild crashed Perl 5.8.0 on OS/2 (I attempted to debug this with the person who did the port, but he felt in the end that it was a memory-handling issue in the compiler library). I see that others are now running it on OS/2, so that crash might have gone away with the redesign of the spam db. [note, perl 5.6 may also be a good choice.] I had a pre-existing email corpus from running another client-based Bayesian scanner for a while, so I started essentially straight in. Suggestions of corpus size are very variable at different sources - the writers of the Bayesian filter in the Polarbar mailer (www.polarbar.org) recommend as small as possible (say 500/500), and others recommend around 5000/5000. I am using 32767/32767, as I feel that the statistics can only be improved by quantity; and I have noticed many identical spams, so the number of /distinct/ messages may be appreciably less than expected. My boss (now ex-boss) has installed it elsewhere, and repeated gets confused about the different ports for relay; certainly I had it easy as I was already running my own relay server. What do you wish you knew before you started that you know now? That valid SMTP names containing a % would be miscategorised by ASSP as relay attempts :~) This is because I use a manufactured reply address for mailshots that happened to use a %, and I got a lot of flack when suddenly all the replies to our mailshot got bounced. I use another character now... Any other comments regarding installing / configuring ASSP? The documentation is still a bit geeky, but I guess that most people who run SMTP servers are geeks ;-) Regards, Paul Hodges
Postfix + Amavis, Redhat, 450 mz
internet - (25)assp - (225)postfix - (10024)amavis-new - (10025)postfix - (pop3)client
|
(3310)clamd
client - (25)assp - (225)postfix - (10024)amavis-new - (10025)postfix -internet
|
(3310)clamd
Operating System: Redhat 8.0
CPU: intel 450 Mhz (2x)
RAM: 1 GB
Messages per day: 46
Mail Transport: postfix
SMTP Destination: 225
Listen Port: 25
Mail Transport's Listen Port: 225
Relay Port:
Relay Host:
If you run a virus scanner, how does it fit in?
called by postfix with the help of amavisd-new
What was the hardest part of getting ASSP working for you?
finding out that the files have to be run thru dos2unix and of course: On the older versions
the problem with chroot/change user
Enrico
Exchange + NAI Webshield + PIII-500
Incoming Network Path: Internet -> (25) ASSP -> (26) NAI Webshield -> (25) Exchange2K-Frontend -> Exchange-Cloud with Outlook and IMAP/POP/Web-Clients Outgoing Network Path: Exchange-Cloud with Outlook and IMAP/POP/Web-Clients -> (25) Exchange2K-Frontend -> (25) ASSP -> (26) NAI Webshield -> (25) Exchange2K-Frontend -> Internet Operating System: MS Windows 2000 Server CPU: Pentium III 500 RAM: 640MB Messages per day: 11000 Load: 10% (rebuild not included) Mail Transport: NAI Webshield SMTP Destination: 141.21.6.1:26 Listen Port: 141.21.6.1:25 Mail Transport's Listen Port: 26 Relay Port: 141.21.6.210:25 Relay Host: 141.21.6.1:26 What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): NAI Webshield SMTP 4.5 (Windows) Mail Transport's Smarthost / Relay Host: MS Exchange 2000 (Frontend) If you run a virus scanner, how does it fit in? NAI Webshield (behind ASSP) and On-Access-Scanners on Exchange-Server Attachment-Blocking on ASSP and On-Access-Scanners Server/Client-On-Access-File-Scanners on all PCs What was the hardest part of getting ASSP working for you? Planning the path for mail-delivery Matthias
Win2k, GFI Mail security, k6/2 350
Incoming Network Path: Internet -> (25) ASSP -> (25000) SMTP Virtual Server -> 25 Mailservers (both pop3 and exchange) -> client Outgoing Network Path: Depending on the mailserver's setup: Setup #1: Client -> (125) mailserver -> Internet Setup #2: Client -> (125) mailserver -> (25) ASSP -> (25000) SMTP Virtual Server (GFI MailSecurity) -> Internet Operating System: Windows 2000 Server CPU: AMD K6/2 350Mhz (PII 333MHZ as backup computer) RAM: 192mb (256mb in backup machine) Messages per day: ~700 Load: it doesn't seem too busy except when it rebuild the spamdb which takes 40 min. Processing time for incoming mails when rebuilding the spamdb doesn't seem to slow down though. SMTP Destination: localhost:25000 Listen Port: 25 Mail Transport's Listen Port: ? Relay Port: none Relay Host: none If you run a virus scanner, how does it fit in? via SMTP virtual server on same machine as ASSP What was the hardest part of getting ASSP working for you? Making automatic jobs for rebuilding spamdb, download greylist etc. What do you wish you knew before you started that you know now? That the two hard drives I initially used would crash ;) Any other comments regarding installing / configuring ASSP? I'm a totel novice when it comes to smtp, relaying etc. so I was quite surpriced to find how easy it was to get it to work. Still, most of the users don't send via ASSP which means that whitelist addition and a good portion of hammails are missed. The reasons why many users won't send via ASSP is, 1) their mailserver host many different domains and relaying is not per-domain but for all domains, 2) I've been told that message tracking stops at relay servers - so if we ever want to track a message that strand somewhere we can't if we send via ASSP. Ulrik
Mac OS/X and qmail
Incoming Network Path: Internet -> (25) ASSP -> (24) Qmail -> (pop3) Outgoing Network Path: Client -> (SMTP 25) ASSP -> (24) Qmail -> Internet Client -> (OFMIPD 8025) -> (SMTP 25) ASSP -> (24) Qmail -> Internet Operating System: Mac OS X 10.3 CPU: Macintosh G5 1.25 Ghz RAM: 568 MB Messages per day: 4000 Load: (best guess) 5% Mail Transport: QMail SMTP Destination: 127.0.0.1:24 Listen Port: 25 Mail Transport's Listen Port: 24 & 8025 (OFMIPD) If you run a virus scanner, how does it fit in? ClamAV with QMailScanner for all files not blocked by ASSP What was the hardest part of getting ASSP working for you? ASSP support for Non English languages is poor (no SPAM/NOSPAM DB's) What do you wish you knew before you started that you know now? The global percentage of SPAM (75%) Any other comments regarding installing / configuring ASSP? Must modify ASSP code to support Pop before SMTP with VPopMail. Guy ---------------------------------------------------------------------- T h i n k d i f f e r e n t - u s e a M a c i n t o s h ----------------------------------------------------------------------
Dual Piii-800, Win2k, Imail 8
Incoming Path: Internet -> (25) ASSP -> (255) Imail -> client Outgoing Network Path: client -> (25) ASSP -> (255) Imail -> Internet Operating System: MS Windows 2000 Server CPU: dual PIII 800's RAM: 1gb Messages per day: 11000 Load: 0-10%, seems to avg about 2% (rebuild not included). 7-11mb Rebuild: About 50% of one processor and 75% ot the other. Peak usage: 200mb If you run a virus scanner, how does it fit in? Declude A/V Pro plugs into Imail. This in turn runs F-Prot A/V on every received message. What was the hardest part of getting ASSP working for you? Setting up the program was easy, as was training it. Introducing the system to users is where the real work is. Hot Tips? 1. Schedule a service restart of Perl as part of your daily rebuild process. I found that ASSP's memory usage slowly grew to about 60mb of RAM during normal operations (using a spam db that grew to approximately 30,000 messages) and no doubt this growth would have continued. However usage dropped to 6-11mb with the high message counts once I worked in a daily service restart. It works best in a batch file, where that same batch file handles the daily spam db rebuild. Be sure NOT to shut down ASSP during the rebuild. Just cycle the service quickly. 2. Use the scripting language of your choice to build a whitelist submitter. Many users, for various reasons, send mail thru a different smtp server than the one protected by ASSP. Give them a *secure* form to input email address, username, password and whitelisted address. Use your scripting environment to send an auth'd mail to the assp-white address. Security for an operation like this must be well thought-out. 2004-Feb-03 5:07pm matt
Win2Ksrv, Lotus Notes/Domino, ASSP
Incoming path Internet -> ASSP(25/TCP) -> Lotus(125/TCP) network clients use ASSP too since the machine sits on a DMZ and only port 25 is exposed to both LAN and internet CPU barely used, around 2000 msg/day on regular days (spam-worms may increase the traffic) the Lotus mailservers run a copy of Trend MailScan which takes care of any beast escaped to the ASSP spam filtering Due to various reasons, I avoided letting ASSP automatically download the graylist and I've setup a scheduled batch file as follows @echo off cls m: cd\assp : :REPAIR rem --- echo Repairing ASSP databases... rem --- perl repair.pl : :NUMBER rem --- echo Renumbering stored messages... rem --- perl move2num.pl -r : :GREYLIST echo Downloading grey list... if exist greylist.txt del greylist.txt wget -t 3 -nd http://assp.sourceforge.net/greylist.txt if not exist greylist.txt goto NOGREY if exist greylist copy greylist greylist.bak copy greylist.txt greylist del greylist.txt : :NOGREY echo Rebuilding ASSP databases... perl rebuildspamdb.pl : :RESTART echo Stopping ASSP filter service... net stop asspsmtp ping -n 1 -w 3000 10.1.1.1 >NUL echo Starting ASSP with new files... net start asspsmtp : :QUIT cls exit the above takes care to download and update the graylist and to rebuild the spamdb, after those operation it will restart the ASSP service (just to freeup/clean memory) the "ping" to an unused IP is only used to wait 3 seconds before starting back the ASSP service, also, the commented code at the top may be useful either for first runs or to repair a damaged database (note: you will need to get a copy of wget for windows for the above to work correctly) 2004-Feb-19 7:47am grayhat
Assp - Exchange - Assp - Mercury/32
Incoming Network Path: Internet (25) -> ASSP (2525) -> Exchange2K (25) -> Outlook Outgoing Network Path: Outlook -> Exchange2K -> ASSP (25) -> Mercury/32 (8025) -> Internet Hardware: Operating System: MS Windows NT 4 Server CPU: Dual Pentium III @ 448 RAM: 380MB What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): Mercury/32 (Windows) Statistics: Messages per day: 1700 Martin
ASSP,SAV4SMTPGateways, Lotus Notes & Sendmail with 2 Mail Domains
ASSP,SAV4SMTPGateways, Lotus Notes & Sendmail with 2 Mail Domains configuration by:
Sed Razal
Note : SAV4SMTPGateways can act as a smarthost using its MailRouting Policy,
no need for another MTA.
My setup is like this:
ASSP, SAV4SMTP and Lotus notes run on the same machine
Sendmail runs on a Unix box
Two (2) mail domains
######################################################################
Internet-> [ASSP->SAV4SMTPGateway]
if for notes.mydomain.com relay to -> machine1(localhost):2525 -> notes Client
if for sendmail.mydomain.com relay to -> machine2:25-> sendmail client
if not localdomain or notify sender relay to -> Internet(Default)
Notes Client -> [(Native Port 1352)Notes Native Port(via SMTP)]-> [ASSP -> SAV4SMTPGateway]in Machine1
if for notes.mydomain.com relay to -> machine1(localhost):2525->notes Client
if for sendmail.mydomain.com relay to -> machine2:25-> sendmail client
if not localdomain or notify sender relay to -> Internet(Default)
Sendmail Client->Sendmail in Machine2 ->[ASSP->SAV4SMTPGateway]in Machine1
if for notes.mydomain.com relay to -> machine1(localhost):2525->notes Client
if for sendmail.mydomain.com relay to -> machine2:25->sendmail client
if not localdomain or notify sender relay to -> Internet(Default)
My Detailed Settings
######################## On Machine1 (Win2k) ########################
Internet -> (25)ASSP
SMTPDest(127.0.0.1:125)
local domains
notes.mydomain.com|notes.mydomain.com|assp.interface.dummy.dom
(125)SAV4SMTPGateway
[Configuration>>RoutingPolicy Tab]
Default (Blank) -> Internet
notes.mydomain.com -> machine1:2525
sendmail.mydomain.com -> machine2:25
[Antivirus Policy Tab]
Notify User
[Blocking Policy>>Anti-Relay Tab]
Do not Allow Execept the ff:
machine1IP
machine2IP
127.0.0.1 (This is important or ASSP relayed mail will be rejected by SAVSMTP)
(2525) Lotus Notes SMTP Port (orig port 25)
(1352) Lotus Notes Native client Port (default)
Notes Server Document
Send SMTP to Smarthost -> 127.0.0.1(Default Port 25)
######################## On Machine2 (Unix) ########################
(25)Sendmail
Note:set the DS directive of sendmail.cf to forward mail to smarthost into:
DSmachine1
######################################################################
DNS MX Records should be set to be: (Need to Inform yout ISP or DNS Registry)
notes.mydomain.com MX preference = 10, mail exchanger = machine1.mydomain.com
sendmail.mydomain.com MX preference = 10, mail exchanger = machine1.mydomain.com
######################################################################
It seems to work fine.
To test, please view the mail headers of the mails coming in and out if there is
a "Received: (from ASSP-nospam [127.0.0.1])" header or some sort.
If there are, congratulations....
2004-Jul-12 12:09am sed
Domino Configuration - No Relay - Whitelist Formula
I have a Domino server and was getting a lot of spam. Installed ASSP and it was working great but
I didn't like using ASSP to relay outgoing mail. Complicated, I had problems with Mail Enable for
SMTP relay but most important Mail was reported as delivered when it was transfered to the relay
server, I didn't always know when I was having problems sending mail.
So I created the folowing configuration:
Mail In (port 25) ---> ASSP ---> (port 125) Domino ---> (Port 25) Mail Out
Very simple but of course the white list is not updated. To keep the white list up to date I added
this to the Send action in the R6 Mail Template.
@MailSend("assp-white@asspspam.org"; ""; ""; "Whitelist NOACK"; ""; @GetField("EnterSendTo"): @NewLine:
@GetField("EnterCopyTo"):@NewLine:@GetField("EnterBlindCopyTo"));
This sends the to, cc and bcc addresses to the white list address of assp email interface. The only
problem is that every note sent generates a assp confiramation response email. Any chance you could
add a option to not send the confirmation (perhaps based on the NOACK in the subject.
I still have a small problem, I don't recieve mail. At first I could not send to the assp email
interface, there is a reference to this in the forums (Email interface and Lotus Notes). The fix
recommended is to turn off pipelining. This fixed the email interface but now I don't recieve
any mail. I'll post to the debug info to the forum.
This seems like a good way to run any server that sends mail directly to the internet.
2004-Jul-16 7:39pm marc
Good general example/explanation of ASSP
The machine 'mariah' is the firewall. It has two NICs and does NAT between the public and private networks. Its primary hostname and address is nat.newbury-park.lamoree.net - 209.239.228.52, but it also listens on several other IP addresses and does iptables magic to porthole packets inside. Specifically, mariah listens on 209.239.228.50, which is mx1.lamoree.net. Before ASSP, this traffic would simply be directed to suzie, which is my real mail server. But now that ASSP is running as a daemon on mariah, I have it receive the world's incoming SMTP stream instead. That ASSP daemon listens on 192.168.21.1:10025, so what I've done is connect 209.239.228.50:25 to the private IP at the unprivileged port (so that the ASSP Perl script doesn't need to run as root). Okay, so, now that ASSP gets the mail, it examines the content and does a "conference call" with suzie. Suzie, who is 192.168.21.7, listens at port 25 for mariah to say "HELO ASSP-nospam" and "MAIL FROM: <somebody@somewhere.com>". Then suzie will think about that for a moment and say something like "250 Roger that. Sender ok." Then ASSP will say something like "RCPT TO: <dude@lamoree.com>", and suzie will think about that for a moment and say "250 Party on. Recipient ok." Then, assuming everything is going well so far, ASSP will say "DATA" and prepare to send the content of a mail message. Here's where the good stuff happens. As ASSP is thinking about sending the actual content (headers and body) of the message, it runs many tests on the content it would send, and if it determines that the message is Spam, it just drops the connection to suzie and nothing is delivered. The SMTP server out on the internet that is trying to send Spam gets a message like "500 Your message is spam." So, the original author will get an error from the SMTP server (or relay) they used. Typically this won't go to a real person, but in the event that a real person gets accidentally marked as a spammer, they will see that their message failed to be delivered. Assuming that good mail makes it to a mailbox on suzie, it's then up to the clients to pull their mail using IMAP. My workstation is 'sarah' and Kelly's is 'star'. On both of these workstations, I've configured the mail clients to send their outgoing mail through ASSP (mariah.newbury-park.lamoree.net:10025). This has the benefit of giving ASSP a chance to evaluate the outgoing messages and whitelist the addresses that might be part of the outgoing message. This means that people I care to write to will automatically be allowed to reply to me without their message being tested as Spam. -joseph 2004-Aug-04 7:50am aj
Redhat Linux 7.2 + Windows 2000 + Exchange 2000
I could succesfuly install ASSP on a Windows 2000 Server, get it to interact with NAV for Exchange and the Exchange Server itself, and get it to block all spam within days. I am really impressed! I got it all to work because the ASSP documentation is excellent. Okay, there are some unclear parts here and there, but the forum makes up for that. For example, I couldn't get the anti-virus part to work, but I found the information that I needed on the forum. Here's what our SMTP chain looks like now: Inbound SMTP: internet -> iptables@firewall:25 (linux) -> ASSP@W2KServer2:25 -> Exchange@W2KServer1:25 -> Outlook 2000 Outbound SMTP: Outlook 2000 -> Exchange@W2KServer1:25 -> VirtualSMTPService@W2KServer2:125 -> ASSP@W2KServer2:25 -> iptables@firewall -> internet I don't like the fact that this chain now includes 3 separate machines. I intend to move ASSP to the Linux based firewall in the near future to simplify the SMTP chain. This should make the chain less prone to failures. I installed ASSP 13 days ago, and so far it has processed 3800 SMTP messages (275 messages per day). It occasionally blocks valid (non-spam) messages. Every day, I have to go through the spam directory manually to move the incorrectly categorized messages to the notspam directory. In the beginning, that was not too much trouble, but after a while, there's just too much messages to be able to do this. What I do now is sort the list of files by date (descendingly). Then I examine the filenames (which are based on the subject of the messages). If I find one that does not look like spam, I open it (with outlook express). If it is not spam, I send it as an attachment to the original recipient, and move the file to the notspam directory. This is a very tedious business. I am wondering if there is an easier way to do this. I would really like some kind of Perl script that goes through my spam folder on a daily basis, and collects all messages meant for each valid recepient in a special folder in that recepient's personal folder on the file server. It should then also send a spam report to each recepient. Wouldn't this be a nice addition to the ASSP tools? I have known of the existence of perl for at least 8 years and heard many great things about it, but I never did anything with it (I admit it, I am slightly ashamed of that). Is there perl wizard out there that could make a script like that? ASSP is great! Keep up the good work ASSP team! Mark 2004-Dec-07 10:33am nankmanm A better way to do this is to run in test mode at first and let your users train ASSP via the email interface. You can read about it here. 2006-Dec-19 2:01pm gedwest
linux sendmail -> w2k assp -> w2k exchange
We have implemented assp in the following old config: internet <-> linux - sendmail (mx record) <-> w2k internal exchange servers to: internet <-> linux - sendmail (mx record) <-> w2k assp <-> w2k internal exchange Config for the w2k assp box: you need 2 ip addresses on the box for now as example: linux sendmail box => .1 w2k internal exchange => .2 w2k assp first ip => .3 w2k assp second ip => .4 first config -> incoming mail mail is delivered on the linux box -> relayed to assp box .3 port 25 assp box forward it (destination server) to .2:25 Mail is going out w2k exchange server get seperate connector to forward mail to w2k assp second ip .4:25 (relay port) and assp box forward it to linux box .1:25 (relay host) Other configuration items for ASSP: Accept All mail: never should have the ip of the linux box (here .1) only the exchange w2k ip addresses (here .4) local domains: should have all your local domains + the non existing domain (we used asspnospam.org also handy in test environment to make a seperate connector to the assp box for this domain) Destination Server: Is the port + ip of your internal server which needs to receive all mail coming from the internet Listenport: port where internet mail is coming in Relay port: Is the port + ip on the assp box which is receiving internal mail which needs to be forwarded to the outside world Relay host:Is the port + ip from the smtp server which will send out the outgoing email (here the sendmail linux box port 25) Unprocessed Addresses: minimal your postmaster address + you antivirus account if you send out virus found messages. Expression to Identify No-processing Mail: Think of out-of-office / Non delivery reports / Read / delivered messages our regex: \Wautoreply\W|Content-Type:.*?multipart\/report;.*?report-type.*?\=.*?delivery-status;|Subject: Out of Office AutoReply|Subject: Read:|Subject: Delivery Status Notification Don't block these HELO's: put in your linux sendmail servername From Address For Email: (in the Email interface config part) should be only an email address like spam@domain.com instead of using <> etc That's it (plus offcourse some other config stuff which you can use if you would like). Current system (Compaq DL360 - 800 mhz / 512 MB - w2k os) is doing approx 11000 mail a day with 50% spam. with large batches cpu usage is 100% else 0. luuk 2004-Dec-09 8:04am luuk
Win2K - exchange on LAN, MS SMTP and ASSP on DMZ
* Configuration Win2K machine running exchange on LAN Win2K machine running ASSP+MSSMTP+DNS on DMZ * Incoming path Internet->ASSP->MSSMTP->Exchange->LAN * Outgoing path LAN->Exchange->ASSP->MSSMTP->Internet * Network sample Internet | | Firewall--DMZ-->ASSP+MSSMTP | LAN | Exchange The exchange machine has no particular configuration, it only has its smarhost setup to point to the DMZ machine running ASSP on port 125 and MS SMTP (IIS SMTP) this allows LAN users to use SMTP/MAPI to send mail The DMZ machine has the SMTP engine setup to listen on port 225, ASSP listens on port 25 and forwards to 127.0.0.1:225, for incoming mail, the SMTP is setup to resolve the MX records for the locally handled domains to the DMZ firewall interface, the firewall is configured to port-forward 25/TCP on such interface to the internal exchange SMTP for outgoing mail, the ASSP receives the Exchange traffic on port 125 and forwards it to 127.0.0.1:225 where the MS SMTP carries over the external message delivery process On the DMZ machine has also been installed the clamwin AV along with a scheduled script to fetch updated AV patterns, convert them to the format needed for ASSP and copy them to the ASSP folder; the ASSP is configured to disallow executable attachments and to scan both local and external e-mail, another AV engine is also installed on the exchange machine to allow scanning of local mail too 2005-Jan-28 3:11am grayhat
Win2K - Exchange and some thoughts
Hello to all, after experimenting some of anti-spam tools (mostly small programs that run as front end smtp servers) I needed something effective. And I came across to ASSP. I'd seen it before but perl, a lot of configuration had scared me before. This time I decided to give it a try. I downloaded ASSP pack and read [1].
As it's told in the document I downloaded and installed Active Perl. Now current version is 5.10 and it is not good for ASSP. Daemon service cannot be installed (I could not, I mean). I uninstalled it and installed 5.8.8 version.
In Perl-Package manager I choosed and installed extra perl components.
It took me a while to understand how ASSP works. I found the documentation rather incomplete. That is why I'm writing this in hope that someone else could install and run it easier then I did.
- CONFIG BEFORE ASSP
INCOMING
internet ------> (25) MARIA -----> (25) ANGEL[exchange]------> clients (outlook)
OUTGOING
internet <------ ANGEL[exchange]<------clients (here MARIA is not used)
- CURRENT CONFIG WITH ASSP
INCOMING
internet ---(nat port change on ADSL modem/router 25 -> 2500) ---> (2500)MARIA (assp accepting connections on 2500 and transferring incoming connections to angel) ----> (25)ANGEL [exchange] ---> clients
OUTGOING
clients ----> [exchange]ANGEL (using MARIA as smart host) -----> (25) MARIA (assp accepting connections on 25 and transferring it to smtp server working on the same server (maria) at port 2501)-------> internet
At first I had not changed outgoing config but this way ASSP cannot learn from outgoing mails (populate white list etc.). Both your incoming and outgoing mail should pass through ASSP.
So, tricky part for me is to figure out that ASSP needs/uses two different ports to handle incoming and outgoing mail, and since it's not a smtp server (only a proxy) it also needs two smtp servers at least.
Return to Documentation Home
These icons link to social bookmarking sites where readers can share and discover new web pages.
