assp(8) ASSP assp(8)NAMEassp - Anti-Spam SMTP Proxy
SYNOPSISassp [ base_dir [ admin_port ] ]
%%RC_SCRIPT%% start|stop|restart|status
DESCRIPTION
Anti-Spam SMTP Proxy is a spam filter that sits on port 25 in front of
your regular SMTP server (exim(8), postfix(8), qmail(8), sendmail(8),
etc).
ASSP relays the SMTP dialog between an incoming client and your SMTP
server, intercepting the dialog as needed. ASSP performs a number of
configurable spam checks and on detecting a spam message provides an
immediate 5xx SMTP error code back to the client. Non-spam messages
are passed to your regular SMTP server for further processing and
delivery. Spam messages can be blocked from delivery or subject-tagged
and delivered.
ASSP offers:
- a whitelist of known good senders
- Bayesian checks on message headers and contents
- local user validation using RFC822 checks, flat lists or LDAP
lookup
- relay denial
- HELO checking
- SPF (Sender Policy Framework) checking
- DNSBL (DNS Block List) checking using many block list services
- delaying of messages from unknown senders
- Virus detection
ASSP is entirely administrator-managed and is almost totally transpar‐
ent to users. In particular, users do not need to manage procmail(1)
spam filters or challenge-response systems of their own.
The base_dir argument gives the name of ASSP's working directory. If
omitted it defaults to the current directory.
ASSP is configured using a web interface. The admin_port argument
gives the network port for accessing ASSP's configuration menu. It
defaults to 55555. To access the configuration menu, start ASSP and
then point your browser at http://localhost:55555. The default admin
password is nospam4me.
Initial setup of ASSP involves several steps:
1. Review ASSP's configuration options and adjust as necessary. Be
sure to change the admin password. By default ASSP's filters
are all set to Test Mode which means all messages will be deliv‐
ered to their recipients. Leave everything in Test Mode for
now.
2. Decide on which network port(s) ASSP will listen and on which
your normal SMTP server will listen. Typically, ASSP will lis‐
ten on port 25 and your SMTP server will be moved to something
like port 125 or 587.
3. Reconfigure your SMTP server to its new port.
4. Reconfigure ASSP to port 25 and restart ASSP. Since ASSP is in
Test Mode, all messages will be delivered to their recipients.
5. Arrange for all users' outbound email to be processed by ASSP.
This is necessary for ASSP to be able to automatically maintain
its whitelist. If a user's MUA uses SMTP to port 25, this will
happen without further intervention. If an MUA invokes
/usr/sbin/sendmail and you're using the default sendmail(8) con‐
figuration with submit queues, this will also happen without
further intervention. Otherwise, you need to take whatever
steps are necessary for each MUA that's being used.
6. Optionally, send a message containing a list of email addresses
that you want to receive email from to asspwhite@yourdomain.com.
Have all your users do this. This will seed ASSP's whitelist.
Messages from senders on the whitelist will never be blocked.
An address can be removed from the whitelist by emailing it to
asspnotwhite@yourdomain.com.
7. To set up the Bayesian word list filtering, do the following:
7a. Ensure some senders' addresses are in the whitelist,
either by sending email to them or by seeding the
whilelist as described above.
7b. Allow some time (could be hours or days, depending on the
volume of email you receive) for enough email to collect.
Mesages from senders on the whitelist will be copied in
the notspam directory. Other messages will either be
passed or be copied in the spam directory based on word
scores in the initial greylist.
7c. Periodically examine the messages in ASSP's notspam and
spam directories to make sure they're sorted correctly.
Move any to the other directory as needed. If you're
unsure about a particular message, just delete it. Also,
examine maillog.txt for information about what ASSP is
doing.
7d. After about 400 messages have collected, filtering mode
can be enabled. In the /var/db/assp directory, run the
/usr/local/lib/assp/rebuildspamdb.pl script to create the
spam database from the logged messages. This is the part
where the Bayesian filter ``learns'' about the words in
your spam and notspam collections.
7e. Uncheck the appropriate Test Mode box in ASSP's configu‐
ration menu to enable message blocking.
7f. It is recommended that the UseSubjectsAsMaillogNames con‐
figuration option is eventually unchecked and that the
script /usr/local/lib/assp/move2num.pl is run in the
/var/db/assp directory. This causes messages to be
stored with numeric filenames, and overwritten after some
time. The benefits of this are that the size of the
stored messages will be limited and that older messages
are removed from the collection. This keeps the Bayesian
word list current. This need not be done immediately;
you can do this once you no longer feel the need to exam‐
ine the spam messages in detail.
8. ASSP's other filtering options (local user validation, RFC822
conformance, client HELO validation, SPF validation, the Delay
List, the use of DNSBLs and the ClamAV virus checker) can be
enabled by examining and adjusting their configuration options
as needed and then unchecking the appropriate Test Mode boxes.
Once ASSP is live, users should forward a copy of any spam message that
still gets through to asspspam@yourdomain.com in order to add it to
ASSP's spam database. Any non-spam that was mis-classified as spam can
be copied to asspnotspam@yourdomain.com.
The rebuildspamdb.pl script needs to be re-run periodically to update
the spam database from the latest logged messages. There is a peri‐
odic(8) script that will do this overnight.
For full details of using ASSP, see the ASSP website and documentation.
STARTING ASSP AT BOOT TIME
The %%RC_SCRIPT%% script is run automatically at system boot time.
Several variables can be set in /etc/rc.conf to control the behavior.
assp_enable
set to YES to start ASSP at boot time
assp_flags
passed to the ASSP client, default is assp_flags="/var/db/assp"
assp_logexpire
used by nightly script to expire logs, default is assp_logex‐
pire="45" days
FILES
/var/db/assp
location of ASSP config file, log file and spam databases
/var/db/assp/notspam
copies of non-spam messages received
/var/db/assp/spam
copies of spam messages received
/var/db/assp/errors/{notspam,spam}
messages forwarded to asspnotspam@ and asspspam@ addresses
/var/db/assp/maillog.txt
ASSP's log file
/usr/local/lib/assp/freshclam.sh
script to update virus definitions
/usr/local/lib/assp/move2num.pl
script to rename stored messages to numeric filenames
/usr/local/lib/assp/rebuildspamdb.pl
script to update spam database
/usr/local/etc/periodic/daily/510.assp
nightly script to invoke rebuildspamdb.pl and freshclam.sh.
SEE ALSOprocmail(1), assplog(8), exim(8), postfix(8), qmail(8), sendmail(8),
/usr/local/share/doc/assp/ASSP Documentation.htm
http://assp.sourceforge.net/
May 16, 2005 assp(8)
