Enhance Your Mail Server With ASSP (Anti-Spam SMTP Proxy)

Want to support HowtoForge? Become a subscriber!
 
Submitted by ovis (Contact Author) (Forums) on Tue, 2006-11-07 22:38. :: Anti-Spam/Virus | Postfix | Postfix

Enhance Your Mail Server With ASSP (Anti-Spam SMTP Proxy)

Installing ASSP on a Server that runs Postfix e.g.

Debian Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)

I assume that we install on a fictional server example.com with the ip address
123.123.123.123 that you substitute for your setting.

What is ASSP?

ASSP stands for Anti-Spam SMTP Proxy.

From the wiki :

"The ASSP server project is an Open Source platform-independent transparent SMTP proxy server that leverages numerous methodologies and technologies to both rigidly and adaptively identify spam. This web site's domain name, "ASSPSMTP", is the common name used for the daemon or service running ASSP."

http://assp.sourceforge.net
http://www.asspsmtp.org

In short ASSP is the most kickass solution that is both free and works great. It reduced spam to an absurd minimum for me.

The current solutions (Spamassassin,Razor,Pyzor,Dcc) were not enough for my situation. This software works from the port 25 on a system. and stop spam where it enters your system.

It learns so after the first week of operation it gets better and better. It also comes with a nice interface to quickly adapt your setup. It really pays to understand all the ins and out of email filtering so your one step ahead of the one that try's to send you unsolicited or undesired bulk electronic messages also known as SPAM.

Install some Perl modules first:

Compress::Zlib         NEEDED - Standard Perl installation
Digest::MD5         NEEDED - Standard Perl installation
Email::Valid         OPTIONAL, BUT ADVISED   
File::ReadBackwards OPTIONAL, BUT ADVISED
Mail::SPF::Query    OPTIONAL
Mail::SRS             OPTIONAL
Net::DNS             NEEDED TO RUN RBL, SPF and 1.2.X
Sys::Syslog         OPTIONAL
Net::LDAP             OPTIONAL :: NEEDED IF YOU RUN LDAP
Time::HiRes            NEEDED - Standard Perl installation

Install the following modules like this:

perl -MCPAN -e shell

install Compress::Zlib
install Digest::MD5
install Email::Valid
install File::ReadBackwards
install Mail::SPF::Query
install Mail::SRS
install Net::DNS
install Sys::Syslog
install Net::LDAP
install Time::HiRes

q (to leave the Perl shell)

Now lets install ASSP:

cd /usr/src/

First get it.

wget -c http://surfnet.dl.sourceforge.net/sourceforge/assp/ASSP_1.2.5-Install.zip
wget -c http://surfnet.dl.sourceforge.net/sourceforge/assp/ASSP_1.2.5_Rev.2-Update.zip

Now unpack it.

unzip ASSP_1.2.5-Install.zip
unzip ASSP_1.2.5_Rev.2-Update.zip

Make some preparations.

mkdir -p /usr/share/assp/spam
mkdir /usr/share/assp/notspam
mkdir /usr/share/assp/errors
mkdir /usr/share/assp/errors/spam
mkdir /usr/share/assp/errors/notspam

And put it in place.

mv -f assp.pl ASSP
mv -f ASSP/* /usr/share/assp

Remove the leftovers if your done reading it.

rm -fr ASSP_1.2.5* changelog.txt Install.txt __MACOSX/ README.txt

Set some sane permissions:

chown -R 0.0 /usr/share/assp

Go there and start it up for the first time.

cd /usr/share/assp
perl assp.pl

Now point a browser to:

http://example.com:55555

and log in with any name and the password nospam4me.

So here we are in the land of the many possibilities.

You might wand to use the TestModeOptions so everything passes tru but the database gets populated, after a while you uncheck the options and rebuild your filter. Every thing is now in full swing.

Tell assp to listen to 123.123.123.123:25 and forward to localhost:25.


Network Setup

    SMTP Destination        127.0.0.1:25                The internal Postfix

    V As a Daemon                                             Check the box

    Listen Port                 123.123.123.123:25      The spam proxy

    Web Admin Port            xxxx                         A non default number

Relaying
   
    Local Domains*          example.com|anotherexample.com

Security
   
    Web Admin Password      newpasword

You can use a file with Local Domains like file:Local_Domains.txt ISPConfig users might wand to extract this from /etc/postfix/local-host-names

Like:

cat /etc/postfix/local-host-names | grep -v \# > /usr/share/assp/Local_Domains.txt

Now we tell postfix to only accept connections from our proxy.

Edit  /etc/postfix/master.cf

Change :

smtp      inet  n       -       n       -       -       smtpd

to:

localhost:smtp   inet  n       -       n       -       -       smtpd

Restart postfix:

/etc/init.d/postfix restart

Yes it was that easy!!

Now lets start things automagicly. This can be pasted to get the file!

cat > /etc/init.d/assp << "EOF"
#!/bin/sh -e

# Start or stop ASSP
#
# Ivo Schaap <ivo@lineau.nl>

PATH=/bin:/usr/bin:/sbin:/usr/sbin

case "$1" in

    start)
        echo -n "Starting the Anti-Spam SMTP Proxy"
        cd /usr/share/assp
        perl assp.pl
    ;;

    stop)
        echo -n "Stopping the Anti-Spam SMTP Proxy"
        kill -9 `ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }'`
    ;;

    restart)
        $0 stop || true
        $0 start
    ;;
   
    *)
    echo "Usage: /etc/init.d/assp {start|stop|restart}"
    exit 1
    ;;

esac

exit 0
EOF

Set the permissions.

chmod 755 /etc/init.d/assp

and add it to the default runlevel.

update-rc.d assp defaults

Here is a treat for logcheck users.

cat > /etc/logcheck/ignore.d.server/assp << "EOF"
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ assp\[[0-9]+\]: *
EOF

Now you get mail what the heck is going on.

Have fun with all the options and after a week rebuild the bayes database. Check the directories /usr/share/assp/spam and nospam for wrong entries, if good mail ends up in the spam directory please move it to the nospam directory and vice versa. After that do:

cd /usr/share/assp && perl rebuildspamdb.pl

It helps to at least read the documentation that ship with this package:

ASSP Documentation.htm
Regular Expression Tutorial.htm

This is it, now your mailserver is really perfect and eats Spam for breakfast ;)

Ovis


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by roi (registered user) on Sat, 2007-02-17 09:54.

You might not have the group "nobody" and need to add it: 'groupadd nobody'

You need to change the ownership of the assp installation to nobody:nobody in order for the webadmin to save changes after you apply them: 'chwon -R nobody:nobody /usr/share/assp'

 

Submitted by kalin (registered user) on Thu, 2006-12-07 10:17.

This is a great howto, I've been using assp for a while and I highly recommend using monit along with this.  There is a good howto here:

http://www.howtoforge.com/server_monitoring_monit_munin_p2

I posted an assp example following this instructions here in a comment there.

Submitted by k31th (registered user) on Thu, 2006-11-30 11:18.

Worth noting that you can't run your mail server on port 25 and ASSP on port 25 on the same box. I know this is pretty obvious but for some users it might not be, also in this guide it does apear to run both the mail server and ASSP on port 25 localhost.

If you are using postfix change the following in master.cf

From

smtp      inet  n       -       -       -       -       smtpd

to

125      inet  n       -       -       -       -       smtpd


 

In ASSP change the "SMTP Destination" to 127.0.0.1:125

I changed the port postfix uses to port 125, you can use any valid port that is not already in use.

Keith  

Submitted by ovis (registered user) on Fri, 2006-12-01 13:08.

In my book, 127.0.0.1:25 and 123.123.123.123:25 are two seperate destinations. One uses port 25 on the local interface, and the other uses interface eth0 the external one.

It works great.


However your solution works great, too.

greetz Ovis
Submitted by pksings (registered user) on Mon, 2006-11-27 00:31.

After following this to the letter assp.pl resides in /usr/share/assp/ASSP/, so to actually execute it requires "cd /usr/share/assp/ASSP/" and then "perl assp.pl".

And the start/stop script must be also modified accordingly as the perl script is one directory deeper.

If this is wrong then the HOWTO should be corrected/more clear. 

Submitted by ovis (registered user) on Fri, 2006-12-01 13:03.

I forgot an * and I fixed it

Thanks for pointing it out.
Submitted by jason.weir (registered user) on Mon, 2006-11-13 16:35.

Been using it for 4+ years.. Would not even consider any other anti-spam app..  Works great - 99.9% hands off once the learning phase is over..

 -Jason