http://assp.sourceforge.net/

Why to choose ASSP? Because it is fast, powerful, not resource hog, protects Exim from direct connections and small-to-middle DoS on SMTP service.

One of our RHCE admins (geeks as they are :) ) suggested ASSP to me a few days ago. The problem I'm having is in understanding it. Is there an executive summary somewhere? If not, can you write one?

For example, on the page you point to, the author writes about having a separate server running, and then passing the email on to an official SMTP server. Does he mean a separate server on a separate box, or does he mean a separate daemon running on the same box?

Again, where can I read the executive summary?

Is there any advantage to this vs running SpamAssassin at data time of the SMTP protocol?

Jeff

jlasman, contact me on IM and I'll help you with some ideas.

Answered by PM.

Jeff

I've looked at a thread at webhostingtalk, and I still don't know enough about ASSP to consider using it for myself.

I have found out (on another thread in these forums) that it works on the same machine as DA, answering on port 25; and you have to change exim to answer on a different port.

And that it uses Beysian filtering.

And apparently, greylisting.

My gut feeling is that I already know how SpamAssassin works, and I already know how SpamBlocker works. And i already know how greylisting works.

The final SpamBlocker3 version will allow optional Greylisting and optional Nolisting, and will run SpamAssassin at the data time of the SMTP dialog.

I still don't know exactly what ASSP does, exactly how it works, or whether it would be any better than the final SpamBlocker3 solution.

My choice is that I'll not implement it at this time. It appears that ASSP is and will remain compatible with the SpamBlocker exim.conf file (perhaps with some of the options, i.e., SpamAssassin, Greylisting, and Nolisting, turned off). So if anyone wants to try implementing ASSP themselves, I'd say give it a try.

:)

However, because ASSP is a program that runs before Exim, as your primary mailserver for your domain, it's not something that can be a part of SpamBlocker, which is implemented in the exim.conf file.

So I've moved the thread to a more appropriate location.

Jeff

Hello,

I've read the ASSP pages and think it might be considering worthwhile to investigate more into ASSP instead of SA.
I find SA giving me a rather high load while scanning, and these days more and more spam is coming in. And i like the way ASSP handles incoming messages kicking their a$s before their in the MTA.

I'm not an expert in Anti-Spam (also not in Linux :s) but reading about ASSP it sounds rather user-friendly and easy to manage to me. Haven't had the guts to install on my server because i'm a little afraid to break my box and having my users to use snailmail again :p

SMTALK is there some "how to" on ASSP for directadmin?
do you have to disable SA first?

Jeff is Spamblocker4 in the making or on hold?, if it includes greylisting it might be worth waiting a while before switching to ASSP.
Is it not possible to support ASSP in Spamblocker?

Thanks for your efforts so far to keep spammers from spamming us and still be able to use "electronic-mail" in a normal way :)

Heuveltje, you don't need to disable SA, but you should want to do this. There is no "How to" for DirectAdmin yet, but it should be simple to get it working. Maybe these will help you: http://www.howtoforge.com/antispam_smtp_proxy http://www.webhostingtalk.com/showthread.php?t=580342

Good luck!

P.S. I've talked with Jeff (jlasman), and it's impossible to implement ASSP with SpamBlocker because it's not just a configuration change, it's a whole package :) It should be in "DirectAdmin feature requests".

smtalk,

I'd say definitely make it a feature request, but it's a complete change to how DA accepts mail (it means you won't be using exim to accept your email), so I don't think that sort of change is just going to happen. Especially before someone has actually tried it.

As far as shutting off SpamAssassin, I'd say you really can't do that because you'll always want clients who want to have email delivered directly to them without any kind of spamblocking, and for them you'll probably want to offer them SpamAssassin.

Heuveltje,

SpamBlocker4 is nowhere near ready; SpamBlocker3 isn't out of beta yet. SpamBlocker3 may yet include greylisting; the lack of greylisting is why we're still not out of Beta.

Unless I'm not finding something, The processes ASSP uses are not at all similar to SpamAssassin; it appears to not allow individual-user settings, and it doesn't pass any of the spam onto the server, so for users who want to see everything, it's useless.

Also see my note to smtalk concerning users who won't want it blocking their email. Does it offer the ability to whitelist incoming domains (the features list doesn't make this clear)? If not, then you won't be able to host such customers on your server if you've implemented ASSP.

Everyone,

ASSP does a lot, and I can't see it using less resources than what we're doing now. If you turn on blocklisting in SpamBlocker for all your domains, I think it'll block at least as much email as ASSP does before it starts doing it's filtering, and you'll use a lot less resources than you do if you pass all incoming email on to SpamAssassin. In fact for our own domains we don't like SpamAssassin at all; we prefer SpamBlocker. Don't forget, SpamAssassin does beysian filtering as well.

Also we're now recommending nolisting and using it ourselves; our experience is the email load on our server is quite a bit less just using nolisting alone. And in our experience it doesn't block email.

I think the whole ASSP concept requires at least a few people willing to try it with DA, and a lot of study as to what it can and cannot do. One advantage of both SpamAssassin and SpamBlocker is that they can be turned on or off on a per-domain basis. Does ASSP offer that?

That said, as soon as I have an extra testbed available we might want to try it ourselves on a domain that receives nothing but many thousands of spam a day (we maintain it for just that purpose).

No it doesn't and it's not a replacement of SpamAssassin. This software works from the port 25 on a system. and stop spam where it enters your system. It's easy to integrate it with Exim and DirectAdmin. Everyone who want to know what is ASSP:
http://www.asspsmtp.org/wiki/Is_Assp_For_Me


Anti-Spam SMTP Proxy is a spam filter that sits on port 25 in front of your
regular SMTP server (sendmail, postfix, qmail, etc).

ASSP performs a number of configurable spam checks, and on detecting a spam
message, provides an immediate 5xx SMTP error code back to the client.
Non-spam messages are passed to your regular SMTP server for further
processing and delivery.

ASSP offers:
- a whitelist of known good senders
- Bayesian checks on message headers and contents
- recipient address validation using LDAP and RFC822 conformance
- relay denial
- HELO checking
- SPF (Sender Policy Framework) checking
- DNSBL (DNS Block List) checking using many DNSBL services
- Virus detection

ASSP is a single script with a web-based configuration tool.

WWW: http://assp.sourceforge.net/

So lets see some trials.

:)

Jeff

jlasman, it's working perfectly as I said. Check you PM box, how-to sent :) Please test it by yourself.

We have assp running on our DA severs for over 8 months. We integrated and wrote all our own scripts and it works flawlessly. It absolutely replaces SA + MS + spamd and all those nasty cpu hogging scripts without any load at all. We love it.

In addition, we have been doing custom DA + ASSP installs for a number of customers, about 15 installations in all. The worst part about ASSP is the Bayesian. Take it from me, if your going to run Bayes you may as well not install it because the false positives are way too high however, if you intend to run all the other features or combinations thereof, those are simply outstanding. We especially love the delaying. Even if you never enable any other filter, and only ran delaying, you'd kill of about 90% of your junk.

As far as offering a solution for everyone? Well we started writing a plugin but with everything else we are doing we have just not had time to complete it. I may be interested in getting together with sombody who wants to finish this as co-operative effort. Im willing to do that since we know what ASSP does back the front and inside out and know what works and what doesnt. We have also written a number of scripts that are required to run ASSP on DA.

Anyone interested, do contact me.

smtalk,

As far as shutting off SpamAssassin, I'd say you really can't do that because you'll always want clients who want to have email delivered directly to them without any kind of spamblocking, and for them you'll probably want to offer them SpamAssassin.



Oh but you want to shutoff SA as fast as possible. And you do use Exim just a different version of it. The messages are proxied to exim and exim handles the delivery provided the upfront proxying has allowed the message to be delivered and has passed all tests.

LOL as far as SA is concerned, users have the ability to turn on any or all filters if they wish. We set them all OFF by default. Then if the user wants, they enable it via the user cp. Simple. No need for SA at all. :)

You can see it running here on on DA boxes


Apr-03-07 02:57:00 ASSP running on server:
Apr-03-07 03:00:00 ASSP running on server:
Apr-3-07 03:00:40 Uploading stats via direct connection
Apr-03-07 03:03:00 ASSP running on server:
Apr-3-07 03:05:05 Saving whitelist
Apr-3-07 03:05:05 Saving redlist
Apr-3-07 03:05:05 Saving delaying records
Apr-3-07 03:05:05 Saving penalty records
Apr-3-07 03:05:05 Saving cache records
Apr-3-07 03:05:05 Cleaning up delaying databases ...
Apr-3-07 03:05:05 Cleaning delaying database (triplets) finished; keys before=477, deleted=13
Apr-3-07 03:05:05 Cleaning delaying database (whitelisted tuplets) finished; keys before=357, deleted=0
Apr-3-07 03:05:05 Saving penalty records
Apr-3-07 03:05:05 Saving cache records
Apr-3-07 03:05:05 Cleaning penalty records...
Apr-3-07 03:05:05 Cache reset (/var/db/assp/pb/pbdb.white.db)
Apr-3-07 03:05:05 PB: cleaning black finished; IPs before=417, deleted=8
Apr-3-07 03:05:05 Cleaning cache records...
Apr-3-07 03:05:05 RBLCache: cleaning cache finished; IPs before=7, deleted=0
Apr-3-07 03:05:05 URIBLCache: cleaning cache finished; Domains before=125, deleted=3
Apr-03-07 03:06:00 ASSP running on server:
Apr-03-07 03:09:00 ASSP running on server:
Apr-3-07 03:09:57 Connected: 69.123.80.58:61502 -> 72.36.xxx.xxx:25 -> 127.0.0.1:125
Apr-3-07 03:09:57 Cache reset (/var/db/assp/pb/pbdb.rbl.db)


:)

We especially love the delaying. Even if you never enable any other filter, and only ran delaying, you'd kill of about 90% of your junk.
As I've said for some time now, greylisting (delaying), nolisting (first MX that doesn't answer), and blocklisting (SpamBlocker3) work to eliminate well over 90% of spam.

But when I suggested writing greylisting in SpamBlocker3 I heard a lot of complaints.

What specifically does ASSP besides those three things?
We have also written a number of scripts that are required to run ASSP on DA.
I didn't see anything in smtalk's work about any required scripts. What scripts do you believe are required?
as far as SA is concerned, users have the ability to turn on any or all filters if they wish. We set them all OFF by default. Then if the user wants, they enable it via the user cp. Simple. No need for SA at all.
Do you mean the filters available in the DA interface? They're very dumb compared to SpamAssassin rules, and there's no real granularity; you get a bit overzealous with a rule and you don't even notice until many people have missed their emails. If you put in most of the words most people put in you won't even be able to get the U.S. Declaration of Independence.

Please let me know what ASSP does besides whitelisting/blocklisting/greylisting/nolisting, all of which are done by my local test versions of SpamBlocker, which don't require any extra daemon.

Jeff

Please let me know what ASSP does besides whitelisting/blocklisting/greylisting/nolisting, all of which are done by my local test versions of SpamBlocker, which don't require any extra daemon.


I am not sure whether this is still relevant, but here is the answer nevertheless:

Most importantly, ASSP uses Bayesian spam filtering (http://en.wikipedia.org/wiki/Bayesian_spam_filtering).

I know what bayesian filtering is; DirectAdmin implements that at the SpamAssassin level.

I'd be better served by a link to the ASSP page that shows how and when it's implemented.

I've already done some googling; none of it tells me when in the receiving of email the bayesian filter is checked. Is it checked before or after the email is accepted? If after, then this is exactly what SpamAssassin does, and in fact one of the search results for assp bayesian filtering is from a user who wants to replace assp's bayesian filter with dspam because he believes it doesn't work as well.

If assp is running the bayesian filter before the mai is accepted ... well, yes, I like this, but I haven't had time to attempt to integrate this into how DirectAdmin uses custom settings for SpamAssassin.

If anyone wants to volunteer to do that, please feel free to do so, starting with the latest beta copy of SpamBlocker, available at http://www.nobaloney.net/downloads/.

Jeff

I'd be better served by a link to the ASSP page that shows how and when it's implemented.
Here we go http://assp.sourceforge.net/fom/cache/2.html
Here is the most relevant part:

I wanted a server that accepted connections on port 25, passing the transmission on to the official SMTP server, and relaying its replies back to the SMTP client. But when enough of the message had been transmitted to validate its legitimacy the ASSP server could either pipe the remainder of the message to the official SMTP server or close the connection to the official SMTP server and ignore the remainder of the message.

That's why it's referred to as SMTP proxy.
Is it checked before or after the email is accepted?
Before. If the mail is flagged as spam it is simply rejected during SMTP session.

If after, then this is exactly what SpamAssassin does, and in fact one of the search results for assp bayesian filtering is from a user who wants to replace assp's bayesian filter with dspam because he believes it doesn't work as well.
I believe you are referring to me :) Your statement is not 100% accurate, though. I never said I was not satisfied with assp's bayesian filter. By "we were not happy with the results" I meant we were not satisfied with assp as a spam filtering solution: it occasionally gets stuck, it can't be configured on per-domain or per-mailbox basis, it doesn't support SSL and so on.

Your statement is not 100% accurate, though. I never said I was not satisfied with assp's bayesian filter. By "we were not happy with the results" I meant we were not satisfied with assp as a spam filtering solution: it occasionally gets stuck, it can't be configured on per-domain or per-mailbox basis, it doesn't support SSL and so on.
Sorry, that's what happens when I tax my memory. Thanks for bringing up your exact concerns.

But it looks to me that your exact concerns are exactly why we shouldn't use it.

What I'd really like to do is move SpamAssassin earlier into our current checking:
If anyone wants to volunteer to do that, please feel free to do so, starting with the latest beta copy of SpamBlocker, available at http://www.nobaloney.net/downloads/.
I'm still looking for help with the above.

Or of course, write your own solution ... either starting with my code or not (that's the beauty of open source), test it thoroughly for months, offer it up for use, and then perhaps talk JBMC (the company who publishes DirectAdmin) to use it, and I can retire from writing SpamBlocker ;).

Jeff

Here is a solution for Cpanel based on ASSP.
http://www.grscripts.com/

I don't have a copy of CPanel. If someone would install this and then send me (see my email address below) a copy of the entire exim.conf file, perhaps I could learn something from it.

Jeff