Topic: ASSP Anti-SPAM HOWTO

[Gage]

Thats exactly what the problem was. Some how dns.bz2 was on the next line.
I fixed it and ran the updatednsbl.sh and it worked w/o errors.
But,  When I run the nightly.sh I still get this error about the white list!!!
I know that Im getting errors like couldnt creat server socket on port 25 cause I already have it running. But the whitelist is always emptly.



[root@pompano assp]# sh nightly.sh
--23:20:03--  http://spfilter.openrbl.org/data/output/DEFAULT.octets.bz2
           => dns.bz2'
Connecting to spfilter.openrbl.org:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 642,410 [application/octet-stream]

    0K .......... .......... .......... .......... ..........  7% @  81.57 KB/s
   50K .......... .......... .......... .......... .......... 15% @ 157.73 KB/s
  100K .......... .......... .......... .......... .......... 23% @ 152.44 KB/s
  150K .......... .......... .......... .......... .......... 31% @ 157.23 KB/s
  200K .......... .......... .......... .......... .......... 39% @ 157.73 KB/s
  250K .......... .......... .......... .......... .......... 47% @ 152.91 KB/s
  300K .......... .......... .......... .......... .......... 55% @ 157.73 KB/s
  350K .......... .......... .......... .......... .......... 63% @ 153.37 KB/s
  400K .......... .......... .......... .......... .......... 71% @ 156.25 KB/s
  450K .......... .......... .......... .......... .......... 79% @ 157.73 KB/s
  500K .......... .......... .......... .......... .......... 87% @ 152.91 KB/s
  550K .......... .......... .......... .......... .......... 95% @ 157.73 KB/s
  600K .......... .......... .......                         100% @ 158.11 KB/s

23:20:08 (145.32 KB/s) - dns.bz2' saved [642410/642410]

[root@pompano assp]# loading config -- base='.'
Jul-6-03 23:20:46 ASSP version 0.2.1 initializing
Jul-6-03 23:20:46 Warning: Whitelist is small or empty: './whitelist' (ignore if this is a new install)
Jul-6-03 23:20:46 Couldn't create server socket on port '25' -- maybe another service is running or I'm not root (uid=0)?
Jul-6-03 23:20:46 Couldn't create server socket on port '55555' -- maybe another service is running or I'm not root (uid=0)?
Jul-6-03 23:20:46 Listening for mail connections at 25 and admin connections at 55555
Jul-6-03 23:20:46 Starting
[root@pompano assp]# loading config -- base='.'
bash: [root@pompano: command not found
[root@pompano assp]# Jul-6-03 23:20:46 ASSP version 0.2.1 initializing
bash: Jul-6-03: command not found
[root@pompano assp]# Jul-6-03 23:20:46 Warning: Whitelist is small or empty: './whitelist' (ignore if this is a new install)
bash: syntax error near unexpected token (i'
[root@pompano assp]#

[Gene Cooper]

Hi All,

I finally got back to this and fixed/updated the howto.  ASSP is at version 0.3.2 and heading for 1.0, I think.  ASSP is aggressive, configurable and uses several techniques to attack the spam problem.

Please point out any errors and I'll fix the HOWTO.

See: http://assp.sourceforge.net

and my updated howto at:

http://www.sonoracomm.com/sonoracomm/pdf/ASSP_HOWTO.pdf.

You might also want to look at Darrell May's DSBL contrib at http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/dsbl/.  This is a far simpler tool that's super-easy to install, zero maintenance and cuts out a good chunk of your spam.

See: http://dsbl.org

G

[Stewart Midwinter]

Gene, is there any harm in running DSBL as well as assp? or will they step on each other?  I started on installation of assp, wasn't getting any filtering, then installed DSBL.  Now I see from the .pdf how-to on assp that I have to untar the sample spam list and update my smtp port number, so I could finish the installation of assp if it is a better tool.

thanks
Stewart in Calgary
running SME Server 5.5

[Ron]

Darrell has just posted an ASSP contrib for SME.
http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/assp/

I am running DSBL as well as assp at the moment in test mode.  If you decide to try it let everyone know how you made out.

[Neal Collins]

IRon wrote:
>
> Darrell has just posted an ASSP contrib for SME.
> http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/assp/
>
> I am running DSBL as well as assp at the moment in test
> mode.  If you decide to try it let everyone know how you made
> out.

I'm running it and it's all working fine. Just make sure you run it in test mode initially as it tends to label just about everything SPAM first off. And make sure you set the Local Domains setting first up, otherwise it refuses all incoming email (I lost a couple of messages due to that)!

--
Neal

[Steve]

The DNSBL feature of assp is depreaciated in favour of the greylist feature.

[Ed Form]

Ron wrote:
>
> Darrell has just posted an ASSP contrib for SME.
> http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/assp/
>
> I am running DSBL as well as assp at the moment in test
> mode.  If you decide to try it let everyone know how you made
> out.

Is it actually possible to use ASSP if your smtp server is at your ISP? I loaded it onto my test machine and the configuration page boggled my mind, and the instructions on the Sourceforge page where slightly less use than a chocolate fireguard.

Ed Form

[Alexander Ziemann]

Hi folks,

we already had ASSP 1.0.6 working before on our SME 6.03 b Server.

But Installation following the Sonora.com Howto, using Darrels "old" beta rpm from June and additional the new ASSP 1.0.6 was ugly for me.

But we got it working at last - after a testing-period of 4 weeks, we are german  - it lasted quite a time to rebuild the spam and esp. notspam databases for our needs.

I have now reinstalled ASSP with the excellent noarch.rpm from Darrel and it works even better, because the starting skripts are in the proper place and there even is a hourly status ? script.

And that is needed, becaus assp quite often stops without any known reason.

ASSP works better than SpamAssassin, which i never really got to work on 6.03b

Alex

[Alejandro Lengua]

I installed Darrell's rpm's, however it seems it is marking all my incoming email as ::SPAM:: Why is this?

I have Testmode enabled.

[Neal Collins]

Yes, same thing happened to me. You have to train the software to recognise stuff that isn't spam. You do this in 3 ways:

1. If you send an email to someone, their address is added to the "white list", which means email from that address will not be marked as spam.

2. If you receive a message and ASSP has marked it as spam you can forward the email to assp-white@yourdomain.xxx and ASSP will add the sender to the "white list" as above.

3. If you receive a message and ASSP has marked it as spam you can forward the email to assp-notspam@yoursomain.xxx and ASSP will alter its rules to (hopefully) no longer consider that kind of mail as spam.

Conversely if a spam email manages to get through undetected, you can forward it to assp-spam@yourdomain.xxx to again update the rules.

Once I did a bit of training ASSP has been working really well. I especially like the blocking of executable attachments.

Oh, do run the assp-status.sh script, as mentioned by someone else, ASSP does sometimes just die and has to be restarted (which is what that script does). I run it from cron every 15 minutes.

[Jim Danvers]

Guys...

I've been following this thread and have but one simple question:  what about hardware requirements for either of the solutions ( the assp one or Darrell's ).  I run my little 6.0b3 box on an old pii 233 w/192 meg 'o ram.  It does have some disk space though - 30gig.  I know from previous experience playing with another product, (on another project) IPCop v1.3, where I wanted to implement the Dansguardian content filtering piece using similar hardware.  Come to find out that while the IPCop itself requires very little in hardware, the DG piece actually recommends at least a pii 400...  it showed too as performance on that box got kind of flaky.  In a nutshell - the filtering requires a lot of additional overhead on the cpu...  I can only imaging that the same would apply for the mail filters discussed in this thread.

Just curious - what are ya'll running for hardware, and have you noticed any difference in performance as a result of using either (or both) solutions?  I too get a lot of spam and fortunately I've got my mozilla client fairly well trained now to catch it all, but web mail is a different story.  ( I have to rely on the web interface when @work as I haven't convinced my net admin guy to open the imap port that I would need to hit my server from there....   ;(  )   I can upgrade hardware (somewhat) if required - it'd be nice to catch it 'at the door' so to speak.  

Thanks...

-=- jd -=-

[Alexander Ziemann]

Hi,
just follow the instructions

In the first 3 weeks or so (depending on your language and your "normal" mail-traffic) the system will just train an build up proper databases. This is a self-learning system with very rigid blocking attitude at the start.

Do not mind and do not forget to forward "wrong spam" to assp-notspam@yourdomain.com .

It will stop to bring up false positives soon, esp. if you got lots of outgoing mail.

az

[Alexander Ziemann]

Hardware Question:

I was running a self-made installation of 1.0.6 and the beta RPM from Darrel with 1.0.3 on my home-server PI /233 with 164 MB RAM and 9 GB disk it did not work out: Stopping all the time and  loooong database buildups at night, sometimes dying.

I took it off. I reinstalled Darrels new contrib.rpm with assp 1.0.7 now on the same server. It works fine! But: I do not make use of additional dnsbl, because that even stopped my office server.

You will see, that database rebuilds need about 7 minutes compared to my office server that is long (XP 1700, 512 MB->70 sec). But database rebuild is once at night, so i dont care about that.

The major improvement is darrels status-script, which checks the "oftendying" assp daemon and rewakes him as mentioned before.

az

[Neal Collins]

Is it just me or is anyone else using ASSP seeing a problem where the host stops accepting connections on port 25, but the ASSP daemon is still running (so the assp-staus.sh script thinks everything is ok)?

Restarting ASSP fixes the problem.

Also the status script has a bug - the status variable is called ASSPSTATUS, but later is referenced as BDSTATUS!

Anyway I might put see if I can change the status script to actually check that port 25 is functioning.

--
Neal

[Greg Zartman]

Darrell May has a descussion going on over on his boards about ASSP.  Seems the ASSP deamon dies from time to time, thereby killing SMTP.   I believe they've solved the problem.

Have a look at his boards and contrib area:  myezserver.com

Greg Zartman