Anti-Spam SMTP Proxy Server
Project News for Anti-Spam SMTP Proxy Server
-
Global PenaltBox
The newest versions of ASSP V1 support now the Global PenaltBox.
Together with the recently introduced "Simple IP Greylisting (DelayIP)"
it is a quiet successful new approach.
ASSP Global-Penalty-Box short description
What is the global-PB?
Every ASSP-installation has it's own local penaltybox. Base on the local valence-values, IP addresses will get black- or whitelisted.
These black- and whitePB records are sent to a global server once a day. The global-PB-server consolidates all records and builds two global databases - global-Black and global-White. After uploading the local records to the global server, ASSP downloads this two databases and merges the records into the local databases. So any ASSP, that is part of this global-PB-network, learns all records, that are known by all other global-clients and is able to block or accept emails based on this records.
Will the global-PB overwrite my local penalty-box?
No. Global records will never overwrite an existing local record! And global-PB records are not used to build the "extreme penalty-box file".
Is the global-PB not the same like the "griplist"?
The griplist is build by rebuildspamdb.pl which creates the local spamdb and spamdb.helo bayesian-based on the files stored by ASSP in the defined directorys. If ASSP scores a message because of a value in griplist, this IP will become also part of the local and global penalty-box. The griplist depends on what messages are collected and how often rebuildspamdb.pl is used to build a new local griplist.
The local penalty-box (and so the global) is based on all defined checks (including grip-check and bayesian-check) and is for this reason, much more meaningful than the griplist. The local penaltybox is permanently maintained by ASSP and so it is uptodate every time.
YES - the penalty-box will hold also some IP's that are part of the griplist!
NO - the penalty-box holds much more records than the griplist, is based on all configured checks and is permanently up to date
What is the intervaltime for the global-PB?
Both global-PB's are updated every time a client has done an upload.
What informations are used to build the global-PB?
All records of all clients are stored on the global-PB-server. Based on the information how often a record was uploaded from different clients and from different countries an IP address will become part of the global-PB or not. This is done to prevent global black-/whitelisting of an IP address, because of a unwanted (caused by a misconfigured ASSP) single local penalty-box record. The global-PB-server is doing a crosscheck between the black- and whitelist to keep every list clean from bady records. Every record of the whitelist is checked against DNS-Blacklist providers and every record of the blacklist is checked against DNS-RWL-List providers before it will get part of the global-PB.
What I have to do, to become part of the global-PB network?
First you have to register your client on the global-PB server. To do this, (at this time) send an email to assp.globalpb@.... This email should contain the name of the global-PB client (please read the description in the ASSP-GUI) and your or your companys details (name,address,phone, contact email address). This informations are needed to veryfy all users of the global-PB, to keep the global-PB network clean from spammers and hackers!
Is the use of the global-PB free of charge?
No, to use the global-PB you'll need a subscription. Until 1.3.2011 the registration and usage of the global-PB service is free!
Are there plans to expand the services of the global-PB network?
Yes, there are plans to provide the global-PB network with additional downloads of other lists like bombre.txt,URIBLCCTLDS.txt, blackdomains and others.
What ASSP versions support the global-PB?
1.8.1.9 singlethreaded stable version
2.0.x multithreaded stable version
2010-12-29 06:55:38 PST by fribo
-
Razor Plugin
Razor2 Plugin released for ASSP V2
2010-10-03 10:18:28 PDT by fribo
-
ASSP 1.8.1.0 Released
assp.pl 1.8.1.0
new rebuildspamdb.pl 2.8.1.0 (1.0.01)
new files/preheaderre.txt
Regular Expression to early Identify Spam in Handshake and Header Part* (preHeaderRe)
Until the complete mail header is received, assp is processing the handshake and header content line per line, but the first mail content check is done after the complete mail header is received.
It is possible, that some content (malformed headers, forbidden characters or character combinations) could cause assp to die or to run in to a unrecoverable exception.
Use this regular expression to identify such incoming mails based on a line per line check, at the moment where a single line is received.
This setting does not affect any other and is not affected by any other configuration setting, except that this check is only done for incoming mails.
If a match is found, assp will immediately send a '421 terminate connection' reply to the client and will immediately terminate the connection.
Default setting is file:files/preheaderre.txt
URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use separated by "|". You may set for every provider a weight like multi.surbl.org=>50|black.uribl.com=>25.
The value of the weight can be set directly like=>45 or as a divisor of URIBLmaxweight . Low numbers < 6 are divisors . So if URIBLmaxweight = 50 (default) multi.surbl.org=>50 would be the same as multi.surbl.org=>1, multi.surbl.org=>2 would be the same as multi.surbl.org=>25.
If the sum of weights of all found uris surpasses URIBLmaxweight, the URIBL check fails. If not, the URIBL check is scored as "neutral" . URIBLmaxhits is ignored when weights are used.
Default is: multi.surbl.org=>1|black.uribl.com=>1|uribl.swinog.ch=>2
URIBL Maximum Weight (URIBLmaxweight)
A weight is a number representing the trust we put into a URIBL.
The URIBL module will check all of the URIBLs listed under URIBLServiceProvider for every URI found in an email. If the total of weights for all URIs is greater or equal this Maximum Weight, the email is flagged Failed.
If the total of weights is greater 0 and less Maximum Weight, the email is flagged Neutral . If not defined or set to zero only URIBLmaxhit will be used to detect a fail or neutral state.
RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of RBLmaxweight. So if RBLmaxweight = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses RBLmaxweight, the DNSBL check fails. If not, the DNSBL check is scored as "neutral" even with RBLmaxhits reached. Setting Showmaxreplies will allow ALL replies to contribute to the total weight regardless of RBLmaxhits.
Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:
RBL-Service-Provider=>result-to-watch=>weight (like:)
blackholes.five-ten-sg.com=>127.0.0.2=>3
blackholes.five-ten-sg.com=>127.0.0.5=>4
blackholes.five-ten-sg.com=>127.0.?.*=>5
You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same RBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.
Switch Testmode to Message Scoring (switchTestToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Switch Spam-Lover to Message Scoring (switchSpamLoverToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Enable Configuration Sharing (enableCFGShare, default=off)
Read all positions in this section carefully (multiple times is recommended!!!)! A wrong configuration sequence or wrong configuration values can lead in to a destroyed ASSP configuration!
If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file.
If the configuration of all values in this section is valid, the synchronization status will be shown in the GUI for each config value that is, or could be shared. There are several configuration values, that could not be shared. The list of all shareable values could be found in the distributed file assp_sync.cfg
For an initial synchronization setup set the following config values in this order: setup syncServer, syncConfigFile, syncTestMode and as last syncCFGPass (leave isShareSlave and isShareMaster off). Use the default (distributed syncConfigFile assp_sync.cfg) file and configure all values to your needs - do this on all peers by removing lines or setting the general sync flag to 0 or 1 (see the description of syncConfigFile ).
If you have finished this initial setup, enable isShareMaster or isShareSlave - now assp will setup all entrys in the configuration file for all sync peers to the configured default values (to 1 if isShareMaster or to 3 if isShareSlave is selected). Do this on all peers. Now you can configure the synchronization behavior for each single configuration value for each peer, if it should differ from the default setup.
For the initial synchronization, configure only one ASSP installation as master (all others as slave). If the initial synchronization has finished, which will take up to one hour, you can configure all or some assp as master and slave. On the initial master simply switch on isShareSlave. On the inital slaves, switch on isShareMaster and change all values in the sync config file that should be bedirectional shared from 3 to 1. As last action enable enableCFGShare on the SyncSlaves first and then on the SyncMaster.
After such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfigFile)! To add or remove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file manualy.
This option can only be enabled, if isShareMaster and/or isShareSlave and syncServer and syncConfigFile and syncCFGPass are configured!
Because the synchronization is done using a special SMTP protocol (without "mail from" and "rcpt to"), this option requires an installed Net::SMTP module in PERL. This special SMTP protocol is not usable to for any MTA for security reasons, so the "sync mails" could not be forwarded via any MTA.
For this reason all sync peers must have a direct or routed TCP connection to each other peer.
This is a Share Master (isShareMaster, default=off)
If selected, ASSP will send configured configuration changes to sync peers.
This is a Share Slave (isShareSlave)
If selected, ASSP will receive configured configuration changes from sync peers. To accept a sync request, every sending peer has to be defined in syncServer - even if there are manualy made entrys in the sync config file for a peer.
Default Sync Peers (syncServer)
Define all configuration sync peers here (to send changes to or to receive changes from). Sepatate multiple values by "|". Any value must be a pair of hostname or ip-address and :port, like 10.10.10.10:25 or mypeerhost:125 or mypeerhost.mydomain.com:225. The :port must be defined!
The target port can be the listenPort , listenPort2 or relayPort of the peer.
Test Mode for Config Sync (syncTestMode)
If selected, a master (isShareMaster) will process all steps to send configuration changes, but will not really send the request to the peers. A slave (isShareSlave) will receive all sync requests, but it will not change the configuration values and possibly sent configuration files will be stored at the original location and will get an extension of ".synctest".
Configuration File for Config Sync* (syncConfigFile)
Define the synchronization configuration file here (default is file:assp_sync.cfg).
This file holds the configuration and the current status of all synchronized assp configuration values.
The format of an initial value is: "varname:=syncflag" - where syncflag could be 0 -not shared and 1 -is shared - for example: HeaderMaxLength:=1 . The syncflag is a general sign, which meens, a value of 0 disables the synchronization of the config value for all peers. A value of 1, enables the peer configuration that possibly follows.
The format after an initial setup is: "varname:=syncflag,syncServer1=status,syncServer2=status,......". The "status" could be one of the following:
0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change requests for this value from there
1 - I am a SyncMaster, the value is still out of sync to this peer and should be synchronized as soon as possible
2 - I am a SyncMaster, the value is still in sync to this peer
3 - I am not a SyncMaster but a SyncSlave - only this SyncMaster (peer) knows the current sync status to me
4 - I am a SyncMaster and a SyncSlave (bidirectional sync) - a change of this value was still received from this syncServer (peer) and should not be sent back to this syncServer - this flag will be automaticaly set back to 2 at the next synchronization check
Config Sync Password (syncCFGPass)
The password that is used and required (additionaly to the sending IP address) to identify a valid sync request. This password has to be set equal in all ASSP installations, from where and/or to where the configuration should be synchronized.
The password must be at least six characters long.
If you want or need to change this password, first disable enableCFGShare here an on all peers, change the password on all peers, enable enableCFGShare on SyncSlaves then enable enableCFGShare on SyncMasters.
Show Detail Sync Information in GUI (syncShowGUIDetails, default=off)
If selected, the detail synchronization status is shown at the top of each configuration parameter like:
nothing shown - there is no entry defined for this parameter in the syncConfigFile or it is an unsharable parameter
"(shareable)" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"(shared: ...)" - the detail sync status for each sync peer
If not selected, only different colored bulls are shown at the top of each configuration parameter like:
nothing shown - no entry in the syncConfigFile or it is an unsharable parameter
"black bull •" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"green bull •" - the parameter is shared and in sync to each peer
"red bull •" - the parameter is shared but it is currently out of sync to at least one peer
If you move the mouse over the bull, a hint box will show the detail synchronization status.
Max Number of AUTHentication Errors (MaxAUTHErrors)
If an IP exceeds this number of authentication errors (535) the transmission of the current message will be canceled and any new connection from that IP will be blocked for 5-10 minutes.
Every 5 Minutes the 'AUTHError' -counter of the IP will be decreased by one. autValencePB is used for the penalty box.
No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to prevent external bruteforce or dictionary attacks via AUTH command. Whitelisted and NoProcessing IP's and IP's in npPB are ignored like any relayed connection.
Bad SMTP Authentication (autValencePB)
Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penaltybox with totalscore above this value.
DNSBL Cache Refresh Interval for Misses (RBLCacheExpMiss)
Domains in cache with status=2 (miss) will be removed after this interval in hours. Empty or 0 will prevent caching of non-hits.
Do DNS-Backscatter Detection (DoBackSctr)
If activated, the IP-address of each message received for null sender,bounced or postmaster will be checked against the list below. DNS base checks requires an installed Net::DNS module in Perl.
For more information about backscatter detection please read http://www.backscatterer.org/?target=usage.
Enable DNS-Backscatter detection logging (BacksctrLog)
Backscatter-DNS Cache Refresh Interval (BackDNSInterval)
IP's in cache will be removed after this interval in days. 0 will disable the cache and the usage of downloadBackDNSFile and localBackDNSFile.
ServiceProvider for Backscatterer Detection* (BackSctrServiceProvider)
ServiceProvider for DNS check on Backscatterer. Possible value is ips.backscatterer.org for DNS check.
Download the Backscatterer DNS-IP-List (downloadBackDNSFile)
If selected, the complete IP-list is downloaded to a local file. IP's are checked on this file first, if the IP is not found on this list, a DNS query is done. It is recommended to use this option for ISP's and users with more than 1000 bounced mails a day. See wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz
Local File for the Backscatterer DNS-IP-List (localBackDNSFile)
The name of the local file that is used for this IP-list. The content of this file is filled in to the 'Backscatter-DNS Cache' ( BackDNSInterval ). IP's from this list will be removed after one day from the cache.
---------------
Fields marked with at least one asterisk (*) accept a list separated by '|' (for example: abc|def|ghi) or a file designated as follows (path relative to the ASSP directory): 'file:files/filename.txt'. Putting in the file: will prompt ASSP to put up a button to edit that file. files is the subdirectory for files. The file does not need to exist, you can create it from the editor by saving it. The file must have one entry per line; anything on a line following a numbersign or a semicolon ( # ;) is ignored (a comment).
It is possible to include custom-designed files at any line of such a file, using the following directive
# include filename
where filename is the relative path (from /Applications/assp) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file!
Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weighted regex that contains at least one '|' has to begin and end with a '~' - inside such regexes it is not allowed to use a '~', even it is escaped - for example: ~abc\~|def~=>23 or ~abc~|def~=>23. Every weighted regex has to be followed by '=>' and the weight value. For example: Phishing\.=>1.45|~Heuristics|Email~=>50 or ~(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.~=>4.6|Spam=>1.1|~Spear|Scam~=>2.1 . The multiplication result of the weight and the penaltybox valence value will be used for scoring, if the absolute value of weight is less or equal 6. Otherwise the value of weight is used for scoring. It is possible to define negative values to reduce the resulting message score.
For all "bomb*" regexes and "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is possible to define a third parameter (to overwrite the default options) after the weight like: Phishing\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-], where the characters and the optional to use + and - have the following functions:
use this regex (+ = only)(- = never) for: N = noprocessing , W = whitelisted , L = local , I = ISP mails . So the line ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex with a weight of 50, never scan noprocessing mails, never scan whitelisted mails, scan local mails and mails from ISP's (and all others). The line ~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a weight of 3.2 as factor, never scan noprocessing mails, scan only whitelisted mails even if they are received from an ISP .
If the third parameter is not set or any of the N,W,L,I is not set, the default configuration for the option will be used unless a default option string is defined anywhere in a single line in the file in the form !!!NWLI!!! (with + or - is possible).
If any parameter that allowes the usage of weighted regular expressions is set to "block", but the sum of the resulting weighted penalty value is less than the corresponding "Penalty Box Valence Value" (because of lower weights) - only scoring will be done!
The literal 'SESSIONID' will be replaced by the unique message logging ID in every SMTP error reply.
- the alpha index in the GUI has now a 'select' field (regex is possible)
to reduce the listed values as wanted - this makes it possible to fastly
find a config value by parts of its name
- If a file is resent, the non local sender (from:) will be added to
whitelist if 'autoAddResendToWhite' is set to 'admins only' or 'admins and
users'.
- If a file is copied (GUI) to the correctednotspam folder, the non local
sender (from:) of that file will be added to Whitelist if
'EmailErrorsModifyWhite' is set.
- If a file is copied (GUI) to the correctedspam folder, the non local
sender (from:) of that file will be removed from Whitelist if
'EmailErrorsModifyWhite' is set.
2010-10-03 10:03:20 PDT by fribo
-
ASSP 1.7.6.7 Released
assp.pl 1.7.5.7
new rebuildspamdb.pl 2.7.5.7 (1.0.00)
new files/charsets.txt
new files/bombheaderre.txt
new files/uriblwhite.txt
new files/nowhite.txt
new files/nogrip.txt
new files/whiteorg.txt
new assp_pop3.pl (1.08)
new files/bombre.txt
new files/subjectre.txt
-Passing File Extensions (PassAttach)
This regular expression is used to identify attachments that should mark the message as noprocessing. Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it.
-Auto Update rebuildspamdb.pl (AutoUpdateREBUILD)
No action will be done if 'no auto update' is selected or AutoUpdateASSP is disabled.
If 'download only' is selected the newest rebuildspamdb.pl will be downloaded to the directory /Applications/assp/download .
If 'download and install' is selected, the old rebuildspamdb.pl will be saved to download directory (rebuildspamdb.pl_old) and replaced by the new version.
The perl module Compress::Zlib is required to use this feature.
-Enforce Automatic Restart ASSP on new or changed Script (ForceAutoRestartAfterCodeChange)Enforce Restart on new or changed assp.pl Script (ForceRestartAfterCodeChange)
ASSP will restart even if it is not daemon on linux/MAC ( AsADaemon ) and not a service on windows and AutoRestartCmd is not configured.
-Remove Disposition Notification Headers (removeDispositionNotification)
If set, all headers : "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed from not whitelisted and not noprocessing incomming mails. Select this to prevent unwanted whitelisting of spammers that request a Disposition Notification. An other way to prevent autowhitelisting because of an autorespond is to use redRe .
-Run RebuildSpamdb Now (RebuildNow)
If selected, ASSP will run RebuildSpamdb.pl now.
-ispip is included in Maximum Sessions Per IP Check (maxSMTPipSessionsISPIP)
ispip (ISP/Secondary MX Servers) matches are not excluded from SMTP session limiting
- a click on the small new (i) icon at the 'apply'
button opens a new browser window (remember me) with four textboxes. These
could be used to copy and past any kind of data, without loosing the UTF-8
encoding. The icon could also be found in every 'Edit' window at the
top-left
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penalty box.
-Simple IP Greylisting Embargo Time (DelayIPTime)
Enter the number of minutes for which delivery, related with IP address of the sending host, is refused with a temporary failure. Default is 5 minutes.
-Use SPF to validate whiteListedDomains (whiteListedDomainsPassSPF)
Check this if you don't want ASSP to use whiteListedDomains without a corresponding SPF record.
-Suppress spamLoverSubject For Selected Recipients* (spamLoverSubjectSelected)
spamLoverSubject does NOT get prepended to the subject for these recipients.
-POP3 Configuration File* (POP3ConfigFile)
The file with a valid POP3 configuration. Only the file: option is allowed to use.
If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers.
Each line in the config file contains one configuration for one user.
All spaces will be removed from each line.
Anything behind a # or ; is consider a comment.
If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
e.g: pop3user<1> will result in pop3user - or - myName@...> will result in myName@...
It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
A commonly set parameter could be overwritten in every user definition.
Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=
This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are sepatated by "=".
e.g.: POP3username:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@...,......
The following case sensitive keywords are supported in the config file:
POP3password=pop3_password
POP3server=POP3-server or IP[:Port]
SMTPsender=email_address
SMTPsendto=email_address or or
SMTPserver=SMTP-server[:Port]
SMTPHelo=myhelo
SMTPAUTHuser=smtpuser
SMTPAUTHpassword=smtppass
SMTPHelo, SMTPsender, SMTPAUTHuser and SMTPAUTHpassword are optional.
If SMTPsender is not defined, the FROM: address from the header line will be used - if this is not found the POP3username will be used.
If the syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.
If the syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.
For example: or or
If the or syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!
If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
To use this feature, you have to install the perl script "assp_pop3.pl" in the assp- base directory.
-URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use. It is possible to specify a weight value after '=>' , in this case this value will be used as hit value (see URIBLmaxhits ) for this service provider, for example multi.surbl.org=>1.5 . Default is: dbl.spamhaus.org|multi.surbl.org|black.uribl.com
-Enable Trap logging (TrapLog)
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-Block SpamLovers when Scoring is Extreme (blockSpamLoversExtreme)
If set, spamlovers will be blocked when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Block when Scoring is in Extreme range (blockTestModeExtreme)
If set, TestMode will be ignored when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Maximum URIs (URIBLmaxuris)
More than this number of URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Maximum Unique Domain URIs (URIBLmaxdomains)
More than this number of unique domain URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Disallow Obfuscated URIs (URIBLNoObfuscated)
When enabled, messages with obfuscated URIs of types [integer/octal/hex IP, other things!] in the body will get increased score with uribleValencePB.
-URIBL Extras (uribleValencePB)
For Message & IP scoring in URIBLNoObfuscated, URIBLmaxdomains, URIBLmaxuris,
assp.pl 1.7.5.1
new rebuildspamdb.pl 2.7.1.6
new assp_pop3.pl (1.04)
new bombre.txt
new whiteorg.txt
-Regular Expression to Identify NoCaching Addresses* (NoOKCachingRe)
If an address matches this Perl regular expression ASSP will not cache them in OKAddress Cache. For example: reply|bounce|www|daemon|master|\.info|\.biz|^prvs
-Schedule time for RebuildSpamdb (RebuildSchedule)
If not set to 0 ASSP uses scheduled hours to run RebuildSpamdb.pl. For example '6|18' will run rebuildspamdb.pl at 6.00 and 18.00. Use 24 to run it at midnight.
-POP3 Collecting Interval (POP3Interval)
The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-POP3 debug (POP3debug)
If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
assp.pl 1.7.1.5
new module needed: Authen::SASL ( new: mod_inst.pl )
-Maximum Allowed Duplicate Recipient Adresses (MaxDupRcpt)
The maximum number of duplicate recipient addresses that are allowed in the sequence of the RCPT TO: commands!
The number per mail is calculated by 'number of RCPT TO: commands - number of unique recipient addresses'.
For example: if one address is used three times or two addresses are used each two times, will result in the same count - 2. Or if both is the case in one mail, the count will be 4.
-Duplicate Recipient (mdrValencePB)
Message/IP scoring in DoMaxDupRcpt
-User to Authenticate to Relay Host (relayAuthUser)
The username used for SMTP AUTH authentication to the relayhost - for example, if your ISP need authentication on the SMTP port! Supported authentication methodes are PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest security option will be used. The Perl module Authen::SASL must be installed to use this feature! The usage of this feature will be skipped, if the sending MTA uses the AUTH command. Leave this blank, if you do not want to use this feature.
-Password to Authenticate to Relay Host (relayAuthPass)
The password used for SMTP AUTH authentication to the relayhost ! Leave this blank, if you do not want to use this feature.
assp.pl 1.7.1.4
new rebuildspamdb.pl 2.7.1.0
new file -> ipnp.txt
new file -> dnsbls.txt
new file -> blackaddresses.txt
new file -> subjectre.txt
new file -> bombre.txt
-Maximum Equal X-Header Lines (MaxEqualXHeader)
The maximum allowed equal X-header lines - eg. "X-SubscriberID:". If the value is set to 0 the header will not be checked for equal X-header lines.
-Include a Show-Link (inclShowLink)
If a blocked email is stored in any folder, it is possible to include a link for each email to be shown. Define here what you want ASSP to do. Default is "in all reports". Note: File name logging (fileLogging) must be on!
-Do Notify, if log entry matches* (NotifyRe)
Regular Expression to identify loglines for which a notification message should be send.
usefull entries are:
Info: new assp version - to get informed about new available assp versions
info: autoupdate: new assp version - to get informed about an autoupdate of the running script
adminupdate: - for config changes
admininfo: - for admin informations
option list file: - for option file reload
error: - for any error
restart - to detect a ASSP restart
Admin connection - for GUI logon
You may define a comma separated list (after '=>') of recipients in every line, this will override the default recipient defined in 'Notify'. For example: adminupdate=>user1@....
As third parameter after a second ('=>') you can define the subject line for the notification message.
for example: adminupdate:=>user1@... was changed
or: adminupdate:=>=>configuration was changed.
-VRFY failures return false (VRFYFail)
VRFY failures return false when an error occurs in VRFY lookups.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Allow Local Addresses Regular Expression* (AllowLocalAddressesRe)
Allow only addresses which match this RegEx.
-Disable VRFY for External Clients (DisableVRFY)
If you have enabled VRFY on your MTA to allow ASSP to verify addresses and you do not want external clients to use VRFY/EXPN - select this option.
-Modify ClamAV Module (modifyClamAV)
If set ClamAV modules ping and streamscan are modified (to prevent blocking). This may be disabled to try the original modules.
-Regular Expression to Identify noDelay Helos * (noDelayHelosRe)
Put anything here to identify Helos which should be not delayed.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Drop Connections from these IPs* (DropList)
Automatically downloaded (http://www.spamhaus.org/drop/drop.lasso) list of IPs which should be blocked right away.
-Enable OK Address Cache (DoOKCaching)
OK Address: If a message is marked 'Message OK' the sender addresses are called 'OK Addresses'. These are addresses which are not whitelisted but the sender did not send spam and did send notspam (several times). If this is set to 'whiting' ASSP will whitelist them if OKminhits is reached. If set to 'export only' ASSP will only write them to a file according to OKexporthits. Scoring is set with okaValencePB.
-OK Cache Refresh Interval (OKCacheExp)
OK Adresses in cache will be removed after this interval in hours. 0 will disable the cache.
-Minimum Hits in OK Cache (OKminhits)
If a message is marked 'Message OK' the sender addresses are stored in the OK cache. The address will be added to the whitelist if the number of hits in the cache surpasses OKminhits.
-Exported OK Adresses (OKexport)
OK adresses in cache reaching OKexporthits will be regularly stored into this file.
-Export Hits in OK Cache (OKexporthits)
Used by OKexport. If 0 all addresses will be exported.
-Allow Admin Connections From These Hostnames* (allowAdminConnectionsFromName)
An optional additional list of Hostnames from which you will accept web admin connections. Blank means accept connections from any IP address in allowAdminConnectionsFrom or any connection if nothing is set there.
Note: if you make a mistake here, you may disable your web administration interface and be forced to manually edit your configuration file to fix it.
-Blackish & Whitish Addresses** (blackAddresses)
Accepts specific addresses (user@...), user parts (user) or entire domains (@example.com). Wildcards are supported. A positive weight will make the address 'blackish'. A negative weight will turn the address into 'whitish'. For example: fribo*@example.com|@*.gov=>-0.5|@*.biz=>0.5 .
-Send EHLO (sendEHLO)
If selected, ASSP sends an EHLO even if the client has sent only a HELO. This is useful to force the usage of TLS to the server, because EHLO is needed before STARTTLS can be used.
-Cache Unknown Addresses (DoPenaltyMakeTraps)
If enabled, unknown addresses are cached. If set to 'use for spamtrapaddresses' very activ addresses will be used like spamtrapaddresses. If set to 'use for spamaddresses' they will work like spamaddresses. If set to 'use for validation' all entries regardless of their frequency will be used to validate incoming addresses. Note: LocalAddresses_Flat or doLDAP or doVRFY must be enabled.
-Unknown Address Frequency Limit (PenaltyMakeTraps)
Minimum number of times an address must appear during PBTrapCacheExp before it will be used as spamaddress/spamtrapaddress. For example: 10.
-Exceptionlist for Address Cache* (noPenaltyMakeTraps)
Addresses which should not be cached. Accepts specific addresses (user@...), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).
-Invalid Addresses Refresh Interval (PBTrapCacheExp)
Addresses will be removed after this interval in hours if the 'Invalid Addresses Frequency Limit' is not reached. For example 3
-Automatic Restart ASSP on new or changed Script (AutoRestartAfterCodeChange)
If selected, ASSP will restart it self, if it detects a new or changed running script. An automatic restart will not be done, if ASSP is not running as daemon on linux/MAC ( AsADaemon ) or as a service on windows and AutoRestartCmd is not configured. Leave this field empty to disable the feature. Possible values are 'immed and 1...23' . If set to 'immed', assp will restart within some seconds after a detected code change. If set to '1...23' the restart will be scheduled to that hour. A restart at 00:00 is not supported.
-Auto Update the Running Script (assp.pl) (AutoUpdateASSP)
No action will be done if 'no auto update' is selected.
If 'download only' is selected and a new assp version is available, this new version will be downloaded to the directory /Applications/assp/download (assp.pl).
If 'download and install' is selected, the running script will be saved to download directory and replaced by the new version.
Configure ( AutoRestartAfterCodeChange ), if you want the new version to become the active running script.
The perl module Compress::Zlib is required to use this feature.
-Auto Update Developer Version (AutoUpdateASSPDev)
-Local Frequency Interval (LocalFrequencyInt)
The time interval in seconds in which the number of envelope recipients per sending address has not to exceed a specific number ( LocalFrequencyNumRcpt ).
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Local Frequency Recipient Number (LocalFrequencyNumRcpt)
The number of envelope recipients per sending address that has not to exceed in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Check local Frequency for this Users only* (LocalFrequencyOnly)
A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@...), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Check local Frequency NOT for this Users* (NoLocalFrequency)
A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@...), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Regular Expression to Score Blackish and/or Whitish Expressions** (bombSuspiciousRe)
Put here anything which might be suspicious (blackish) or trustworthy (whitish). bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness (whitish) will be assigned by using a negative weight. For example:
news=>-1|no-?reply=>-0.5|passwor=>-0.7
-Spoofing check uses SPF record.
-ConnectionScoring Limit (ConnectionScoringLimit)
MessageScoring will block connectionss whose score exceeds this threshold. A value of 0 here will disable this option. For example: 150
-ConnectionScoring Limit Exceeded (conValencePB)
Message scoring in ConnectionScoringLimit.
-Add MailFrom to Whitelist (RWLtoWhitelist)
If ValidateRWL is set to 'whiting' and the RWL shows medium/high trustworthiness, the MailFrom address will be added to the whitelistdb.
Trustworthiness : (127.0.x.T):
0 = none
1 = low
2 = medium
3 = high
-Detect Same Subject (detectSameSubject)
If set to a value higher than 0, ASSP count identical subjects within one hour. If this count exceeds the defined value, subValencePB will be added to the message- and ip-score.
-RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of rblValencePB. So if rblValencePB = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses rblValencePB, the DNSBL check fails. If not the DNSBL hit is only scored even with RBLmaxhits reached.
-Whitelisted Attachment Blocking (BlockWLExes)
Set the level of Attachment Blocking to 0-4 for whitelisted senders. Choose 0 for no attachment blocking.
-Local Attachment Blocking (BlockLCExes)
Set the level of Attachment Blocking to 0-4 for local senders. Choose 0 for no attachment blocking.
2010-07-31 12:53:21 PDT by fribo
-
ASSP V2 now released
ASSP V2 (2.0.1 1.0.01) is now published on SF.
http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading
Multi-threaded
Plugin-archtecture
- Already available plugins:
-- Archive
-- OCR
-- Full Attachment Scanning & Replacing
All files with all databases supported
Multi-language
DKIM support
BATV (Bounce Address Tag Validation)
Global-Penalty-Box
Builtin-rebuildspamdb
- Cron-like scheduler
- Incremental build instead of complete rebuild
Damping
Charset conversion
2010-03-01 02:11:34 PST by fribo