From: John H. <jh...@cp...> - 2003-01-31 23:26:16
|
I'm working on a FAQ for the ASSP documentation. If you have any additional questions (or answers) please let me know. John Frequently Asked Questions. Q: I don't want to block email, but I want to give end users the ability to sort or filter their email. Can I use ASSP to do that? A: Probably not. ASSP can set a message header and users can filter on the "X-Assp-Spam-Prob: ###" header, but they'll have to read and parse the ### into a number (often with an E-019 type exponent) to rank it. ASSP has been designed to block unsolicited email, and if you don't want that you should probably look at another tool. Q: Can I use ASSP to scan for viruses? A: ASSP's default configuration blocks Windows-executable attachments from non-whitelisted senders. This effectively blocks nearly all viruses. However Word-macro viruses, the Kak worm, and executables from whitelisted senders are not blocked. I strongly recommend a client-based antivirus program, or an antivirus program designed for your mail transport. Blocking viruses in a SMTP proxy introduces complexities beyond the scope of ASSP's design goals. Q: ASSP uses a content filter - won't spammers disguise their content? A: ASSP uses a sophisticated parsing filter to work around most spammer tricks to disguise their content. As content-based filters like ASSP become more common spammers may find ways to better disguise their message. I personally do not believe spammers will win that battle, but it's hard to say for sure. Q: If everyone we email gets added to the ASSP whitelist, won't spammers just use an address from the whitelist to spam us? A: It is possible, but more difficult than it sounds. Addresses from your local site aren't added to the whitelist, so a spammer will have to find someone your site emails. That list will be different for every site using ASSP. A better strategy would be for the spammer to trick you into emailing him/her. But that too will only work for one site at a time. Ultimately it is possible for the spammer to use this strategy to spam your site, but she/he will have to do the same thing individually for every site running ASSP. If this becomes a problem we will develop an appropriate defense. Q: Will ASSP block messages I want to receive? A: ASSP has been designed with great care to prevent this from happening. The whitelist is the single most powerful tool to prevent this - anyone you email will never have a message blocked. The spam filter keeps track of mail we send and spam we receive -- if an incoming message is not from someone we've emailed and it's more like the mail we send than the spam we receive then it gets through. Otherwise it's blocked and the sender gets the message, "Mail appears to be unsolicited -- report errors to pos...@ou...." The type of email that most often falls in this category is confirmation emails from web sites. Often these mails are only as personal as your email address and contain a lot of advertising - they look a lot more like spam than they look like the mail you send. If someone has a good idea how to recognize this type of email please let me know. Q: One man's spam is another man's ham - how does ASSP decide what to block? A: See the answer to the previous question. But this raises one theoretical limit for ASSP; ASSP is designed to work for an entire site. This assumes that the users at your site have a fundamental agreement on what is spam. For most small companies the difference between what they send and spam they receive is clear enough that there isn't a conflict here. However with a large and diverse company this assumption begins to break down. In that case ASSP is probably not the best solution. Q: Will ASSP work with non-English languages? A: At this point ASSP looks for words built from A-Z and separated by spaces. (It's a little more complicated than that, but that's basically it.) If your language is mostly that way then ASSP will work fine - Spanish, French, German, Polish, etc, primarily use the Latin alphabet and should work fine. Korean, Japanese, and Chinese don't work well. Future plans may include improvements to make them more functional. Q: I want to mess with the mail collections. What format are they in? A: One message per file. Only the first 10k bytes are significant. Keep attachments attached - ASSP parses them up to the first 10k. Separate collections are kept in separate folders. Largely whitespace and headers (except the subject) are ignored. Delete files or add files and rebuild the database - that's about all there is to it. Q: I've heard content filtering is CPU intensive. Is ASSP a CPU hog? A: ASSP uses a lot of memory because the Bayesian and DNSBL databases are kept in ram. But ASSP doesn't use much CPU. Excluding startup and rebuilding the databases, ASSP uses fewer CPU cycles per message than our mail transport does and significantly fewer per message than our virus filter software. Q: I want to add per-user settings. How hard is that? A: Per-user settings are beyond the scope of ASSP's design goals. They're generally pretty hard to implement in the SMTP Proxy environment. |