ASSP 1.6.1.2 published

New features:
Local Frequency Interval (LocalFrequencyInt)
The number of seconds in which the LocalFrequencyNumRcpt (number of envelope recipients per sending address) should not be exceeded.
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature.

Local Frequency Recipient Number (LocalFrequencyNumRcpt)
The number of envelope recipients per sending address that should not be exceeded in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature.

Check local Frequency for this Users only* (LocalFrequencyOnly)
A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

Check local Frequency NOT for this Users* (NoLocalFrequency)
A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

Default Local Domain (defaultLocalHost)
If you want to be able to send mail to local users without a domain name then put the default local domain here.
Blank disables this feature. For example: example.com

Deny Error (DenyError)
SMTP error message to reject connections. Will be used from and denySMTPConnectionsFromAlways and DoPenaltyExtreme. For example: 554 5.7.2 Service denied, closing transmission channel.

Penalty Warning (PenaltyWarning)
PB will tag messages from IP's whose totalscore exceeds this threshold during PenaltyDuration.
For example: 48

Penalty Warning Tag (PenaltyWarningTag)
For example: [??]

Date/Time Format in LogDate (LogDateFormat)
Use this option to set the logdate. The default value is 'MMM-DD-YY hh:mm:ss'. The following (case sensitive !) replacements will be done:
YYYY - year four digits
YY - year two digits
MMM - month three characters - like Oct Nov Dec
MM - month numeric two digits
DDD - day three characters - like Mon Tue Fri
DD - day numeric two digits
hh - hour two digits
mm - minute two digits
ss - second two digits
A value has to be defined for every part of the date/time. Allowed separators in date part are '_ -.' - in time part '-_.:' .

Regular Expression to Identify NoLog-Mails* (noLogRe)
Put anything here to identify mails that you don't want to be logged.

Regular Expression to Suppress Log-Messages* (noLogLineRe)
Put anything here to identify log messages that you want to be suppressed. For example: max errors|collect

Max Number of Duplicate File Names (MaxAllowedDups)
The maximum number that is appended to the mail subject to build the file name of the logged file, if UseSubjectsAsMaillogNames is selected. A low value reduces the number of duplicates.

Enforce Early PenaltyBox Extreme Blocking (ForcePBExtreme)
If set and DoPenaltyExtreme is enabled, ASSP will do DoPenaltyExtreme immediately after connection.

Disable SMTP AUTH for External Clients Alltogether (DisableAuth)
If you have enabled SMTP AUTH on your MTA and you do not want external clients to use SMTP AUTH through ASSP - select this option.

Move Connection with Trap Addresses to NULL (SpamTrap2NULL)
If set, ASSP will move connections with spamtrapaddresses to a NULL-connection. The sender will receive "250 OK".

Regular Expression to Score Suspicious and Trustworthy Words** (bombSuspiciousRe)
Put here anything which might be suspicious or trustworthy. bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness will be assigned by using a negative weight. For example: unsubscribe|news=>-2|letter=>-1|noreply=>-1

Maximum Hits in Suspicious Regular Expression (bombSuspiciousReMaxHits)
Number of matches to be scored. If <= 1 only one match will scored.

Minimum Sessions Per IP Address (minSMTPipSessions)
The minimum number of SMTP sessions allowed per IP address. ASSP uses this setting to throttle maxSMTPipSessions for IPs in Penalty BlackBox. Zero will disable throttling. For example: 1

Store Assp-Header(s) into Spam Collection (StoreASSPHeader)
Add "X-Assp-" header(s) to the collected mails.

Do not Delay these Addresses* (noDelayAddresses)
Enter senders email addresses that you don't want to be delayed, separated by pipes (|). You can list specific addresses (user@anydomain.com), addresses at any domain (user), or entire domains (@anydomain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo@anydomain.com|jhanna|@sillyguys.org or place them in a plain ASCII file one address per line:file:files/nodelayuser.txt.

Max Size of Local Message (maxSize)
If the value of ([message size]) exceeds maxSize in bytes the transmission of the local message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size.

Max Size of External Message (maxSizeExternal)
If the value of ([message size]) exceeds maxSizeExternal in bytes the transmission of the external message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size.

Max Message Size Error (maxSizeError)
SMTP error message to reject maxSize / maxSizeExternal exceeding mails. For example:552 message exceeds MAXSIZE byte (size)! MAXSIZE will be replaced by the value of maxSize / maxSizeExternal.

Use Black Regular Expression to Identify Spam (DoBlackRe)
Each incoming message is checked against the BlackRe. Scoring is set with blackValencePB - the scoring value is the sum of all valences(weights) of all found blackRe(s), testmode is set with blackTestMode.

BlackRe - Regular Expression to Identify Spam** (blackRe)
If an incoming email matches this Perl regular expression it will be considered spam depending of blackReMaxHits. For example: \breplica watches\b|\bMegaDik\b|\bcock\b|\bpenis\b|\bpills\b|\bOriginal Viagra\b|\bbetter sex life\b|\baverage penis\b|\benlargement\b|\borgasm\b|\berections\b|\bViagra\b|\bbig dick\b|\bsperma\b|\bSexual\b|\bErectionsk\b|\bStamina\b|\bsildenafil\b|\bcitrate\b|\bErectile\b or place them in a plain ASCII file one address per line - file:files/blackre.txt

Maximum Hits (blackReMaxHits)
A hit is a found match in blackRe .
If the number of hits is greater or equal Maximum Hits, the email is considered Failed and will be blocked (if DoBlackRe is set to "block") or scored (if DoBlackRe is set to "score").
If the number of hits is greater 0 and less Maximum Hits, the email is considered Neutral and will be scored.

Do Black Regular Expressions Checks for Whitelisted (blackReWL)
Do Black Regular Expressions Checks for NoProcessing (blackReNP)
Do Black Regular Expressions Checks for Local Messages (blackReLocal)
Do Black Regular Expressions Checks for ISPIP (blackReISPIP)

---------------

It is possible to include custom-designed files at any line of an option file, using the following directive
# include filename
where filename is the relative path from base directory (.) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file.

---------------

Combined Spam Report and NoProcessing Deletion (EmailErrorsModifyNoP)
If set to 'modify noProcessing' Spam Reports will remove addresses from noProcessing list. If set to 'show noProcessing' Spam Reports will show if addresses are on noProcessing list.

assp.pl 1.5.1.8

- Regular Expression to Score Suspicious HELO** (SuspiciousHeloRe)

Score Suspicious HELOs will check incoming HELOs for this. Scoring is set with shValencePB
For example: 'dynamic' or file:files/suspicioushelo.txt

- A menu at the top of the GUI was added

- The W32 Service Registration is moved to the most early point in code -
5-10s after Perl starts.

- Disable VRFY for External Clients (DisableVRFY)
If you have enabled VRFY on your MTA to make assp able to verify addresses and you do not want external clients to use VRFY - select this option.

- RWL Pass Score (rwlValencePB)
Bonus for Message & IP scoring in ValidateRWL

- RWL Neutral Score (rwlnValencePB)
Bonus for Message & IP scoring in ValidateRWL

- Text to Identify Originating IP Header* (OriginatingIP)
If ASSP runs behind another server(s), no IP/HELO based filter will work. If a special header with the originating IP is inserted from the frontend serber ASSP will use the originating IP to perform IP and HELO checks.
For example: X-Forwarded-For|X-Originating-IP

Notification Email To (RebuildNotify)
Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|". If empty EmailAdminReportsTo is used.

GReyIPlist Database (griplist)
The file with the current GRey-IP-List database -- make this blank if you don't use it.

Don't Upload/Download Griplist (noGriplist)
Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value.

Full Griplist Download Period (DoFullGripDownload)
The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days.

Max Whitelist Days (MaxWhitelistDays)
This is the number of days an address will be kept on the whitelist without any email to/from this address.

Maintenance for Bayesian Collection (MaintBayesCollection)
Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs.
This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite.

Max Age of non Bayes Files (MaxNoBayesFileAge)
The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age.

Max Corrected File Age (MaxCorrectedDays)
This is the number of days a error report will be kept in the correctednotspam and correctedspam folders.

assp.pl 1.5.1.6
Enable SSL support (enableSSL)
For SSL to be enabled, check this box and enter the paths to your SSL Certificate and SSL Key files, below. If you do not have valid certificates, you may generate both files online with www.mobilefish.com or you may use OpenSSL to generate Self-signed SSL certificates!. NOTE: Changing this requires ASSP restart

Exclude these IP's from TLS* (noTLSIP)
Enter IP's that you want to exclude from starting SSL/TLS. For example, put all IP's here, which have trouble to switch to TLS every time (effectively preventing ASSP from getting mails from these hosts).

Disable TLS/SSL support on port 25 (disableSSL25)

Retry SSL on "SSL want a read first" error (SSLRetryOnError)
If selected, ASSP retries one time to establish a SSL connection with one second delay, if the peer was not ready after STARTTLS because of a "SSL want a read/write first" error.

SSL Timeout (SSLtimeout)
SSL will timeout after this many seconds.

SSL Error Cache Refresh Interval (SSLCacheExp)
SSL error records in cache will be removed after this interval in hours. 0 will disable the cache.

SMTP Secure Listen Port (listenPortSSL)
The port number on which ASSP will listen for incoming secure SMTP connections (normally 465). You can specify both an IP address and port number to limit connections to a specific interface.
Examples: 465, 127.0.0.1:465, 127.0.0.1:465|127.0.0.2:465

SSL Destination (smtpDestinationSSL)
The IP address! and port number to connect to when mail is received on the SSL listen port. If the field is blank, the primary SMTP destination will be used.
Examples:127.0.0.1:565, [::1]:565

SSL Certificate File (PEM format) (SSLCertFile)
Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem.

SSL Key File (PEM format) (SSLKeyFile)
Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem.

assp.pl 1.5.1.4

Add to BlackListed Addresses (EmailBlackAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the blackListedDomains addresses. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition. Do not put the full address here, just the user part.
For example: assp-black. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" !

Remove from BlackListed Addresses (EmailBlackRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from blackListedDomains .
Do not put the full address here, just the user part. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition.
For example: assp-notblack. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" !

assp.pl 1.5.1.3

Rebuild Options

Notification Email To (RebuildNotify)

Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|".

GReyIPlist Database (griplist)

The file with the current GRey-IP-List database -- make this blank if you don't use it.

Don't Upload/Download Griplist (noGriplist)
Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value.

Full Griplist Download Period (DoFullGripDownload)

The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days.

Max Whitelist Days (MaxWhitelistDays)

This is the number of days an address will be kept on the whitelist without any email to/from this address.

Maintenance for Bayesian Collection (MaintBayesCollection)
Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs.
This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite.

Max Age of Bayes Files (MaxBayesFileAge)

The maximum file age in days of every file in every bayesian collection folder ( spamlog , notspamlog ). If MaintBayesCollection is set to on and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age alone.
Do not define this option, if you use the bayesian engine of ASSP. Deleting files because of age is wrong in this case!!!!!

Max Age of non Bayes Files (MaxNoBayesFileAge)

The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age.

Max Corrected File Age (MaxCorrectedDays)

This is the number of days a error report will be kept in the correctednotspam and correctedspam folders.

assp.pl 1.5.1.2

section logging:
Notification Email To (Notify)
Email address(es) to which you want ASSP to send a notification email, if a matching log entry ( NotifyRe , NoNotifyRe ) is found. Separate multiple entries by "|".

Do Notify, if log entry matches* (NotifyRe)
Regular Expression to identify loglines for which a notification message should be send.
usefull entries are:
adminupdate: - for config changes
admininfo: - for admin informations
option list file: - for option file reload
error: - for any error
restart - to detect a ASSP restart
Admin connection - for GUI logon

Do NOT Notify, if log entry matches* ( NoNotifyRe)
Regular Expression to identify loglines for which no notification message should be send.

Fields marked with an additional asterisk (**) accept a second weight value separated by => from the regular expression. For example: spammer=>1.45 . The multiplication result of the weight and the penaltybox valence value will be used for scoring.

Which Link Should be included (BlockResendLink)
If HTML is enabled in inclResendLink, two links (one on the left and one on the right site) will be included in the report email by default. Depending on the used email clients it could be possible, that one of the two links will not work for you. Try out what link is working and disable the other one, if you want.

My Helo (myHelo)
How ASSP will identify itself when connecting to the target MTA.
transparent - the Helo of the sender will be used
use myName - use myName
use FQDN - fully qualified domain name of the host assp is running on

Use File System Virus Scanner (DoFileScan)
If activated, the message is written to a file inside the 'FileScanDir' with an extension of 'maillogExt'. After that ASSP will call 'FileScanCMD' to detect if the temporary file is infected or not. The temporary created file(s) will be removed.
The viruses will be stored in a special folder if the SpamVirusLog is set to 'quarantine' and the filepath to the viruslog is set.

File Scan Directory (FileScanDir)
Define the full path to the directory where the messages are temporary stored for the file system virus scanner. This could be any directory inside your file system. The running ASSP process must have full permission to this directory and the files inside!

File Scan Command (FileScanCMD)
ASSP will call this system command and expects a returned string from this command. This returned string is checked against 'FileScanBad' and/or 'FileScanGood' to detect if the message is OK or not! If the file does not exists after the command call, the message is consider infected. ASSP expects, that the file scan is finished when the command returns!
The literal 'FILENAME' will be replaced by the full qualified file name of the temporary file.

The literal 'FILESCANDIR' will be replaced with the value of FileScanDir.
All outputs of this command to STDERR are automatic redirected to STDOUT.
FileScan will not run, if FileScanCMD is not specified.
If you have your online/autoprotect file scanner configured to delete infected files inside the 'FileScanDir', define 'NORUN' in this field! In this case FileScanGood and FileScanBad are ignored. If there is a need to wait some time for the autoprotect scanner, write 'NORUN-dddd', where dddd are the milliseconds to wait!
Depending on your operating system it may possible that you have to quote (' or ") the command, if it contains whitespaces. The replaced file name will be quoted by ASSP if needed.

Native SSL support added!
(new module necessary: IO::Socket::SSL)

- manage & resend spam & notspam from maillog tail
- user blocking report

Request Block Report (EmailBlockReport)
Any mail sent by local/authenticated users to this username will be interpreted
as a request to get a report about blocked emails. Leading digits/numbers in the
mail subject will be interpreted as "report request for the last number of
days". If the number of days is not specified in the mail subject, a default of
5 days will be used to build the report. Only the users defined in EmailBlockTo,
EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses
in the mail body. If such an Admin wants to request a report like it is done
using the BlockReportFile, '=>' must be used in any of the request lines (body)
- please read the section BlockReportFile for more details and syntax.

Queue User Block Report Requests (QueueUserBlockReports)
How to process block report requests for users (not EmailBlockTo, EmailAdmins,
EmailAdminReportsTo).
'run immediately' - the request will be processed immediately (not stored).
'store and run once at midnight' - the request will be stored/queued, runs at
midnight, and will be removed from queue after that
'store and run scheduled' - the request will be stored/queued, runs permanently
scheduled at midnight until it will be removed from queue - a '+' in the subject
is not needed
To add a request to queue the user has to send an email to EmailBlockReport.
Leading digits/numbers in the mail subject will be interpreted as "report
request for the last number of days". If the number of days is not specified in
the mail subject, a default of 5 days will be used to build the report.
If 'run immediately' or 'store and run once at midnight' is selected, but a user
wants to schedule a permanent request, a leading '+' before the digits in
subject is required.
To remove a request from queue the user has to send an email to EmailBlockReport
with a leading '-' in the subject.

File for Blockreportrequest (BlockReportFile)
A file with BlockReport requests. ASSP will generate a block report for every
line in this file (file:files/blockreportlist.txt - file: is required if
defined!) every day at midnight for the last day. The perl modules Net::SMTP and
Email::MIME::Modifier are required to use this feature. A report will be only
created, if there is at least one blocked email found! The syntax is:
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations
of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to
this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in
this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to
recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in
this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which
the report should be created. The default (if empty or not defined) is one day.
This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The
second parameter is here empty or *!

- user can add/remove himself to redlist, spamlover, noprocessing via
email-interface
- admin(s) can add/remove any address to redlist, spamlover, noprocessing via
email-interface

-DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of
RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50 (default)
bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2
would be the same as bl.spamcop.net=>25.
If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If not,
the DNSBL check is scored as "neutral" even with RBLmaxhits reached.

It is possible to use all hits regardless of maxhits.-> Showmaxreplies

For example:
RBLmaxhits=2
RBLmaxweight=50

zen.spamhaus.org=>1
bl.spamcop.net=>1
safe.dnsbl.sorbs.net=>1
combined.njabl.org=>1
dnsbl-1.uceprotect.net=>2
dnsbl-2.uceprotect.net=>2
dnsbl-3.uceprotect.net=>3
ix.dnsbl.manitu.net=>2
psbl.surriel.com=>2
2.apews.org=>3
blackholes.five-ten-sg.com=>10

Posted by Anonymous 2009-11-29

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks