ASSP 1.7.6.7 Released

assp.pl 1.7.5.7
new rebuildspamdb.pl 2.7.5.7 (1.0.00)

new files/charsets.txt
new files/bombheaderre.txt
new files/uriblwhite.txt
new files/nowhite.txt
new files/nogrip.txt
new files/whiteorg.txt
new assp_pop3.pl (1.08)
new files/bombre.txt
new files/subjectre.txt

-Passing File Extensions (PassAttach)
This regular expression is used to identify attachments that should mark the message as noprocessing. Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it.

-Auto Update rebuildspamdb.pl (AutoUpdateREBUILD)
No action will be done if 'no auto update' is selected or AutoUpdateASSP is disabled.
If 'download only' is selected the newest rebuildspamdb.pl will be downloaded to the directory /Applications/assp/download .
If 'download and install' is selected, the old rebuildspamdb.pl will be saved to download directory (rebuildspamdb.pl_old) and replaced by the new version.
The perl module Compress::Zlib is required to use this feature.

-Enforce Automatic Restart ASSP on new or changed Script (ForceAutoRestartAfterCodeChange)Enforce Restart on new or changed assp.pl Script (ForceRestartAfterCodeChange)
ASSP will restart even if it is not daemon on linux/MAC ( AsADaemon ) and not a service on windows and AutoRestartCmd is not configured.

-Remove Disposition Notification Headers (removeDispositionNotification)
If set, all headers : "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed from not whitelisted and not noprocessing incomming mails. Select this to prevent unwanted whitelisting of spammers that request a Disposition Notification. An other way to prevent autowhitelisting because of an autorespond is to use redRe .

-Run RebuildSpamdb Now (RebuildNow)
If selected, ASSP will run RebuildSpamdb.pl now.

-ispip is included in Maximum Sessions Per IP Check (maxSMTPipSessionsISPIP)
ispip (ISP/Secondary MX Servers) matches are not excluded from SMTP session limiting

- a click on the small new (i) icon at the 'apply'
button opens a new browser window (remember me) with four textboxes. These
could be used to copy and past any kind of data, without loosing the UTF-8
encoding. The icon could also be found in every 'Edit' window at the
top-left

-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145

-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145

-Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penalty box.

-Simple IP Greylisting Embargo Time (DelayIPTime)
Enter the number of minutes for which delivery, related with IP address of the sending host, is refused with a temporary failure. Default is 5 minutes.

-Use SPF to validate whiteListedDomains (whiteListedDomainsPassSPF)
Check this if you don't want ASSP to use whiteListedDomains without a corresponding SPF record.

-Suppress spamLoverSubject For Selected Recipients* (spamLoverSubjectSelected)
spamLoverSubject does NOT get prepended to the subject for these recipients.

-POP3 Configuration File* (POP3ConfigFile)
The file with a valid POP3 configuration. Only the file: option is allowed to use.
If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers.
Each line in the config file contains one configuration for one user.
All spaces will be removed from each line.
Anything behind a # or ; is consider a comment.
If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
e.g: pop3user<1> will result in pop3user - or - myName@pop3.domain<12> will result in myName@pop3.domain
It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
A commonly set parameter could be overwritten in every user definition.
Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=
This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are sepatated by "=".
e.g.: POP3username:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@demo_smtp.local,......
The following case sensitive keywords are supported in the config file:

POP3password=pop3_password
POP3server=POP3-server or IP[:Port]
SMTPsender=email_address
SMTPsendto=email_address or or
SMTPserver=SMTP-server[:Port]
SMTPHelo=myhelo
SMTPAUTHuser=smtpuser
SMTPAUTHpassword=smtppass

SMTPHelo, SMTPsender, SMTPAUTHuser and SMTPAUTHpassword are optional.
If SMTPsender is not defined, the FROM: address from the header line will be used - if this is not found the POP3username will be used.
If the syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.
If the syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.
For example: or or
If the or syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!
If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
To use this feature, you have to install the perl script "assp_pop3.pl" in the assp- base directory.

-URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use. It is possible to specify a weight value after '=>' , in this case this value will be used as hit value (see URIBLmaxhits ) for this service provider, for example multi.surbl.org=>1.5 . Default is: dbl.spamhaus.org|multi.surbl.org|black.uribl.com

-Enable Trap logging (TrapLog)

-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.

-Block SpamLovers when Scoring is Extreme (blockSpamLoversExtreme)
If set, spamlovers will be blocked when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.

-Block when Scoring is in Extreme range (blockTestModeExtreme)
If set, TestMode will be ignored when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.

-Maximum URIs (URIBLmaxuris)
More than this number of URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.

-Maximum Unique Domain URIs (URIBLmaxdomains)
More than this number of unique domain URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.

-Disallow Obfuscated URIs (URIBLNoObfuscated)
When enabled, messages with obfuscated URIs of types [integer/octal/hex IP, other things!] in the body will get increased score with uribleValencePB.

-URIBL Extras (uribleValencePB)
For Message & IP scoring in URIBLNoObfuscated, URIBLmaxdomains, URIBLmaxuris,

assp.pl 1.7.5.1

new rebuildspamdb.pl 2.7.1.6
new assp_pop3.pl (1.04)
new bombre.txt
new whiteorg.txt

-Regular Expression to Identify NoCaching Addresses* (NoOKCachingRe)
If an address matches this Perl regular expression ASSP will not cache them in OKAddress Cache. For example: reply|bounce|www|daemon|master|\.info|\.biz|^prvs

-Schedule time for RebuildSpamdb (RebuildSchedule)
If not set to 0 ASSP uses scheduled hours to run RebuildSpamdb.pl. For example '6|18' will run rebuildspamdb.pl at 6.00 and 18.00. Use 24 to run it at midnight.

-POP3 Collecting Interval (POP3Interval)
The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.

-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.

-POP3 debug (POP3debug)
If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!

-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.

assp.pl 1.7.1.5
new module needed: Authen::SASL ( new: mod_inst.pl )

-Maximum Allowed Duplicate Recipient Adresses (MaxDupRcpt)
The maximum number of duplicate recipient addresses that are allowed in the sequence of the RCPT TO: commands!
The number per mail is calculated by 'number of RCPT TO: commands - number of unique recipient addresses'.
For example: if one address is used three times or two addresses are used each two times, will result in the same count - 2. Or if both is the case in one mail, the count will be 4.

-Duplicate Recipient (mdrValencePB)
Message/IP scoring in DoMaxDupRcpt

-User to Authenticate to Relay Host (relayAuthUser)
The username used for SMTP AUTH authentication to the relayhost - for example, if your ISP need authentication on the SMTP port! Supported authentication methodes are PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest security option will be used. The Perl module Authen::SASL must be installed to use this feature! The usage of this feature will be skipped, if the sending MTA uses the AUTH command. Leave this blank, if you do not want to use this feature.

-Password to Authenticate to Relay Host (relayAuthPass)
The password used for SMTP AUTH authentication to the relayhost ! Leave this blank, if you do not want to use this feature.

assp.pl 1.7.1.4

new rebuildspamdb.pl 2.7.1.0
new file -> ipnp.txt
new file -> dnsbls.txt
new file -> blackaddresses.txt
new file -> subjectre.txt
new file -> bombre.txt

-Maximum Equal X-Header Lines (MaxEqualXHeader)
The maximum allowed equal X-header lines - eg. "X-SubscriberID:". If the value is set to 0 the header will not be checked for equal X-header lines.

-Include a Show-Link (inclShowLink)
If a blocked email is stored in any folder, it is possible to include a link for each email to be shown. Define here what you want ASSP to do. Default is "in all reports". Note: File name logging (fileLogging) must be on!

-Do Notify, if log entry matches* (NotifyRe)
Regular Expression to identify loglines for which a notification message should be send.
usefull entries are:
Info: new assp version - to get informed about new available assp versions
info: autoupdate: new assp version - to get informed about an autoupdate of the running script
adminupdate: - for config changes
admininfo: - for admin informations
option list file: - for option file reload
error: - for any error
restart - to detect a ASSP restart
Admin connection - for GUI logon
You may define a comma separated list (after '=>') of recipients in every line, this will override the default recipient defined in 'Notify'. For example: adminupdate=>user1@yourdomain.com,user2@yourdomain.com.
As third parameter after a second ('=>') you can define the subject line for the notification message.
for example: adminupdate:=>user1@yourdomain.com,user2@yourdomain.com=>configuration was changed
or: adminupdate:=>=>configuration was changed.

-VRFY failures return false (VRFYFail)
VRFY failures return false when an error occurs in VRFY lookups.

-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".

-Allow Local Addresses Regular Expression* (AllowLocalAddressesRe)
Allow only addresses which match this RegEx.

-Disable VRFY for External Clients (DisableVRFY)
If you have enabled VRFY on your MTA to allow ASSP to verify addresses and you do not want external clients to use VRFY/EXPN - select this option.

-Modify ClamAV Module (modifyClamAV)
If set ClamAV modules ping and streamscan are modified (to prevent blocking). This may be disabled to try the original modules.

-Regular Expression to Identify noDelay Helos * (noDelayHelosRe)
Put anything here to identify Helos which should be not delayed.

-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".

-Drop Connections from these IPs* (DropList)
Automatically downloaded (http://www.spamhaus.org/drop/drop.lasso) list of IPs which should be blocked right away.

-Enable OK Address Cache (DoOKCaching)
OK Address: If a message is marked 'Message OK' the sender addresses are called 'OK Addresses'. These are addresses which are not whitelisted but the sender did not send spam and did send notspam (several times). If this is set to 'whiting' ASSP will whitelist them if OKminhits is reached. If set to 'export only' ASSP will only write them to a file according to OKexporthits. Scoring is set with okaValencePB.

-OK Cache Refresh Interval (OKCacheExp)
OK Adresses in cache will be removed after this interval in hours. 0 will disable the cache.

-Minimum Hits in OK Cache (OKminhits)
If a message is marked 'Message OK' the sender addresses are stored in the OK cache. The address will be added to the whitelist if the number of hits in the cache surpasses OKminhits.

-Exported OK Adresses (OKexport)
OK adresses in cache reaching OKexporthits will be regularly stored into this file.

-Export Hits in OK Cache (OKexporthits)
Used by OKexport. If 0 all addresses will be exported.

-Allow Admin Connections From These Hostnames* (allowAdminConnectionsFromName)
An optional additional list of Hostnames from which you will accept web admin connections. Blank means accept connections from any IP address in allowAdminConnectionsFrom or any connection if nothing is set there.
Note: if you make a mistake here, you may disable your web administration interface and be forced to manually edit your configuration file to fix it.

-Blackish & Whitish Addresses** (blackAddresses)
Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported. A positive weight will make the address 'blackish'. A negative weight will turn the address into 'whitish'. For example: fribo*@example.com|@*.gov=>-0.5|@*.biz=>0.5 .

-Send EHLO (sendEHLO)
If selected, ASSP sends an EHLO even if the client has sent only a HELO. This is useful to force the usage of TLS to the server, because EHLO is needed before STARTTLS can be used.

-Cache Unknown Addresses (DoPenaltyMakeTraps)
If enabled, unknown addresses are cached. If set to 'use for spamtrapaddresses' very activ addresses will be used like spamtrapaddresses. If set to 'use for spamaddresses' they will work like spamaddresses. If set to 'use for validation' all entries regardless of their frequency will be used to validate incoming addresses. Note: LocalAddresses_Flat or doLDAP or doVRFY must be enabled.

-Unknown Address Frequency Limit (PenaltyMakeTraps)
Minimum number of times an address must appear during PBTrapCacheExp before it will be used as spamaddress/spamtrapaddress. For example: 10.

-Exceptionlist for Address Cache* (noPenaltyMakeTraps)
Addresses which should not be cached. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

-Invalid Addresses Refresh Interval (PBTrapCacheExp)
Addresses will be removed after this interval in hours if the 'Invalid Addresses Frequency Limit' is not reached. For example 3

-Automatic Restart ASSP on new or changed Script (AutoRestartAfterCodeChange)
If selected, ASSP will restart it self, if it detects a new or changed running script. An automatic restart will not be done, if ASSP is not running as daemon on linux/MAC ( AsADaemon ) or as a service on windows and AutoRestartCmd is not configured. Leave this field empty to disable the feature. Possible values are 'immed and 1...23' . If set to 'immed', assp will restart within some seconds after a detected code change. If set to '1...23' the restart will be scheduled to that hour. A restart at 00:00 is not supported.

-Auto Update the Running Script (assp.pl) (AutoUpdateASSP)
No action will be done if 'no auto update' is selected.
If 'download only' is selected and a new assp version is available, this new version will be downloaded to the directory /Applications/assp/download (assp.pl).
If 'download and install' is selected, the running script will be saved to download directory and replaced by the new version.
Configure ( AutoRestartAfterCodeChange ), if you want the new version to become the active running script.
The perl module Compress::Zlib is required to use this feature.

-Auto Update Developer Version (AutoUpdateASSPDev)

-Local Frequency Interval (LocalFrequencyInt)
The time interval in seconds in which the number of envelope recipients per sending address has not to exceed a specific number ( LocalFrequencyNumRcpt ).
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.

-Local Frequency Recipient Number (LocalFrequencyNumRcpt)
The number of envelope recipients per sending address that has not to exceed in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.

-Check local Frequency for this Users only* (LocalFrequencyOnly)
A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

-Check local Frequency NOT for this Users* (NoLocalFrequency)
A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

-Regular Expression to Score Blackish and/or Whitish Expressions** (bombSuspiciousRe)
Put here anything which might be suspicious (blackish) or trustworthy (whitish). bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness (whitish) will be assigned by using a negative weight. For example:
news=>-1|no-?reply=>-0.5|passwor=>-0.7

-Spoofing check uses SPF record.

-ConnectionScoring Limit (ConnectionScoringLimit)
MessageScoring will block connectionss whose score exceeds this threshold. A value of 0 here will disable this option. For example: 150
-ConnectionScoring Limit Exceeded (conValencePB)
Message scoring in ConnectionScoringLimit.

-Add MailFrom to Whitelist (RWLtoWhitelist)
If ValidateRWL is set to 'whiting' and the RWL shows medium/high trustworthiness, the MailFrom address will be added to the whitelistdb.
Trustworthiness : (127.0.x.T):
0 = none
1 = low
2 = medium
3 = high

-Detect Same Subject (detectSameSubject)
If set to a value higher than 0, ASSP count identical subjects within one hour. If this count exceeds the defined value, subValencePB will be added to the message- and ip-score.

-RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of rblValencePB. So if rblValencePB = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses rblValencePB, the DNSBL check fails. If not the DNSBL hit is only scored even with RBLmaxhits reached.

-Whitelisted Attachment Blocking (BlockWLExes)
Set the level of Attachment Blocking to 0-4 for whitelisted senders. Choose 0 for no attachment blocking.

-Local Attachment Blocking (BlockLCExes)
Set the level of Attachment Blocking to 0-4 for local senders. Choose 0 for no attachment blocking.

Posted by Anonymous 2010-07-31

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks