Sample_Configurations
- Linux, Qmail, Cyrix 233mz
- Exchange 2000, 1066 messages / day
- WinNT, Post Office, 500 mz
- Redundant MX, Windows 2000, McAfee, Exchange
- Exchange + NAI Webshield + PIII-500
- Win2k, GFI Mail security, k6/2 350
- Mac OS/X and qmail
- Dual Piii-800, Win2k, Imail 8
- Win2Ksrv, Lotus Notes/Domino, ASSP
- Assp - Exchange - Assp - Mercury/32
Linux, Qmail, Cyrix 233mz
Incoming Network Path:
internet -> (25) assp -> (55554) qmail -> (110) pop3 client
Outgoing Network Path:
client -> (25) assp -> (55554) qmail -> internet
Operating System: linux kernel 2.4.21, slackware 9.0.0 CPU: Cyrix M II, 233MHz (no, I am not joking) RAM: 256M Messages per day: 263 Load: (best guess) 0.03 (not loaded at all) Mail Transport: qmail smtpDestination:= 127.0.0.1:55554 listenPort:= 25 Mail Transport's Listen Port: 55554
What was the hardest part of getting ASSP working for you?
* To find out by trial and error what features that did not work for me. * To find out which announced new features are working for me when upgrading to newer versions. Examples: Complete email addresses in "spamaddresses" are ignored but username only is fine, greylist download starts every hour but no list is saved, "redRe" is ignored and such minor quirks.
What do you wish you knew before you started that you know now?
* Exactly what files and directories that has to be owned and/or writeable by the assp user. * A rough estimate of how much memory "rebuildspamdb" would require without RamSaver, in my case around 130MB with 23000 messages total.
Any other comments regarding installing / configuring ASSP?
Easy to install (compared to qmail, at least). It works very well and does not require much maintenance. I suspect that the files in "asspsmpl/notspam" in "asspsmpl-0.1.tgz" are helpful for installations that handle mostly english content. In my case it is still the major part of the files with english content in the "notspam" directory. Over time it will be replaced with mostly swedish content so I will have to copy it back to "notspam" from time to time. It is the other way around in the "spam" directory, almost only english and very little swedish content since most spam is written in english. The consequence is that assp has a small tendency to let swedish spam through and to classify english content as spam. This is not a big problem though, assp works very well even with mostly swedish notspam and english spam.
Line in "/etc/rc.d/rc.firewall" to stop others from accessing qmail and web interface directly:
iptables -A INPUT -p tcp --dport 55554:55555 -i ! lo -j DROP (drop incoming packets that are destined to tcp port 55554 to 55555 and originates from anywhere but this machines local interface)
Lines in "supervise/qmail-smtpd/run" to get qmail to listen on port 55554:
exec /usr/local/bin/softlimit -m 2000000 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" \ -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 55554 \ /var/qmail/bin/qmail-smtpd your.servername.org \ /bin/cmd5checkpw /bin/true 2>&1
Not used:
relayPort:= relayHost:=
-Rutger E
To get EXIM MTA to listen on another port eg.10025 just change the setting in /etc/services to read:
smtp 10025/tcp mail #Simple Mail Transfer smtp 10025/udp mail #Simple Mail Transfer
then execute "killall -HUP exim" Exim picks up the port settings here.
THanks for a super program
Exchange 2000, 1066 messages / day
Incoming Network Path:
Internet -> (25) ASSP -> (25) McAfee Webshield e250 -> (25) MS Exchange 2000 -> Outlook Client
Outgoing Network Path:
Client -> MS Exchange 2000 -> (25) ASSP -> (25) McAfee Webshield e250 -> Internet
CPU: P4 2.0G RAM: 512 MB Messages per day: 1066 Load: I don't think it's even slowing my system down... Mail Transport: MS Exchange 2000 Listen Port: 25 Mail Transport's Listen Port: 25 Relay Port: 25 Relay Host: McAfee Webshield e250 -Morgan E
WinNT, Post Office, 500 mz
Incoming Network Path: Internet -> (25) ASSP -> (26) Post.Office -> (pop3) Client Outgoing Network Path: Client -> (25) ASSP -> (26) Post.Office -> Internet Operating System: WinNT CPU: 500 RAM: 512 Messages per day: 2691 Load: (best guess) Task Manager rarely shows a spike > 50% CPU. On average ~30% CPU utilization. SMTP Destination: 26 Listen Port: 25 Mail Transport's Listen Port: 26 Relay Port: none Relay Host: none What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): Post.Office (now out of buisness) Mail Transport's Smarthost / Relay Host: none If you run a virus scanner, how does it fit in? On access scanner running locally on the machine
What was the hardest part of getting ASSP working for you? Getting Perl to run as a service.
What do you wish you knew before you started that you know now? Not much now. The web interface has really taken care of most of my issues (how mail is scored, the maillog tail etc.)
Any other comments regarding installing / configuring ASSP? For us ignorant win32 users, always use "/" for file paths instead of "\". Seems pretty obvious now, but for those of us with limited programing experience... The half gig of ram is also important for us. The rebuildspamdb used to tank our server everytime, that was back in the pre 1.0 days though...
AJ
Redundant MX, Windows 2000, McAfee, Exchange
Architecture summary - two incoming lines, first is 500Mb/s leased line, second is 500Mb/s ADSL, feeding separate MX machines. Initially I set them both up with ASSP routing to the same virus scanner (on the first MX), but then I duplicated the virus scanner, as that provided greater resilience because the mail to the two MXs could be queued separately if the other machine goes down. The spam db is rebuilt on the first MX machine (after merging captured spam from the second), and then copied to the second. The MX machines both feed a third machine which rewrites addresses for internal distribution and forwards them to Exchange 2000 on a fourth machine; the third machine also has POP mailboxes for some other domains I host. Outgoing mail goes through the same route, and Weasel is the relay server (except for mailshots, which are relayed by the virus scanner on the second MX - this keeps the addresses from going into the whitelist, and sends mailshots out via the ADSL to avoid saturating the primary leased line). Four servers just for mail may sound over the top, but it works for us, and our business is critically dependent on it (if something goes wrong, I get a complaint within about 10 minutes). Anyway, we like servers; we have 15 of them; we also host our own web site, ftp and forums.
If I could get a virus scanner running in a hook in Weasel, that would have the benefit of enabling me to use SMTP auth, and to reject email to invalid users immediately.
==========================
Incoming Network Paths: Internet -> [first MX] (25) ASSP -> (125) McAfee VirusScan SMTP -> [distribution server] (25) Weasel (some pop3, and:) -> [office mail server] (25) Exchange Internet -> [second MX] (25) NAPT router -> (125) ASSP -> (25) McAfee VirusScan SMTP -> [distribution server] (25) Weasel (some pop3, and:) -> [office mail server] (25) Exchange
Outgoing Network Paths: [office] Outlook -> Exchange -> [first MX] (25) ASSP -> McAfee VirusScan SMTP -> [distribution server] (25) Weasel -> Internet [other] Client (SMTP) -> [first MX] (25) ASSP -> McAfee VirusScan SMTP -> [distribution server] (25) Weasel -> Internet
Mailshots go out through the VirusScan on the second MX (which is why the ports are reversed there) rather than via ASSP, so that the mailing list addresses (which are not always trustworthy) don't get whitelisted.
Operating System:
[first MX] Windows Server 2003 [second MX] Windows XP [distribution server] OS/2
CPU:
[first MX] 2 x P-II/400 [second MX] AMD K6-2/500 [distribution server] P-III/600
RAM:
[first MX] 640MB [second MX] 256MB [distribution server] 256MB
Messages per day:
[first MX] 2200 [second MX] 750
Load: [first MX] CPU idles at 3%, peaks of 60% for a few seconds during processing of emails; average <10%. Memory committed: ~180MB normally (max ~230MB, presumably handling larger emails) Note that these figures include the email virus scanning as well as the spam scanning.
Mail Transport:
McAfee VirusScan SMTP - has rather flexible routing, but no auth :-( Weasel - an OS/2 MTU, with some features to my spec :-) Exchange - no comment
What was the hardest part of getting ASSP working for you? I started trying to run it on the OS/2 machine, and the spam rebuild crashed Perl 5.8.0 on OS/2 (I attempted to debug this with the person who did the port, but he felt in the end that it was a memory-handling issue in the compiler library). I see that others are now running it on OS/2, so that crash might have gone away with the redesign of the spam db. [note, perl 5.6 may also be a good choice.]
I had a pre-existing email corpus from running another client-based Bayesian scanner for a while, so I started essentially straight in. Suggestions of corpus size are very variable at different sources - the writers of the Bayesian filter in the Polarbar mailer (www.polarbar.org) recommend as small as possible (say 500/500), and others recommend around 5000/5000. I am using 32767/32767, as I feel that the statistics can only be improved by quantity; and I have noticed many identical spams, so the number of /distinct/ messages may be appreciably less than expected.
My boss (now ex-boss) has installed it elsewhere, and repeated gets confused about the different ports for relay; certainly I had it easy as I was already running my own relay server.
What do you wish you knew before you started that you know now?
That valid SMTP names containing a % would be miscategorised by ASSP as relay attempts :~) This is because I use a manufactured reply address for mailshots that happened to use a %, and I got a lot of flack when suddenly all the replies to our mailshot got bounced. I use another character now...
Any other comments regarding installing / configuring ASSP?
The documentation is still a bit geeky, but I guess that most people who run SMTP servers are geeks ;-)
Regards, Paul Hodges
Postfix + Amavis, Redhat, 450 mz
internet - (25)assp - (225)postfix - (10024)amavis-new - (10025)postfix - (pop3)client
|
(3310)clamd
client - (25)assp - (225)postfix - (10024)amavis-new - (10025)postfix -internet
|
(3310)clamd
Operating System: Redhat 8.0 CPU: intel 450 Mhz (2x) RAM: 1 GB Messages per day: 46 Mail Transport: postfix SMTP Destination: 225 Listen Port: 25 Mail Transport's Listen Port: 225 Relay Port: Relay Host: If you run a virus scanner, how does it fit in? called by postfix with the help of amavisd-new
What was the hardest part of getting ASSP working for you? finding out that the files have to be run thru dos2unix and of course: On the older versions the problem with chroot/change user
Enrico
Exchange + NAI Webshield + PIII-500
Incoming Network Path: Internet -> (25) ASSP -> (26) NAI Webshield -> (25) Exchange2K-Frontend -> Exchange-Cloud with Outlook and IMAP/POP/Web-Clients Outgoing Network Path: Exchange-Cloud with Outlook and IMAP/POP/Web-Clients -> (25) Exchange2K-Frontend -> (25) ASSP -> (26) NAI Webshield -> (25) Exchange2K-Frontend -> Internet Operating System: MS Windows 2000 Server CPU: Pentium III 500 RAM: 640MB Messages per day: 11000 Load: 10% (rebuild not included) Mail Transport: NAI Webshield SMTP Destination: 141.21.6.1:26 Listen Port: 141.21.6.1:25 Mail Transport's Listen Port: 26 Relay Port: 141.21.6.210:25 Relay Host: 141.21.6.1:26 What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): NAI Webshield SMTP 4.5 (Windows)
Mail Transport's Smarthost / Relay Host: MS Exchange 2000 (Frontend)
If you run a virus scanner, how does it fit in? NAI Webshield (behind ASSP) and On-Access-Scanners on Exchange-Server Attachment-Blocking on ASSP and On-Access-Scanners Server/Client-On-Access-File-Scanners on all PCs
What was the hardest part of getting ASSP working for you? Planning the path for mail-delivery
Matthias
Win2k, GFI Mail security, k6/2 350
Incoming Network Path: Internet -> (25) ASSP -> (25000) SMTP Virtual Server -> 25 Mailservers (both pop3 and exchange) -> client Outgoing Network Path: Depending on the mailserver's setup: Setup #1: Client -> (125) mailserver -> Internet Setup #2: Client -> (125) mailserver -> (25) ASSP -> (25000) SMTP Virtual Server (GFI MailSecurity) -> Internet
Operating System: Windows 2000 Server CPU: AMD K6/2 350Mhz (PII 333MHZ as backup computer) RAM: 192mb (256mb in backup machine) Messages per day: ~700 Load: it doesn't seem too busy except when it rebuild the spamdb which takes 40 min. Processing time for incoming mails when rebuilding the spamdb doesn't seem to slow down though.
SMTP Destination: localhost:25000 Listen Port: 25 Mail Transport's Listen Port: ? Relay Port: none Relay Host: none
If you run a virus scanner, how does it fit in? via SMTP virtual server on same machine as ASSP
What was the hardest part of getting ASSP working for you? Making automatic jobs for rebuilding spamdb, download greylist etc.
What do you wish you knew before you started that you know now? That the two hard drives I initially used would crash ;)
Any other comments regarding installing / configuring ASSP? I'm a totel novice when it comes to smtp, relaying etc. so I was quite surpriced to find how easy it was to get it to work. Still, most of the users don't send via ASSP which means that whitelist addition and a good portion of hammails are missed. The reasons why many users won't send via ASSP is, 1) their mailserver host many different domains and relaying is not per-domain but for all domains, 2) I've been told that message tracking stops at relay servers - so if we ever want to track a message that strand somewhere we can't if we send via ASSP.
Ulrik
Mac OS/X and qmail
Incoming Network Path:
Internet -> (25) ASSP -> (24) Qmail -> (pop3)
Outgoing Network Path:
Client -> (SMTP 25) ASSP -> (24) Qmail -> Internet Client -> (OFMIPD 8025) -> (SMTP 25) ASSP -> (24) Qmail -> Internet
Operating System: Mac OS X 10.3 CPU: Macintosh G5 1.25 Ghz RAM: 568 MB Messages per day: 4000 Load: (best guess) 5% Mail Transport: QMail SMTP Destination: 127.0.0.1:24 Listen Port: 25 Mail Transport's Listen Port: 24 & 8025 (OFMIPD) If you run a virus scanner, how does it fit in? ClamAV with QMailScanner for all files not blocked by ASSP
What was the hardest part of getting ASSP working for you? ASSP support for Non English languages is poor (no SPAM/NOSPAM DB's)
What do you wish you knew before you started that you know now? The global percentage of SPAM (75%)
Any other comments regarding installing / configuring ASSP? Must modify ASSP code to support Pop before SMTP with VPopMail. Guy
---------------------------------------------------------------------- T h i n k d i f f e r e n t - u s e a M a c i n t o s h ----------------------------------------------------------------------
Dual Piii-800, Win2k, Imail 8
Incoming Path: Internet -> (25) ASSP -> (255) Imail -> client Outgoing Network Path: client -> (25) ASSP -> (255) Imail -> Internet Operating System: MS Windows 2000 Server CPU: dual PIII 800's RAM: 1gb Messages per day: 11000 Load: 0-10%, seems to avg about 2% (rebuild not included). 7-11mb Rebuild: About 50% of one processor and 75% ot the other. Peak usage: 200mb
If you run a virus scanner, how does it fit in? Declude A/V Pro plugs into Imail. This in turn runs F-Prot A/V on every received message.
What was the hardest part of getting ASSP working for you? Setting up the program was easy, as was training it. Introducing the system to users is where the real work is.
Hot Tips? 1. Schedule a service restart of Perl as part of your daily rebuild process. I found that ASSP's memory usage slowly grew to about 60mb of RAM during normal operations (using a spam db that grew to approximately 30,000 messages) and no doubt this growth would have continued. However usage dropped to 6-11mb with the high message counts once I worked in a daily service restart. It works best in a batch file, where that same batch file handles the daily spam db rebuild. Be sure NOT to shut down ASSP during the rebuild. Just cycle the service quickly.
2. Use the scripting language of your choice to build a whitelist submitter. Many users, for various reasons, send mail thru a different smtp server than the one protected by ASSP. Give them a secure form to input email address, username, password and whitelisted address. Use your scripting environment to send an auth'd mail to the assp-white address. Security for an operation like this must be well thought-out. matt
Win2Ksrv, Lotus Notes/Domino, ASSP
Incoming path
Internet -> ASSP(25/TCP) -> Lotus(125/TCP)
network clients use ASSP too since the machine sits on a DMZ and only port 25 is exposed to both LAN and internet
CPU barely used, around 2000 msg/day on regular days (spam-worms may increase the traffic) the Lotus mailservers run a copy of Trend MailScan which takes care of any beast escaped to the ASSP spam filtering
Due to various reasons, I avoided letting ASSP automatically download the graylist and I've setup a scheduled batch file as follows
@echo off cls m: cd\assp
REPAIR
rem --- echo Repairing ASSP databases... rem --- perl repair.pl
NUMBER
rem --- echo Renumbering stored messages... rem --- perl move2num.pl -r
GREYLIST
echo Downloading grey list... if exist greylist.txt del greylist.txt wget -t 3 -nd http://assp.sourceforge.net/greylist.txt if not exist greylist.txt goto NOGREY if exist greylist copy greylist greylist.bak copy greylist.txt greylist del greylist.txt
NOGREY
echo Rebuilding ASSP databases... perl rebuildspamdb.pl
RESTART
echo Stopping ASSP filter service... net stop asspsmtp ping -n 1 -w 3000 10.1.1.1 >NUL echo Starting ASSP with new files... net start asspsmtp
QUIT
cls exit
the above takes care to download and update the graylist and to rebuild the spamdb, after those operation it will restart the ASSP service (just to freeup/clean memory) the "ping" to an unused IP is only used to wait 3 seconds before starting back the ASSP service, also, the commented code at the top may be useful either for first runs or to repair a damaged database (note: you will need to get a copy of wget for windows for the above to work correctly) grayhat
Assp - Exchange - Assp - Mercury/32
Incoming Network Path: Internet (25) -> ASSP (2525) -> Exchange2K (25) -> Outlook Outgoing Network Path: Outlook -> Exchange2K -> ASSP (25) -> Mercury/32 (8025) -> Internet Hardware: Operating System: MS Windows NT 4 Server CPU: Dual Pentium III @ 448 RAM: 380MB What do you use for your relay host (Software or just ISP if you use your ISP's mail relay): Mercury/32 (Windows) Statistics: Messages per day: 1700
