Anti-Spam SMTP Proxy (ASSP) server project is a free, Open Source, Perl based, platform-independent transparent SMTP proxy server available at SourceForge.net that leverages numerous methodologies and technologies to both rigidly and adaptively identify e-mail spam.
ASSP is easy to set up because it requires only minor changes to the configuration of your Mail Transfer Agent.
Homepage: assp.sourceforge
Type: Anti-Spam, Email-client
License: GNU General Public License (GPL)
Written in: Perl
Operating system: Cross-platform
Languages: Multi
Size(Windows): 0.7 MB
############################################################
Installs Perl modules used by ASSP 1.x
############################################################
Installs Perl modules used by ASSP 1.x
*nix (including Mac OS X):
- copy mod_inst.pl to assp directory
- cd to assp directory
- Run 'perl mod_inst.pl'
Windows:
These PPM packages contain both codes for Perl 5.8 and 5.10. You may try others, PPM will help you and refuse to install incompatible modules.
- Download "assp.mod.zip"
http://downloads.sourceforge.net/project/assp/ASSP%20Installation/Modules/assp.mod.zip
Unzip in the c:/assp base directory.
- Open the command line and change directory to the c:/assp/assp.mod/install directory:
- Change install.cmd
- Edit the next line if the location of your ASSP-installation is not default!
set ASSPDIR=C:\assp
- Please set your Proxy, if you need it
- Run 'install.cmd'
List of modules:
Authen::SASL
Compress::Zlib
Digest::MD5
Digest::SHA1
Email::MIME
Email::MIME::Modifier
Email::Send
Email::Valid
File::ReadBackwards
File::Scan::ClamAV
IO::Socket::SSL
LWP::Simple
Mail::SPF
Mail::SRS
Net::CIDR::Lite
Net::DNS
Net::IP::Match::Regexp
Net::LDAP
Net::SMTP
Net::SenderBase
Net::Syslog
Sys::Syslog
Time::HiRes
assp.pl 1.8.5.6
new bombre.txt
new bombdatare.txt
new nopbwhite.txt
-Maximum Penalty on Regex Match per Mail per Check (maxBombValence)
This option is valid for all regex searches which allow weights (marked with **) and limits the maximum penalty per check. maxBombHits is overwritten.
-Maximum Number Of Hits in Regex Search (maxBombHits, default is blackRe=>2|bombSenderRe=>1|bombHeaderRe=>1|bombSubjectRe=>3|bombCharSets=>1|bombSuspiciousRe=>3|bombRe=>1|scriptRe=>1
This option is valid for all regex searches which allow weights (marked with **). Use the syntax: regextype=>3|other.regextype=>3 to set the maximum number of hits a search should perform. Maximum for regex searches not set here is 1. The search will stop if MessageScoringUpperLimit or maxBombHits is reached. This can be overwritten by maxBombValence.
-Use Black Regular Expression to Identify Spam (DoBlackRe)
This works similar to DoBombRe but has more strict defaults in processing whitelisted and noprocessing. Both will will be checked if the defaults are used. Envelope, Header and Data Part are checked against the BlackRe. Scoring is done with blackValencePB - the scoring value is the sum of all valences(weights) of all found blackRe(s). Blocking will only be done if 'block' is set and and the total score is equal or exceeds blackValencePB. Testmode is set with blackTestMode.
-BlackRe - Regular Expression to Identify Spam ** (blackRe)
This is a stricter version of bombRe (blackReWL, blackReNP, blackReISPIP are enabled by default). If an incoming email matches this expression it will be considered spam. As all fields marked with two asterisk (**) do - this regular expressions (regex) can accept a weight value. Every weighted regex has to be followed by '=>' and the weigth value. The search will continue until maxBombHits is reached or maxBombValence is exceeded (if set).
-Primary MX Host (PrimaryMX)
The IP number of the Primary MX if there is one.
-Ping Primary MX Host (PrimaryMXping)
Disable connections on port 25 if PrimaryMX is up and running.
assp.pl 1.8.5.1
new rcptreplrules.txt
-Enable recipient replacement* (ReplaceRecpt)
recommented if used: file:files/rcptreplrules.txt - default empty ! This enables recipient replacement. If you do not use file:, separate the rules with |. The replacement will be done before any ASSP check. Use this option carefully - for example: if you have enabled DKIM check, the DKIM check will fail, if the recipient of the mail was modified. For a more detailed description of the rules and options, read the file: files/rcptreplrules.txt!
assp.pl 1.8.1.9
new rebuildspamdb.pl 2.8.1.9 (1.0.00)
new modify.pm in lib/Blockreport
Request Block Report (EmailBlockReport, default=asspblock)
Any mail sent by local/authenticated users to this username will be interpreted as a request to get a report about blocked emails. Do not put the full address here, just the user part. For example: asspblock
Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. Users defined in EmailBlockTo, EmailAdmins and EmailAdminReportsTo are 'Admins' and can request a report for multiple users. They have to use a special syntax with '=>' in the body of the report request. The syntax is:
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which the report should be created. The default (if empty or not defined) is one day. This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The second parameter is here empty or *.
Only Admins are able to request blockreports for non local email addresses. For example:
user@non_local_domain=>recipient@any-domain=>4
*@non_local_domain=>recipient@any-domain=>4
This will result in an extended blockreport for the non local address(es). Replace 'non_local_domain' with the domain name you want to query for.
It is possible to change the complete design of the BlockReports to your needs, using a html-css file. An default css-file 'blockreport.css' is in the image folder.
There you can also find a default icon file 'blockreporticon.gif' and a default header-image-file 'blockreport.gif' - which is the same like 'logo.gif'. There is no need to install that fles. If assp can not find this files in its image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' will be used.
To change any contents, use the Blockreport::modify module in the lib folder. You'll need some Perl skills to do that
assp.pl 1.8.1.7
new files/subjectre.txt
-Add Warning Custom Header (AddCustomHeaderWarning)
Adds a line to the email header if the message is between MessageScoringLowerLimit and MessageScoringUpperLimit.
assp.pl 1.8.1.6
new files/bombre.txt 1.04
-Reject unknown domains (LocalAddresses_Flat_Strict)
If set and LocalAddresses_Flat is used all domains must be configured here.
If not set, only domains existing in LocalAddresses_Flat will be checked.
-Increase baysValencePB for mails from ispip (Addispip)
Additional scoring of mails from IP numbers in ispip.
-Increase baysValencePB for bounced mails (Addbounce)
Additional scoring for bounced mails.
-Increase baysValencePB for spamhaters (Addhater)
Additional scoring for mails from senders in baysSpamHaters.
-Increase baysValencePB for senders matching NoOKCachingRe (Addnotokaddress)
Additional scoring for senders in NoOKCachingRe.
-Spam Friends ** (spamFriends)
A list of addresses that when matched will reduce the messagescore with friendsValencePB. This will make the scoring filter more softly on these addresses.
-Spam Friend Score (friendsValencePB, default=-10)
Bonus for message scoring if the recipient is in spamFriends.
-Spam Foes ** (spamFoes)
A list of addresses that when matched will increase the messagescore with foesValencePB. This will make the scoring filter more sharply.
-Spam Foes Score (foesValencePB)
For message scoring if the recipient is in spamFoes.
assp.pl 1.8.1.5
new files/preheaderre.txt
new files/nookcaching.txt
new files/bombsenderre.txt
new files/bombre.txt 1.04
new rebuildspamdb.pl 2.8.1.4 (1.0.03)
- Local Domains* (localDomains, default=file:files/localdomains.txt)
Put here are the domain names that your mail system considers local. Separate entries with | or place them in a plain ASCII file one address per line: 'file:files/localdomains.txt'. Wildcards are supported.
For example: example.org|*example.com
If ASSP finds no other hint that the domain is local, it will reject messages to domains not listed here with 'RelayAttempt'. A successfull DoLDAP, DoVRFY or hit in LocalAddresses_Flat will put the domain part of the queried address into ldaplistdb and will mark the domain as local. You can set nolocalDomains to disable this check during setup and testing.
- VRFY Domains* (vrfyDomains)
Put here the domain names that should be verified with SMTP-VRFY. Separate entries with | or place them in a plain ASCII file one address per line: 'file:files/vrfydomains.txt'. Wildcards are supported.
For example: example.org|*example.com
Use the syntax: mydomain.com=>smtp.mydomain.com|other.com=>mx.other.com:port to verify the recipient addresses with the SMTP-VRFY (if VRFY is not supported 'MAIL FROM:' and 'RCPT TO:' will be used) command on other SMTP servers. The entry behind => must be the hostname:port or ip-address:port of the MTA which is used to verify 'RCPT TO' addresses with a VRFY command! If :port is not defined, port :25 will be used. You have to enable the SMTP 'VRFY' command on your MTA - the 'EXPN' command should be enabled! This requires an installed Net::SMTP module in PERL.
If you have configured LDAP and enabled DoLDAP and ASSP finds a VRFY entry for a domain, LDAP search will be done first and if this fails, the VRFY will be used.
ldaplistdb in the 'File Paths and Database' section is mandatory when using this verify extension - so ASSP can store all verified recipient addresses to minimize the querys on MTA's. Both VRFY and LDAP are using ldaplistdb.
-Bayesian SpamHater* (baysSpamHaters)
SpamHaters are used to override baysSpamLovers / baysTestMode. It may also be used to increase scoring for DoBayesian with Addhater.
-Maillog Tail Order (MaillogTailOrder)
Reverse the time order of line
-Mainloop Timeout (MainloopTimeout)
Mainloop will timeout after this many seconds.
-Automatic Restart after Timeout (AutoRestartAfterTimeOut)
If ASSP detects a mainloop timeout and an AutoRestartCmd, it will try to restart itself.
-Bayesian for mails from ispip (baysispValencePB)
For scoring of mails from ispip ( DoBayesian).
assp.pl 1.8.1.3
It is now possible to reset the stats in the 'Info and Stats' view of
the GUI by clicking on the links at the first line (run time). If resetting
the global stats. the current 'asspstats.sav' file is renamed to
'asspstats-YYYY-MM-DD-hh-mm-ss.sav' using the current date and time and saved in the new folder "stats".
Use IP Netblocks (ExportUseNetblocks)
Export the IP address based on the /24 subnet rather than on the specific IP.
assp.pl 1.8.1.2
new files/bombre.txt
NULL Connection Addresses* (NullAddresses)
ASSP will discard a message silently when encountering such an address in "MAIL FROM:" or "RCPT TO:". Accepts specific addresses (null@example.com), user parts (nobody) or entire domains (@example.com).
Maximum allowed Subject Length (maxSubjectLength)
If set to a value greater than 0, assp will check the length of the Subject of the mail. If the Subject length exceeds this value, the message score will be increased by 'bombValencePB' and the string that is checked in 'bombSubjectRe' will be trunked to this length. It is possible to define a special weight using the syntax 'length=>value', in this case the defined absolute value will be used instead of 'bombValencePB' to increase the message score. If the subject is too long and this weight is equal or higher than 'bombMaxPenaltyVal' no further bomb checks will be done on the subject.
- It is now possible to define configuration parameters at the
commandline. You have to use the following syntax:
perl assp.pl baseDir --configParmName:=configParmValue --cPN:=cPV ....
baseDir has to be defined, if any config parameter is defined at the
commandline.
The defined parameter/value will overwrite the current value in the
assp.cfg file and will be saved in to that file! Both, the parameter name
and the value are case sensitive.
assp.pl 1.8.1.1
new files/dnsbls.txt
new files/preheaderre.txt
Maximum allowed Subject Length (maxSubjectLength)
If set to a value greater than 0, assp will check the length of the Subject of the mail. If the Subject length exceeds this value, the message score will be increased by 'bombValencePB' and the string that is checked in 'bombSubjectRe' will be trunked to this length. It is possible to define a special weight using the syntax 'length=>value', in this case the defined absolute value will be used instead of 'bombValencePB' to increase the message score. If the subject is too long and this weight is equal or higher than 'bombMaxPenaltyVal' no further bomb checks will be done on the subject.
assp.pl 1.8.1.0
new rebuildspamdb.pl 2.8.1.0 (1.0.01)
new assp_pop3.pl (1.08)
new files/preheaderre.txt
new files/suspiciousre.txt
new files/invalidptr.txt
new files/charsets.txt
new files/bombheaderre.txt
new files/uriblwhite.txt
new files/nowhite.txt
new files/nogrip.txt
new files/whiteorg.txt
new files/bombre.txt
new files/subjectre.txt
The BlockReport design has changed. It is now possible to change the
complete design to your needs, using a html-css file. The default css-file
'blockreport.css' is in the image folder. There is
also a default icon file 'blockreporticon.gif' and a default
header-image-file 'blockreport.gif' - which is the same like 'logo.gif'.
If assp can not find this files in its image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' will be used.
To change any contents, use the 'Blockreport::modify' module in the lib
folder. This module (skeleton) is updated for this major change of the
BlockReports.
Regular Expression to early Identify Spam in Handshake and Header Part* (preHeaderRe)
Until the complete mail header is received, assp is processing the handshake and header content line per line, but the first mail content check is done after the complete mail header is received.
It is possible, that some content (malformed headers, forbidden characters or character combinations) could cause assp to die or to run in to a unrecoverable exception.
Use this regular expression to identify such incoming mails based on a line per line check, at the moment where a single line is received.
This setting does not affect any other and is not affected by any other configuration setting, except that this check is only done for incoming mails.
If a match is found, assp will immediately send a '421 terminate connection' reply to the client and will immediately terminate the connection.
Default setting is file:files/preheaderre.txt
URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use separated by "|". You may set for every provider a weight like multi.surbl.org=>50|black.uribl.com=>25.
The value of the weight can be set directly like=>45 or as a divisor of URIBLmaxweight . Low numbers < 6 are divisors . So if URIBLmaxweight = 50 (default) multi.surbl.org=>50 would be the same as multi.surbl.org=>1, multi.surbl.org=>2 would be the same as multi.surbl.org=>25.
If the sum of weights of all found uris surpasses URIBLmaxweight, the URIBL check fails. If not, the URIBL check is scored as "neutral" . URIBLmaxhits is ignored when weights are used.
Default is: multi.surbl.org=>1|black.uribl.com=>1|uribl.swinog.ch=>2
URIBL Maximum Weight (URIBLmaxweight)
A weight is a number representing the trust we put into a URIBL.
The URIBL module will check all of the URIBLs listed under URIBLServiceProvider for every URI found in an email. If the total of weights for all URIs is greater or equal this Maximum Weight, the email is flagged Failed.
If the total of weights is greater 0 and less Maximum Weight, the email is flagged Neutral . If not defined or set to zero only URIBLmaxhit will be used to detect a fail or neutral state.
RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of RBLmaxweight. So if RBLmaxweight = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses RBLmaxweight, the DNSBL check fails. If not, the DNSBL check is scored as "neutral" even with RBLmaxhits reached. Setting Showmaxreplies will allow ALL replies to contribute to the total weight regardless of RBLmaxhits.
Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:
RBL-Service-Provider=>result-to-watch=>weight (like:)
blackholes.five-ten-sg.com=>127.0.0.2=>3
blackholes.five-ten-sg.com=>127.0.0.5=>4
blackholes.five-ten-sg.com=>127.0.?.*=>5
You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same RBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.
Switch Testmode to Message Scoring (switchTestToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Switch Spam-Lover to Message Scoring (switchSpamLoverToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Enable Configuration Sharing (enableCFGShare, default=off)
Read all positions in this section carefully (multiple times is recommended!!!)! A wrong configuration sequence or wrong configuration values can lead in to a destroyed ASSP configuration!
If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file.
If the configuration of all values in this section is valid, the synchronization status will be shown in the GUI for each config value that is, or could be shared. There are several configuration values, that could not be shared. The list of all shareable values could be found in the distributed file assp_sync.cfg
For an initial synchronization setup set the following config values in this order: setup syncServer, syncConfigFile, syncTestMode and as last syncCFGPass (leave isShareSlave and isShareMaster off). Use the default (distributed syncConfigFile assp_sync.cfg) file and configure all values to your needs - do this on all peers by removing lines or setting the general sync flag to 0 or 1 (see the description of syncConfigFile ).
If you have finished this initial setup, enable isShareMaster or isShareSlave - now assp will setup all entrys in the configuration file for all sync peers to the configured default values (to 1 if isShareMaster or to 3 if isShareSlave is selected). Do this on all peers. Now you can configure the synchronization behavior for each single configuration value for each peer, if it should differ from the default setup.
For the initial synchronization, configure only one ASSP installation as master (all others as slave). If the initial synchronization has finished, which will take up to one hour, you can configure all or some assp as master and slave. On the initial master simply switch on isShareSlave. On the inital slaves, switch on isShareMaster and change all values in the sync config file that should be bedirectional shared from 3 to 1. As last action enable enableCFGShare on the SyncSlaves first and then on the SyncMaster.
After such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfigFile)! To add or remove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file manualy.
This option can only be enabled, if isShareMaster and/or isShareSlave and syncServer and syncConfigFile and syncCFGPass are configured!
Because the synchronization is done using a special SMTP protocol (without "mail from" and "rcpt to"), this option requires an installed Net::SMTP module in PERL. This special SMTP protocol is not usable to for any MTA for security reasons, so the "sync mails" could not be forwarded via any MTA.
For this reason all sync peers must have a direct or routed TCP connection to each other peer.
This is a Share Master (isShareMaster, default=off)
If selected, ASSP will send configured configuration changes to sync peers.
This is a Share Slave (isShareSlave)
If selected, ASSP will receive configured configuration changes from sync peers. To accept a sync request, every sending peer has to be defined in syncServer - even if there are manualy made entrys in the sync config file for a peer.
Default Sync Peers (syncServer)
Define all configuration sync peers here (to send changes to or to receive changes from). Sepatate multiple values by "|". Any value must be a pair of hostname or ip-address and :port, like 10.10.10.10:25 or mypeerhost:125 or mypeerhost.mydomain.com:225. The :port must be defined!
The target port can be the listenPort , listenPort2 or relayPort of the peer.
Test Mode for Config Sync (syncTestMode)
If selected, a master (isShareMaster) will process all steps to send configuration changes, but will not really send the request to the peers. A slave (isShareSlave) will receive all sync requests, but it will not change the configuration values and possibly sent configuration files will be stored at the original location and will get an extension of ".synctest".
Configuration File for Config Sync* (syncConfigFile)
Define the synchronization configuration file here (default is file:assp_sync.cfg).
This file holds the configuration and the current status of all synchronized assp configuration values.
The format of an initial value is: "varname:=syncflag" - where syncflag could be 0 -not shared and 1 -is shared - for example: HeaderMaxLength:=1 . The syncflag is a general sign, which meens, a value of 0 disables the synchronization of the config value for all peers. A value of 1, enables the peer configuration that possibly follows.
The format after an initial setup is: "varname:=syncflag,syncServer1=status,syncServer2=status,......". The "status" could be one of the following:
0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change requests for this value from there
1 - I am a SyncMaster, the value is still out of sync to this peer and should be synchronized as soon as possible
2 - I am a SyncMaster, the value is still in sync to this peer
3 - I am not a SyncMaster but a SyncSlave - only this SyncMaster (peer) knows the current sync status to me
4 - I am a SyncMaster and a SyncSlave (bidirectional sync) - a change of this value was still received from this syncServer (peer) and should not be sent back to this syncServer - this flag will be automaticaly set back to 2 at the next synchronization check
Config Sync Password (syncCFGPass)
The password that is used and required (additionaly to the sending IP address) to identify a valid sync request. This password has to be set equal in all ASSP installations, from where and/or to where the configuration should be synchronized.
The password must be at least six characters long.
If you want or need to change this password, first disable enableCFGShare here an on all peers, change the password on all peers, enable enableCFGShare on SyncSlaves then enable enableCFGShare on SyncMasters.
Show Detail Sync Information in GUI (syncShowGUIDetails, default=off)
If selected, the detail synchronization status is shown at the top of each configuration parameter like:
nothing shown - there is no entry defined for this parameter in the syncConfigFile or it is an unsharable parameter
"(shareable)" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"(shared: ...)" - the detail sync status for each sync peer
If not selected, only different colored bulls are shown at the top of each configuration parameter like:
nothing shown - no entry in the syncConfigFile or it is an unsharable parameter
"black bull ¥" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"green bull ¥" - the parameter is shared and in sync to each peer
"red bull ¥" - the parameter is shared but it is currently out of sync to at least one peer
If you move the mouse over the bull, a hint box will show the detail synchronization status.
Max Number of AUTHentication Errors (MaxAUTHErrors)
If an IP exceeds this number of authentication errors (535) the transmission of the current message will be canceled and any new connection from that IP will be blocked for 5-10 minutes.
Every 5 Minutes the 'AUTHError' -counter of the IP will be decreased by one. autValencePB is used for the penalty box.
No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to prevent external bruteforce or dictionary attacks via AUTH command. Whitelisted and NoProcessing IP's and IP's in npPB are ignored like any relayed connection.
Bad SMTP Authentication (autValencePB)
Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penaltybox with totalscore above this value.
DNSBL Cache Refresh Interval for Misses (RBLCacheExpMiss)
Domains in cache with status=2 (miss) will be removed after this interval in hours. Empty or 0 will prevent caching of non-hits.
Do DNS-Backscatter Detection (DoBackSctr)
If activated, the IP-address of each message received for null sender,bounced or postmaster will be checked against the list below. DNS base checks requires an installed Net::DNS module in Perl.
For more information about backscatter detection please read http://www.backscatterer.org/?target=usage.
Enable DNS-Backscatter detection logging (BacksctrLog)
Backscatter-DNS Cache Refresh Interval (BackDNSInterval)
IP's in cache will be removed after this interval in days. 0 will disable the cache and the usage of downloadBackDNSFile and localBackDNSFile.
ServiceProvider for Backscatterer Detection* (BackSctrServiceProvider)
ServiceProvider for DNS check on Backscatterer. Possible value is ips.backscatterer.org for DNS check.
Download the Backscatterer DNS-IP-List (downloadBackDNSFile)
If selected, the complete IP-list is downloaded to a local file. IP's are checked on this file first, if the IP is not found on this list, a DNS query is done. It is recommended to use this option for ISP's and users with more than 1000 bounced mails a day. See wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz
Local File for the Backscatterer DNS-IP-List (localBackDNSFile)
The name of the local file that is used for this IP-list. The content of this file is filled in to the 'Backscatter-DNS Cache' ( BackDNSInterval ). IP's from this list will be removed after one day from the cache.
---------------
Fields marked with at least one asterisk (*) accept a list separated by '|' (for example: abc|def|ghi) or a file designated as follows (path relative to the ASSP directory): 'file:files/filename.txt'. Putting in the file: will prompt ASSP to put up a button to edit that file. files is the subdirectory for files. The file does not need to exist, you can create it from the editor by saving it. The file must have one entry per line; anything on a line following a numbersign or a semicolon ( # ;) is ignored (a comment).
It is possible to include custom-designed files at any line of such a file, using the following directive
# include filename
where filename is the relative path (from /Applications/assp) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file!
Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weighted regex that contains at least one '|' has to begin and end with a '~' - inside such regexes it is not allowed to use a '~', even it is escaped - for example: ~abc\~|def~=>23 or ~abc~|def~=>23. Every weighted regex has to be followed by '=>' and the weight value. For example: Phishing\.=>1.45|~Heuristics|Email~=>50 or ~(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.~=>4.6|Spam=>1.1|~Spear|Scam~=>2.1 . The multiplication result of the weight and the penaltybox valence value will be used for scoring, if the absolute value of weight is less or equal 6. Otherwise the value of weight is used for scoring. It is possible to define negative values to reduce the resulting message score.
For all "bomb*" regexes and "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is possible to define a third parameter (to overwrite the default options) after the weight like: Phishing\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-], where the characters and the optional to use + and - have the following functions:
use this regex (+ = only)(- = never) for: N = noprocessing , W = whitelisted , L = local , I = ISP mails . So the line ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex with a weight of 50, never scan noprocessing mails, never scan whitelisted mails, scan local mails and mails from ISP's (and all others). The line ~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a weight of 3.2 as factor, never scan noprocessing mails, scan only whitelisted mails even if they are received from an ISP .
If the third parameter is not set or any of the N,W,L,I is not set, the default configuration for the option will be used unless a default option string is defined anywhere in a single line in the file in the form !!!NWLI!!! (with + or - is possible).
If any parameter that allowes the usage of weighted regular expressions is set to "block", but the sum of the resulting weighted penalty value is less than the corresponding "Penalty Box Valence Value" (because of lower weights) - only scoring will be done!
The literal 'SESSIONID' will be replaced by the unique message logging ID in every SMTP error reply.
- the alpha index in the GUI has now a 'select' field (regex is possible)
to reduce the listed values as wanted - this makes it possible to fastly
find a config value by parts of its name
- If a file is resent, the non local sender (from:) will be added to
whitelist if 'autoAddResendToWhite' is set to 'admins only' or 'admins and
users'.
- If a file is copied (GUI) to the correctednotspam folder, the non local
sender (from:) of that file will be added to Whitelist if
'EmailErrorsModifyWhite' is set.
- If a file is copied (GUI) to the correctedspam folder, the non local
sender (from:) of that file will be removed from Whitelist if
'EmailErrorsModifyWhite' is set.
--------------------------------------------------------------------------
assp.pl 1.7.5.x
-Passing File Names (PassAttach)
This regular expression is used to identify attachments that should mark the message as noprocessing. If you enter extensions do not precede it with a dot. This will take precedence over any bad attachment.
-Auto Update rebuildspamdb.pl (AutoUpdateREBUILD)
No action will be done if 'no auto update' is selected or AutoUpdateASSP is disabled.
If 'download only' is selected the newest rebuildspamdb.pl will be downloaded to the directory /Applications/assp/download .
If 'download and install' is selected, the old rebuildspamdb.pl will be saved to download directory (rebuildspamdb.pl_old) and replaced by the new version.
The perl module Compress::Zlib is required to use this feature.
-Enforce Automatic Restart ASSP on new or changed Script (ForceAutoRestartAfterCodeChange)Enforce Restart on new or changed assp.pl Script (ForceRestartAfterCodeChange)
ASSP will restart even if it is not daemon on linux/MAC ( AsADaemon ) and not a service on windows and AutoRestartCmd is not configured.
-Remove Disposition Notification Headers (removeDispositionNotification)
If set, all headers : "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed from not whitelisted and not noprocessing incomming mails. Select this to prevent unwanted whitelisting of spammers that request a Disposition Notification. An other way to prevent autowhitelisting because of an autorespond is to use redRe .
-Run RebuildSpamdb Now (RebuildNow)
If selected, ASSP will run RebuildSpamdb.pl now.
-ispip is included in Maximum Sessions Per IP Check (maxSMTPipSessionsISPIP)
ispip (ISP/Secondary MX Servers) matches are not excluded from SMTP session limiting
- a click on the small new (i) icon at the 'apply'
button opens a new browser window (remember me) with four textboxes. These
could be used to copy and past any kind of data, without loosing the UTF-8
encoding. The icon could also be found in every 'Edit' window at the
top-left
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penalty box.
-Simple IP Greylisting Embargo Time (DelayIPTime)
Enter the number of minutes for which delivery, related with IP address of the sending host, is refused with a temporary failure. Default is 5 minutes.
-Use SPF to validate whiteListedDomains (whiteListedDomainsPassSPF)
Check this if you don't want ASSP to use whiteListedDomains without a corresponding SPF record.
-Suppress spamLoverSubject For Selected Recipients* (spamLoverSubjectSelected)
spamLoverSubject does NOT get prepended to the subject for these recipients.
-POP3 Configuration File* (POP3ConfigFile)
The file with a valid POP3 configuration. Only the file: option is allowed to use.
If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers.
Each line in the config file contains one configuration for one user.
All spaces will be removed from each line.
Anything behind a # or ; is consider a comment.
If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
e.g: pop3user<1> will result in pop3user - or - myName@pop3.domain<12> will result in myName@pop3.domain
It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
A commonly set parameter could be overwritten in every user definition.
Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=
This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are sepatated by "=".
e.g.: POP3username:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@demo_smtp.local,......
The following case sensitive keywords are supported in the config file:
POP3password=pop3_password
POP3server=POP3-server or IP[:Port]
SMTPsender=email_address
SMTPsendto=email_address or or
SMTPserver=SMTP-server[:Port]
SMTPHelo=myhelo
SMTPAUTHuser=smtpuser
SMTPAUTHpassword=smtppass
SMTPHelo, SMTPsender, SMTPAUTHuser and SMTPAUTHpassword are optional.
If SMTPsender is not defined, the FROM: address from the header line will be used - if this is not found the POP3username will be used.
If the syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.
If the syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.
For example: or or
If the or syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!
If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
To use this feature, you have to install the perl script "assp_pop3.pl" in the assp- base directory.
-URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use. It is possible to specify a weight value after '=>' , in this case this value will be used as hit value (see URIBLmaxhits ) for this service provider, for example multi.surbl.org=>1.5 . Default is: dbl.spamhaus.org|multi.surbl.org|black.uribl.com
-Enable Trap logging (TrapLog)
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-Block SpamLovers when Scoring is Extreme (blockSpamLoversExtreme)
If set, spamlovers will be blocked when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Block when Scoring is in Extreme range (blockTestModeExtreme)
If set, TestMode will be ignored when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Maximum URIs (URIBLmaxuris)
More than this number of URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Maximum Unique Domain URIs (URIBLmaxdomains)
More than this number of unique domain URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Disallow Obfuscated URIs (URIBLNoObfuscated)
When enabled, messages with obfuscated URIs of types [integer/octal/hex IP, other things!] in the body will get increased score with uribleValencePB.
-URIBL Extras (uribleValencePB)
For Message & IP scoring in URIBLNoObfuscated, URIBLmaxdomains, URIBLmaxuris,
assp.pl 1.7.5.1
new rebuildspamdb.pl 2.7.1.6
new assp_pop3.pl (1.04)
new bombre.txt
new whiteorg.txt
-Regular Expression to Identify NoCaching Addresses* (NoOKCachingRe)
If an address matches this Perl regular expression ASSP will not cache them in OKAddress Cache. For example: reply|bounce|www|daemon|master|\.info|\.biz|^prvs
-Schedule time for RebuildSpamdb (RebuildSchedule)
If not set to 0 ASSP uses scheduled hours to run RebuildSpamdb.pl. For example '6|18' will run rebuildspamdb.pl at 6.00 and 18.00. Use 24 to run it at midnight.
-POP3 Collecting Interval (POP3Interval)
The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-POP3 debug (POP3debug)
If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
assp.pl 1.7.1.5
new module needed: Authen::SASL ( new: mod_inst.pl )
-Maximum Allowed Duplicate Recipient Adresses (MaxDupRcpt)
The maximum number of duplicate recipient addresses that are allowed in the sequence of the RCPT TO: commands!
The number per mail is calculated by 'number of RCPT TO: commands - number of unique recipient addresses'.
For example: if one address is used three times or two addresses are used each two times, will result in the same count - 2. Or if both is the case in one mail, the count will be 4.
-Duplicate Recipient (mdrValencePB)
Message/IP scoring in DoMaxDupRcpt
-User to Authenticate to Relay Host (relayAuthUser)
The username used for SMTP AUTH authentication to the relayhost - for example, if your ISP need authentication on the SMTP port! Supported authentication methodes are PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest security option will be used. The Perl module Authen::SASL must be installed to use this feature! The usage of this feature will be skipped, if the sending MTA uses the AUTH command. Leave this blank, if you do not want to use this feature.
-Password to Authenticate to Relay Host (relayAuthPass)
The password used for SMTP AUTH authentication to the relayhost ! Leave this blank, if you do not want to use this feature.
assp.pl 1.7.1.4
new rebuildspamdb.pl 2.7.1.0
new file -> ipnp.txt
new file -> dnsbls.txt
new file -> blackaddresses.txt
new file -> subjectre.txt
new file -> bombre.txt
-Maximum Equal X-Header Lines (MaxEqualXHeader)
The maximum allowed equal X-header lines - eg. "X-SubscriberID:". If the value is set to 0 the header will not be checked for equal X-header lines.
-Include a Show-Link (inclShowLink)
If a blocked email is stored in any folder, it is possible to include a link for each email to be shown. Define here what you want ASSP to do. Default is "in all reports". Note: File name logging (fileLogging) must be on!
-Do Notify, if log entry matches* (NotifyRe)
Regular Expression to identify loglines for which a notification message should be send.
usefull entries are:
Info: new assp version - to get informed about new available assp versions
info: autoupdate: new assp version - to get informed about an autoupdate of the running script
adminupdate: - for config changes
admininfo: - for admin informations
option list file: - for option file reload
error: - for any error
restart - to detect a ASSP restart
Admin connection - for GUI logon
You may define a comma separated list (after '=>') of recipients in every line, this will override the default recipient defined in 'Notify'. For example: adminupdate=>user1@yourdomain.com,user2@yourdomain.com.
As third parameter after a second ('=>') you can define the subject line for the notification message.
for example: adminupdate:=>user1@yourdomain.com,user2@yourdomain.com=>configuration was changed
or: adminupdate:=>=>configuration was changed.
-VRFY failures return false (VRFYFail)
VRFY failures return false when an error occurs in VRFY lookups.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Allow Local Addresses Regular Expression* (AllowLocalAddressesRe)
Allow only addresses which match this RegEx.
-Disable VRFY for External Clients (DisableVRFY)
If you have enabled VRFY on your MTA to allow ASSP to verify addresses and you do not want external clients to use VRFY/EXPN - select this option.
-Modify ClamAV Module (modifyClamAV)
If set ClamAV modules ping and streamscan are modified (to prevent blocking). This may be disabled to try the original modules.
-Regular Expression to Identify noDelay Helos * (noDelayHelosRe)
Put anything here to identify Helos which should be not delayed.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Drop Connections from these IPs* (DropList)
Automatically downloaded (http://www.spamhaus.org/drop/drop.lasso) list of IPs which should be blocked right away.
-Enable OK Address Cache (DoOKCaching)
OK Address: If a message is marked 'Message OK' the sender addresses are called 'OK Addresses'. These are addresses which are not whitelisted but the sender did not send spam and did send notspam (several times). If this is set to 'whiting' ASSP will whitelist them if OKminhits is reached. If set to 'export only' ASSP will only write them to a file according to OKexporthits. Scoring is set with okaValencePB.
-OK Cache Refresh Interval (OKCacheExp)
OK Adresses in cache will be removed after this interval in hours. 0 will disable the cache.
-Minimum Hits in OK Cache (OKminhits)
If a message is marked 'Message OK' the sender addresses are stored in the OK cache. The address will be added to the whitelist if the number of hits in the cache surpasses OKminhits.
-Exported OK Adresses (OKexport)
OK adresses in cache reaching OKexporthits will be regularly stored into this file.
-Export Hits in OK Cache (OKexporthits)
Used by OKexport. If 0 all addresses will be exported.
-Allow Admin Connections From These Hostnames* (allowAdminConnectionsFromName)
An optional additional list of Hostnames from which you will accept web admin connections. Blank means accept connections from any IP address in allowAdminConnectionsFrom or any connection if nothing is set there.
Note: if you make a mistake here, you may disable your web administration interface and be forced to manually edit your configuration file to fix it.
-Blackish & Whitish Addresses** (blackAddresses)
Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported. A positive weight will make the address 'blackish'. A negative weight will turn the address into 'whitish'. For example: fribo*@example.com|@*.gov=>-0.5|@*.biz=>0.5 .
-Send EHLO (sendEHLO)
If selected, ASSP sends an EHLO even if the client has sent only a HELO. This is useful to force the usage of TLS to the server, because EHLO is needed before STARTTLS can be used.
-Cache Unknown Addresses (DoPenaltyMakeTraps)
If enabled, unknown addresses are cached. If set to 'use for spamtrapaddresses' very activ addresses will be used like spamtrapaddresses. If set to 'use for spamaddresses' they will work like spamaddresses. If set to 'use for validation' all entries regardless of their frequency will be used to validate incoming addresses. Note: LocalAddresses_Flat or doLDAP or doVRFY must be enabled.
-Unknown Address Frequency Limit (PenaltyMakeTraps)
Minimum number of times an address must appear during PBTrapCacheExp before it will be used as spamaddress/spamtrapaddress. For example: 10.
-Exceptionlist for Address Cache* (noPenaltyMakeTraps)
Addresses which should not be cached. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).
-Invalid Addresses Refresh Interval (PBTrapCacheExp)
Addresses will be removed after this interval in hours if the 'Invalid Addresses Frequency Limit' is not reached. For example 3
-Automatic Restart ASSP on new or changed Script (AutoRestartAfterCodeChange)
If selected, ASSP will restart it self, if it detects a new or changed running script. An automatic restart will not be done, if ASSP is not running as daemon on linux/MAC ( AsADaemon ) or as a service on windows and AutoRestartCmd is not configured. Leave this field empty to disable the feature. Possible values are 'immed and 1...23' . If set to 'immed', assp will restart within some seconds after a detected code change. If set to '1...23' the restart will be scheduled to that hour. A restart at 00:00 is not supported.
-Auto Update the Running Script (assp.pl) (AutoUpdateASSP)
No action will be done if 'no auto update' is selected.
If 'download only' is selected and a new assp version is available, this new version will be downloaded to the directory /Applications/assp/download (assp.pl).
If 'download and install' is selected, the running script will be saved to download directory and replaced by the new version.
Configure ( AutoRestartAfterCodeChange ), if you want the new version to become the active running script.
The perl module Compress::Zlib is required to use this feature.
-Auto Update Developer Version (AutoUpdateASSPDev)
-Local Frequency Interval (LocalFrequencyInt)
The time interval in seconds in which the number of envelope recipients per sending address has not to exceed a specific number ( LocalFrequencyNumRcpt ).
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Local Frequency Recipient Number (LocalFrequencyNumRcpt)
The number of envelope recipients per sending address that has not to exceed in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Check local Frequency for this Users only* (LocalFrequencyOnly)
A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Check local Frequency NOT for this Users* (NoLocalFrequency)
A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Regular Expression to Score Blackish and/or Whitish Expressions** (bombSuspiciousRe)
Put here anything which might be suspicious (blackish) or trustworthy (whitish). bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness (whitish) will be assigned by using a negative weight. For example:
news=>-1|no-?reply=>-0.5|passwor=>-0.7
-Spoofing check uses SPF record.
-ConnectionScoring Limit (ConnectionScoringLimit)
MessageScoring will block connectionss whose score exceeds this threshold. A value of 0 here will disable this option. For example: 150
-ConnectionScoring Limit Exceeded (conValencePB)
Message scoring in ConnectionScoringLimit.
-Add MailFrom to Whitelist (RWLtoWhitelist)
If ValidateRWL is set to 'whiting' and the RWL shows medium/high trustworthiness, the MailFrom address will be added to the whitelistdb.
Trustworthiness : (127.0.x.T):
0 = none
1 = low
2 = medium
3 = high
-Detect Same Subject (detectSameSubject)
If set to a value higher than 0, ASSP count identical subjects within one hour. If this count exceeds the defined value, subValencePB will be added to the message- and ip-score.
-RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of rblValencePB. So if rblValencePB = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses rblValencePB, the DNSBL check fails. If not the DNSBL hit is only scored even with RBLmaxhits reached.
-Whitelisted Attachment Blocking (BlockWLExes)
Set the level of Attachment Blocking to 0-4 for whitelisted senders. Choose 0 for no attachment blocking.
-Local Attachment Blocking (BlockLCExes)
Set the level of Attachment Blocking to 0-4 for local senders. Choose 0 for no attachment blocking.
assp.pl 1.6.5.5
new rebuildspamdb.pl 2.6.5.5
new module -> Digest::SHA1 for Message-ID Signing
new module -> MIME::Tools MIME encoding for ASSP header
new file -> invalidhelo.txt 1.6.1.4
new folder -> reports 1.6.1.4
new folder -> notes 1.6.1.5
new file -> bombre.txt 1.6.5.0
new file -> ipnp.txt 1.6.5.5
new file -> dnsbls.txt 1.6.5.3
new file -> blackaddresses.txt 1.6.5.3
new file -> subjectre.txt 1.6.5.3
new file -> whiteorg.txt 1.6.5.5
*** please install the Perl module MIME::Tools (includes MIME::Words) via 'cpan install MIME::Tools' (on nix/mac) or 'ppm install MIME-Tools' (on win32)
-Automatic Corpus Correction (autoCorrectCorpus)
(Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5 - too much ham) or greater than "b" (1.5 - too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder and will never delete files that are younger than "d" days. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!
-Allow Whitelist Removals for Admins only (EmailWhiteRemovalAdminOnly)
Only the users defined in EmailWhitelistTo, EmailAdmins and EmailAdminReportsTo are able to remove addresses from the whitelist.
-Copy Spam and Send to this Address per Domain* (ccSpamInDomain)
ASSP will deliver an additional copy of spam emails of a domain to this address - if the domain of the recipient-address is matched. For example: monitorspam@example1.com|monitor@example2.com.
Wildcard is supported: spamcopyfordomain@* will send a additionallyspamcopy to spamcopyfordomain@alldomains
-SSL Error Cache Refresh Interval (SSLCacheExp)
If a connection fails with 'TSL negotiation with client failed' or 'Connection idle .. timeout' the connecting IP will be stored into this cache. ASSP will not offer STARTTLS to IPs in the error cache. The entry will be removed after this interval in hours. 0 will disable the error cache.
-Default MTA for DoVRFY* (VRFYMTA)
Put here the local MTA which should be used for DoVRFY. It will be used if no information from localDomains about a domain is available. For example: 'smtp.mydomain.com ' or '10.1.1.2:125 '.
-Blacklisted Addresses & Domains** (blackAddresses)
Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards/Weight is supported : @*.biz=>0.5
-Local IMail domains (DoLocalIMailDomains)
Consider domains in the IMail registry to be local
-Automatic Corpus Correction (autoCorrectCorpus)
(Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the
corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5
- too much ham) or greater than "b" (1.5 - too much spam), assp will
delete the excess (oldest) files from the corresponding folder ( spamlog ,
notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder
and will never delete files that are younger than "d" days. This cleanup
will run at the end of the rebuildspamdb task. So the corrected file
corpus will take effect at the next rebuildspamdb!
-SSL Certificate File (PEM format) (SSLCertFile)
Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem. A general cert.pem file is already provided in './certs/server-cert.pem'. For defining any full filepathes, always use slashes ('/') not backslashes. If './certs/server-cert.pem' is set and is not found, assp will try to use openssl to generate one.
-SSL Key File (PEM format) (SSLKeyFile)
Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem. A general key.pem file is already provided in './certs/server-key.pem'. If './certs/server-key.pem' is set and is not found, assp will try to use openssl to generate one.
-Charset for STDOUT and STDERR (ConsoleCharset)
Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!
-Charset for Maillog (LogCharset)
Set the characterset/codepage for the maillog output to your local needs. Default (and best) on non Windows systems is "UTF-8" if available or "System Default" - no conversion. On Windows systems set it to your local codepage or UTF-8. requires ASSP restart
-Decode MIME Words To UTF-8 (decodeMIME2UTF8)
If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Bombs , Scripts , Spamdb , Logging. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.
-Do Deny Connections from these IP numbers (DoDenySMTP)
If activated, the IP is checked against denySMTPConnectionsFrom. Scoring is set with ipValencePB.
-Use Invalid Addresses as PenaltyBox Trap Addresses (DoPenaltyMakeTraps)
If enabled, the frequency of Invalid Addresses is stored. If set to 'use for spamtrapaddresses' addresses in heavy use will act like spamtrapaddresses (PenaltyBox Trap Addresses). If set to 'use for spamaddresses' they will work accordingly. This feature will only work when LocalAddresses_Flat or doLDAP or doVRFY is used.
-Skip Message-ID signing, mail content dependend* (noMSGIDsigRe)
Use this to skip the Message-ID tagging depending on the content of the email. If the content of the email matches this regular expression (checking MaxBytes only), FBMTV will not be done. For example: 'I am out of office' .
-Skip Message-ID signing for Redlisted mails (noRedMSGIDsig)
If selected, FBMTV will not be done for redlisted emails!
assp.pl 1.6.5.0
-Regular Expression to Identify Non-Spam** (whiteRe)
If an incoming email matches this Perl regular expression it will be considered non-spam.
For example: Secret Ham Password|307\D{0,3}730\D{0,3}4[12]\d\d
(Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weigted regex has to be followed by '=>' and the weight value. For example:
Phishing\.=>1.45|~Heuristics|Email~=>50
The multiplication result of the weight and the penaltybox valence value will be used for scoring.)
-Maximum Hits in whiteRe (whiteReMaxHits)
Number of matches to be scored. If the total sum of matches is >= whiteValencePB the message will be considered 'whitelisted'.
-MessageScoring Extreme Limit (MessageScoringExtremeLimit)
MessageScoring will block spamlover messages whose score exceeds this threshold. A value of 0 here will disable this option. For example: 75
-Strict SpamLover* (strictSpamLovers)
Ignore MessageScoringExtremeLimit
-Detect Possible Mailloop (detectMailLoop)
If set to a value higher than 0, ASSP count it's own Received-header in the header of the mail. If this count exceeds the defined value, the transmission of the message will be canceled.
- NotifyRe now accepts comma separated recipients in every regex
line - for example:
warning:=>user1@yourdomain.com,user2@yourdomain.com
If such recipients are defined, this will override the default recipients
in 'Notify' for this entry.
- If 'EmailFrom' is not defined it will be set to 'postmaster@domain'
where domain is 'defaultLocalHost' or 'EmailBlockReportDomain' what ever
is defined.
- the default value for 'defaultLocalHost' is set to 'assp.local'
The VRFY feature now allows the usage of wildcards (* ?) for domains
(*domain.com=>mx.domain.com).
Do Message-ID Signing - FBMTV (DoMSGIDsig)
If activated, the message-ID of each outgoing message will be signed with with a unique Tag and every incoming mail from BounceSenders will be checked against this. This tagging mode is called FBMTV for "FBs Message-ID Tag Validation" and is worldwide unique to ASSP. This tag will be removed from any incoming email, to recover the original references in the mail header. Scoring is set with sigValencePB, testmode is set with sigTestMode.
This check requires an installed Digest::SHA1 module in Perl.
Message-ID pre-Tag for MSGID-TAG-generation (MSGIDpreTag)
To use Message-ID signing and to create the MSGID-Tags, a pre-Tag is needed. This Tag must be 2-5 characters [a-z,A-Z,0-9] long. Default is 'sig'.
Message-ID Secrets for MSGID-TAG-generation* (MSGIDSec)
To use Message-ID signing and to generate the MSGID-Tags, at least one secret key is needed, up to ten keys are possible.
The notation is : generationnumber[0-9]=secretKey. For example(do not use!): 0=1 wErv|1=as.X45rt|.... . Multiple paires are separated by pipes (|). Default is 0=assp|1=fbmtv. Do not defines spaces, tabs and '=' as part of the keys(secrets)!
Do MSGID-Signing For These Addresses Only* (MSGIDsigAddresses)
Mail to any of these addresses will be tagged and checked by FBMTV. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). If empty FBMTV is done for all addresses.
Send 250 OK to ISP if Backscatter Detection fails (Back250OKISP)
If any Backscatter check fails for a bounced mail that is coming from an ISPIP, ASSP will send "250 OK" to the ISP, but will discard the mail, if the check is configured to block!
Backscatter Detection checks Whitelisted mail (BackWL)
Tagging will be always done, if not excluded by address or domain!
Backscatter Detection checks NoProcessing mail (BackNP)
Tagging will be always done, if not excluded by address or domain!
Do not any Backscatter detection for this Addresses * (noBackSctrAddresses)
Mail to and from any of these addresses will not be tagged and checked by the backscatter option. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).
Exclude these IP's from any Backscatter detection* (noBackSctrIP)
Enter IP's that you want to exclude from FBMTV, separated by pipes (|).
-Bayesian Check on Whitelisted Senders (BayesWL)
-Bayesian Check on NoProcessing Messages (BayesNP)
-Bayesian Check on Local Senders (BayesLocal)
fixed:
- Invalidhelo regex check
- Senderbase has done checks after no result was received from DNS
added:
-HomeCountry Pass Greylisting (DelayHC)
Enable Greylisting for HomeCountry based IPs.
-Don't do Blacklisted for these Addresses and Domains* (noBlackDomain)
-Allow Relay Connection from these IP's* (allowRelayCon)
Enter any addresses that are allowed to use the relayPort , separated by pipes (|). If empty, any ip address is allowed to connect to the relayPort. If this option is defined, keep in mind : Addresses defined in acceptAllMail are NOT automaticly included and have to be also defined here, if them should allow to use the relayPort. For example: 127.0.0.1|172.16..
- Analyze via email interface supports now multiple attached files (.eml)
Default Local Domain (defaultLocalHost)
If you want to be able to send mail to local users without a domain name then put the default local domain here.
Blank disables this feature. For example: example.com
Deny Error (DenyError)
SMTP error message to reject connections. Will be used from and denySMTPConnectionsFromAlways and DoPenaltyExtreme. For example: 554 5.7.2 Service denied, closing transmission channel.
Penalty Warning (PenaltyWarning)
PB will tag messages from IP's whose totalscore exceeds this threshold during PenaltyDuration.
For example: 48
Penalty Warning Tag (PenaltyWarningTag)
For example: [??]
Date/Time Format in LogDate (LogDateFormat)
Use this option to set the logdate. The default value is 'MMM-DD-YY hh:mm:ss'. The following (case sensitive !) replacements will be done:
YYYY - year four digits
YY - year two digits
MMM - month three characters - like Oct Nov Dec
MM - month numeric two digits
DDD - day three characters - like Mon Tue Fri
DD - day numeric two digits
hh - hour two digits
mm - minute two digits
ss - second two digits
A value has to be defined for every part of the date/time. Allowed separators in date part are '_ -.' - in time part '-_.:' .
Regular Expression to Identify NoLog-Mails* (noLogRe)
Put anything here to identify mails that you don't want to be logged.
Regular Expression to Suppress Log-Messages* (noLogLineRe)
Put anything here to identify log messages that you want to be suppressed. For example: max errors|collect
Max Number of Duplicate File Names (MaxAllowedDups)
The maximum number that is appended to the mail subject to build the file name of the logged file, if UseSubjectsAsMaillogNames is selected. A low value reduces the number of duplicates.
Enforce Early PenaltyBox Extreme Blocking (ForcePBExtreme)
If set and DoPenaltyExtreme is enabled, ASSP will do DoPenaltyExtreme immediately after connection.
Disable SMTP AUTH for External Clients Alltogether (DisableAuth)
If you have enabled SMTP AUTH on your MTA and you do not want external clients to use SMTP AUTH through ASSP - select this option.
Move Connection with Trap Addresses to NULL (SpamTrap2NULL)
If set, ASSP will move connections with spamtrapaddresses to a NULL-connection. The sender will receive "250 OK".
Regular Expression to Score Suspicious and Trustworthy Words** (bombSuspiciousRe)
Put here anything which might be suspicious or trustworthy. bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness will be assigned by using a negative weight. For example: unsubscribe|news=>-2|letter=>-1|noreply=>-1
Maximum Hits in Suspicious Regular Expression (bombSuspiciousReMaxHits)
Number of matches to be scored. If <= 1 only one match will scored. Minimum Sessions Per IP Address (minSMTPipSessions) The minimum number of SMTP sessions allowed per IP address. ASSP uses this setting to throttle maxSMTPipSessions for IPs in Penalty BlackBox. Zero will disable throttling. For example: 1 Store Assp-Header(s) into Spam Collection (StoreASSPHeader) Add "X-Assp-" header(s) to the collected mails. Do not Delay these Addresses* (noDelayAddresses) Enter senders email addresses that you don't want to be delayed, separated by pipes (|). You can list specific addresses (user@anydomain.com), addresses at any domain (user), or entire domains (@anydomain.com). Wildcards are supported (fribo*@domain.com). For example: fribo@anydomain.com|jhanna|@sillyguys.org or place them in a plain ASCII file one address per line:file:files/nodelayuser.txt. Max Size of Local Message (maxSize) If the value of ([message size]) exceeds maxSize in bytes the transmission of the local message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size. Max Size of External Message (maxSizeExternal) If the value of ([message size]) exceeds maxSizeExternal in bytes the transmission of the external message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size. Max Message Size Error (maxSizeError) SMTP error message to reject maxSize / maxSizeExternal exceeding mails. For example:552 message exceeds MAXSIZE byte (size)! MAXSIZE will be replaced by the value of maxSize / maxSizeExternal. Use Black Regular Expression to Identify Spam (DoBlackRe) Each incoming message is checked against the BlackRe. Scoring is set with blackValencePB - the scoring value is the sum of all valences(weights) of all found blackRe(s), testmode is set with blackTestMode. BlackRe - Regular Expression to Identify Spam** (blackRe) If an incoming email matches this Perl regular expression it will be considered spam depending of blackReMaxHits. For example: \breplica watches\b|\bMegaDik\b|\bcock\b|\bpenis\b|\bpills\b|\bOriginal Viagra\b|\bbetter sex life\b|\baverage penis\b|\benlargement\b|\borgasm\b|\berections\b|\bViagra\b|\bbig dick\b|\bsperma\b|\bSexual\b|\bErectionsk\b|\bStamina\b|\bsildenafil\b|\bcitrate\b|\bErectile\b or place them in a plain ASCII file one address per line - file:files/blackre.txt Maximum Hits (blackReMaxHits) A hit is a found match in blackRe . If the number of hits is greater or equal Maximum Hits, the email is considered Failed and will be blocked (if DoBlackRe is set to "block") or scored (if DoBlackRe is set to "score"). If the number of hits is greater 0 and less Maximum Hits, the email is considered Neutral and will be scored. Do Black Regular Expressions Checks for Whitelisted (blackReWL) Do Black Regular Expressions Checks for NoProcessing (blackReNP) Do Black Regular Expressions Checks for Local Messages (blackReLocal) Do Black Regular Expressions Checks for ISPIP (blackReISPIP) --------------- It is possible to include custom-designed files at any line of an option file, using the following directive # include filename where filename is the relative path from base directory (.) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file. --------------- Combined Spam Report and NoProcessing Deletion (EmailErrorsModifyNoP) If set to 'modify noProcessing' Spam Reports will remove addresses from noProcessing list. If set to 'show noProcessing' Spam Reports will show if addresses are on noProcessing list. assp.pl 1.5.1.8 - Regular Expression to Score Suspicious HELO** (SuspiciousHeloRe) Score Suspicious HELOs will check incoming HELOs for this. Scoring is set with shValencePB For example: 'dynamic' or file:files/suspicioushelo.txt - A menu at the top of the GUI was added - The W32 Service Registration is moved to the most early point in code - 5-10s after Perl starts. - Disable VRFY for External Clients (DisableVRFY) If you have enabled VRFY on your MTA to make assp able to verify addresses and you do not want external clients to use VRFY - select this option. - RWL Pass Score (rwlValencePB) Bonus for Message & IP scoring in ValidateRWL - RWL Neutral Score (rwlnValencePB) Bonus for Message & IP scoring in ValidateRWL - Text to Identify Originating IP Header* (OriginatingIP) If ASSP runs behind another server(s), no IP/HELO based filter will work. If a special header with the originating IP is inserted from the frontend serber ASSP will use the originating IP to perform IP and HELO checks. For example: X-Forwarded-For|X-Originating-IP Notification Email To (RebuildNotify) Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|". If empty EmailAdminReportsTo is used. GReyIPlist Database (griplist) The file with the current GRey-IP-List database -- make this blank if you don't use it. Don't Upload/Download Griplist (noGriplist) Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value. Full Griplist Download Period (DoFullGripDownload) The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days. Max Whitelist Days (MaxWhitelistDays) This is the number of days an address will be kept on the whitelist without any email to/from this address. Maintenance for Bayesian Collection (MaintBayesCollection) Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs. This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite. Max Age of non Bayes Files (MaxNoBayesFileAge) The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age. Max Corrected File Age (MaxCorrectedDays) This is the number of days a error report will be kept in the correctednotspam and correctedspam folders. assp.pl 1.5.1.6 Enable SSL support (enableSSL) For SSL to be enabled, check this box and enter the paths to your SSL Certificate and SSL Key files, below. If you do not have valid certificates, you may generate both files online with www.mobilefish.com or you may use OpenSSL to generate Self-signed SSL certificates!. NOTE: Changing this requires ASSP restart Exclude these IP's from TLS* (noTLSIP) Enter IP's that you want to exclude from starting SSL/TLS. For example, put all IP's here, which have trouble to switch to TLS every time (effectively preventing ASSP from getting mails from these hosts). Disable TLS/SSL support on port 25 (disableSSL25) Retry SSL on "SSL want a read first" error (SSLRetryOnError) If selected, ASSP retries one time to establish a SSL connection with one second delay, if the peer was not ready after STARTTLS because of a "SSL want a read/write first" error. SSL Timeout (SSLtimeout) SSL will timeout after this many seconds. SSL Error Cache Refresh Interval (SSLCacheExp) SSL error records in cache will be removed after this interval in hours. 0 will disable the cache. SMTP Secure Listen Port (listenPortSSL) The port number on which ASSP will listen for incoming secure SMTP connections (normally 465). You can specify both an IP address and port number to limit connections to a specific interface. Examples: 465, 127.0.0.1:465, 127.0.0.1:465|127.0.0.2:465 SSL Destination (smtpDestinationSSL) The IP address! and port number to connect to when mail is received on the SSL listen port. If the field is blank, the primary SMTP destination will be used. Examples:127.0.0.1:565, [::1]:565 SSL Certificate File (PEM format) (SSLCertFile) Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem. SSL Key File (PEM format) (SSLKeyFile) Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem. assp.pl 1.5.1.4 Add to BlackListed Addresses (EmailBlackAdd) Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the blackListedDomains addresses. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition. Do not put the full address here, just the user part. For example: assp-black. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" ! Remove from BlackListed Addresses (EmailBlackRemove) Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from blackListedDomains . Do not put the full address here, just the user part. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition. For example: assp-notblack. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" ! assp.pl 1.5.1.3 Rebuild Options Notification Email To (RebuildNotify) Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|". GReyIPlist Database (griplist) The file with the current GRey-IP-List database -- make this blank if you don't use it. Don't Upload/Download Griplist (noGriplist) Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value. Full Griplist Download Period (DoFullGripDownload) The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days. Max Whitelist Days (MaxWhitelistDays) This is the number of days an address will be kept on the whitelist without any email to/from this address. Maintenance for Bayesian Collection (MaintBayesCollection) Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs. This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite. Max Age of Bayes Files (MaxBayesFileAge) The maximum file age in days of every file in every bayesian collection folder ( spamlog , notspamlog ). If MaintBayesCollection is set to on and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age alone. Do not define this option, if you use the bayesian engine of ASSP. Deleting files because of age is wrong in this case!!!!! Max Age of non Bayes Files (MaxNoBayesFileAge) The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age. Max Corrected File Age (MaxCorrectedDays) This is the number of days a error report will be kept in the correctednotspam and correctedspam folders. assp.pl 1.5.1.2 section logging: Notification Email To (Notify) Email address(es) to which you want ASSP to send a notification email, if a matching log entry ( NotifyRe , NoNotifyRe ) is found. Separate multiple entries by "|". Do Notify, if log entry matches* (NotifyRe) Regular Expression to identify loglines for which a notification message should be send. usefull entries are: adminupdate: - for config changes admininfo: - for admin informations option list file: - for option file reload error: - for any error restart - to detect a ASSP restart Admin connection - for GUI logon Do NOT Notify, if log entry matches* ( NoNotifyRe) Regular Expression to identify loglines for which no notification message should be send. Fields marked with an additional asterisk (**) accept a second weight value separated by => from the regular expression. For example: spammer=>1.45 . The multiplication result of the weight and the penaltybox valence value will be used for scoring.
Which Link Should be included (BlockResendLink)
If HTML is enabled in inclResendLink, two links (one on the left and one on the right site) will be included in the report email by default. Depending on the used email clients it could be possible, that one of the two links will not work for you. Try out what link is working and disable the other one, if you want.
My Helo (myHelo)
How ASSP will identify itself when connecting to the target MTA.
transparent - the Helo of the sender will be used
use myName - use myName
use FQDN - fully qualified domain name of the host assp is running on
Use File System Virus Scanner (DoFileScan)
If activated, the message is written to a file inside the 'FileScanDir' with an extension of 'maillogExt'. After that ASSP will call 'FileScanCMD' to detect if the temporary file is infected or not. The temporary created file(s) will be removed.
The viruses will be stored in a special folder if the SpamVirusLog is set to 'quarantine' and the filepath to the viruslog is set.
File Scan Directory (FileScanDir)
Define the full path to the directory where the messages are temporary stored for the file system virus scanner. This could be any directory inside your file system. The running ASSP process must have full permission to this directory and the files inside!
File Scan Command (FileScanCMD)
ASSP will call this system command and expects a returned string from this command. This returned string is checked against 'FileScanBad' and/or 'FileScanGood' to detect if the message is OK or not! If the file does not exists after the command call, the message is consider infected. ASSP expects, that the file scan is finished when the command returns!
The literal 'FILENAME' will be replaced by the full qualified file name of the temporary file.
The literal 'FILESCANDIR' will be replaced with the value of FileScanDir.
All outputs of this command to STDERR are automatic redirected to STDOUT.
FileScan will not run, if FileScanCMD is not specified.
If you have your online/autoprotect file scanner configured to delete infected files inside the 'FileScanDir', define 'NORUN' in this field! In this case FileScanGood and FileScanBad are ignored. If there is a need to wait some time for the autoprotect scanner, write 'NORUN-dddd', where dddd are the milliseconds to wait!
Depending on your operating system it may possible that you have to quote (' or ") the command, if it contains whitespaces. The replaced file name will be quoted by ASSP if needed.
Native SSL support added!
(new module necessary: IO::Socket::SSL)
- manage & resend spam & notspam from maillog tail
- user blocking report
Request Block Report (EmailBlockReport)
Any mail sent by local/authenticated users to this username will be interpreted
as a request to get a report about blocked emails. Leading digits/numbers in the
mail subject will be interpreted as "report request for the last number of
days". If the number of days is not specified in the mail subject, a default of
5 days will be used to build the report. Only the users defined in EmailBlockTo,
EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses
in the mail body. If such an Admin wants to request a report like it is done
using the BlockReportFile, '=>' must be used in any of the request lines (body)
- please read the section BlockReportFile for more details and syntax.
Queue User Block Report Requests (QueueUserBlockReports)
How to process block report requests for users (not EmailBlockTo, EmailAdmins,
EmailAdminReportsTo).
'run immediately' - the request will be processed immediately (not stored).
'store and run once at midnight' - the request will be stored/queued, runs at
midnight, and will be removed from queue after that
'store and run scheduled' - the request will be stored/queued, runs permanently
scheduled at midnight until it will be removed from queue - a '+' in the subject
is not needed
To add a request to queue the user has to send an email to EmailBlockReport.
Leading digits/numbers in the mail subject will be interpreted as "report
request for the last number of days". If the number of days is not specified in
the mail subject, a default of 5 days will be used to build the report.
If 'run immediately' or 'store and run once at midnight' is selected, but a user
wants to schedule a permanent request, a leading '+' before the digits in
subject is required.
To remove a request from queue the user has to send an email to EmailBlockReport
with a leading '-' in the subject.
File for Blockreportrequest (BlockReportFile)
A file with BlockReport requests. ASSP will generate a block report for every
line in this file (file:files/blockreportlist.txt - file: is required if
defined!) every day at midnight for the last day. The perl modules Net::SMTP and
Email::MIME::Modifier are required to use this feature. A report will be only
created, if there is at least one blocked email found! The syntax is:
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations
of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to
this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in
this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to
recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in
this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which
the report should be created. The default (if empty or not defined) is one day.
This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The
second parameter is here empty or *!
- user can add/remove himself to redlist, spamlover, noprocessing via
email-interface
- admin(s) can add/remove any address to redlist, spamlover, noprocessing via
email-interface
-DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of
RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50 (default) bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2
would be the same as bl.spamcop.net=>25.
If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If not,
the DNSBL check is scored as "neutral" even with RBLmaxhits reached.
It is possible to use all hits regardless of maxhits.-> Showmaxreplies
For example:
RBLmaxhits=2
RBLmaxweight=50
zen.spamhaus.org=>1
bl.spamcop.net=>1
safe.dnsbl.sorbs.net=>1
combined.njabl.org=>1
dnsbl-1.uceprotect.net=>2
dnsbl-2.uceprotect.net=>2
dnsbl-3.uceprotect.net=>3
ix.dnsbl.manitu.net=>2
psbl.surriel.com=>2
2.apews.org=>3
blackholes.five-ten-sg.com=>10
A "fail" will result of:
2 hits in group 1
1 hit in group 1 and 1 hit in group 2
2 hits in group 2
1 hit in group 1
1.4.3.1
added in Menu
sorted alphabetical index of GUI fields
added in section LDAP
LDAP Cache
added in section Recipients
VRFY recipients in multiple MTAs
added in section Email-Interface
multiple attached mails in email-interface in spam/ham reports possible
all (not only the first) attachments within MaxBytes/ClamAVBytes will be
detected and processed!
new section Backscatter Detection
DNS-BackScatter Detection implemented
added in section Penalty Box
Use Invalid Addresses as Traps
added in section Relaying
Support for IP based checks when ASSP is not in front
added in section CC Messages
Do Not Copy Ham Filter* (ccnHamFilter)
Do Not Copy Ham to these addresses. Accepts specific addresses
(user@domain.com), user parts (user) or entire local domains (@domain.com).
Wildcards are supported (fribo*@domain.com).
added in section Whitelisting
Whitelist all RWL Validated Addresses (RWLwhitelisting)
If set, the message will pass also Bayesian Filter and URIBL.
added in section Server Setup
Use OpenDNS NameServers (UseOpenDNS)
http://www.opendns.com/
If the option is enabled (default) local DNS servers are not used and OpenDNS
servers are instead used for URIBL, DNSBL etc.. lookups
added in section Sender Validation
Enforce Early Helo Checks (ForceValidateHelo)
If set, ASSP will Validate/Invalidate Format of HELO before DELAYING.
Collecting, Testmode, CopySpam, Spam-Lover is ignored.
Enforce Early Check of Remote Sender with Local Domain Address
(ForceNoValidLocalSender)
If set, ASSP will check Remote Sender with Local Domain Address before DELAYING.
Collecting, Testmode, CopySpam, Spam-Lover is ignored.
Enforce Early Check of Forged Helos (ForceFakedLocalHelo)
If set, ASSP will check Forged Helos before DELAYING. Collecting, Testmode,
CopySpam, Spam-Lover is ignored.
added in section Spam Control
Send 250 OK (send250OK)
Set this checkbox if you want ASSP to reply with '250 OK' instead of SMTP error
code '554 5.7.1'.
added in section Whitelist
Wildcard User for White Domain (wildcardUser)
If you add this user via email-interface(eg: _ALL_@domain.com), the whole domain
will be whitelisted. For example: _ALL_
added in section PenaltyBox
Do Blocking IP's (DoBlockingIP)
If activated, the IP is checked against Block these IP's.
Block these IP's* (denySMTPConnectionsFrom)
Manually maintained list of IP's which should be blocked. IP's in NoPB, noDelay,
acceptAllMail, ispip, whiteListedIPs, noProcessingIPs, whitebox will pass. For
example: file:files/denysmtp.txt. IP ranges are defined for example 182.82.10.
If Net::IP::Match::Regexp is installed CIDR notation is allowed(182.82.10.0/24).
If Net::CIDR::Lite is installed, hyphenated/spaced ranges are allowed
(182.82.10.0-182.82.10.255,182.82.10.0 182.82.10.255). Text without a numbersign
will be a comment to be shown in a match (182.82.10.0/24 AOL).
added in section SMTP Session Limits
Do Deny SMTP Connections from IP's (Strictly) (DoDenyConnect)
If activated, the IP is checked against Deny SMTP Connections from these IP's
Strict.
Deny SMTP Connections from these IP's Strictly* (denySMTPConnectionsFromAlways)
Manually maintained list of IP's which should strictly be denied SMTP access.
Connection will be denied right away, before the body and header is downloaded.
added in section Regex Filters / Spambomb
Use Black Regular Expression to Identify Spam Strictly (DoBlackRe)
Each message is checked against the BlackRe to identify Spams. Technically the
BlackRe Check is part of the Bayesian Check. However it can be separately
activated.
BlackRe - Regular Expression to Identify Spam Strictly* (blackRe)
If an incoming email matches this Perl regular expression it will be considered
spam . For example: penis|virgin|X-Priority
added in section Collection
Use Collect Addresses for Testing Your Environment (DoNotBlockCollect)
ASSP will not block messages from Collect Addresses just because they are
Collect Addresses but handle them normally. That may help you to test and
control your environment.
Do Not Collect Messages from/to these Addresses* (noCollecting)
Accepts specific addresses (user@domain.com), user parts (user) or entire local
domains (@domain.com).
added in section My Server Setup
Web Statitics Port (webStatPort)
The port on which ASSP will listen for http connections to the statistics
interface. You may also supply an IP address to limit connections to a specific
interface.
Examples: 55553, 192.168.0.5:12345
added in PB section
Do Export Penalty BlackBox Extreme (DoExtremeExport)
Exported BlackBox Extreme File (exportExtremeBlack)
IP's in Penalty BlackBox which surpassed the extreme level will be regularly
stored into this file.
Use Exported Penalty BlackBox Extreme for SMTP Denying (exportExtremeFileDeny)
Deny SMTP connections from IP's in Exported Penalty Black Box Extreme File in a
very early stage. This reduces the load on your MTA.
Exported Penalty BlackBox Interval (exportInterval)
Exported Penalty Black Box Extreme File every this hours.
Defaults to 6 hours.
added in section Sender Validation
Do Country Code Lookup (DoSenderBase)
added in several fields
address-lists and wildcards
They accept specific addresses (user@domain.com), user parts (user) or entire
local domains (@domain.com). Wildcards are supported (fribo*@domain.com).
added in Mail Analyzer
You may put here helo=aaa.bbb.helo or ip=123.123.123.123 to look up the helo/ip
information. Putting a textstring only in will start a lookup in the regular
expression files for the matching regex.
added in SPF section
Override Domains*
Set override to define SPF records for domains that do publish but which you
want to override anyway. Wildcards are supported. For example: abc.com|*.def.com
Internal Name: SPFoverride
Fallback Domains*
Set fallback to define "pretend" SPF records for domains that don't publish them
yet. Wildcards are supported. For example: abc.com|*.def.com
Internal Name: SPFfallback
Local SPF Record
Used in Fallback/Override Domains
The default is v=spf1 a/24 mx/24 ptr -all
Internal Name: SPFlocalRecord
added in Copy Spam & Ham section
Do Not Copy Spam Regex*
Never Copy Spam regardless of collection mode. Put anything here to identify
messages which should not be copied.
added in Greylisting/Delaying section:
Use MD5 for DelayDB
Message-Digest algorithm 5 is a cryptographic hash function and adds some level
of security to the delay database. Must be set to off if you want to list the
database with DelayShowDB/DelayShowDBwhite.
Internal Name: DelayMD5
Ê
Show Delay/Greylisting Database
The directory/file with the delay database file. If you change the filename in
section Filepath you must change it here too.
Internal Name: DelayShowDB
Ê
Show Delay/Greylisting Safe Database
The directory/file with the safe delay database file. If you change the filename
in section Filepath you must change it here too.
Internal Name: DelayShowDBwhite
added in PenaltyBox section:
Force Extreme Denying for Mode 2
PBextreme will deny connections from IP's whose score meet or exceed the extreme
level/extreme counter - even if PB is only monitoring (mode 2)
Extreme Bad IP History
* Message scoring only,
Internal Name: pbeValencePBÊ
Bad IP History
* Message scoring only
Internal Name: pbValencePB
added in CC Mail section:
Do Not Copy Messages Above This MessageTotal
Messages whose score exceeds this threshold will not be copied. For example: 75
CIDR and Hyphenated IP Range Notation added in IP notation
(In Hyphenated IP Range you may replace the hyphen with a space,
123.123.123.123 123.123.123.123 is also valid.)
You can freely mix all notations:
123.123.
123.123.0.0/17
123.123.123.123 123.123.123.123
123.123.123.123-123.123.123.123
You can add comments to be seen when matching is logged:
123.123. comment1
123.123.0.0/17 comment2
123.123.123.123 123.123.123.123 comment3
123.123.123.123-123.123.123.123 comment4
This comments are *not* the comments usually used in lists, they can be used
additionally:
123.123. comment1 # a line with a comment1
123.123.0.0/17 comment2
added caching for:
-SPF
-MXA
-PTR
-RWL
-LDAP
added in folder notes:
Config History (confighistory.txt)
Admin Info (admininfo.txt)
-configdefaults.txt
-config.txt
Added Options:
-Do Bomb/Script Regular Expressions Checks for ISP/Secondary
-Do URI Blocklist Validation for ISP/Secondary
Added:
All Spam-Haters*
All Emails to Spam-Haters found to be spam are blocked by ASSP rather than
processed in testmode/spamlover. When a Spam-Hater is not the sole recipient of
a message, the message will only be blocked if all recipients are Spam-Haters.
Overwrites Spam-Lover addresses/domains. Accepts specific addresses
(user@domain.com), addresses at local domains (user), or entire local domains
(@domain.com). Wildcards are supported.
For example: jfribo*@thisdomain.com|fribo|@sillyguys.org
Internal Name: spamHaters
Bayesian Spam-Hater*
DNSBL Spam-Hater*
ASSP is easy to set up because it requires only minor changes to the configuration of your Mail Transfer Agent.
Homepage: assp.sourceforge
Type: Anti-Spam, Email-client
License: GNU General Public License (GPL)
Written in: Perl
Operating system: Cross-platform
Languages: Multi
Size(Windows): 0.7 MB
Support: Click Here
Bugs fix's in this version:
ASSP change log############################################################
Installs Perl modules used by ASSP 1.x
############################################################
Installs Perl modules used by ASSP 1.x
*nix (including Mac OS X):
- copy mod_inst.pl to assp directory
- cd to assp directory
- Run 'perl mod_inst.pl'
Windows:
These PPM packages contain both codes for Perl 5.8 and 5.10. You may try others, PPM will help you and refuse to install incompatible modules.
- Download "assp.mod.zip"
http://downloads.sourceforge.net/project/assp/ASSP%20Installation/Modules/assp.mod.zip
Unzip in the c:/assp base directory.
- Open the command line and change directory to the c:/assp/assp.mod/install directory:
- Change install.cmd
- Edit the next line if the location of your ASSP-installation is not default!
set ASSPDIR=C:\assp
- Please set your Proxy, if you need it
- Run 'install.cmd'
List of modules:
Authen::SASL
Compress::Zlib
Digest::MD5
Digest::SHA1
Email::MIME
Email::MIME::Modifier
Email::Send
Email::Valid
File::ReadBackwards
File::Scan::ClamAV
IO::Socket::SSL
LWP::Simple
Mail::SPF
Mail::SRS
Net::CIDR::Lite
Net::DNS
Net::IP::Match::Regexp
Net::LDAP
Net::SMTP
Net::SenderBase
Net::Syslog
Sys::Syslog
Time::HiRes
assp.pl 1.8.5.6
new bombre.txt
new bombdatare.txt
new nopbwhite.txt
-Maximum Penalty on Regex Match per Mail per Check (maxBombValence)
This option is valid for all regex searches which allow weights (marked with **) and limits the maximum penalty per check. maxBombHits is overwritten.
-Maximum Number Of Hits in Regex Search (maxBombHits, default is blackRe=>2|bombSenderRe=>1|bombHeaderRe=>1|bombSubjectRe=>3|bombCharSets=>1|bombSuspiciousRe=>3|bombRe=>1|scriptRe=>1
This option is valid for all regex searches which allow weights (marked with **). Use the syntax: regextype=>3|other.regextype=>3 to set the maximum number of hits a search should perform. Maximum for regex searches not set here is 1. The search will stop if MessageScoringUpperLimit or maxBombHits is reached. This can be overwritten by maxBombValence.
-Use Black Regular Expression to Identify Spam (DoBlackRe)
This works similar to DoBombRe but has more strict defaults in processing whitelisted and noprocessing. Both will will be checked if the defaults are used. Envelope, Header and Data Part are checked against the BlackRe. Scoring is done with blackValencePB - the scoring value is the sum of all valences(weights) of all found blackRe(s). Blocking will only be done if 'block' is set and and the total score is equal or exceeds blackValencePB. Testmode is set with blackTestMode.
-BlackRe - Regular Expression to Identify Spam ** (blackRe)
This is a stricter version of bombRe (blackReWL, blackReNP, blackReISPIP are enabled by default). If an incoming email matches this expression it will be considered spam. As all fields marked with two asterisk (**) do - this regular expressions (regex) can accept a weight value. Every weighted regex has to be followed by '=>' and the weigth value. The search will continue until maxBombHits is reached or maxBombValence is exceeded (if set).
-Primary MX Host (PrimaryMX)
The IP number of the Primary MX if there is one.
-Ping Primary MX Host (PrimaryMXping)
Disable connections on port 25 if PrimaryMX is up and running.
assp.pl 1.8.5.1
new rcptreplrules.txt
-Enable recipient replacement* (ReplaceRecpt)
recommented if used: file:files/rcptreplrules.txt - default empty ! This enables recipient replacement. If you do not use file:, separate the rules with |. The replacement will be done before any ASSP check. Use this option carefully - for example: if you have enabled DKIM check, the DKIM check will fail, if the recipient of the mail was modified. For a more detailed description of the rules and options, read the file: files/rcptreplrules.txt!
assp.pl 1.8.1.9
new rebuildspamdb.pl 2.8.1.9 (1.0.00)
new modify.pm in lib/Blockreport
Request Block Report (EmailBlockReport, default=asspblock)
Any mail sent by local/authenticated users to this username will be interpreted as a request to get a report about blocked emails. Do not put the full address here, just the user part. For example: asspblock
Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. Users defined in EmailBlockTo, EmailAdmins and EmailAdminReportsTo are 'Admins' and can request a report for multiple users. They have to use a special syntax with '=>' in the body of the report request. The syntax is:
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which the report should be created. The default (if empty or not defined) is one day. This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The second parameter is here empty or *.
Only Admins are able to request blockreports for non local email addresses. For example:
user@non_local_domain=>recipient@any-domain=>4
*@non_local_domain=>recipient@any-domain=>4
This will result in an extended blockreport for the non local address(es). Replace 'non_local_domain' with the domain name you want to query for.
It is possible to change the complete design of the BlockReports to your needs, using a html-css file. An default css-file 'blockreport.css' is in the image folder.
There you can also find a default icon file 'blockreporticon.gif' and a default header-image-file 'blockreport.gif' - which is the same like 'logo.gif'. There is no need to install that fles. If assp can not find this files in its image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' will be used.
To change any contents, use the Blockreport::modify module in the lib folder. You'll need some Perl skills to do that
assp.pl 1.8.1.7
new files/subjectre.txt
-Add Warning Custom Header (AddCustomHeaderWarning)
Adds a line to the email header if the message is between MessageScoringLowerLimit and MessageScoringUpperLimit.
assp.pl 1.8.1.6
new files/bombre.txt 1.04
-Reject unknown domains (LocalAddresses_Flat_Strict)
If set and LocalAddresses_Flat is used all domains must be configured here.
If not set, only domains existing in LocalAddresses_Flat will be checked.
-Increase baysValencePB for mails from ispip (Addispip)
Additional scoring of mails from IP numbers in ispip.
-Increase baysValencePB for bounced mails (Addbounce)
Additional scoring for bounced mails.
-Increase baysValencePB for spamhaters (Addhater)
Additional scoring for mails from senders in baysSpamHaters.
-Increase baysValencePB for senders matching NoOKCachingRe (Addnotokaddress)
Additional scoring for senders in NoOKCachingRe.
-Spam Friends ** (spamFriends)
A list of addresses that when matched will reduce the messagescore with friendsValencePB. This will make the scoring filter more softly on these addresses.
-Spam Friend Score (friendsValencePB, default=-10)
Bonus for message scoring if the recipient is in spamFriends.
-Spam Foes ** (spamFoes)
A list of addresses that when matched will increase the messagescore with foesValencePB. This will make the scoring filter more sharply.
-Spam Foes Score (foesValencePB)
For message scoring if the recipient is in spamFoes.
assp.pl 1.8.1.5
new files/preheaderre.txt
new files/nookcaching.txt
new files/bombsenderre.txt
new files/bombre.txt 1.04
new rebuildspamdb.pl 2.8.1.4 (1.0.03)
- Local Domains* (localDomains, default=file:files/localdomains.txt)
Put here are the domain names that your mail system considers local. Separate entries with | or place them in a plain ASCII file one address per line: 'file:files/localdomains.txt'. Wildcards are supported.
For example: example.org|*example.com
If ASSP finds no other hint that the domain is local, it will reject messages to domains not listed here with 'RelayAttempt'. A successfull DoLDAP, DoVRFY or hit in LocalAddresses_Flat will put the domain part of the queried address into ldaplistdb and will mark the domain as local. You can set nolocalDomains to disable this check during setup and testing.
- VRFY Domains* (vrfyDomains)
Put here the domain names that should be verified with SMTP-VRFY. Separate entries with | or place them in a plain ASCII file one address per line: 'file:files/vrfydomains.txt'. Wildcards are supported.
For example: example.org|*example.com
Use the syntax: mydomain.com=>smtp.mydomain.com|other.com=>mx.other.com:port to verify the recipient addresses with the SMTP-VRFY (if VRFY is not supported 'MAIL FROM:' and 'RCPT TO:' will be used) command on other SMTP servers. The entry behind => must be the hostname:port or ip-address:port of the MTA which is used to verify 'RCPT TO' addresses with a VRFY command! If :port is not defined, port :25 will be used. You have to enable the SMTP 'VRFY' command on your MTA - the 'EXPN' command should be enabled! This requires an installed Net::SMTP module in PERL.
If you have configured LDAP and enabled DoLDAP and ASSP finds a VRFY entry for a domain, LDAP search will be done first and if this fails, the VRFY will be used.
ldaplistdb in the 'File Paths and Database' section is mandatory when using this verify extension - so ASSP can store all verified recipient addresses to minimize the querys on MTA's. Both VRFY and LDAP are using ldaplistdb.
-Bayesian SpamHater* (baysSpamHaters)
SpamHaters are used to override baysSpamLovers / baysTestMode. It may also be used to increase scoring for DoBayesian with Addhater.
-Maillog Tail Order (MaillogTailOrder)
Reverse the time order of line
-Mainloop Timeout (MainloopTimeout)
Mainloop will timeout after this many seconds.
-Automatic Restart after Timeout (AutoRestartAfterTimeOut)
If ASSP detects a mainloop timeout and an AutoRestartCmd, it will try to restart itself.
-Bayesian for mails from ispip (baysispValencePB)
For scoring of mails from ispip ( DoBayesian).
assp.pl 1.8.1.3
It is now possible to reset the stats in the 'Info and Stats' view of
the GUI by clicking on the links at the first line (run time). If resetting
the global stats. the current 'asspstats.sav' file is renamed to
'asspstats-YYYY-MM-DD-hh-mm-ss.sav' using the current date and time and saved in the new folder "stats".
Use IP Netblocks (ExportUseNetblocks)
Export the IP address based on the /24 subnet rather than on the specific IP.
assp.pl 1.8.1.2
new files/bombre.txt
NULL Connection Addresses* (NullAddresses)
ASSP will discard a message silently when encountering such an address in "MAIL FROM:" or "RCPT TO:". Accepts specific addresses (null@example.com), user parts (nobody) or entire domains (@example.com).
Maximum allowed Subject Length (maxSubjectLength)
If set to a value greater than 0, assp will check the length of the Subject of the mail. If the Subject length exceeds this value, the message score will be increased by 'bombValencePB' and the string that is checked in 'bombSubjectRe' will be trunked to this length. It is possible to define a special weight using the syntax 'length=>value', in this case the defined absolute value will be used instead of 'bombValencePB' to increase the message score. If the subject is too long and this weight is equal or higher than 'bombMaxPenaltyVal' no further bomb checks will be done on the subject.
- It is now possible to define configuration parameters at the
commandline. You have to use the following syntax:
perl assp.pl baseDir --configParmName:=configParmValue --cPN:=cPV ....
baseDir has to be defined, if any config parameter is defined at the
commandline.
The defined parameter/value will overwrite the current value in the
assp.cfg file and will be saved in to that file! Both, the parameter name
and the value are case sensitive.
assp.pl 1.8.1.1
new files/dnsbls.txt
new files/preheaderre.txt
Maximum allowed Subject Length (maxSubjectLength)
If set to a value greater than 0, assp will check the length of the Subject of the mail. If the Subject length exceeds this value, the message score will be increased by 'bombValencePB' and the string that is checked in 'bombSubjectRe' will be trunked to this length. It is possible to define a special weight using the syntax 'length=>value', in this case the defined absolute value will be used instead of 'bombValencePB' to increase the message score. If the subject is too long and this weight is equal or higher than 'bombMaxPenaltyVal' no further bomb checks will be done on the subject.
assp.pl 1.8.1.0
new rebuildspamdb.pl 2.8.1.0 (1.0.01)
new assp_pop3.pl (1.08)
new files/preheaderre.txt
new files/suspiciousre.txt
new files/invalidptr.txt
new files/charsets.txt
new files/bombheaderre.txt
new files/uriblwhite.txt
new files/nowhite.txt
new files/nogrip.txt
new files/whiteorg.txt
new files/bombre.txt
new files/subjectre.txt
The BlockReport design has changed. It is now possible to change the
complete design to your needs, using a html-css file. The default css-file
'blockreport.css' is in the image folder. There is
also a default icon file 'blockreporticon.gif' and a default
header-image-file 'blockreport.gif' - which is the same like 'logo.gif'.
If assp can not find this files in its image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' will be used.
To change any contents, use the 'Blockreport::modify' module in the lib
folder. This module (skeleton) is updated for this major change of the
BlockReports.
Regular Expression to early Identify Spam in Handshake and Header Part* (preHeaderRe)
Until the complete mail header is received, assp is processing the handshake and header content line per line, but the first mail content check is done after the complete mail header is received.
It is possible, that some content (malformed headers, forbidden characters or character combinations) could cause assp to die or to run in to a unrecoverable exception.
Use this regular expression to identify such incoming mails based on a line per line check, at the moment where a single line is received.
This setting does not affect any other and is not affected by any other configuration setting, except that this check is only done for incoming mails.
If a match is found, assp will immediately send a '421 terminate connection' reply to the client and will immediately terminate the connection.
Default setting is file:files/preheaderre.txt
URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use separated by "|". You may set for every provider a weight like multi.surbl.org=>50|black.uribl.com=>25.
The value of the weight can be set directly like=>45 or as a divisor of URIBLmaxweight . Low numbers < 6 are divisors . So if URIBLmaxweight = 50 (default) multi.surbl.org=>50 would be the same as multi.surbl.org=>1, multi.surbl.org=>2 would be the same as multi.surbl.org=>25.
If the sum of weights of all found uris surpasses URIBLmaxweight, the URIBL check fails. If not, the URIBL check is scored as "neutral" . URIBLmaxhits is ignored when weights are used.
Default is: multi.surbl.org=>1|black.uribl.com=>1|uribl.swinog.ch=>2
URIBL Maximum Weight (URIBLmaxweight)
A weight is a number representing the trust we put into a URIBL.
The URIBL module will check all of the URIBLs listed under URIBLServiceProvider for every URI found in an email. If the total of weights for all URIs is greater or equal this Maximum Weight, the email is flagged Failed.
If the total of weights is greater 0 and less Maximum Weight, the email is flagged Neutral . If not defined or set to zero only URIBLmaxhit will be used to detect a fail or neutral state.
RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of RBLmaxweight. So if RBLmaxweight = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses RBLmaxweight, the DNSBL check fails. If not, the DNSBL check is scored as "neutral" even with RBLmaxhits reached. Setting Showmaxreplies will allow ALL replies to contribute to the total weight regardless of RBLmaxhits.
Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:
RBL-Service-Provider=>result-to-watch=>weight (like:)
blackholes.five-ten-sg.com=>127.0.0.2=>3
blackholes.five-ten-sg.com=>127.0.0.5=>4
blackholes.five-ten-sg.com=>127.0.?.*=>5
You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same RBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.
Switch Testmode to Message Scoring (switchTestToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Switch Spam-Lover to Message Scoring (switchSpamLoverToScoring)
Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).
Enable Configuration Sharing (enableCFGShare, default=off)
Read all positions in this section carefully (multiple times is recommended!!!)! A wrong configuration sequence or wrong configuration values can lead in to a destroyed ASSP configuration!
If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file.
If the configuration of all values in this section is valid, the synchronization status will be shown in the GUI for each config value that is, or could be shared. There are several configuration values, that could not be shared. The list of all shareable values could be found in the distributed file assp_sync.cfg
For an initial synchronization setup set the following config values in this order: setup syncServer, syncConfigFile, syncTestMode and as last syncCFGPass (leave isShareSlave and isShareMaster off). Use the default (distributed syncConfigFile assp_sync.cfg) file and configure all values to your needs - do this on all peers by removing lines or setting the general sync flag to 0 or 1 (see the description of syncConfigFile ).
If you have finished this initial setup, enable isShareMaster or isShareSlave - now assp will setup all entrys in the configuration file for all sync peers to the configured default values (to 1 if isShareMaster or to 3 if isShareSlave is selected). Do this on all peers. Now you can configure the synchronization behavior for each single configuration value for each peer, if it should differ from the default setup.
For the initial synchronization, configure only one ASSP installation as master (all others as slave). If the initial synchronization has finished, which will take up to one hour, you can configure all or some assp as master and slave. On the initial master simply switch on isShareSlave. On the inital slaves, switch on isShareMaster and change all values in the sync config file that should be bedirectional shared from 3 to 1. As last action enable enableCFGShare on the SyncSlaves first and then on the SyncMaster.
After such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfigFile)! To add or remove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file manualy.
This option can only be enabled, if isShareMaster and/or isShareSlave and syncServer and syncConfigFile and syncCFGPass are configured!
Because the synchronization is done using a special SMTP protocol (without "mail from" and "rcpt to"), this option requires an installed Net::SMTP module in PERL. This special SMTP protocol is not usable to for any MTA for security reasons, so the "sync mails" could not be forwarded via any MTA.
For this reason all sync peers must have a direct or routed TCP connection to each other peer.
This is a Share Master (isShareMaster, default=off)
If selected, ASSP will send configured configuration changes to sync peers.
This is a Share Slave (isShareSlave)
If selected, ASSP will receive configured configuration changes from sync peers. To accept a sync request, every sending peer has to be defined in syncServer - even if there are manualy made entrys in the sync config file for a peer.
Default Sync Peers (syncServer)
Define all configuration sync peers here (to send changes to or to receive changes from). Sepatate multiple values by "|". Any value must be a pair of hostname or ip-address and :port, like 10.10.10.10:25 or mypeerhost:125 or mypeerhost.mydomain.com:225. The :port must be defined!
The target port can be the listenPort , listenPort2 or relayPort of the peer.
Test Mode for Config Sync (syncTestMode)
If selected, a master (isShareMaster) will process all steps to send configuration changes, but will not really send the request to the peers. A slave (isShareSlave) will receive all sync requests, but it will not change the configuration values and possibly sent configuration files will be stored at the original location and will get an extension of ".synctest".
Configuration File for Config Sync* (syncConfigFile)
Define the synchronization configuration file here (default is file:assp_sync.cfg).
This file holds the configuration and the current status of all synchronized assp configuration values.
The format of an initial value is: "varname:=syncflag" - where syncflag could be 0 -not shared and 1 -is shared - for example: HeaderMaxLength:=1 . The syncflag is a general sign, which meens, a value of 0 disables the synchronization of the config value for all peers. A value of 1, enables the peer configuration that possibly follows.
The format after an initial setup is: "varname:=syncflag,syncServer1=status,syncServer2=status,......". The "status" could be one of the following:
0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change requests for this value from there
1 - I am a SyncMaster, the value is still out of sync to this peer and should be synchronized as soon as possible
2 - I am a SyncMaster, the value is still in sync to this peer
3 - I am not a SyncMaster but a SyncSlave - only this SyncMaster (peer) knows the current sync status to me
4 - I am a SyncMaster and a SyncSlave (bidirectional sync) - a change of this value was still received from this syncServer (peer) and should not be sent back to this syncServer - this flag will be automaticaly set back to 2 at the next synchronization check
Config Sync Password (syncCFGPass)
The password that is used and required (additionaly to the sending IP address) to identify a valid sync request. This password has to be set equal in all ASSP installations, from where and/or to where the configuration should be synchronized.
The password must be at least six characters long.
If you want or need to change this password, first disable enableCFGShare here an on all peers, change the password on all peers, enable enableCFGShare on SyncSlaves then enable enableCFGShare on SyncMasters.
Show Detail Sync Information in GUI (syncShowGUIDetails, default=off)
If selected, the detail synchronization status is shown at the top of each configuration parameter like:
nothing shown - there is no entry defined for this parameter in the syncConfigFile or it is an unsharable parameter
"(shareable)" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"(shared: ...)" - the detail sync status for each sync peer
If not selected, only different colored bulls are shown at the top of each configuration parameter like:
nothing shown - no entry in the syncConfigFile or it is an unsharable parameter
"black bull ¥" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"green bull ¥" - the parameter is shared and in sync to each peer
"red bull ¥" - the parameter is shared but it is currently out of sync to at least one peer
If you move the mouse over the bull, a hint box will show the detail synchronization status.
Max Number of AUTHentication Errors (MaxAUTHErrors)
If an IP exceeds this number of authentication errors (535) the transmission of the current message will be canceled and any new connection from that IP will be blocked for 5-10 minutes.
Every 5 Minutes the 'AUTHError' -counter of the IP will be decreased by one. autValencePB is used for the penalty box.
No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to prevent external bruteforce or dictionary attacks via AUTH command. Whitelisted and NoProcessing IP's and IP's in npPB are ignored like any relayed connection.
Bad SMTP Authentication (autValencePB)
Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penaltybox with totalscore above this value.
DNSBL Cache Refresh Interval for Misses (RBLCacheExpMiss)
Domains in cache with status=2 (miss) will be removed after this interval in hours. Empty or 0 will prevent caching of non-hits.
Do DNS-Backscatter Detection (DoBackSctr)
If activated, the IP-address of each message received for null sender,bounced or postmaster will be checked against the list below. DNS base checks requires an installed Net::DNS module in Perl.
For more information about backscatter detection please read http://www.backscatterer.org/?target=usage.
Enable DNS-Backscatter detection logging (BacksctrLog)
Backscatter-DNS Cache Refresh Interval (BackDNSInterval)
IP's in cache will be removed after this interval in days. 0 will disable the cache and the usage of downloadBackDNSFile and localBackDNSFile.
ServiceProvider for Backscatterer Detection* (BackSctrServiceProvider)
ServiceProvider for DNS check on Backscatterer. Possible value is ips.backscatterer.org for DNS check.
Download the Backscatterer DNS-IP-List (downloadBackDNSFile)
If selected, the complete IP-list is downloaded to a local file. IP's are checked on this file first, if the IP is not found on this list, a DNS query is done. It is recommended to use this option for ISP's and users with more than 1000 bounced mails a day. See wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz
Local File for the Backscatterer DNS-IP-List (localBackDNSFile)
The name of the local file that is used for this IP-list. The content of this file is filled in to the 'Backscatter-DNS Cache' ( BackDNSInterval ). IP's from this list will be removed after one day from the cache.
---------------
Fields marked with at least one asterisk (*) accept a list separated by '|' (for example: abc|def|ghi) or a file designated as follows (path relative to the ASSP directory): 'file:files/filename.txt'. Putting in the file: will prompt ASSP to put up a button to edit that file. files is the subdirectory for files. The file does not need to exist, you can create it from the editor by saving it. The file must have one entry per line; anything on a line following a numbersign or a semicolon ( # ;) is ignored (a comment).
It is possible to include custom-designed files at any line of such a file, using the following directive
# include filename
where filename is the relative path (from /Applications/assp) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file!
Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weighted regex that contains at least one '|' has to begin and end with a '~' - inside such regexes it is not allowed to use a '~', even it is escaped - for example: ~abc\~|def~=>23 or ~abc~|def~=>23. Every weighted regex has to be followed by '=>' and the weight value. For example: Phishing\.=>1.45|~Heuristics|Email~=>50 or ~(Email|HTML|Sanesecurity)\.(Phishing|Spear|(Spam|Scam)[a-z0-9]?)\.~=>4.6|Spam=>1.1|~Spear|Scam~=>2.1 . The multiplication result of the weight and the penaltybox valence value will be used for scoring, if the absolute value of weight is less or equal 6. Otherwise the value of weight is used for scoring. It is possible to define negative values to reduce the resulting message score.
For all "bomb*" regexes and "invalidFormatHeloRe", "invalidPTRRe" and "invalidMsgIDRe" it is possible to define a third parameter (to overwrite the default options) after the weight like: Phishing\.=>1.45|~Heuristics|Email~=>50:>N[+-]W[+-]L[+-]I[+-], where the characters and the optional to use + and - have the following functions:
use this regex (+ = only)(- = never) for: N = noprocessing , W = whitelisted , L = local , I = ISP mails . So the line ~Heuristics|Email~=>50:>N-W-LI could be read as: take the regex with a weight of 50, never scan noprocessing mails, never scan whitelisted mails, scan local mails and mails from ISP's (and all others). The line ~Heuristics|Email~=>3.2:>N-W+I could be read as: take the regex with a weight of 3.2 as factor, never scan noprocessing mails, scan only whitelisted mails even if they are received from an ISP .
If the third parameter is not set or any of the N,W,L,I is not set, the default configuration for the option will be used unless a default option string is defined anywhere in a single line in the file in the form !!!NWLI!!! (with + or - is possible).
If any parameter that allowes the usage of weighted regular expressions is set to "block", but the sum of the resulting weighted penalty value is less than the corresponding "Penalty Box Valence Value" (because of lower weights) - only scoring will be done!
The literal 'SESSIONID' will be replaced by the unique message logging ID in every SMTP error reply.
- the alpha index in the GUI has now a 'select' field (regex is possible)
to reduce the listed values as wanted - this makes it possible to fastly
find a config value by parts of its name
- If a file is resent, the non local sender (from:) will be added to
whitelist if 'autoAddResendToWhite' is set to 'admins only' or 'admins and
users'.
- If a file is copied (GUI) to the correctednotspam folder, the non local
sender (from:) of that file will be added to Whitelist if
'EmailErrorsModifyWhite' is set.
- If a file is copied (GUI) to the correctedspam folder, the non local
sender (from:) of that file will be removed from Whitelist if
'EmailErrorsModifyWhite' is set.
--------------------------------------------------------------------------
assp.pl 1.7.5.x
-Passing File Names (PassAttach)
This regular expression is used to identify attachments that should mark the message as noprocessing. If you enter extensions do not precede it with a dot. This will take precedence over any bad attachment.
-Auto Update rebuildspamdb.pl (AutoUpdateREBUILD)
No action will be done if 'no auto update' is selected or AutoUpdateASSP is disabled.
If 'download only' is selected the newest rebuildspamdb.pl will be downloaded to the directory /Applications/assp/download .
If 'download and install' is selected, the old rebuildspamdb.pl will be saved to download directory (rebuildspamdb.pl_old) and replaced by the new version.
The perl module Compress::Zlib is required to use this feature.
-Enforce Automatic Restart ASSP on new or changed Script (ForceAutoRestartAfterCodeChange)Enforce Restart on new or changed assp.pl Script (ForceRestartAfterCodeChange)
ASSP will restart even if it is not daemon on linux/MAC ( AsADaemon ) and not a service on windows and AutoRestartCmd is not configured.
-Remove Disposition Notification Headers (removeDispositionNotification)
If set, all headers : "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed from not whitelisted and not noprocessing incomming mails. Select this to prevent unwanted whitelisting of spammers that request a Disposition Notification. An other way to prevent autowhitelisting because of an autorespond is to use redRe .
-Run RebuildSpamdb Now (RebuildNow)
If selected, ASSP will run RebuildSpamdb.pl now.
-ispip is included in Maximum Sessions Per IP Check (maxSMTPipSessionsISPIP)
ispip (ISP/Secondary MX Servers) matches are not excluded from SMTP session limiting
- a click on the small new (i) icon at the 'apply'
button opens a new browser window (remember me) with four textboxes. These
could be used to copy and past any kind of data, without loosing the UTF-8
encoding. The icon could also be found in every 'Edit' window at the
top-left
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from any of these IP numbers will pass through without checking maximum number of simultaneous SMTP sessions. For example: 145.145.145.145
-Simple IP Greylisting (DelayIP)
Enable simple delaying for IP's in black penalty box.
-Simple IP Greylisting Embargo Time (DelayIPTime)
Enter the number of minutes for which delivery, related with IP address of the sending host, is refused with a temporary failure. Default is 5 minutes.
-Use SPF to validate whiteListedDomains (whiteListedDomainsPassSPF)
Check this if you don't want ASSP to use whiteListedDomains without a corresponding SPF record.
-Suppress spamLoverSubject For Selected Recipients* (spamLoverSubjectSelected)
spamLoverSubject does NOT get prepended to the subject for these recipients.
-POP3 Configuration File* (POP3ConfigFile)
The file with a valid POP3 configuration. Only the file: option is allowed to use.
If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers.
Each line in the config file contains one configuration for one user.
All spaces will be removed from each line.
Anything behind a # or ; is consider a comment.
If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
e.g: pop3user<1> will result in pop3user - or - myName@pop3.domain<12> will result in myName@pop3.domain
It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
A commonly set parameter could be overwritten in every user definition.
Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=
This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are sepatated by "=".
e.g.: POP3username:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@demo_smtp.local,......
The following case sensitive keywords are supported in the config file:
POP3password=pop3_password
POP3server=POP3-server or IP[:Port]
SMTPsender=email_address
SMTPsendto=email_address or or
SMTPserver=SMTP-server[:Port]
SMTPHelo=myhelo
SMTPAUTHuser=smtpuser
SMTPAUTHpassword=smtppass
SMTPHelo, SMTPsender, SMTPAUTHuser and SMTPAUTHpassword are optional.
If SMTPsender is not defined, the FROM: address from the header line will be used - if this is not found the POP3username will be used.
If the syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.
If the syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.
For example: or or
If the or syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!
If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
To use this feature, you have to install the perl script "assp_pop3.pl" in the assp- base directory.
-URIBL Service Providers* (URIBLServiceProvider)
Domain Names of URIBLs to use. It is possible to specify a weight value after '=>' , in this case this value will be used as hit value (see URIBLmaxhits ) for this service provider, for example multi.surbl.org=>1.5 . Default is: dbl.spamhaus.org|multi.surbl.org|black.uribl.com
-Enable Trap logging (TrapLog)
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-Block SpamLovers when Scoring is Extreme (blockSpamLoversExtreme)
If set, spamlovers will be blocked when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Block when Scoring is in Extreme range (blockTestModeExtreme)
If set, TestMode will be ignored when the messagescore surpasses MessageScoringExtremeLimit or ipscore surpasses PenaltyExtreme.
-Maximum URIs (URIBLmaxuris)
More than this number of URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Maximum Unique Domain URIs (URIBLmaxdomains)
More than this number of unique domain URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.
-Disallow Obfuscated URIs (URIBLNoObfuscated)
When enabled, messages with obfuscated URIs of types [integer/octal/hex IP, other things!] in the body will get increased score with uribleValencePB.
-URIBL Extras (uribleValencePB)
For Message & IP scoring in URIBLNoObfuscated, URIBLmaxdomains, URIBLmaxuris,
assp.pl 1.7.5.1
new rebuildspamdb.pl 2.7.1.6
new assp_pop3.pl (1.04)
new bombre.txt
new whiteorg.txt
-Regular Expression to Identify NoCaching Addresses* (NoOKCachingRe)
If an address matches this Perl regular expression ASSP will not cache them in OKAddress Cache. For example: reply|bounce|www|daemon|master|\.info|\.biz|^prvs
-Schedule time for RebuildSpamdb (RebuildSchedule)
If not set to 0 ASSP uses scheduled hours to run RebuildSpamdb.pl. For example '6|18' will run rebuildspamdb.pl at 6.00 and 18.00. Use 24 to run it at midnight.
-POP3 Collecting Interval (POP3Interval)
The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.
-POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)
If selected, any collected POP3 mail that fails to be sent via SMTP (because of beeing SPAM - in case rejected by the SMTP server) will be keeped on the POP3 server.
-POP3 debug (POP3debug)
If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
-Block Max Duplicate Recipients (DoMaxDupRcpt)
Block remote servers that uses the same recipient address more times, than the number defined in MaxDupRcpt in the RCPT TO: command. Scoring is done with mdrValencePB . This check is skipped for outgoing, noprocessing, whitelisted and spamlovers mails. If a message has to be delayed, this check will score before the delay if set to block or score - and score and/or block on the next server request.
assp.pl 1.7.1.5
new module needed: Authen::SASL ( new: mod_inst.pl )
-Maximum Allowed Duplicate Recipient Adresses (MaxDupRcpt)
The maximum number of duplicate recipient addresses that are allowed in the sequence of the RCPT TO: commands!
The number per mail is calculated by 'number of RCPT TO: commands - number of unique recipient addresses'.
For example: if one address is used three times or two addresses are used each two times, will result in the same count - 2. Or if both is the case in one mail, the count will be 4.
-Duplicate Recipient (mdrValencePB)
Message/IP scoring in DoMaxDupRcpt
-User to Authenticate to Relay Host (relayAuthUser)
The username used for SMTP AUTH authentication to the relayhost - for example, if your ISP need authentication on the SMTP port! Supported authentication methodes are PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest security option will be used. The Perl module Authen::SASL must be installed to use this feature! The usage of this feature will be skipped, if the sending MTA uses the AUTH command. Leave this blank, if you do not want to use this feature.
-Password to Authenticate to Relay Host (relayAuthPass)
The password used for SMTP AUTH authentication to the relayhost ! Leave this blank, if you do not want to use this feature.
assp.pl 1.7.1.4
new rebuildspamdb.pl 2.7.1.0
new file -> ipnp.txt
new file -> dnsbls.txt
new file -> blackaddresses.txt
new file -> subjectre.txt
new file -> bombre.txt
-Maximum Equal X-Header Lines (MaxEqualXHeader)
The maximum allowed equal X-header lines - eg. "X-SubscriberID:". If the value is set to 0 the header will not be checked for equal X-header lines.
-Include a Show-Link (inclShowLink)
If a blocked email is stored in any folder, it is possible to include a link for each email to be shown. Define here what you want ASSP to do. Default is "in all reports". Note: File name logging (fileLogging) must be on!
-Do Notify, if log entry matches* (NotifyRe)
Regular Expression to identify loglines for which a notification message should be send.
usefull entries are:
Info: new assp version - to get informed about new available assp versions
info: autoupdate: new assp version - to get informed about an autoupdate of the running script
adminupdate: - for config changes
admininfo: - for admin informations
option list file: - for option file reload
error: - for any error
restart - to detect a ASSP restart
Admin connection - for GUI logon
You may define a comma separated list (after '=>') of recipients in every line, this will override the default recipient defined in 'Notify'. For example: adminupdate=>user1@yourdomain.com,user2@yourdomain.com.
As third parameter after a second ('=>') you can define the subject line for the notification message.
for example: adminupdate:=>user1@yourdomain.com,user2@yourdomain.com=>configuration was changed
or: adminupdate:=>=>configuration was changed.
-VRFY failures return false (VRFYFail)
VRFY failures return false when an error occurs in VRFY lookups.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Allow Local Addresses Regular Expression* (AllowLocalAddressesRe)
Allow only addresses which match this RegEx.
-Disable VRFY for External Clients (DisableVRFY)
If you have enabled VRFY on your MTA to allow ASSP to verify addresses and you do not want external clients to use VRFY/EXPN - select this option.
-Modify ClamAV Module (modifyClamAV)
If set ClamAV modules ping and streamscan are modified (to prevent blocking). This may be disabled to try the original modules.
-Regular Expression to Identify noDelay Helos * (noDelayHelosRe)
Put anything here to identify Helos which should be not delayed.
-Do Deny Connections from these IPs (DoDropList)
If activated, the IP is checked against the Droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".
-Drop Connections from these IPs* (DropList)
Automatically downloaded (http://www.spamhaus.org/drop/drop.lasso) list of IPs which should be blocked right away.
-Enable OK Address Cache (DoOKCaching)
OK Address: If a message is marked 'Message OK' the sender addresses are called 'OK Addresses'. These are addresses which are not whitelisted but the sender did not send spam and did send notspam (several times). If this is set to 'whiting' ASSP will whitelist them if OKminhits is reached. If set to 'export only' ASSP will only write them to a file according to OKexporthits. Scoring is set with okaValencePB.
-OK Cache Refresh Interval (OKCacheExp)
OK Adresses in cache will be removed after this interval in hours. 0 will disable the cache.
-Minimum Hits in OK Cache (OKminhits)
If a message is marked 'Message OK' the sender addresses are stored in the OK cache. The address will be added to the whitelist if the number of hits in the cache surpasses OKminhits.
-Exported OK Adresses (OKexport)
OK adresses in cache reaching OKexporthits will be regularly stored into this file.
-Export Hits in OK Cache (OKexporthits)
Used by OKexport. If 0 all addresses will be exported.
-Allow Admin Connections From These Hostnames* (allowAdminConnectionsFromName)
An optional additional list of Hostnames from which you will accept web admin connections. Blank means accept connections from any IP address in allowAdminConnectionsFrom or any connection if nothing is set there.
Note: if you make a mistake here, you may disable your web administration interface and be forced to manually edit your configuration file to fix it.
-Blackish & Whitish Addresses** (blackAddresses)
Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported. A positive weight will make the address 'blackish'. A negative weight will turn the address into 'whitish'. For example: fribo*@example.com|@*.gov=>-0.5|@*.biz=>0.5 .
-Send EHLO (sendEHLO)
If selected, ASSP sends an EHLO even if the client has sent only a HELO. This is useful to force the usage of TLS to the server, because EHLO is needed before STARTTLS can be used.
-Cache Unknown Addresses (DoPenaltyMakeTraps)
If enabled, unknown addresses are cached. If set to 'use for spamtrapaddresses' very activ addresses will be used like spamtrapaddresses. If set to 'use for spamaddresses' they will work like spamaddresses. If set to 'use for validation' all entries regardless of their frequency will be used to validate incoming addresses. Note: LocalAddresses_Flat or doLDAP or doVRFY must be enabled.
-Unknown Address Frequency Limit (PenaltyMakeTraps)
Minimum number of times an address must appear during PBTrapCacheExp before it will be used as spamaddress/spamtrapaddress. For example: 10.
-Exceptionlist for Address Cache* (noPenaltyMakeTraps)
Addresses which should not be cached. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).
-Invalid Addresses Refresh Interval (PBTrapCacheExp)
Addresses will be removed after this interval in hours if the 'Invalid Addresses Frequency Limit' is not reached. For example 3
-Automatic Restart ASSP on new or changed Script (AutoRestartAfterCodeChange)
If selected, ASSP will restart it self, if it detects a new or changed running script. An automatic restart will not be done, if ASSP is not running as daemon on linux/MAC ( AsADaemon ) or as a service on windows and AutoRestartCmd is not configured. Leave this field empty to disable the feature. Possible values are 'immed and 1...23' . If set to 'immed', assp will restart within some seconds after a detected code change. If set to '1...23' the restart will be scheduled to that hour. A restart at 00:00 is not supported.
-Auto Update the Running Script (assp.pl) (AutoUpdateASSP)
No action will be done if 'no auto update' is selected.
If 'download only' is selected and a new assp version is available, this new version will be downloaded to the directory /Applications/assp/download (assp.pl).
If 'download and install' is selected, the running script will be saved to download directory and replaced by the new version.
Configure ( AutoRestartAfterCodeChange ), if you want the new version to become the active running script.
The perl module Compress::Zlib is required to use this feature.
-Auto Update Developer Version (AutoUpdateASSPDev)
-Local Frequency Interval (LocalFrequencyInt)
The time interval in seconds in which the number of envelope recipients per sending address has not to exceed a specific number ( LocalFrequencyNumRcpt ).
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Local Frequency Recipient Number (LocalFrequencyNumRcpt)
The number of envelope recipients per sending address that has not to exceed in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.
-Check local Frequency for this Users only* (LocalFrequencyOnly)
A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Check local Frequency NOT for this Users* (NoLocalFrequency)
A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org
-Regular Expression to Score Blackish and/or Whitish Expressions** (bombSuspiciousRe)
Put here anything which might be suspicious (blackish) or trustworthy (whitish). bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness (whitish) will be assigned by using a negative weight. For example:
news=>-1|no-?reply=>-0.5|passwor=>-0.7
-Spoofing check uses SPF record.
-ConnectionScoring Limit (ConnectionScoringLimit)
MessageScoring will block connectionss whose score exceeds this threshold. A value of 0 here will disable this option. For example: 150
-ConnectionScoring Limit Exceeded (conValencePB)
Message scoring in ConnectionScoringLimit.
-Add MailFrom to Whitelist (RWLtoWhitelist)
If ValidateRWL is set to 'whiting' and the RWL shows medium/high trustworthiness, the MailFrom address will be added to the whitelistdb.
Trustworthiness : (127.0.x.T):
0 = none
1 = low
2 = medium
3 = high
-Detect Same Subject (detectSameSubject)
If set to a value higher than 0, ASSP count identical subjects within one hour. If this count exceeds the defined value, subValencePB will be added to the message- and ip-score.
-RBL Service Providers* (RBLServiceProvider)
Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of rblValencePB. So if rblValencePB = 50 bl.spamcop.net=>1 would be the same as bl.spamcop.net=>50, bl.spamcop.net=>2 would be the same as bl.spamcop.net=>25. If the sum of scores surpasses rblValencePB, the DNSBL check fails. If not the DNSBL hit is only scored even with RBLmaxhits reached.
-Whitelisted Attachment Blocking (BlockWLExes)
Set the level of Attachment Blocking to 0-4 for whitelisted senders. Choose 0 for no attachment blocking.
-Local Attachment Blocking (BlockLCExes)
Set the level of Attachment Blocking to 0-4 for local senders. Choose 0 for no attachment blocking.
assp.pl 1.6.5.5
new rebuildspamdb.pl 2.6.5.5
new module -> Digest::SHA1 for Message-ID Signing
new module -> MIME::Tools MIME encoding for ASSP header
new file -> invalidhelo.txt 1.6.1.4
new folder -> reports 1.6.1.4
new folder -> notes 1.6.1.5
new file -> bombre.txt 1.6.5.0
new file -> ipnp.txt 1.6.5.5
new file -> dnsbls.txt 1.6.5.3
new file -> blackaddresses.txt 1.6.5.3
new file -> subjectre.txt 1.6.5.3
new file -> whiteorg.txt 1.6.5.5
*** please install the Perl module MIME::Tools (includes MIME::Words) via 'cpan install MIME::Tools' (on nix/mac) or 'ppm install MIME-Tools' (on win32)
-Automatic Corpus Correction (autoCorrectCorpus)
(Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5 - too much ham) or greater than "b" (1.5 - too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder and will never delete files that are younger than "d" days. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!
-Allow Whitelist Removals for Admins only (EmailWhiteRemovalAdminOnly)
Only the users defined in EmailWhitelistTo, EmailAdmins and EmailAdminReportsTo are able to remove addresses from the whitelist.
-Copy Spam and Send to this Address per Domain* (ccSpamInDomain)
ASSP will deliver an additional copy of spam emails of a domain to this address - if the domain of the recipient-address is matched. For example: monitorspam@example1.com|monitor@example2.com.
Wildcard is supported: spamcopyfordomain@* will send a additionallyspamcopy to spamcopyfordomain@alldomains
-SSL Error Cache Refresh Interval (SSLCacheExp)
If a connection fails with 'TSL negotiation with client failed' or 'Connection idle .. timeout' the connecting IP will be stored into this cache. ASSP will not offer STARTTLS to IPs in the error cache. The entry will be removed after this interval in hours. 0 will disable the error cache.
-Default MTA for DoVRFY* (VRFYMTA)
Put here the local MTA which should be used for DoVRFY. It will be used if no information from localDomains about a domain is available. For example: 'smtp.mydomain.com ' or '10.1.1.2:125 '.
-Blacklisted Addresses & Domains** (blackAddresses)
Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards/Weight is supported : @*.biz=>0.5
-Local IMail domains (DoLocalIMailDomains)
Consider domains in the IMail registry to be local
-Automatic Corpus Correction (autoCorrectCorpus)
(Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the
corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5
- too much ham) or greater than "b" (1.5 - too much spam), assp will
delete the excess (oldest) files from the corresponding folder ( spamlog ,
notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder
and will never delete files that are younger than "d" days. This cleanup
will run at the end of the rebuildspamdb task. So the corrected file
corpus will take effect at the next rebuildspamdb!
-SSL Certificate File (PEM format) (SSLCertFile)
Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem. A general cert.pem file is already provided in './certs/server-cert.pem'. For defining any full filepathes, always use slashes ('/') not backslashes. If './certs/server-cert.pem' is set and is not found, assp will try to use openssl to generate one.
-SSL Key File (PEM format) (SSLKeyFile)
Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem. A general key.pem file is already provided in './certs/server-key.pem'. If './certs/server-key.pem' is set and is not found, assp will try to use openssl to generate one.
-Charset for STDOUT and STDERR (ConsoleCharset)
Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!
-Charset for Maillog (LogCharset)
Set the characterset/codepage for the maillog output to your local needs. Default (and best) on non Windows systems is "UTF-8" if available or "System Default" - no conversion. On Windows systems set it to your local codepage or UTF-8. requires ASSP restart
-Decode MIME Words To UTF-8 (decodeMIME2UTF8)
If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Bombs , Scripts , Spamdb , Logging. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.
-Do Deny Connections from these IP numbers (DoDenySMTP)
If activated, the IP is checked against denySMTPConnectionsFrom. Scoring is set with ipValencePB.
-Use Invalid Addresses as PenaltyBox Trap Addresses (DoPenaltyMakeTraps)
If enabled, the frequency of Invalid Addresses is stored. If set to 'use for spamtrapaddresses' addresses in heavy use will act like spamtrapaddresses (PenaltyBox Trap Addresses). If set to 'use for spamaddresses' they will work accordingly. This feature will only work when LocalAddresses_Flat or doLDAP or doVRFY is used.
-Skip Message-ID signing, mail content dependend* (noMSGIDsigRe)
Use this to skip the Message-ID tagging depending on the content of the email. If the content of the email matches this regular expression (checking MaxBytes only), FBMTV will not be done. For example: 'I am out of office' .
-Skip Message-ID signing for Redlisted mails (noRedMSGIDsig)
If selected, FBMTV will not be done for redlisted emails!
assp.pl 1.6.5.0
-Regular Expression to Identify Non-Spam** (whiteRe)
If an incoming email matches this Perl regular expression it will be considered non-spam.
For example: Secret Ham Password|307\D{0,3}730\D{0,3}4[12]\d\d
(Fields marked with two asterisk (**) contains regular expressions (regex) and accept a second weight value. Every weigted regex has to be followed by '=>' and the weight value. For example:
Phishing\.=>1.45|~Heuristics|Email~=>50
The multiplication result of the weight and the penaltybox valence value will be used for scoring.)
-Maximum Hits in whiteRe (whiteReMaxHits)
Number of matches to be scored. If the total sum of matches is >= whiteValencePB the message will be considered 'whitelisted'.
-MessageScoring Extreme Limit (MessageScoringExtremeLimit)
MessageScoring will block spamlover messages whose score exceeds this threshold. A value of 0 here will disable this option. For example: 75
-Strict SpamLover* (strictSpamLovers)
Ignore MessageScoringExtremeLimit
-Detect Possible Mailloop (detectMailLoop)
If set to a value higher than 0, ASSP count it's own Received-header in the header of the mail. If this count exceeds the defined value, the transmission of the message will be canceled.
- NotifyRe now accepts comma separated recipients in every regex
line - for example:
warning:=>user1@yourdomain.com,user2@yourdomain.com
If such recipients are defined, this will override the default recipients
in 'Notify' for this entry.
- If 'EmailFrom' is not defined it will be set to 'postmaster@domain'
where domain is 'defaultLocalHost' or 'EmailBlockReportDomain' what ever
is defined.
- the default value for 'defaultLocalHost' is set to 'assp.local'
The VRFY feature now allows the usage of wildcards (* ?) for domains
(*domain.com=>mx.domain.com).
Do Message-ID Signing - FBMTV (DoMSGIDsig)
If activated, the message-ID of each outgoing message will be signed with with a unique Tag and every incoming mail from BounceSenders will be checked against this. This tagging mode is called FBMTV for "FBs Message-ID Tag Validation" and is worldwide unique to ASSP. This tag will be removed from any incoming email, to recover the original references in the mail header. Scoring is set with sigValencePB, testmode is set with sigTestMode.
This check requires an installed Digest::SHA1 module in Perl.
Message-ID pre-Tag for MSGID-TAG-generation (MSGIDpreTag)
To use Message-ID signing and to create the MSGID-Tags, a pre-Tag is needed. This Tag must be 2-5 characters [a-z,A-Z,0-9] long. Default is 'sig'.
Message-ID Secrets for MSGID-TAG-generation* (MSGIDSec)
To use Message-ID signing and to generate the MSGID-Tags, at least one secret key is needed, up to ten keys are possible.
The notation is : generationnumber[0-9]=secretKey. For example(do not use!): 0=1 wErv|1=as.X45rt|.... . Multiple paires are separated by pipes (|). Default is 0=assp|1=fbmtv. Do not defines spaces, tabs and '=' as part of the keys(secrets)!
Do MSGID-Signing For These Addresses Only* (MSGIDsigAddresses)
Mail to any of these addresses will be tagged and checked by FBMTV. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). If empty FBMTV is done for all addresses.
Send 250 OK to ISP if Backscatter Detection fails (Back250OKISP)
If any Backscatter check fails for a bounced mail that is coming from an ISPIP, ASSP will send "250 OK" to the ISP, but will discard the mail, if the check is configured to block!
Backscatter Detection checks Whitelisted mail (BackWL)
Tagging will be always done, if not excluded by address or domain!
Backscatter Detection checks NoProcessing mail (BackNP)
Tagging will be always done, if not excluded by address or domain!
Do not any Backscatter detection for this Addresses * (noBackSctrAddresses)
Mail to and from any of these addresses will not be tagged and checked by the backscatter option. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).
Exclude these IP's from any Backscatter detection* (noBackSctrIP)
Enter IP's that you want to exclude from FBMTV, separated by pipes (|).
-Bayesian Check on Whitelisted Senders (BayesWL)
-Bayesian Check on NoProcessing Messages (BayesNP)
-Bayesian Check on Local Senders (BayesLocal)
fixed:
- Invalidhelo regex check
- Senderbase has done checks after no result was received from DNS
added:
-HomeCountry Pass Greylisting (DelayHC)
Enable Greylisting for HomeCountry based IPs.
-Don't do Blacklisted for these Addresses and Domains* (noBlackDomain)
-Allow Relay Connection from these IP's* (allowRelayCon)
Enter any addresses that are allowed to use the relayPort , separated by pipes (|). If empty, any ip address is allowed to connect to the relayPort. If this option is defined, keep in mind : Addresses defined in acceptAllMail are NOT automaticly included and have to be also defined here, if them should allow to use the relayPort. For example: 127.0.0.1|172.16..
- Analyze via email interface supports now multiple attached files (.eml)
Default Local Domain (defaultLocalHost)
If you want to be able to send mail to local users without a domain name then put the default local domain here.
Blank disables this feature. For example: example.com
Deny Error (DenyError)
SMTP error message to reject connections. Will be used from and denySMTPConnectionsFromAlways and DoPenaltyExtreme. For example: 554 5.7.2 Service denied, closing transmission channel.
Penalty Warning (PenaltyWarning)
PB will tag messages from IP's whose totalscore exceeds this threshold during PenaltyDuration.
For example: 48
Penalty Warning Tag (PenaltyWarningTag)
For example: [??]
Date/Time Format in LogDate (LogDateFormat)
Use this option to set the logdate. The default value is 'MMM-DD-YY hh:mm:ss'. The following (case sensitive !) replacements will be done:
YYYY - year four digits
YY - year two digits
MMM - month three characters - like Oct Nov Dec
MM - month numeric two digits
DDD - day three characters - like Mon Tue Fri
DD - day numeric two digits
hh - hour two digits
mm - minute two digits
ss - second two digits
A value has to be defined for every part of the date/time. Allowed separators in date part are '_ -.' - in time part '-_.:' .
Regular Expression to Identify NoLog-Mails* (noLogRe)
Put anything here to identify mails that you don't want to be logged.
Regular Expression to Suppress Log-Messages* (noLogLineRe)
Put anything here to identify log messages that you want to be suppressed. For example: max errors|collect
Max Number of Duplicate File Names (MaxAllowedDups)
The maximum number that is appended to the mail subject to build the file name of the logged file, if UseSubjectsAsMaillogNames is selected. A low value reduces the number of duplicates.
Enforce Early PenaltyBox Extreme Blocking (ForcePBExtreme)
If set and DoPenaltyExtreme is enabled, ASSP will do DoPenaltyExtreme immediately after connection.
Disable SMTP AUTH for External Clients Alltogether (DisableAuth)
If you have enabled SMTP AUTH on your MTA and you do not want external clients to use SMTP AUTH through ASSP - select this option.
Move Connection with Trap Addresses to NULL (SpamTrap2NULL)
If set, ASSP will move connections with spamtrapaddresses to a NULL-connection. The sender will receive "250 OK".
Regular Expression to Score Suspicious and Trustworthy Words** (bombSuspiciousRe)
Put here anything which might be suspicious or trustworthy. bombSuspiciousValencePB will be used to increase/decrease the total score. Trustworthiness will be assigned by using a negative weight. For example: unsubscribe|news=>-2|letter=>-1|noreply=>-1
Maximum Hits in Suspicious Regular Expression (bombSuspiciousReMaxHits)
Number of matches to be scored. If <= 1 only one match will scored. Minimum Sessions Per IP Address (minSMTPipSessions) The minimum number of SMTP sessions allowed per IP address. ASSP uses this setting to throttle maxSMTPipSessions for IPs in Penalty BlackBox. Zero will disable throttling. For example: 1 Store Assp-Header(s) into Spam Collection (StoreASSPHeader) Add "X-Assp-" header(s) to the collected mails. Do not Delay these Addresses* (noDelayAddresses) Enter senders email addresses that you don't want to be delayed, separated by pipes (|). You can list specific addresses (user@anydomain.com), addresses at any domain (user), or entire domains (@anydomain.com). Wildcards are supported (fribo*@domain.com). For example: fribo@anydomain.com|jhanna|@sillyguys.org or place them in a plain ASCII file one address per line:file:files/nodelayuser.txt. Max Size of Local Message (maxSize) If the value of ([message size]) exceeds maxSize in bytes the transmission of the local message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size. Max Size of External Message (maxSizeExternal) If the value of ([message size]) exceeds maxSizeExternal in bytes the transmission of the external message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size. Max Message Size Error (maxSizeError) SMTP error message to reject maxSize / maxSizeExternal exceeding mails. For example:552 message exceeds MAXSIZE byte (size)! MAXSIZE will be replaced by the value of maxSize / maxSizeExternal. Use Black Regular Expression to Identify Spam (DoBlackRe) Each incoming message is checked against the BlackRe. Scoring is set with blackValencePB - the scoring value is the sum of all valences(weights) of all found blackRe(s), testmode is set with blackTestMode. BlackRe - Regular Expression to Identify Spam** (blackRe) If an incoming email matches this Perl regular expression it will be considered spam depending of blackReMaxHits. For example: \breplica watches\b|\bMegaDik\b|\bcock\b|\bpenis\b|\bpills\b|\bOriginal Viagra\b|\bbetter sex life\b|\baverage penis\b|\benlargement\b|\borgasm\b|\berections\b|\bViagra\b|\bbig dick\b|\bsperma\b|\bSexual\b|\bErectionsk\b|\bStamina\b|\bsildenafil\b|\bcitrate\b|\bErectile\b or place them in a plain ASCII file one address per line - file:files/blackre.txt Maximum Hits (blackReMaxHits) A hit is a found match in blackRe . If the number of hits is greater or equal Maximum Hits, the email is considered Failed and will be blocked (if DoBlackRe is set to "block") or scored (if DoBlackRe is set to "score"). If the number of hits is greater 0 and less Maximum Hits, the email is considered Neutral and will be scored. Do Black Regular Expressions Checks for Whitelisted (blackReWL) Do Black Regular Expressions Checks for NoProcessing (blackReNP) Do Black Regular Expressions Checks for Local Messages (blackReLocal) Do Black Regular Expressions Checks for ISPIP (blackReISPIP) --------------- It is possible to include custom-designed files at any line of an option file, using the following directive # include filename where filename is the relative path from base directory (.) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internaly replaced by the contents of the included file. --------------- Combined Spam Report and NoProcessing Deletion (EmailErrorsModifyNoP) If set to 'modify noProcessing' Spam Reports will remove addresses from noProcessing list. If set to 'show noProcessing' Spam Reports will show if addresses are on noProcessing list. assp.pl 1.5.1.8 - Regular Expression to Score Suspicious HELO** (SuspiciousHeloRe) Score Suspicious HELOs will check incoming HELOs for this. Scoring is set with shValencePB For example: 'dynamic' or file:files/suspicioushelo.txt - A menu at the top of the GUI was added - The W32 Service Registration is moved to the most early point in code - 5-10s after Perl starts. - Disable VRFY for External Clients (DisableVRFY) If you have enabled VRFY on your MTA to make assp able to verify addresses and you do not want external clients to use VRFY - select this option. - RWL Pass Score (rwlValencePB) Bonus for Message & IP scoring in ValidateRWL - RWL Neutral Score (rwlnValencePB) Bonus for Message & IP scoring in ValidateRWL - Text to Identify Originating IP Header* (OriginatingIP) If ASSP runs behind another server(s), no IP/HELO based filter will work. If a special header with the originating IP is inserted from the frontend serber ASSP will use the originating IP to perform IP and HELO checks. For example: X-Forwarded-For|X-Originating-IP Notification Email To (RebuildNotify) Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|". If empty EmailAdminReportsTo is used. GReyIPlist Database (griplist) The file with the current GRey-IP-List database -- make this blank if you don't use it. Don't Upload/Download Griplist (noGriplist) Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value. Full Griplist Download Period (DoFullGripDownload) The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days. Max Whitelist Days (MaxWhitelistDays) This is the number of days an address will be kept on the whitelist without any email to/from this address. Maintenance for Bayesian Collection (MaintBayesCollection) Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs. This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite. Max Age of non Bayes Files (MaxNoBayesFileAge) The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age. Max Corrected File Age (MaxCorrectedDays) This is the number of days a error report will be kept in the correctednotspam and correctedspam folders. assp.pl 1.5.1.6 Enable SSL support (enableSSL) For SSL to be enabled, check this box and enter the paths to your SSL Certificate and SSL Key files, below. If you do not have valid certificates, you may generate both files online with www.mobilefish.com or you may use OpenSSL to generate Self-signed SSL certificates!. NOTE: Changing this requires ASSP restart Exclude these IP's from TLS* (noTLSIP) Enter IP's that you want to exclude from starting SSL/TLS. For example, put all IP's here, which have trouble to switch to TLS every time (effectively preventing ASSP from getting mails from these hosts). Disable TLS/SSL support on port 25 (disableSSL25) Retry SSL on "SSL want a read first" error (SSLRetryOnError) If selected, ASSP retries one time to establish a SSL connection with one second delay, if the peer was not ready after STARTTLS because of a "SSL want a read/write first" error. SSL Timeout (SSLtimeout) SSL will timeout after this many seconds. SSL Error Cache Refresh Interval (SSLCacheExp) SSL error records in cache will be removed after this interval in hours. 0 will disable the cache. SMTP Secure Listen Port (listenPortSSL) The port number on which ASSP will listen for incoming secure SMTP connections (normally 465). You can specify both an IP address and port number to limit connections to a specific interface. Examples: 465, 127.0.0.1:465, 127.0.0.1:465|127.0.0.2:465 SSL Destination (smtpDestinationSSL) The IP address! and port number to connect to when mail is received on the SSL listen port. If the field is blank, the primary SMTP destination will be used. Examples:127.0.0.1:565, [::1]:565 SSL Certificate File (PEM format) (SSLCertFile) Full path to the file containing the server's SSL certificate, for example : /usr/local/etc/ssl/certs/assp-cert.pem. SSL Key File (PEM format) (SSLKeyFile) Full path to the file containing the server's SSL key, for example: /usr/local/etc/ssl/certs/assp-key.pem. assp.pl 1.5.1.4 Add to BlackListed Addresses (EmailBlackAdd) Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the blackListedDomains addresses. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition. Do not put the full address here, just the user part. For example: assp-black. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" ! Remove from BlackListed Addresses (EmailBlackRemove) Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from blackListedDomains . Do not put the full address here, just the user part. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition. For example: assp-notblack. To use this option, you have to configure blackListedDomains with "file:..." for example "file:files/blacklisted.txt" ! assp.pl 1.5.1.3 Rebuild Options Notification Email To (RebuildNotify) Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. The file rebuildrun.txt is included in this notification. Separate multiple entries by "|". GReyIPlist Database (griplist) The file with the current GRey-IP-List database -- make this blank if you don't use it. Don't Upload/Download Griplist (noGriplist) Check this to disable the Griplist upload/down when rebuildspamdb runs. The Griplist contains IPs and their value between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value. Full Griplist Download Period (DoFullGripDownload) The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days. Max Whitelist Days (MaxWhitelistDays) This is the number of days an address will be kept on the whitelist without any email to/from this address. Maintenance for Bayesian Collection (MaintBayesCollection) Set this to on, if you want ASSP to run maintenance tasks on the bayesian collection folders ( spamlog , notspamlog ). ASSP will delete the oldest files until the number of files per folder reaches MaxFiles. If you want ASSP to delete files because of age instead of the number of files ( MaxFiles ), setup MaxBayesFileAge to your needs. This option is usefull if UseSubjectsAsMaillogNames is set to on, because in this case the number of files in every collection folder will grow infinite. Max Age of Bayes Files (MaxBayesFileAge) The maximum file age in days of every file in every bayesian collection folder ( spamlog , notspamlog ). If MaintBayesCollection is set to on and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age alone. Do not define this option, if you use the bayesian engine of ASSP. Deleting files because of age is wrong in this case!!!!! Max Age of non Bayes Files (MaxNoBayesFileAge) The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted. Default is 0. A value of 0 disables this feature and no file will be deleted because of age. Max Corrected File Age (MaxCorrectedDays) This is the number of days a error report will be kept in the correctednotspam and correctedspam folders. assp.pl 1.5.1.2 section logging: Notification Email To (Notify) Email address(es) to which you want ASSP to send a notification email, if a matching log entry ( NotifyRe , NoNotifyRe ) is found. Separate multiple entries by "|". Do Notify, if log entry matches* (NotifyRe) Regular Expression to identify loglines for which a notification message should be send. usefull entries are: adminupdate: - for config changes admininfo: - for admin informations option list file: - for option file reload error: - for any error restart - to detect a ASSP restart Admin connection - for GUI logon Do NOT Notify, if log entry matches* ( NoNotifyRe) Regular Expression to identify loglines for which no notification message should be send. Fields marked with an additional asterisk (**) accept a second weight value separated by => from the regular expression. For example: spammer=>1.45 . The multiplication result of the weight and the penaltybox valence value will be used for scoring.
Which Link Should be included (BlockResendLink)
If HTML is enabled in inclResendLink, two links (one on the left and one on the right site) will be included in the report email by default. Depending on the used email clients it could be possible, that one of the two links will not work for you. Try out what link is working and disable the other one, if you want.
My Helo (myHelo)
How ASSP will identify itself when connecting to the target MTA.
transparent - the Helo of the sender will be used
use myName - use myName
use FQDN - fully qualified domain name of the host assp is running on
Use File System Virus Scanner (DoFileScan)
If activated, the message is written to a file inside the 'FileScanDir' with an extension of 'maillogExt'. After that ASSP will call 'FileScanCMD' to detect if the temporary file is infected or not. The temporary created file(s) will be removed.
The viruses will be stored in a special folder if the SpamVirusLog is set to 'quarantine' and the filepath to the viruslog is set.
File Scan Directory (FileScanDir)
Define the full path to the directory where the messages are temporary stored for the file system virus scanner. This could be any directory inside your file system. The running ASSP process must have full permission to this directory and the files inside!
File Scan Command (FileScanCMD)
ASSP will call this system command and expects a returned string from this command. This returned string is checked against 'FileScanBad' and/or 'FileScanGood' to detect if the message is OK or not! If the file does not exists after the command call, the message is consider infected. ASSP expects, that the file scan is finished when the command returns!
The literal 'FILENAME' will be replaced by the full qualified file name of the temporary file.
The literal 'FILESCANDIR' will be replaced with the value of FileScanDir.
All outputs of this command to STDERR are automatic redirected to STDOUT.
FileScan will not run, if FileScanCMD is not specified.
If you have your online/autoprotect file scanner configured to delete infected files inside the 'FileScanDir', define 'NORUN' in this field! In this case FileScanGood and FileScanBad are ignored. If there is a need to wait some time for the autoprotect scanner, write 'NORUN-dddd', where dddd are the milliseconds to wait!
Depending on your operating system it may possible that you have to quote (' or ") the command, if it contains whitespaces. The replaced file name will be quoted by ASSP if needed.
Native SSL support added!
(new module necessary: IO::Socket::SSL)
- manage & resend spam & notspam from maillog tail
- user blocking report
Request Block Report (EmailBlockReport)
Any mail sent by local/authenticated users to this username will be interpreted
as a request to get a report about blocked emails. Leading digits/numbers in the
mail subject will be interpreted as "report request for the last number of
days". If the number of days is not specified in the mail subject, a default of
5 days will be used to build the report. Only the users defined in EmailBlockTo,
EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses
in the mail body. If such an Admin wants to request a report like it is done
using the BlockReportFile, '=>' must be used in any of the request lines (body)
- please read the section BlockReportFile for more details and syntax.
Queue User Block Report Requests (QueueUserBlockReports)
How to process block report requests for users (not EmailBlockTo, EmailAdmins,
EmailAdminReportsTo).
'run immediately' - the request will be processed immediately (not stored).
'store and run once at midnight' - the request will be stored/queued, runs at
midnight, and will be removed from queue after that
'store and run scheduled' - the request will be stored/queued, runs permanently
scheduled at midnight until it will be removed from queue - a '+' in the subject
is not needed
To add a request to queue the user has to send an email to EmailBlockReport.
Leading digits/numbers in the mail subject will be interpreted as "report
request for the last number of days". If the number of days is not specified in
the mail subject, a default of 5 days will be used to build the report.
If 'run immediately' or 'store and run once at midnight' is selected, but a user
wants to schedule a permanent request, a leading '+' before the digits in
subject is required.
To remove a request from queue the user has to send an email to EmailBlockReport
with a leading '-' in the subject.
File for Blockreportrequest (BlockReportFile)
A file with BlockReport requests. ASSP will generate a block report for every
line in this file (file:files/blockreportlist.txt - file: is required if
defined!) every day at midnight for the last day. The perl modules Net::SMTP and
Email::MIME::Modifier are required to use this feature. A report will be only
created, if there is at least one blocked email found! The syntax is:
QueryAddress=>ReportRecipient=>ReportDays - there are many possible combinations
of this three parameters. For example:
user@domain and user@domain=>user@domain - will send a report for this user to
this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in
this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to
recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in
this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which
the report should be created. The default (if empty or not defined) is one day.
This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The
second parameter is here empty or *!
- user can add/remove himself to redlist, spamlover, noprocessing via
email-interface
- admin(s) can add/remove any address to redlist, spamlover, noprocessing via
email-interface
-DNSBL providers can get a "weight" like bl.spamcop.net=>1.
The value of the weight can be set directly like=>45 or as a divisor of
RBLmaxweight. Low numbers < 6 are divisors . So if RBLmaxweight = 50 (default) bl.spamcop.net=>50 would be the same as bl.spamcop.net=>1, bl.spamcop.net=>2
would be the same as bl.spamcop.net=>25.
If the sum of weights surpasses RBLmaxweight, the DNSBL check fails. If not,
the DNSBL check is scored as "neutral" even with RBLmaxhits reached.
It is possible to use all hits regardless of maxhits.-> Showmaxreplies
For example:
RBLmaxhits=2
RBLmaxweight=50
zen.spamhaus.org=>1
bl.spamcop.net=>1
safe.dnsbl.sorbs.net=>1
combined.njabl.org=>1
dnsbl-1.uceprotect.net=>2
dnsbl-2.uceprotect.net=>2
dnsbl-3.uceprotect.net=>3
ix.dnsbl.manitu.net=>2
psbl.surriel.com=>2
2.apews.org=>3
blackholes.five-ten-sg.com=>10
A "fail" will result of:
2 hits in group 1
1 hit in group 1 and 1 hit in group 2
2 hits in group 2
1 hit in group 1
1.4.3.1
added in Menu
sorted alphabetical index of GUI fields
added in section LDAP
LDAP Cache
added in section Recipients
VRFY recipients in multiple MTAs
added in section Email-Interface
multiple attached mails in email-interface in spam/ham reports possible
all (not only the first) attachments within MaxBytes/ClamAVBytes will be
detected and processed!
new section Backscatter Detection
DNS-BackScatter Detection implemented
added in section Penalty Box
Use Invalid Addresses as Traps
added in section Relaying
Support for IP based checks when ASSP is not in front
added in section CC Messages
Do Not Copy Ham Filter* (ccnHamFilter)
Do Not Copy Ham to these addresses. Accepts specific addresses
(user@domain.com), user parts (user) or entire local domains (@domain.com).
Wildcards are supported (fribo*@domain.com).
added in section Whitelisting
Whitelist all RWL Validated Addresses (RWLwhitelisting)
If set, the message will pass also Bayesian Filter and URIBL.
added in section Server Setup
Use OpenDNS NameServers (UseOpenDNS)
http://www.opendns.com/
If the option is enabled (default) local DNS servers are not used and OpenDNS
servers are instead used for URIBL, DNSBL etc.. lookups
added in section Sender Validation
Enforce Early Helo Checks (ForceValidateHelo)
If set, ASSP will Validate/Invalidate Format of HELO before DELAYING.
Collecting, Testmode, CopySpam, Spam-Lover is ignored.
Enforce Early Check of Remote Sender with Local Domain Address
(ForceNoValidLocalSender)
If set, ASSP will check Remote Sender with Local Domain Address before DELAYING.
Collecting, Testmode, CopySpam, Spam-Lover is ignored.
Enforce Early Check of Forged Helos (ForceFakedLocalHelo)
If set, ASSP will check Forged Helos before DELAYING. Collecting, Testmode,
CopySpam, Spam-Lover is ignored.
added in section Spam Control
Send 250 OK (send250OK)
Set this checkbox if you want ASSP to reply with '250 OK' instead of SMTP error
code '554 5.7.1'.
added in section Whitelist
Wildcard User for White Domain (wildcardUser)
If you add this user via email-interface(eg: _ALL_@domain.com), the whole domain
will be whitelisted. For example: _ALL_
added in section PenaltyBox
Do Blocking IP's (DoBlockingIP)
If activated, the IP is checked against Block these IP's.
Block these IP's* (denySMTPConnectionsFrom)
Manually maintained list of IP's which should be blocked. IP's in NoPB, noDelay,
acceptAllMail, ispip, whiteListedIPs, noProcessingIPs, whitebox will pass. For
example: file:files/denysmtp.txt. IP ranges are defined for example 182.82.10.
If Net::IP::Match::Regexp is installed CIDR notation is allowed(182.82.10.0/24).
If Net::CIDR::Lite is installed, hyphenated/spaced ranges are allowed
(182.82.10.0-182.82.10.255,182.82.10.0 182.82.10.255). Text without a numbersign
will be a comment to be shown in a match (182.82.10.0/24 AOL).
added in section SMTP Session Limits
Do Deny SMTP Connections from IP's (Strictly) (DoDenyConnect)
If activated, the IP is checked against Deny SMTP Connections from these IP's
Strict.
Deny SMTP Connections from these IP's Strictly* (denySMTPConnectionsFromAlways)
Manually maintained list of IP's which should strictly be denied SMTP access.
Connection will be denied right away, before the body and header is downloaded.
added in section Regex Filters / Spambomb
Use Black Regular Expression to Identify Spam Strictly (DoBlackRe)
Each message is checked against the BlackRe to identify Spams. Technically the
BlackRe Check is part of the Bayesian Check. However it can be separately
activated.
BlackRe - Regular Expression to Identify Spam Strictly* (blackRe)
If an incoming email matches this Perl regular expression it will be considered
spam . For example: penis|virgin|X-Priority
added in section Collection
Use Collect Addresses for Testing Your Environment (DoNotBlockCollect)
ASSP will not block messages from Collect Addresses just because they are
Collect Addresses but handle them normally. That may help you to test and
control your environment.
Do Not Collect Messages from/to these Addresses* (noCollecting)
Accepts specific addresses (user@domain.com), user parts (user) or entire local
domains (@domain.com).
added in section My Server Setup
Web Statitics Port (webStatPort)
The port on which ASSP will listen for http connections to the statistics
interface. You may also supply an IP address to limit connections to a specific
interface.
Examples: 55553, 192.168.0.5:12345
added in PB section
Do Export Penalty BlackBox Extreme (DoExtremeExport)
Exported BlackBox Extreme File (exportExtremeBlack)
IP's in Penalty BlackBox which surpassed the extreme level will be regularly
stored into this file.
Use Exported Penalty BlackBox Extreme for SMTP Denying (exportExtremeFileDeny)
Deny SMTP connections from IP's in Exported Penalty Black Box Extreme File in a
very early stage. This reduces the load on your MTA.
Exported Penalty BlackBox Interval (exportInterval)
Exported Penalty Black Box Extreme File every this hours.
Defaults to 6 hours.
added in section Sender Validation
Do Country Code Lookup (DoSenderBase)
added in several fields
address-lists and wildcards
They accept specific addresses (user@domain.com), user parts (user) or entire
local domains (@domain.com). Wildcards are supported (fribo*@domain.com).
added in Mail Analyzer
You may put here helo=aaa.bbb.helo or ip=123.123.123.123 to look up the helo/ip
information. Putting a textstring only in will start a lookup in the regular
expression files for the matching regex.
added in SPF section
Override Domains*
Set override to define SPF records for domains that do publish but which you
want to override anyway. Wildcards are supported. For example: abc.com|*.def.com
Internal Name: SPFoverride
Fallback Domains*
Set fallback to define "pretend" SPF records for domains that don't publish them
yet. Wildcards are supported. For example: abc.com|*.def.com
Internal Name: SPFfallback
Local SPF Record
Used in Fallback/Override Domains
The default is v=spf1 a/24 mx/24 ptr -all
Internal Name: SPFlocalRecord
added in Copy Spam & Ham section
Do Not Copy Spam Regex*
Never Copy Spam regardless of collection mode. Put anything here to identify
messages which should not be copied.
added in Greylisting/Delaying section:
Use MD5 for DelayDB
Message-Digest algorithm 5 is a cryptographic hash function and adds some level
of security to the delay database. Must be set to off if you want to list the
database with DelayShowDB/DelayShowDBwhite.
Internal Name: DelayMD5
Ê
Show Delay/Greylisting Database
The directory/file with the delay database file. If you change the filename in
section Filepath you must change it here too.
Internal Name: DelayShowDB
Ê
Show Delay/Greylisting Safe Database
The directory/file with the safe delay database file. If you change the filename
in section Filepath you must change it here too.
Internal Name: DelayShowDBwhite
added in PenaltyBox section:
Force Extreme Denying for Mode 2
PBextreme will deny connections from IP's whose score meet or exceed the extreme
level/extreme counter - even if PB is only monitoring (mode 2)
Extreme Bad IP History
* Message scoring only,
Internal Name: pbeValencePBÊ
Bad IP History
* Message scoring only
Internal Name: pbValencePB
added in CC Mail section:
Do Not Copy Messages Above This MessageTotal
Messages whose score exceeds this threshold will not be copied. For example: 75
CIDR and Hyphenated IP Range Notation added in IP notation
(In Hyphenated IP Range you may replace the hyphen with a space,
123.123.123.123 123.123.123.123 is also valid.)
You can freely mix all notations:
123.123.
123.123.0.0/17
123.123.123.123 123.123.123.123
123.123.123.123-123.123.123.123
You can add comments to be seen when matching is logged:
123.123. comment1
123.123.0.0/17 comment2
123.123.123.123 123.123.123.123 comment3
123.123.123.123-123.123.123.123 comment4
This comments are *not* the comments usually used in lists, they can be used
additionally:
123.123. comment1 # a line with a comment1
123.123.0.0/17 comment2
added caching for:
-SPF
-MXA
-PTR
-RWL
-LDAP
added in folder notes:
Config History (confighistory.txt)
Admin Info (admininfo.txt)
-configdefaults.txt
-config.txt
Added Options:
-Do Bomb/Script Regular Expressions Checks for ISP/Secondary
-Do URI Blocklist Validation for ISP/Secondary
Added:
All Spam-Haters*
All Emails to Spam-Haters found to be spam are blocked by ASSP rather than
processed in testmode/spamlover. When a Spam-Hater is not the sole recipient of
a message, the message will only be blocked if all recipients are Spam-Haters.
Overwrites Spam-Lover addresses/domains. Accepts specific addresses
(user@domain.com), addresses at local domains (user), or entire local domains
(@domain.com). Wildcards are supported.
For example: jfribo*@thisdomain.com|fribo|@sillyguys.org
Internal Name: spamHaters
Bayesian Spam-Hater*
DNSBL Spam-Hater*
0 comments:
Post a Comment