Introduction

The Anti-Spam SMTP Proxy (ASSP) server project is an Open Source, Perl based, platform-independent transparent SMTP proxy server available at SourceForge.net that leverages numerous methodologies and technologies to both rigidly and adaptively identify e-mail spam. ASSP is easy to set up because it requires only minor changes to the configuration of your Mail Transfer Agent

Features

Some ASSP's features are:

  • Bayesian analysis
  • Penalty Box (PB) trapping
  • DNSBL/RBL (Realtime Blackhole Listing)
  • URIBL (Uniform Resource Identifier Black Listing)
  • Multi-level SPF (Sender Policy Framework) validation and blocking
  • SRS (Sender Rewriting Scheme) fix-up
  • Session Delaying/Greylisting) and connection response delaying
  • Sender validation and recipient validation
  • Multi-level attachment blocking (based on block lists or allow lists)
  • As well as multiple RFC validation mechanisms.

Installation

This installation assumes that you are running sendmail and that you are going to run ASSP on the same machine. You can most likely adapt this to other mail servers and configurations relatively easily.

Installation is relatively straight forward as most packages on FreeBSD are. Go to /usr/ports/mail/assp/ and run a sudo make config. I recommend the following configuration:

     ......................................................................
     .                    Options for assp 1.5.1.2_3                      .
     . .................................................................. .
     . .    [X] EMVALID  RFC822 recipient address validator             . .
     . .    [ ] LDAP     LDAP validation of recipient addresses         . .
     . .    [X] SPF      SPF validation of client IP                    . .
     . .    [X] SRS      Sender Rewriting Scheme                        . .
     . .    [X] SEND     Resending .eml files                           . .
     . .    [X] FBACKW   File Reading Backwards                         . .
     . .    [X] ZLIB     HTTP Header Compression on Admin Interface     . .
     . .    [X] CLAMAV   ClamAV virus scanner                           . .
     . .    [X] DNSBL    DNS block list checking                        . .
     . .    [ ] MYSQL    Use MySQL db to store white/red/delaylists     . .
     . .    [X] MATCHRE  Match IP ranges and CIDR blocks in lists       . .
     . .    [X] SENDERB  Country Code checks                            . .
     . .    [X] MIMEMOD  Multiple Attachement detection                 . .
     . .    [X] SSL      SSL secure sockets support                     . .
     . .    [ ] IPV6     IPv6 sockets support                           . .
     ......................................................................
     .                       [  OK  ]       Cancel                        .
     ......................................................................

Run a sudo make install clean. This installs all the necessary files and dependencies. Edit /etc/rc.conf and add assp_enable="YES". You can now start up assp as such:

sudo /usr/local/etc/rc.d/assp start

At this point, you will want to open a browser to http://localhost:55555 and log in using a blank username and as the passwod. You will want to go through and tweak any settings you need to change. The main ones I changed was to up the default block score from 50 to 70. But, I only figured that out a few weeks later when emails from meetup.com and evite.com were getting blocked. I also increased the size of emails that ASSP keeps to better allow me to resend caught emails that shouldn't have been. The web interface has a nifty "Non-Default Settings" link which shows all of the changes I made:

 Network Setup  #
# SMTP Session Limits  #
# Testmode / SPAM Control  #
# SPAM Lover/Hater #
# No Processing #
# Whitelisting/Redlisting #
whiteListedIPs -- Whitelisted IPs*: 71.252.219.43|127.0.0.1 (Default:  ) 
# Relaying  #
# Recipients #
sendAllAbuseNP -- Skip Spam Checks for Abuse Catchall: On (Default: Off) 
# Validate Helo #
DoFakedLocalHelo -- Block Forged Helos: score (Default: block) 
DoValidFormatHelo -- Validate Format of HELO: monitor (Default: score) 
DoInvalidFormatHelo -- Invalidate Format of HELO: monitor (Default: block) 
# Validate Sender #
DoPTRCheck -- Reversed Lookup: score (Default: disabled) 
# IP Blocking #
# SenderBase  #
# PenaltyBox  #
DoPenaltyMessage -- Message Scoring: monitor (Default: block) 
PenaltyMessageBlock -- High MessageLimit: 75 (Default: 50) 
PenaltyLimit -- Penalty Limit: 75 (Default: 50) 
# Delaying/Greylisting  #
# SPF/SRS  #
# DNSBL  #
# URIBL #
# Attachment Blocking #
# ClamAV and FileScan  #
UseAvClamd -- Use ClamAV: On (Default: Off) 
# Regex Filters / Spambomb  #
DoBombHeaderRe -- Use BombHeader Regular Expressions on Header Part: score (Default: block) 
DoBombRe -- Use Bomb Regular Expressions: score (Default: block) 
# Bayesian Options  #
# Block Reporting #
# Email Interface  #
# File Paths #
# Copy Spam/Ham #
# Collecting #
MaxBytes -- Max Bytes: 250000 (Default: 8000) 
StoreCompleteMail -- Store the Complete Mail: up to 10 MByte (Default: 1) 
# Logging #
# LDAP Setup  #
# DNS Setup #
DNSServers -- DNS Name Servers: 71.252.219.43|68.238.112.14 (Default: 208.67.222.222|208.67.220.220) 
# Server Setup #
webAdminPassword -- Web Admin Password: XXXXXXXXXXXXX (Default: nospam4me) 
EnableHTTPCompression -- Enable HTTP Compression in GUI: On (Default: Off) 
IndexSlideSpeed -- Sliding Speed of the Alpha Index Menu Panel in GUI: no slide (Default: normal) 
# Rebuild Options #

When you are ready, you will want to move sendmail to an alternative port, such as port 125. You can edit your /etc/mail/hostname.mc file and update the following line:

DAEMON_OPTIONS(`Port=125, Name=MTA')dnl

DAEMON_OPTIONS(`Name=NoMTA, Port=125, Addr=127.0.0.1, M=EA')dnl

Then update your configs and restart sendmail:

sudo make install restart
sudo /usr/local/etc/rc.d/assp restart

You should now be able to telnet to both port 25 and port 125 on your local machine. You will want to send a LOT of test emails from different sites to verify that emails are being received correctly. Hopefully all goes as well and smoothly as it did for me.

}