This article describes how to install ASSP on Ubuntu Server 14.04 LTS.
If you find it useful please consider making a donation by clicking the PayPal button on the right or just click some ads here. Thanks!*** An update to this article is available here: ASSP on Debian 8/Ubuntu 16.04. ***
Part 2: Installation
Part 3: Managing the server
Part 4: Working with ASSP
Part 5: Troubleshooting
Sources
Part 1: Introduction
ASSP is an open source spam filter that can be deployed as a relaying proxy between a mail server and the internet. ASSP is not an MTA – it cannot send mail itself. We’ll be using a locked-down version of Postfix as a local MTA however any MTA will do, for example your isp’s relay server or Microsoft Windows Server SMTP service.
StrategiesASSP uses a growing set of spam filtering strategies that can each either block an incoming e-mail entirely or assign a score to it. In the end of the array of strategies all scores are added up and actions can be based on it or the end users may set their own filter actions. For example: discard any mail with an 80% or higher spam probability but put lower scoring spam in a dedicated folder. Don’t do anything with 20% or less scoring mail. An autowhitelisting system prevents incoming mail senders from being scanned for spam so once a user has sent an e-mail to an external contact that contact will never be considered spam. Outgoing mail is added to the Bayesian and Markov statistical corpuses. Once the Bayesian and Markov databases have acquired enough data they can quite reliably distinguish spam from ham. Virusscanner
ClamAV or any local virusscanner can be integrated to scan mail for viruses. Web interface
A web interface allows configuring and managing ASSP. It offers extensive statistics, insight in smtp traffic and an automated investigation page to check wether a certain e-mail would or would not be considered spam and if so why exactly. And more
It offers dnsbl methods, uribl, backscatter detection, an e-mail based end-user spam reporting interface, virusscanning, very extensive header analitics, attachment blocking, supports regular expressions for all values, optionally file based lists, greylisting, spf, dmarc, srs, Helo and sender validation, and more. ASSP is a full featured, highly customizable, enterprise strength spamfilter. About this page and my site
I sincerely apologize for the way I had to maim my screenshots by watermarking them. Other articles from my site have been blatantly copied and pasted on other sites without any credit. If I ever catch whoever does this I’ll personally come to their house and reset their router.
Network environment
We’ll be installing ASSP in a network with the example.com. dns suffix. The mailserver is Domino 6.5. Yeah, I know this is ancient. Send me screenshots and I’ll put them up. Since ASSP will be deployed as a relay server any mailserver will do.
Domain name: example.com.function | IP address | hostname |
---|---|---|
ASSP spamfilter | 192.168.1.36 | ASSP |
Domino mailserver | 192.168.1.10 | SERVER10 |
Secondary mailserver | 192.168.1.3 | SERVER03 |
primary dns server | 192.168.1.12 | SERVER12 |
secondary dns server | 192.168.1.13 | SERVER13 |
backup server | 192.168.1.17 | SERVER17 |
Part 2: Installation
Mail flow
Incoming mail is received by the spamfilter. The filter divides spam from ham and forwards one or both to the mailserver. The mailsever redistributes the mail to the receivers’ mailboxes.
Outgoing mail is added to the Bayesian and Markov statistiscal corpuses and the whitelist.
Operating system: Ubuntu Server 14.04.03 LTS
In theory any system supporting Perl is able to host ASSP. I’ve ran it on Windows, Linux and FreeBSD. In practice Linux is by far the easiest system to set it up on.
ActiveState produces the commercial ActivePerl for Microsoft Windows. The Business Edition costs US$ 999 per year. They make a Community Edition which is crippled and in my opinion unusable for ASSP. The Enlightened Perl Organisation creates a free of charge Strawberry Perl. Last time I tried it it was incomplete and not very compatible with CPAN. That may have improved and by all means try and run it on Windows if you like. I invite you to share your experience in the comment section under this article. Ubuntu 14.04 LTS supports Perl out of the box. Both are free of charge. Canonical offers commercial support packages for Ubuntu; community support is provided free of charge and generally very good. Ubuntu 14.04 LTS is guaranteed to receive support until the end of 2019 and is widely regarded to be an industry standard. The version we’re installing is Ubuntu 14.04.03 "Trusty" LTS 64bit. On installation I chose:- Basic Ubuntu server
- OpenSSH server
- Samba file server
If at any point you need to add or remove parts of the installation run
# taskselWe’ll use Samba for easy access from Windows clients to the rather file-based layout of the ASSP installation. It isn’t necessary for ASSP management, merely a convenience. Upon completion of the installation run
# aptitude update && aptitude dist-upgrade
MTA: Postfix
Postfix is our MTA of choice because it’s easy to install, old and proven and safe. We’ll have it listen for outgoing mail on port 125 so we can install it on the same machine ASSP will be running on. To install:
# aptitude install postfixWhen asked choose the default Internet Site configuration.

smtp inet n - - - - smtpdand change it to:
125 inet n - - - - smtpdCheck Postfix’s maximum message size setting:
# postconf | grep message_size_limitKeep in mind that this size will be composed of the header size + body size + attachment size + anything else that is sent along with the mail. If you need to be able to send attachments up to 20MB in size set message_size_limit to something a bit higher than 20MB, for example 25MB. In the file /etc/postfix/main.cf change the following value (or add it if it doesn’t exist):
message_size_limit = 26214400 Secure so only the ASSP server may use Postfix: in main.cf change mynetworks to:
mynetworks = 127.0.0.0/8 192.168.1.36/32 [::ffff:127.0.0.0]/104 [::1]/128at the end of the file add:
smtpd_client_restrictions = permit_mynetworks, reject smtpd_delay_reject = no transport_maps = hash:/etc/postfix/transport
Look for the value ‘mydestination’ and remove your mail domain:
From
mydestination = example.com, assp.testnet.lab, localhost.testnet.lab, localhost
To:
mydestination = assp.testnet.lab, localhost.testnet.lab, localhostCreate the file /etc/postfix/transport and add to it:
example.com smtp:192.168.1.10Load the transport file in Postfix and reload Postfix:
# postmap transport # postfix reload
Virus scanner: ClamAV
Install ClamAV by running
# aptitude install clamav clamav-daemon # freshclamEdit ClamAV’s config file /etc/clamav/clamd.conf;
alternatively run dpkg-reconfigure:
# dpkg-reconfigure clamav-baseSocket type: UNIX (TCP will probably also work but it says a socket file is safer)
Local (UNIX) socket clamd will listen on: /var/run/clamav/clamd.ctl (this is the default at the time of writing. Just make sure you enter this exact value in the ASSP web interface under ClamAV and FileScan > Port or file socket for ClamAV (AvClamdPort).
User to run clamav-daemon as: clamav
Groups for clamav-daemon: clamav Make sure FreshClam is scheduled to download new virus definitions periodically. Check /etc/clamav/freshclam.conf or configure it in Webmin. You can have freshclam check for db updates every hour (Checks 24). If you set the following values in /etc/clamav/freshclam.conf you may check up to four times per hour (Checks 96):
DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror db.XY.clamav.net DatabaseMirror database.clamav.net
Replace XY with your country code.
Restart the Freshclam service:# service clamav-freshclam restartSource: http://www.clamav.net/doc/cvd.html
Optional webbased management tool: Webmin
It’s always an option to manage the server with Webmin. Webmin is a webbased administration tool for servers. It runs fine on Ubuntu. Create the file /etc/apt/sources.list.d/webmin.list and add:
deb http://download.webmin.com/download/repository sarge contrib deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
Download and install the repo’s key:
# cd /root # wget http://www.webmin.com/jcameron-key.asc # apt-key add jcameron-key.asc
Update the repository cache and install:
# aptitude update # aptitude install webminSource: http://www.webmin.com/deb.html
It is not necessary for the administration of the ASSP server to run Webmin. You can manage the server more completely from the command line but sometimes Webmin is just handy. Webmin is completely optional.
Perl modules
ASSP’s readme file states that the preferred way to install the Perl modules is to use native packages where possible to prevent unnecessary complications with upgrading.
These are native Ubuntu packages that provide some of the Perl modules used by ASSP:
- libnet-dns-perl
- libauthen-sasl-perl
- libmail-spf-perl
- libregexp-optimizer-perl
- libfile-readbackwards-perl
- libnetaddr-ip-perl
- libnet-cidr-lite-perl
- libmail-dkim-perl
- libnet-ldap-perl
- libunicode-string-perl
- libemail-send-perl
- libemail-mime-perl
- libtext-unidecode-perl
- liblingua-stem-snowball-perl
- libsys-cpu-perl
- libthreads-perl
- libschedule-cron-perl
- libdigest-sha-perl
- libmime-types-perl
- libclamav-client-perl
- libarchive-zip-perl
- libberkeleydb-perl
- liblingua-identify-perl
- libsys-cpuload-perl
- libthreads-shared-perl
- libunicode-linebreak-perl
- libconvert-tnef-perl
- libimage-magick-perl
Install them by doing
# aptitude install libnet-dns-perl libauthen-sasl-perl libmail-spf-perl libregexp-optimizer-perl libfile-readbackwards-perl libnetaddr-ip-perl libnet-cidr-lite-perl libmail-dkim-perl libnet-ldap-perl libunicode-string-perl libemail-send-perl libemail-mime-perl libtext-unidecode-perl liblingua-stem-snowball-perl libsys-cpu-perl libthreads-perl libschedule-cron-perl libdigest-sha-perl libmime-types-perl libclamav-client-perl libarchive-zip-perl libberkeleydb-perl liblingua-identify-perl libsys-cpuload-perl libthreads-shared-perl libunicode-linebreak-perl libconvert-tnef-perl libimage-magick-perlInstall more Perl modules:
(The first time you run cpan it will ask you some configuration questions. If in doubt just follow its lead. Press Enter to accept the suggested answer but do read the questions.)
# cpan Text::Glob Number::Compare Compress::Zlib Convert::TNEF Digest::MD5 Digest::SHA1 Email::MIME::Modifier Email::Send Email::Valid File::ReadBackwards File::Scan::ClamAV LWP::Simple MIME::Types Mail::SPF Mail::SRS Net::CIDR::Lite Net::DNS Net::IP::Match::Regexp Net::LDAP Net::SMTP Net::SenderBase Net::Syslog PerlIO::scalar threads threads::shared Thread::Queue Thread::State Tie::DBI Time::HiRes Schedule::Cron IO::Socket::SSL Crypt::CBC Crypt::OpenSSL::AES DBD::mysql YAML DateTime Time::Format Module::Signature File::PathInfo File::Find::Rule File::Slurp File::Which LEOCHARRE::DEBUG File::chmod Linux::usermod LEOCHARRE::CLI Crypt::RC4 Text::PDF Smart::Comments CAM::PDF PDF::API2 PDF::Burst PDF::GetImages Image::OCR::Tesseract PDF::OCR PDF::OCR2 Mail::DKIM::Verifier Mail::SPF::Query Regexp::Optimizer Unicode::GCString Text::Unidecode Lingua::Stem::Snowball Lingua::Identify Archive::ZipSys::MemInfo will fail to install. The solution is to install build-essential first:
# apt-get -y install libgd2-xpm-dev build-essential
Then install these modules:
# cpan Sys::MemInfo Sys::CPU Sys::CpuAffinity Tie::RDBM Thread::State Digest::SHA1
Mail::SPF::Query
Mail::SPF::Query fails to install. I’m not sure it hasn’t been superseded by libmail-spf-query and ASSP just does a wrong check. In that case forcibly installing it from the CPAN prompt would fix ASSP’s misinterpretation of the facts:
# cpan cpan[1]> force install Mail::SPF::QueryIf ASSP *is* correct however this would be an unholy route. In my setup it works. Do the force install and if it works it works. **Update** According to Silvenga in the comments forcing it is the way to go.
File::Scan::ClamAV
File::Scan::ClamAV fails to install because the tests it does are outdated. You can either force install it:
# cpan cpan[1]> force install File::Scan::ClamAV
Or change the tests as per http://www.gossamer-threads.com/lists/clamav/users/61844:
As root:# cpan # install File::Scan::ClamAV
(this will fail)
# look File::Scan::ClamAV
(this puts you in the build directory for this module within cpan) e.g.:
cpan[2]> look File::Scan::ClamAV Running look for module 'File::Scan::ClamAV' Trying to open a subshell in the build directory... Working directory is /root/.cpan/build/File-Scan-ClamAV-1.91-O_dSGE xxxx [at] xxx:.cpan/build/File-Scan-ClamAV-1.91-O_dSGE#
#step 2 cpan[2]> cd t
(go into the test directory)
in mkconf.pl change:cpan[2]> my $dir = cwd;
to
cpan[2]> my $dir = '/tmp';
(Note: in the ‘gossamer’ link the previous line contains an error.)
#step 3In 01ping.t, 02reload.t, 03quit.t, 04scan.t and 05streamscan.t files:
1) change all references to clamsock to /tmp/clamsock (should be 3
places in each file: in the loop, during File::Scan::ClamAV instantiation and unlink)
cpan[2]> sed -i -- 's|clamsock|'/tmp/clamsock'|g' *.t cpan[2]> cd .. cpan[2]> make test cpan[2]> make install
ASSP
Download the latest ASSP__install.zip from http://sourceforge.net/projects/assp/.
$ wget -O assp.zip\ http://sourceforge.net/projects/assp/files/latest/downloadInstall unzip:
# aptitude install unzipExtract to /usr/share/assp/. You could put it anywhere but I’m using this path.
# unzip -d /usr/share assp.zipYou can delete four textfiles in the zipfile’s root or keep them for reference. Anyway they don’t need to stay in /usr/share.
The folder structure will need to end up like this:
usr +- share +- assp +- certs +- dkim +- docs +- files +- blackre.txt +- blockreportuser.txt etcMake the Perl scripts executable:
# chmod +x /usr/share/assp/*.plCreate a dedicated system user for assp:
# useradd assp -rYou can pick your own accountname but make sure it is properly reflected in ASSP’s web interface under [Server Setup] ‘Run as UID’ and ‘Run as GID’.
Vipul’s Razor plugin
Vipul’s Razor checks checksums of incoming mail against an online database.
Note: version numbers may vary. Substitute where appropriate.
From the SourceForce ASSP site > ASSP V2 multithreading > razor2_for_assp download razor-agents.src.tar.gz. Untar:
# tar -xzvf razor-agents_src.tar.gz
Compile the Perl module:
# cd razor-agents-2.84_assp # perl Makefile.PL # make # make test # make install
If the making and installing went well, from the SF ASSP site > ASSP V2 multithreading > Plugins, download ASSP_Razor – Razor2 Plugin for ASSP. The file is called ASSP_Razor_1.09.zip.
Extract the file and move the resulting .pm file to /usr/share/assp/plugins:
# unzip ASSP_Razor_1.09.zip # mv ASSP_Razor.pm /usr/share/assp/plugins
Restart the ASSP server:
# service assp restart
You may now configure the Razor plugin from the web interface.
Runlevel scripts
Create a file /etc/init.d/assp and make it executable.
#!/bin/sh -e # Start or stop ASSP # # original version by Ivo Schaap had issues on Debian4. # Modified by atramos. # 2015-09-01 some error correction by Martin Huijgen # ### BEGIN INIT INFO # Provides: ASSP (Anti-Spam SMTP Proxy) # Required-Start: $syslog, $local_fs # Required-Stop: $syslog, $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start ASSP # Description: Enable service provided by daemon. ### END INIT INFO PATH=/bin:/usr/bin:/sbin:/usr/sbin case "$1" in start) printf "Starting the Anti-Spam SMTP Proxy\n" cd /usr/share/assp perl assp.pl 2>&1 > /dev/null & ;; stop) printf "Stopping the Anti-Spam SMTP Proxy\n" kill -9 `ps ax|grep "perl assp.pl"|grep -v grep|awk '{ print $1 }'` ;; restart) $0 stop || true $0 start ;; *) printf "Usage: /etc/init.d/assp {start|stop|restart}\n" exit 1 ;; esac exit 0
# chmod +x /etc/init.d/asspHave it start AFTER clamav-daemon (check back here later if you haven’t installed ClamAV yet). Look in /etc/rc2.d and look at the number before clamav-daemon. Let’s say this is 20: ‘S20clamav-daemon’ –> ../init.d/clamav-daemon Give assp a higher number than clamav-daemon, for example 30: ‘S30assp’. Then run update-rc.d:
# update-rc.d assp defaults 30
Web interface configuration
You can find the web interface on http://192.168.1.36:55555. The default user is root and the default password is nospam4me.
You may change the settings either in de web interface or the config file (/usr/share/assp/assp.cfg). The web interface’s advantage is that is contains a lot of explanatory text so for first time users I would recommend to use the web interface. After changing the values click the Apply Changes button bottom right.
[Network Setup] SMTP Listen Port (listenPort): 25 SMTP Destination (smtpDestination): 125 [SMTP Session Limits] Max Size of Local Message (maxSize): 20971520 Max Size of External Message (maxSizeExternal): 20971520 [Recipients/Local Domains] Local Domains (localDomains): example.com=> SERVER10.SERVER.local|morexamples.com [x] Verify Recipients with SMTP-VRFY (DoVRFY) [TestModes] Prepend Spam Subject (spamSubject): [SPAM] [x] Prepend Spam Tag (spamTag) [x] All Test Mode ON (allTestMode) [DNS Setup] DNS Name Servers (DNSServers): 192.168.1.12|192.168.1.13 [Logging] Notification Email To (Notify): helpdesk@example.com [Server Setup] Run ASSP as a Daemon (AsADaemon): Yes - run AutoRestartCmd on restart and wait OS-shell command for AutoRestart (AutoRestartCmd): service assp restart Run as UID (RunAsUser): assp Run as GID (RunAsGroup): assp My Name (myName): mail.example.com My Helo (myHelo): SENDERHELO - IP - MYNAME - FQDN | MYNAME Override the Server SMTP Greeting (myGreeting): MYNAME [Relaying] Allow All Mail (acceptAllMail): 192.168.1.10|192.168.1.3 Relay Host (relayHost): 127.0.0.1:125 Relay Port (relayPort): 225 Allow Relay Connection from these IP's (allowRelayCon): 192.168.1.10|192.168.1.3 [ClamAV and FileScan] Send Virus Report To This Address: helpdesk@example.com [x] Use ClamAV ***CHECK THIS IN /etc/clamav/clamd.conf!*** Port or file socket for ClamAV (AvClamdPort): /var/run/clamav/clamd.ctl ******************************************* [Attachment Blocking] External Attachment Blocking (DoBlockExes): score External Attachment Blocking Level (BlockExes): Level 2 Level 1 rejected File Extensions (BadAttachL1): exe\-bin|exe|scr|pif|vb[es]?|jse?|ws[cfh]?|sh[sb]?|li?nk|bat|cmd|com|ht[ab]|ps1? Level 2 rejected File Extensions (BadAttachL2): ade|adp|bas|chm|cpl|crt|dll|hlp|hta|inf|ins|isp|jar|js|lnk|mdb|msc|msi|mst|pcd|reg|src|sct [SenderBase / Whois] Do Country Blocking (DoSenderBase): disabled [File Paths and Database] Extension for Mail Files (maillogExt): .mht #This allows opening the mail in Windows by doubleclicking it. To paste the mail in the Mail Analyzer do not doubleclick it but right-click it and view it in a plain-text editor. database driver name (Dbdriver): BerkeleyDB Spam/HMM Bayesian Database Files (spamdb): DB: [PenaltyBox / Message and IP Scoring] PenaltyBox Database (pbdb): DB: Email Whitelist Database (whitelistdb): DB: Email Redlist Database File (redlistdb): DB:
E-mail archival
From the ASSP website download the Archive Plugin (ASSP_ARC) and put it in the Plugins folder in the folder where ASSP is installed, for example /usr/share/assp/Plugins/ASSP_ARC.pm
Restart the ASSP service:# service assp restartThe web interface will now have a section called ASSP_ARC-Plugin.
Configuring your mail server
How you configure your mailserver depends on the mailserver you’re using. I’ll demonstrate for IBM Domino but obviously since we’re creating a relay server you can configure any mailserver to work with ASSP. Have your mailserver accept incoming mail from your ASSP server and set your mailserver to relay any outgoing mail to ASSP. Some mailservers call this a smarthost.
In Domino Administrator under the Configuration tab expand Messaging > Configurations > select server and click Edit Configuration.

Part 3: Managing the server
Backing up the server
For disaster recovery use image based backups, like with Clonezilla or Ghost.
Additionally we can backup the following configuration files and directories:/etc/postfix/transport /etc/postfix/main.cf /usr/share/assp/ /etc/clamav/*.confFor backup systems I like to keep things as simple as possible. I’m copying everything to a tarball and copy the tarball to a backup server which handles (offsite) backups. The backup server is a Windows machine so we’re using smbclient to copy the file. The sharename it e$ and there’s a folder called “ASSP Backups”. Because there’s a space in it it needs to be surrounded by double quotes which need to be escaped:
\"ASSP Backups\" Begin by specifying your smb credentials in /root/.smbcreds. Make sure that file is only readable by root! As root, in /root/.smbcreds write:
username=administrator password=The4dminPa$$word domain=SERVER.local
The domain line is optional.
Make the credentials file readable to root only, just to make sure:# chmod 600 /root/.smbcredsHere is the script I use to copy the file to the backup server.
#! /bin/bash NOW=$(date +"%Y-%m-%d") # Create backupdir mkdir ./$NOW # Write list of installed packages to backupdir dpkg --get-selections | grep -v deinstall > ./$NOW/packageslist.txt # Copy data to backupdir cp -R /etc/ ./$NOW cp -R /usr/share/assp ./$NOW # Copy backupdir to tarball tar -cvpzf backup-$NOW.tar.gz ./$NOW # Copy tarball to backup server smbclient //SERVER24/e$ -l 192.168.1.24 -A /root/.smbcreds -c "cd \"ASSP Backups\"; put backup-$NOW.tar.gz backup-$NOW.tar.gz" # Remove backupdir rm -R ./$NOW
Scheduling the backup
Schedule the backup using cron
# crontab -e
and specify a time, for example every day at 23.59 hrs (so the date represents the day the changes in the files were made):
0 23 * * * sh /usr/share/backup.shAlternatively use Webmin to schedule the backup. The backup file is probably not restorable on Windows machines because of the path length so test the backup on a Linux machine or by extracting some random files instead of complete paths.
Restoring a backup
There are three ways to restore a backup:
- Load a disk image. This is an easy way with a little bit of downtime depending on your hardware and disk size. Not much can go wrong here. You would use this for disaster recovery purposes as you problably won’t keep many versions lying around.
- Restore individual files from the backup. Best stop relevant services and verify things afterwards. Advantage: less downtime. Small disadvantage: perhaps the system will be inconsistent so you need to check if things still work afterwards. Most of the time this is not a problem.
- Restore the complete file based backup. You would do this if you need an old backup as these backups are complete but smaller as they leave out the operating system and software so you can store a lot of them.
- Reinstall the system and run dist-upgrade.
- Reinstall the software using the packages list from the backup file:
# dpkg --set-selections < packageslist.txt # apt-get -u dselect-upgrade
- Recreate the backup system.
- For good measure, reboot.
Upgrading the server
Before upgrading make sure to create an image first. Afterwards do:
# aptitude upgrade
or
# aptitude dist-upgrade
if you’re feeling adventurous.
Or use Webmin to install the updates/upgrades.Upgrading Perl modules
In ASSP’s web interface click Info and Stats (in the top banner). In the Perl Modules section ASSP will tell you which modules and versions are installed and which are required or recommended. Note that ‘required’ should not be taken very literally. In most cases the older versions work just fine. I suggest upgrading only if at least one of the following applies:
- it is a security update
- you are certain that it will not break anything
- not upgrading breaks functionality
To upgrade a Perl module not in Ubuntu’s repositories just install it again in CPAN:
# CPAN Text::Glob
If it’s in the repositories it’s best to have the OS update it automatically.
Upgrading ASSP itself
To upgrade ASSP itself, i.e. the Perl script assp.pl:
- Stop the ASSP service.
- Download the latest version of the script from SourceForge.
- Rename assp.pl to assp.pl.old
- Extract the new assp.pl file to the ASSP directory
- Start the ASSP service.
Part 4: Working with ASSP
Monitoring
ASSP general health
A coloured dot on the web interface in front of the word ASSP informs you of ASSP’s general health status. Click the coloured dot to open the health page.


SMTP Connections List
Click SMTP Connections in the top bar to open the SMTP Connections List. This page shows the current SMTP connections.
Please note:- You must not make changes to ASSP in the main ASSP configuration window while the SMTP Connections List is is open.
- The SMTP Connections List only autorefreshes when it has focus.
- Click the Stop button (top right) make changes in the refresh rate to enable or disable colouring, then press the Start button.

Statistics
The Info and Stats link in the top banner shows detailed statistics on just about anything related to the system. Among them:
- ASSP proxy uptime
- Number of messages processed
- SMTP connections received and rejected
- Message scoring statistics
- Number of viruses detected
Working with white and blacklists
In general, addresses and domains on a whitelist are not checked for spam. ASSP uses a host of whitelists; among them:
- a list of whitelisted IP addresses (whiteListedIPs)
- a list of regular expressions to identify non-spam (whiteRe)
- whitelisted domains and addresses (whiteListedDomains)
- Addresses to which mail is sent from inside will be automatically added to the whitelist for 365 days.
From the main configuration page
You can find all whitelists on the main configuration page in the Whitelisting section.
From the SMTP Connections List page
On the SMTP Connections List page click an address to open the ‘Add/remove address from lists’ window. You can add the address or domain to various lists. Also realtime information is shown on the occurance of the address in lists.
From the Maillog tail
In the top bar click View Maillog Tail. This will show you the most recent bit of the maillog file. Click any e-mail or IP address here to open the ‘Add/remove addresses from lists’ window.
The redlist
The redlist is a special kind of list. Addresses on the redlist do not contribute to the whitelist. This is particularly useful in case of users who are on vacation and set an out of office autoresponder to reply to any incoming mail, including spam. Normally the addresses this autoresponder sends mail to would end up on the whitelist because your colleage is a local user and contributes to the whitelist.
‘redRe’, the value in ‘[SPAM Control] Regular Expression to Identify Redlisted Mail’ contains a set of regular expressions to identify this kind of mail. To manually add or a remove a user to or from the redlist (or whitelist) click White/Redlist/Tuplets in the top bar. You can add, remove or verify one or more users against the white and redlist here.
Mail analyzer
The Mail Analyzer in the top bar will take you to the ASSP Mail Analyzer. Clicking a green or red link in the Maillog Tail will pop up a window containing, among other options, an analyze button. Clicking this button will also open the analyzer.
If you opened the analyzer from the Maillog Tail viewer the analyze box will already have been filled and the analysis is presented. If you went there ‘manually’ you can paste an e-mail’s headers in the box and click the Analyze button.
E-mail interface
The various lists can be managed via e-mail. Special e-mail addresses provide ways to report spam or ham and a whole lot more operations.
Having end users mail errors in spam and ham identification helps improving the Bayesian (and Markov, if used) analysis. Note you can also move the mails manually by dropping them in the errors/spam or errors/notspam folder. Some addresses are useful for end users; some may be too technical. Some require special privileges. Operations performed by end users will be reported back to the user as well as to the helpdesk account.address (@assp.local) | function |
---|---|
For all local users – bold = most often used | |
help | Request help text |
Spam | Report forwarded spam |
Notspam | Report forwarded false positive (ham) |
Whitelist | Add sender of forwarded mail to the whitelist |
Notwhitelist | Remove sender of forwarded mail from the whitelist |
Persblack | Add sender of forwarded mail to the user’s personal blacklist |
Notpersblack | Remove sender of forwarded mail from the user’s personal blacklist |
Analyze | Return analysis on forwarded mail |
For privileged users only | |
Blacklist | Add sender of forwarded mail to the blacklist |
Notblacklist | Remove sender of forwarded mail from the blacklist |
Redlist | Add sender of forwarded mail to the redlist |
Notred | Remove sender of forwarded mail from the redlist |
Spamlover | Add sender of forwarded mail to the spamlover list |
Notspamlover | Remove sender of forwarded mail from the spamlover list |
Noprocessing | Add sender of forwarded mail to the no processing list |
Notnoprocessing | Remove sender of forwarded mail from the no processing list |
Blockreport | Request a block report for selected users |
Folders
ASSP uses various folders for storing spam and ham. Since we also use the ASSP_ARC plugin to archive all mail duplication will occur.
Folder | Contains |
---|---|
/var/assp/archive | Archives of all incoming and outgoing mail including spam |
/usr/share/assp/logs | Logfiles |
/usr/share/assp/resendmail | Mail that is to be re-sent to the original recipient |
/usr/share/assp/okmail | Incoming mail that is not deemed spam and non-processed mail |
/usr/share/assp/spam | Collection of mail that’s deemed spam |
/usr/share/assp/notspam | Collection of mail that’s not deemed spam |
/usr/share/assp/errors/notspam | False positives as reported or moved here by users or admins (counts 4x) |
/usr/share/assp/errors/spam | False negatives as reported or moved here by users or admins (counts 2x) |
/usr/share/assp/errors/notspam/ newManuallyAdded |
Same as parent folder but processed immediately | /usr/share/assp/errors/spam/newManuallyAdded |
/usr/share/assp/discarded | Spam not used for the spam collection |
Mailflow cases
A user wants to know if a certain mail was blocked as spam.
-
Web interface: View Maillog Tail > search on subject, sender or receiver. If ASSP finds nothing increase the number of lines ASSP searches in. The logfile will mention wether the mail was sorted into the spam or another folder. Spam messages will be marked red, notspam green and okmail grey.
- Command line:
# cat /usr/share/assp/logs/mail.log | grep -i 'SEARCHTERMS'
Replace SEARCHTERM by the string you are searching for. The escape character is blackslash ( \ ).
- Folders: look for the mail subject in the spam, notspam and ok folders. Alternatively search the archive folder and paste the contents of the mail in the Mail Analyzer.
A user receives an untagged spam message.
Does the message contain a “[SPAM]” tag in its subject? If so the user can either ignore it or set up a local filtering rule to automatically move messages marked “[SPAM]”. If not we have a false negative: an unidentified spam message. In that case on of the following actions can be taken:
- The user can forward the spam message to spam@assp.local. (It is advisable to leave out the user’s default signature.) This will point out the error to the Bayesian engine. The user and helpdesk@example.com will be notified. The notification is informational; no further action is required.
- An administrator can forward the spam message to spam@assp.local.
- An administrator can move the mail from either okmail or notspam to errors/spam/newManuallyAdded (or just errors/spam; the difference is that Manually is processed internally immediately while the regular folder’s contents will be processed daily).
-
An admin can find the mail in the Maillog Tail and click the green or grey archival link. In the popup window select the action ‘Copy file to correctedspam’ and click the Do It! Button.
An incoming mail was erroneously identified as spam.
False positive. Have the user forward the mail to notspam@assp.local or either:
- Move the file from spam to /errors/notspam
- Forward the mail to notspam@assp.local yourself
- Perhaps add the sender’s address or domain to the whitelist
A user wants a copy of a picture in an e-mail
- Copy the mail from the user’s mailbox to your own. Open in Outlook, copy the picure, send it back to the user. [We use this procedure because certain pictures cannot be opened in our corporate client.]
- Find the mail in the archive, spam, notspam or okmail folder (if you don’t know in which folder to look search for the subject, sender or receiver in the Maillog Tail first) and double click it to open it in Internet Explorer. Copy the picture, send it back to the user.
A user wants to add a sender or domain to the blacklist
There are two sorts of blacklists: personal and global. Global blacklists divide further into different lists; personal blacklists are addresses or domains that are blocked on a per-user basis. Users can manipulate their own personal blocklists; admins can manipulate all blocklists.
Global blacklists:
- Web interface:
- IP Blocking (IP based only)
- E-mail interface: forward a mail to blacklist@assp.local. The original sender’s e-mail address will be added to the global whitelist. notblacklist@assp.local delists the address. Wildcards are supported.
Personal blacklists:
- E-mail interface: the user must send a mail to persblack@assp.local listing addresses he wants to add to his personal blacklist. If the first line is ‘reportpersblack’ (without the quotes) or if the body is empty a complete report about all his personal black list entries is returned. notpersblack@assp.local delists the address. Wildcards are supported. Removing tinus.detester@example.com would also remove *@example.com.
Adding certain words to the blacklists
In the web interface: Regex Filter / Spambomb
- Regular Expression to Identify Spam in Subject (bombSubjectRe) – expressions to look for in the mail’s header
- Regular Expression for Header and Data Part (bombRe) – expressions to look for in the mail’s body and attachments
A user wants to add a sender or domain to the whitelist
- Automatically: any address anyone from inside sends an e-mail to is automatically listed to the autowhitelist for a year.
- E-mail interface: the user or an admin can send an e-mail to whitelist@assp.local to add addresses to the whitelist. In the mail’s body list the address(es) you want added. Notwhitelist@assp.local delists the address.
- Manually: only admins can manually add entries to the whitelist from the web interface: manipulate the No Processing lists or Whitelists. No Processing means just that: no processing. Mail is not checked except for virusses. Whitelists are somewhat more dynamic.
If in doubt use one of the following:- Whitelisting > Whitelisted Ips (whiteListedIPs)
- Regular Expressions to Identify Non-Spam (whiteRe)
- Whitelisted Domains and Addresses (whiteListedDomains)
Part 5: Troubleshooting
Logfiles
Postfix
The Postfix logfiles are /var/log/mail.err and /var/log/mail.log.
ASSP
Look in /usr/share/assp/moduleLoadErrors.txt for errors regarding loading Perl modules. Also in the ASSP web interface, in the top banner, click ‘Info and Stats’ and check the Perl Modules section for more information on Perl modules.
ASSP’s mail processing logfiles are in /usr/share/assp/logs. Have cron log to the system logging server:Edit the file /etc/rsyslog.d/50-default.conf and change
#cron.* /var/log/cron.log
to
cron.* /var/log/cron.log
Restart rsyslog and cron:
# service rsyslog restart # service cron restart
General
Find out which program is using a port (for example port 25):
# netstat -tapen | grep ":25 "If ASSP does things it shouldn’t do try restarting it:
# service assp restart
Check if /usr/share/assp/assp.cfg matches ASSP’s web interface values. Sometimes it needs a kick in the butt for the values to stick.
Do not make changes in the web interface when the SMTP Sessions monitor window is opened. The SMTP Sessions monitor window is only automatically refreshed if it has focus. If mail in the SMTP Connections List remains in the MAIL FROM status you may need to check your Postfix’s message_size_limit:# postconf -n | grep message_size_limitIf it’s too low or absent (=default; 10MB at the time of writing) define it in /etc/postfix/main.cf. Search in mail logfile from ASSP: click ‘View Maillog Tail’ top right in the ASSP web interface. Error: “Invalid Helo string” or “Invalid SMTP Banner”: change myGreeting in ASSP or check /etc/postfix/main.cf and change myhostname to the FQDN of the server (mail.example.com). If you changed the Postfix config do
# postfix reloadIf your spamfilter’s public IP is 123.234.345.67 and its name is mail.example.com check if these match up. Windows:
C:\>ping mail.example.com Pinging mail.example.com [123.234.345.67] with 32 bytes of data: Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Ping statistics for 123.234.345.67: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\>ping -a 123.234.345.67 Pinging mail.example.com [123.234.345.67] with 32 bytes of data: Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Reply from 123.234.345.67: bytes=32 time=1ms TTL=63 Ping statistics for 123.234.345.67: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1msLinux:
vorkbaard@xbtest:~$ ping mail.example.com PING mail.example.com (123.234.345.67) 56(84) bytes of data. 64 bytes from mail.example.com (123.234.345.67): icmp_seq=1 ttl=61 time=2.93 ms 64 bytes from mail.example.com (123.234.345.67): icmp_seq=2 ttl=61 time=2.04 ms ^C --- mail.example.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 2.047/2.492/2.937/0.445 ms vorkbaard@xbtest:~$ nslookup 123.234.345.67 Server: 127.0.1.1 Address: 127.0.1.1#53 Non-authoritative answer: 76.543.432.321.IN-ADDR.ARPA name = mail.example.com.If the reverse lookup (nslookup or ping -a) doesn’t resolve to mail.example.com but to something like static-126-146-117-81.thenetworkfactory.nl you need to contact your internet provider and ask them to add a reverse dns entry for your IP address. Your internet provider may or may not be the same entity as your DNS provider. Setting static-126-146-117-81.thenetworkfactory.nl (in this instance) as your Helo greeting (myGreeting in ASSP) will work as well but you wouldn’t be in control over that name. Note that myGreeting is a different field than myName and myHelo. They can be different values but they need not be.
Useful websites
Is Not Spam – analyses your mail and explains why it is or isn’t deemed spam.
MX Toolbox – analyse SMTP settings and more by checking DNS MX entries against your SMTP server. To check for reverse DNS mismatches choose the Test Email Server option in MX Toolbox.
DNS Queries – check the health status of an SMTP server
Sources
Software sources
http://www.ubuntu.com/
http://sourceforge.net/projects/assp/
https://forum.directadmin.com/showthread.php?t=18112 General installation
http://www.techrepublic.com/blog/diy-it-guy/diy-add-a-spam-filter-to-your-mail-server-with-assp/
https://www.howtoforge.com/installing-assp-anti-spam-smtp-proxy-on-ubuntu-server-10.04-debian-5.0
http://blog.aceshigh.net/2013/11/assp-anti-spam-smtp-proxy-server/ Mail::SPF failing to install
https://www.ndchost.com/wiki/cpanel/mail-spf-fails-to-install
https://forums.cpanel.net/threads/mail-spf-fails-to-install.142285/ Modules
http://www.ninthavenue.com.au/how-to-install-assp-2-x-on-debian-7-wheezy
http://customerhelp.co.za/linux/ubuntu-security/logwatch-missing-cpu-meminfo-cpan-ubuntu-14-04.html
http://www.gossamer-threads.com/lists/clamav/users/61844
Thanks! After a couple of years I’m finally moving my ASSP server and totally forgot how. You probably have the most up-to-date tutorial out there.
Oh, the Mail::SPF::Query module will always fail due to a dependency on the network in its tests – forcing it is required.
As far as I know it still is the only complete tutorial on installing ASSP on Ubuntu 14.04 LTS. Thanks for the feedback on Mail::SPF::Query; I updated the article.
If you have other suggestions or notes on installing ASSP on 14.04 by all means feel free to post them here. The more info gets documented the better. Small issues (like the Mail::SPF::Query failing) can really be show stoppers which is unfortunate because there is an easy workaround. You just need to find it somewhere.
I found this EXTREMELY useful. If only something like this existed when I created our ASSP server back in 2014!
Thanks :)
hi, th im using assp and postfix in same server, internet -> [assp – postfix] -> exchange, i see someone told me to use postfix in another server, should i need to do that, is that impact performce server, i using 16gb 8 core but assp seem to be slow and i dont know how to fix that, thank you
Hi, I’m not sure I understand your question correctly. Performance also depends on the amount of mail you’re processing. There’s quite an active mailing list for ASSP with its developer actively participating. I suggest you pose your question there because it is dedicated to ASSP. You can sign up to the mailing list here: https://lists.sourceforge.net/lists/listinfo/assp-user To get information on which process is hogging your cpu and memory on your Ubuntu server run this command: top
Kapitein,
I am embarking on setting up an ASSP server using your method. I see the effort (and humor ->reset their router)you have put into his site/post, and wanted to take the time to stop and say
THANK YOU
I’ll post back with results
Thanks :) Good luck with the installation!
Your guide has been EXTREMELY good help in setting up ASSP on Ubuntu Server 16.04. Thanks hugely!
good luck with the installation
I got this error when i sent mail to gmail. I had the spf, dkim, dmar on my domain but when email was relayed by assp, it got error.
localhost postfix/smtp[10962]: 7E2B18579E: to=, relay=gmail-smtp-in.l.google.com[74.125.204.27]:25, delay=2.8, delays=0.2/0.01/0.76/1.9, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.204.27] said: 550-5.7.1 Unauthenticated email from ahrockz1.cf is not accepted due to domain’s 550-5.7.1 DMARC policy. Please contact the administrator of ahrockz1.cf domain 550-5.7.1 if this was a legitimate mail. Please visit 550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1 DMARC initiative. 25si4399327pgt.419 – gsmtp (in reply to end of DATA command))
No doubt, Email is an essential communication source and the third most influential source in the B2B audience—a great article and well explained. Here I would like to suggest another tool to check your SMTP server health.
https://dnschecker.org/smtp-test-tool.php
The website also provides various tools related to DNS, IP, Email, and much more. You must check it out. And the addition of that tool will be quite beneficial for the users as well.
This how to is good to start to have working assp. For me, it working like charm. I start to use it like outgoing gw. Assp learned whitelisted addresses. I made some spam, ham feading. Next, I start for incomming mails and amounght of spams was minimal, I made feading by the script for outlook. Graylisting is usefull and strong spam hunter, but I think to switching off now. I had troubless to go the DoTLS, I am using NoTLS now. ASSP is like miracle from the first day of working !!!!!
There is very simple extractor for Graylog.
(From, To, ID)
We create new stream assp: source must contain assp.pl
The extractor assigned to the pipeline:
rule “Extract ASSP”
when
has_field(“message”)
then
let q = split(” “, to_string($message.message));
set_field(“ID”, q[1]);
let q = split(“> to: “, to_string($message.message));
let m = split(” <", to_string(q[0]));
set_field("From", m[1]);
let m = split(" ", to_string(q[1]));
set_field("To", m[0]);
end