Topic: ASSP on SME 7

[sonoracomm]

Hi All,

I finally took some time to rewrite the ASSP on SME Howto for SME 7.

The only problem is that I used my home server for the testing and it is not a production mail server.  In fact, the cable company blocks port 25 here at home, so I can't do much testing.

I would REALLY appreciate ANY corrections, tips, suggestions, configuration ideas...  Please send them to gcooper(at)sonoracomm.com.

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=48&Itemid=32

After gaining experience with the built-in SpamAssassin, I have formulated a few opinions.  I do feel that ASSP is a better spam filter in most every way...but I also have more experience with it.

However, this howto  for configuring the already-installed SA is much shorter. SA also offers individual quarantines for each user.  ASSP, as I configure it just has one.  I think a single quarantine managed by a 'Spam Administrator' is better, in general, but YMMV.

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32

Also, we are just getting started publishing many support documents on our new web site.  Have a look...

http://www.sonoracomm.com

Thanks to all for all your help and especially to the developers this great open-source project!

G

[wallyrp]

Good Afternoon,

Thank you for your work regarding the how-to. Did you encounter the issue that I had to deal with regarding the changing of port 25? I had to set the property of smtpd to 125 from 25, just changing it in 10services didn't do the trick. After I changed this, I was unable to access port 25 from  the outside network through the outside nic. Everything worked on the inside just fine regardless of 125 or 25. Any ideas?

I'm also rusty on changing the iptables, what would be a command line for that?

[sonoracomm]

Hi Wally,

A quick look at the database confirmed the need to modify 'smtpd', so I just did it.

Unfortunatly, (don't laugh!), my ISP blocks port 25 so I can't readily test this issue on the box I used for testing.  I was hoping someone else would.  I would be surprised if the firewall rules caused a problem, based on history, but there's a first time for everything.

There may be another issue.  I generally don't install SME as a gateway.  I usually use Server Only mode and forward ports to the server.  Firewalling may differ...

Are you sure the firewall is the problem?  What do you see in /var/log/iptables/current?

I did notice in the database that there was another setting for

TCPProxyPort=25

I am curious what that is, exactly...

G

[ktenbrook]

I just wanted to chime in with my long ASSP experience.  I used ASSP for about 2 years on SME 6.0.x and had great results with my 25 users or so.  When I upgraded to SME 7.0, I wanted to keep it simple and went with the built-in SA spam controls.  I've now been using the 7.0 "default" spam controls for awhile (since the 1st week 7.0 was released), and I have to say that ASSP is definitely superior to SA.  That is if you define superior to mean that it does a better job at killing spam before it reaches the user.

SA does have it's advantages.  But it allows MUCH more spam to get through.  ASSP trained it bayesian filter using the spam received by the entire company.  It keeps about 15,000 (configurable) spams in a folder for the database.  The downside of ASSP is that it had more false positives than SA.  I was seeing about 2 to 5 false positives per 3600 messages.  I learned to live with that.  Also, the false positives are really accessible only if you log in to a separate spam bucket account set up to collect spam.

With 7.0 and a good e-mail client like Thunderbird or, yes, Outlook, the SME 7.0/SA approach is usable.  Most spam that gets through the server is filtered out by the client - only a handful gets through the 2 levels of filtering.  HOWEVER, now many of my clients access their e-mail using IMAP from their smart phones.  The spam controls on these clients are terrible.  So, when mobile, my users get way too much spam because SA lets too much through.  

I now think that ASSP in front of SA will provide two-level filtering at the server that will help my mobile users.  I hate to again move away from the simplicity of the "default" install, but SA just let's too much spam through compared to ASSP.

BTW, I have "tweaked" that SA settings all the way down to "7" as the score to flag a message as spam, and it still gets through!  Arggggh!!

[raem]

ktenbrook2

> ASSP trained it bayesian filter using the spam received by the entire company.  
> The downside of ASSP is that it had more false positives than SA.  


Did you consider to enable Bayes for SA in sme7.
There are forum posts telling how to do this with a db entry, search on Bayes or Bayesian
Please report your comparative results.

[sonoracomm]

I recently updated to the howto I posted.

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32

I found that setting the Custom Spam Tagging Level to 4 nearly eliminated spam from user's inboxes while resulting in very few (almost no) false-positives.

G

[wallyrp]

Good Afternoon,

Did anyone copy down the how-to that was created on sonoracomm.com? The site is apparently down. I can still find the 6.x version but I need the 7.x version. I like assp a ton better than spamassassin.

[raem]

wallyrp

Here's an older version.

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32

Spam Filter Configuration for SME 7        
This is a quick configuration howto, not an in-depth look at SpamAssassin. Much more can be done
beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server.
See 'More Information' at the end.

SpamAssassin
The following command will enable the default blacklists, enable the bayesian learning filter and set
thresholds for the bayesian filter.

rpm -Uvh
http://mirror.contribs.org/smeserver/contribs/
michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm

Server-Manager
Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable defaults.

Virus scanning Enabled
Spam filtering Enabled
Spam sensitivity Custom
Custom spam tagging level 5
Custom spam rejection level 12
Sort spam into junkmail folder Enabled
Modify subject of spam messages Enabled
I would also recommend blocking all executable content. To do so, select (highlight) all of the attachment
types other than zip files (the last two).

Click Save.

How It Works
With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the
SMTP level. Those spam messages marked between 5 and 12, will be routed to the users' (IMAP)
junkmail folder. This is done so the users can check for false-positives...valid messages that were
classified as spam by SpamAssassin.

Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail
client, by simply checking the junkmail folder exposed by their mail client.

https://servername/webmail

Tweaking
The server will automatically delete old spam in the junkmail folders after 90 days. You can control the
number of days old spam is kept with the following commands. Where 15 is the number of days you want
to keep messages, do...

db configuration setprop spamassassin MessageRetentionTime 15

signal-event email-update

svc -t /service/qpsmtpd

then

config show spamassassin

If you think you are losing misclassified mail, adjust the 'Custom spam rejection level' higher.


If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down.
Many people use the level 4.

If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level'
down or change the number of days spam is kept in the junkmail folder before being automatically delete
by the server.

Bayesian (Learning) Filter
Install the LearnAsSpam.pl, (optional) mailstats and sa-update scripts, then configure nightly cron jobs like this:

cd /usr/bin

wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/LearnAsSpam.pl

wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/spamfilter-stats-7.pl

cd /etc/cron.d

wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/LearnAsSpam.cron

wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/mailstats.cron


cd /etc/cron.daily

wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/sa-update

chmod +x sa-update

/etc/rc.d/init.d/crond restart

Be sure to enter the wget lines as one long line.

Using an IMAP mail client, create a new folder called 'LearnAsSpam'. I created mine at the top level, like
'Inbox' for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder,
as well as checking the junkmail (filtered mail or quarantine) folder.

If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam
folder.  A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter.

Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect
instantaneous results.

Whitelist and Blacklist
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future
messages coming in from that sender are not filtered.

Conversely, you can add a spammer to the blacklist so you never see their spam again.  

Add senders (or their entire domains) to the global whitelist with these commands as root:

db spamassassin setprop wbl.global *@vonage.com White

db spamassassin setprop wbl.global *domain2.com White

db spamassassin setprop wbl.global user@domain3.comThis email address is being protected from spam bots, you need Javascript enabled to view it White

db spamassassin setprop wbl.global spammer@spamdomain.comThis email address is being protected from spam bots, you need Javascript enabled to view it Black


expand-template /etc/mail/spamassassin/local.cf

svc -t /service/spamd

Clam Antivirus
Update and check your Clam Antivirus with this command.

freshclam -v

or

freshclam --debug

Verify hourly update checking by viewing the freshclam/current log file via the Server-Manager
View Log Files panel.

More Information
Here is another great howto (URL is all one line).

http://mirror.contribs.org/smeserver/
/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20
using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm

Informative URLs:

http://forums.contribs.org/index.php?topic=31278.0

http://forums.contribs.org/index.php?topic=31279.0

http://forums.contribs.org/index.php?topic=32158.0

http://mirror.contribs.org/smeserver/
contribs/michaelw/sme7/

http://mirror.contribs.org/smeserver/ contribs/bread/mailstats/

http://wiki.apache.org/spamassassin/BayesInSpamAssassin

Enter this command at a console.

perldoc Mail::SpamAssassin::Conf

 
 
Last Updated ( Saturday, 12 August 2006 )

[wallyrp]

Good Afternoon,

Thank you for your reply. It appears that the whole sonoracomm.com website is down.

Again, I'm specifically looking to run ASSP and not spamassassin.

If it comes down to crunch time, I guess spamassassin is better than nothing in which case, I will be filtering for a MS Exchange 2003 server.

[meanpenguin]

Back when testing ASSP with 6.5, I had problems using the secure connections.

When using the secure connections, it would not go through ASSP.
So auto white entry for email sent to an address, or email to add an address to the white list were not processed.

Edward

[sonoracomm]

AFAIK, the only limitation of secure connections with ASSP is with TLS...and I don't think SME Server supports TLS anyway, though I could be wrong about that.

I think SSL is far more commonly used and is well supported by SME Server as well as ASSP.

G

p.s.  I have updated the ASSP howto on my web site for SME 7.2

http://www.sonoracomm.com/index.php?option=com_content&task=view&id=48

[meanpenguin]

Here is what I was running into before,

If you POP/IMAP using the SSL (e.g. In outlook, check the server needs SSL), almost everything works great.
The only thing which I could not get working was when
I send out an email, the recipient does not automatically get added to the whitelist.

It does if you use straight POP/IMAP.


Thanks,
Ed

[sonoracomm]

A review of the ASSP FAQ says that you are  correct, sir.  Good call!

http://www.asspsmtp.org/wiki/Frequently_Asked_Questions

ASSP only proxies port 25, so SSL traffic on another port would not be affected by or contribute to the whitelist automatically. 

I guess a mail admin would have to decide for himself how important this issue is. 

In my experience, the vast majority of my client sites only use SSL on their notebooks (for when they are out of the office).  However, I personally use SSL connections almost exclusively.   As an ISP running a public mail server, I enforce SSL for all SMTP connections outside of our own IP address ranges.

I'm surprised I never gave this any thought during the years I have used ASSP.  I'd have to surmise that it just doesn't matter...to me.  But I might change my perspective if I managed a mail server for a company that enforced 100% encryption even on the LAN (assuming they exist).

Thanks,

G