Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: mapangojoe on March 15, 2006, 10:14:28 PM
-
Hello all you fine SME users out there. Can anybody tell me if the contrib called ASSP (spam filter) will work with SME7. I have ASSP on a 5.5 box I would like reinstall and upgrade to 7, but ASSP is a must.
Thanks to all who reply!
-
SME 7 has spam filtering built in. I haven't tried it, but I will before I update the ASSP howto for SME 7.
Now if you wouldn't mind sending me the changes to the howto...I'd be happy to update it. Or if you compare the two methods, I'd sure appreciate your insight.
G
current:
http://www.sonoracomm.com/sonoracomm/pdf/ASSP_HOWTO.pdf
-
When/if I get some time (or if I can get my bench guy) to build up a little test SME7 box and attempt the install. I'll gladly post/reply with any news, good or bad. I'm not a programmer. If it does not install easily, I won't get it working.
I have not tried SME7, but I use the same "contribs" for filtering that 7 uses, and I'm very happy with them. Not perfect, but lots of control. I have a customer with a 5.5 box that I really need to get upgraded.
Thanks for the reply!
Chris Curtis'
SME 7 has spam filtering built in. I haven't tried it, but I will before I update the ASSP howto for SME 7.
Now if you wouldn't mind sending me the changes to the howto...I'd be happy to update it. Or if you compare the two methods, I'd sure appreciate your insight.
G
current:
http://www.sonoracomm.com/sonoracomm/pdf/ASSP_HOWTO.pdf
-
Good Evening,
I'm attempting to install ASSP 1.2.3 on SME 7. I changed the services to redirect the SMTP port to 125 as is needed by ASSP. The changes seem to be in place in the /etc/services file but when I do a netstat -an|grep LISTEN it lists smtp at port 25 instead of the 125 like I specified. When I attempt to connect to port 125 it refuses the connection. Any ideas on how I can change this setting?
-
Good Evening,
Ok, after more searching, I came across this thread: http://forums.contribs.org/index.php?topic=32732.0
It's not exactly an answer but I'll go sniffing down that trail.
-
Good Evening again,
Ok, I'm posting as I attempt to go through this process to avoid the RTFM responses.
I've used the following command in an attempt to change the stmp port:
/sbin/e-smith/config setprop smtp TCPPort 125
No success.
1. I turned off the smtp proxy.
2. Disabled everything regarding SpamAssassin and ClamAV.
3. Changed the service file to reflect the port change.
Still poking around.
-
Good Evening,
Ok, I did the /sbin/e-smith/config setprop smtpd TCPPort 125 and successfully changed the port. Now, I ran ASSP. Here were the results:
Jul-19-06 23:31:21 Option list file './redre.txt' reloaded (redRe)
Jul-19-06 23:31:21 Option list file './nodelay.txt' reloaded (noDelay)
Jul-19-06 23:31:21 ASSP version 1.2.3(0) (Perl 5.008005) initializing
Jul-19-06 23:31:21 ASSP running on server: test
Jul-19-06 23:31:21 Net::LDAP module version 0.31 installed and available
Jul-19-06 23:31:21 Net::DNS module version 0.48 installed and available
Jul-19-06 23:31:21 Email::Valid module not installed
Jul-19-06 23:31:21 Mail::SPF::Query module version 1.999001 installed and availa ble
Jul-19-06 23:31:21 Mail::SRS module not installed - Sender Rewriting Scheme disa bled
Jul-19-06 23:31:21 Compress::Zlib module version 1.41 installed - HTTP compressi on available
Jul-19-06 23:31:21 Digest::MD5 module version 2.33 installed - delaying will use MD5 keys for hashes
Jul-19-06 23:31:21 File::ReadBackwards module not installed - searching of log f iles disabled
Jul-19-06 23:31:21 Time::HiRes module version 1.55 installed - CPU usage statist ics available
Jul-19-06 23:31:21 PerlIO::scalar module version 0.02 installed - chroot savy
Jul-19-06 23:31:21 Sys::Syslog module version 0.08 installed - centralized loggi ng enabled
Jul-19-06 23:31:21 Couldn't create server socket on port '125' -- maybe another service is running or I'm not root (uid=0)?
Jul-19-06 23:31:21 Listening for mail connections at 125 and admin connections a t 55555
Jul-19-06 23:31:21 Warning: Bayesian spam database is small or empty: './spamdb'
Jul-19-06 23:31:21 Warning: whitelist is small or empty: './whitelist' (ignore i f this is a new install)
Jul-19-06 23:31:21 Loading virus definitions ...
Jul-19-06 23:31:21 Virus definitions loaded; count=0
Jul-19-06 23:31:21 Starting
perl-MLDBM is needed by perl-Mail-SRS-0.31-1.c4.noarch
Now, according to the quote above, assp wasn't able to create the 125 port but was able to create the 55555 port. Now when I run it, it states that it can't create the port 55555 as well. I'm going to reboot the unit to see what happens with port 125. Even though it stated that it couldn't create port 55555, I was able to attach to it.
Now regarding ClamAV that is installed with SME7, where is the main.db and daily.db files located? I'm not good and searching for files on linux.
-
Good Evening,
Well, I guess I got everything working just fine. I don't have it in production yet but everything looks good on the test bench. Regarding the ClamAV, I just ran the freshclam.sh file located in the assp folder and used the files created by this process. All that's left it tweaking it and putting it into production.
Yeehaw!
I've promised in the future to put together various how-to's with nothing being produced. Maybe someone can compile my rambling notes and merge it into the fabulous how-to that was done for SME v6.x.
-
I have ASSP on a 5.5 box I would like reinstall and upgrade to 7, but ASSP is a must.
Why? Do you have any evidence that ASSP is superior to SME7 as it comes out of the box?
-
Good Morning,
I know the previous post wasn't exactly directed at me but I thought I'd put in my two cents.
Well, I personally like to drive a Ford PowerStroke instead of a Dodge Cummins. That aside, I like ASSP over SpamAssassin. I don't really want to start a debate because all the facts are out there anyways. It basically goes back to me wanting to drive a Ford PowerStroke.
The one thing that I like about ASSP is that I can tell the users of the email server to teach it instead of me doing all the work. Based on what I read about SpamAssassin, I have to teach it as the email administrator. The things I would teach it would be outside of what it learns automatically. I like to outsource. 8-)
I hope that sonoracomm can use the above information that I have provided and update his how-to. I relied heavily on his how-to and appreciate his efforts.
-
I used POPFILE very efffectively at a previous company and they have the same approach to ASSP. It really works. It is a good parser (that cathes a lot of the tricks) as well as a Bayesian filter that I teach starting from the first spam message. At the moment I'm getting spam messages with the following subjects that are slipping through spamassasin. A good Bayesian filter that I told about the first one or two would have stopped the all others. A well taught filter catches in excess of 98% with a negligble false positive rate.
Sample subjects coming through Spamassasin:
Re: uocen VlcAGRA
uufif VIAGeRA
xicia VIAGeRA
and body parts of:
VALIvUM from 1, 20 $
VIAGvRA from 3, 35 $
AMBIvEN
CIALxIS from 3, 75 $
simple stuff. Bayesian filters works outside of RBL lists and does not introduce long delays in querying those. It simple mathematics that leverages probabilities. That's why it gets better as it goes along. The other atraction is the speed and the fact that it works even when the rbl list hosts are not available. Checkout the success stories on http://popfile.sourceforge.net/ and http://assp.sourceforge.net/
I would love a simple way to implement popfile as the front end for smeserver.
My 2c - ymmv
Cheers
-
Good Morning,
Well, I put the server up at a production site. I can telnet to port 25 and get the proper response from the local network. I can send email out from the local network to outside domains. I cannot make a port 25 connection from the outside network though nor can I receive any email from outside domains.
Now I can connect to port 125 though which is what smtpd is set to. I'm kind of bumfuzzeled.
Any ideas?
-
Although I don't have an SME 6.X box anymore to check with, I get the impression that the firewall rules have changed a bit in SME 7.
Now you are running your SMTP server on tcp port 125 you should check the firewall rules with the 'iptables -L' command. Pay special attention to the 'InboundTCP_xxxx' block. Is there still an accept rule for SMTP --> tcp port 25?
Keep us informed of your progress. I'm also considering installing ASSP....
-
Good Evening,
Now you had me chasing all over the net trying to determine the iptables stuff. 8-) Now, after thinking about this, and I may be wrong here, it would seem to me that port 25 is open by default. Would iptables be directing it to smtpd instead of to just any program? Remember, smtpd is only listening on 125 which is what ASSP is passing email on. ASSP is the program that would be listening to port 25 on the outside. Like I stated in an earlier thread, I can access port 25 from the local network. Now what I didn't try is to send a spam email message and see if ASSP actually was filtering the email.
-
I just temporarily changed my SMTP listening port from 25 to 125. What I saw is that the filewall ruling changed as well.
ACCEPT tcp -- anywhere linuxserver.egerards.com tcp dpt:smtp
changed to:
ACCEPT tcp -- anywhere linuxserver.egerards.com tcp dpt:125
So after changing the SMTP listening port, it seems to be necessary to (re)open tcp port 25 (for the outside world). Otherwise I expect it will not be possible to receive email from outside your local network.
Correct me if I am wrong....
-
Hi All,
I finally took some time to rewrite the ASSP on SME Howto for SME 7.
The only problem is that I used my home server for the testing and it is not a production mail server. In fact, the cable company blocks port 25 here at home, so I can't do much testing.
I would REALLY appreciate ANY corrections, tips, suggestions, configuration ideas... Please send them to gcooper(at)sonoracomm.com.
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=48&Itemid=32
After gaining experience with the built-in SpamAssassin, I have formulated a few opinions. I do feel that ASSP is a better spam filter in most every way...but I also have more experience with it.
However, this howto for configuring the already-installed SA is much shorter. ;-) SA also offers individual quarantines for each user. ASSP, as I configure it just has one. I think a single quarantine managed by a 'Spam Administrator' is better, in general, but YMMV.
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
Also, we are just getting started publishing many support documents on our new web site. Have a look...
http://www.sonoracomm.com
Thanks to all for all your help and especially to the developers this great open-source project!
G
-
Good Afternoon,
Thank you for your work regarding the how-to. Did you encounter the issue that I had to deal with regarding the changing of port 25? I had to set the property of smtpd to 125 from 25, just changing it in 10services didn't do the trick. After I changed this, I was unable to access port 25 from the outside network through the outside nic. Everything worked on the inside just fine regardless of 125 or 25. Any ideas?
I'm also rusty on changing the iptables, what would be a command line for that?
-
Hi Wally,
A quick look at the database confirmed the need to modify 'smtpd', so I just did it.
Unfortunatly, (don't laugh!), my ISP blocks port 25 so I can't readily test this issue on the box I used for testing. I was hoping someone else would. I would be surprised if the firewall rules caused a problem, based on history, but there's a first time for everything.
There may be another issue. I generally don't install SME as a gateway. I usually use Server Only mode and forward ports to the server. Firewalling may differ...
Are you sure the firewall is the problem? What do you see in /var/log/iptables/current?
I did notice in the database that there was another setting for
TCPProxyPort=25
I am curious what that is, exactly...
G
-
I just wanted to chime in with my long ASSP experience. I used ASSP for about 2 years on SME 6.0.x and had great results with my 25 users or so. When I upgraded to SME 7.0, I wanted to keep it simple and went with the built-in SA spam controls. I've now been using the 7.0 "default" spam controls for awhile (since the 1st week 7.0 was released), and I have to say that ASSP is definitely superior to SA. That is if you define superior to mean that it does a better job at killing spam before it reaches the user.
SA does have it's advantages. But it allows MUCH more spam to get through. ASSP trained it bayesian filter using the spam received by the entire company. It keeps about 15,000 (configurable) spams in a folder for the database. The downside of ASSP is that it had more false positives than SA. I was seeing about 2 to 5 false positives per 3600 messages. I learned to live with that. Also, the false positives are really accessible only if you log in to a separate spam bucket account set up to collect spam.
With 7.0 and a good e-mail client like Thunderbird or, yes, Outlook, the SME 7.0/SA approach is usable. Most spam that gets through the server is filtered out by the client - only a handful gets through the 2 levels of filtering. HOWEVER, now many of my clients access their e-mail using IMAP from their smart phones. The spam controls on these clients are terrible. So, when mobile, my users get way too much spam because SA lets too much through.
I now think that ASSP in front of SA will provide two-level filtering at the server that will help my mobile users. I hate to again move away from the simplicity of the "default" install, but SA just let's too much spam through compared to ASSP.
BTW, I have "tweaked" that SA settings all the way down to "7" as the score to flag a message as spam, and it still gets through! Arggggh!!
-
ktenbrook2
> ASSP trained it bayesian filter using the spam received by the entire company.
> The downside of ASSP is that it had more false positives than SA.
Did you consider to enable Bayes for SA in sme7.
There are forum posts telling how to do this with a db entry, search on Bayes or Bayesian
Please report your comparative results.
-
I recently updated to the howto I posted.
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
I found that setting the Custom Spam Tagging Level to 4 nearly eliminated spam from user's inboxes while resulting in very few (almost no) false-positives.
G
-
Good Afternoon,
Did anyone copy down the how-to that was created on sonoracomm.com? The site is apparently down. I can still find the 6.x version but I need the 7.x version. I like assp a ton better than spamassassin.
-
wallyrp
Here's an older version.
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32
Spam Filter Configuration for SME 7
This is a quick configuration howto, not an in-depth look at SpamAssassin. Much more can be done
beyond this document, but this will take a big dent out of your spam and free up CPU cycles on your server.
See 'More Information' at the end.
SpamAssassin
The following command will enable the default blacklists, enable the bayesian learning filter and set
thresholds for the bayesian filter.
rpm -Uvh
http://mirror.contribs.org/smeserver/contribs/
michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm
Server-Manager
Using the Server-Manager Configuration/E-Mail panel, adjust the settings to these reasonable defaults.
Virus scanning Enabled
Spam filtering Enabled
Spam sensitivity Custom
Custom spam tagging level 5
Custom spam rejection level 12
Sort spam into junkmail folder Enabled
Modify subject of spam messages Enabled
I would also recommend blocking all executable content. To do so, select (highlight) all of the attachment
types other than zip files (the last two).
Click Save.
How It Works
With this configuration, the spammiest messages, those marked as 12 or above, will be rejected at the
SMTP level. Those spam messages marked between 5 and 12, will be routed to the users' (IMAP)
junkmail folder. This is done so the users can check for false-positives...valid messages that were
classified as spam by SpamAssassin.
Users may check their junkmail folders for false-positives via webmail, or, if they are using an IMAP mail
client, by simply checking the junkmail folder exposed by their mail client.
https://servername/webmail
Tweaking
The server will automatically delete old spam in the junkmail folders after 90 days. You can control the
number of days old spam is kept with the following commands. Where 15 is the number of days you want
to keep messages, do...
db configuration setprop spamassassin MessageRetentionTime 15
signal-event email-update
svc -t /service/qpsmtpd
then
config show spamassassin
If you think you are losing misclassified mail, adjust the 'Custom spam rejection level' higher.
If too much spam is making through to your inbox, carefully adjust the 'Custom spam tagging level' down.
Many people use the level 4.
If too much spam is building up in your (IMAP) junkmail folder, adjust the 'Custom spam rejection level'
down or change the number of days spam is kept in the junkmail folder before being automatically delete
by the server.
Bayesian (Learning) Filter
Install the LearnAsSpam.pl, (optional) mailstats and sa-update scripts, then configure nightly cron jobs like this:
cd /usr/bin
wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/LearnAsSpam.pl
wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/spamfilter-stats-7.pl
cd /etc/cron.d
wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/LearnAsSpam.cron
wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/mailstats.cron
cd /etc/cron.daily
wget http://mirror.contribs.org/smeserver/
contribs//bread/mailstats/sa-update
chmod +x sa-update
/etc/rc.d/init.d/crond restart
Be sure to enter the wget lines as one long line.
Using an IMAP mail client, create a new folder called 'LearnAsSpam'. I created mine at the top level, like
'Inbox' for each user that will help train the Bayesian filter. Webmail will work fine for creating this folder,
as well as checking the junkmail (filtered mail or quarantine) folder.
If any spam messages make it past the filter and into your inbox, just move them into the LearnAsSpam
folder. A nightly cron job will process them and delete them for you. This is how you train the Bayesian filter.
Bayesian filtering must receive 200 spam messages before it starts to function, so don't expect
instantaneous results.
Whitelist and Blacklist
If mail comes in and it is misclassified as spam, you can add the sender to the whitelist so that future
messages coming in from that sender are not filtered.
Conversely, you can add a spammer to the blacklist so you never see their spam again.
Add senders (or their entire domains) to the global whitelist with these commands as root:
db spamassassin setprop wbl.global *@vonage.com White
db spamassassin setprop wbl.global *domain2.com White
db spamassassin setprop wbl.global user@domain3.comThis email address is being protected from spam bots, you need Javascript enabled to view it White
db spamassassin setprop wbl.global spammer@spamdomain.comThis email address is being protected from spam bots, you need Javascript enabled to view it Black
expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd
Clam Antivirus
Update and check your Clam Antivirus with this command.
freshclam -v
or
freshclam --debug
Verify hourly update checking by viewing the freshclam/current log file via the Server-Manager
View Log Files panel.
More Information
Here is another great howto (URL is all one line).
http://mirror.contribs.org/smeserver/
/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20
using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm
Informative URLs:
http://forums.contribs.org/index.php?topic=31278.0
http://forums.contribs.org/index.php?topic=31279.0
http://forums.contribs.org/index.php?topic=32158.0
http://mirror.contribs.org/smeserver/
contribs/michaelw/sme7/
http://mirror.contribs.org/smeserver/ contribs/bread/mailstats/
http://wiki.apache.org/spamassassin/BayesInSpamAssassin
Enter this command at a console.
perldoc Mail::SpamAssassin::Conf
Last Updated ( Saturday, 12 August 2006 )
-
Good Afternoon,
Thank you for your reply. It appears that the whole sonoracomm.com website is down.
Again, I'm specifically looking to run ASSP and not spamassassin.
If it comes down to crunch time, I guess spamassassin is better than nothing in which case, I will be filtering for a MS Exchange 2003 server.
-
Back when testing ASSP with 6.5, I had problems using the secure connections.
When using the secure connections, it would not go through ASSP.
So auto white entry for email sent to an address, or email to add an address to the white list were not processed.
Edward
-
AFAIK, the only limitation of secure connections with ASSP is with TLS...and I don't think SME Server supports TLS anyway, though I could be wrong about that.
I think SSL is far more commonly used and is well supported by SME Server as well as ASSP.
G
p.s. I have updated the ASSP howto on my web site for SME 7.2
http://www.sonoracomm.com/index.php?option=com_content&task=view&id=48
-
Here is what I was running into before,
If you POP/IMAP using the SSL (e.g. In outlook, check the server needs SSL), almost everything works great.
The only thing which I could not get working was when
I send out an email, the recipient does not automatically get added to the whitelist.
It does if you use straight POP/IMAP.
Thanks,
Ed
-
A review of the ASSP FAQ says that you are correct, sir. Good call!
http://www.asspsmtp.org/wiki/Frequently_Asked_Questions
ASSP only proxies port 25, so SSL traffic on another port would not be affected by or contribute to the whitelist automatically.
I guess a mail admin would have to decide for himself how important this issue is.
In my experience, the vast majority of my client sites only use SSL on their notebooks (for when they are out of the office). However, I personally use SSL connections almost exclusively. As an ISP running a public mail server, I enforce SSL for all SMTP connections outside of our own IP address ranges.
I'm surprised I never gave this any thought during the years I have used ASSP. I'd have to surmise that it just doesn't matter...to me. But I might change my perspective if I managed a mail server for a company that enforced 100% encryption even on the LAN (assuming they exist).
Thanks,
G