Creating a Proxy Server with ASSP


ASSP

ASSP is a SMTP Spam Proxy server. It can also integrate with ClamAV fairly easily, giving a "one stop shop" and allowing your mail server to simply handle mail. The following assumes you are installing ASSP on the same machine as your SMTP server, but ASSP is designed to allow it to run on a separate machine, freeing up resources on the SMTP server for other things. Additionally, ASSP can be used to check mail for multiple destinations, giving the option to have one (or more) powerful spam/virus filtering system for multiple smtp servers.

Again, this assumes the filtering is taking place on the SMTP/IMAP/POP server, but placing it on a separate machine only requires minor modifications.

Install ClamAV

Anti-Virus's are very volatile, which is exactly the reason that the volatile Debian repository was built. See http://www.debian.org/volatile/. For this reason, we will want to turn on volatile so we can have a much more recent version of clamav.

#echo 'deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free' >> /etc/apt/sources.list
apt-get update
apt-get install clamav clamav-daemon clamav-docs libgmp3c2 clamav arj  unrar lha clamav-testfiles

apt-get install libcompress-zlib-perl libdigest-md5-perl libemail-valid-perl libfile-readbackwards-perl libfile-scan-perl libmail-spf-query-perl libmail-srs-perl libnet-dns-perl libsys-syslog-perl libnet-ldap-perl libtime-hires-perl

clamav-daemon will die because the new virus database has not been issued. do a

tail -f /var/log/clamav/freshclam.log

until you see the virus databaes update, then start the daemon with

/etc/init.d/clamav-daemon start

test your install:

clamscan /usr/share/clamav-testfiles/

Install Required Libraries and Test

Now, we need the File::Scan::ClamAV perl module, which is not included in Debian and, frankly, is a pain in the butt. I had trouble installing File::Scan::ClamAV on my Debian server. So, I did the following:

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/C/CF/CFABER/File-Scan-ClamAV-1.8.tar.gz
tar -xzvf File-Scan-ClamAV-1.8.tar.gz
cd File-Scan-ClamAV-1.8
perl Makefile.PL
make
make test # I get a lot of errors on this, but it seems to work, so I do the next step
make install

First, Tie::RDBM is not in the Debian repository, so we will download and install.

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Tie-DBI-1.02.tar.gz
tar -xzvf Tie-DBI-1.02.tar.gz
cd Tie-DBI-1.02 
perl Makefile.PL
make
make test  # again i get errors, but the install goes well
make install

Also, Net::Syslog is not here, so we get it also

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/L/LH/LHOWARD/Net-Syslog-0.03.tar.gz
tar -xzvf Net-Syslog-0.03.tar.gz
cd Net-Syslog-0.03
perl Makefile.PL
make
make test
make install

Now, add in additional perl libraries as needed by assp. See 1

apt-get install libcompress-zlib-perl libdigest-md5-perl libemail-valid-perl libfile-readbackwards-perl libfile-scan-perl libmail-spf-query-perl libmail-srs-perl libnet-dns-perl libsys-syslog-perl libnet-ldap-perl libtime-hires-perl unzip libdbi-perl libplrpc-perl libnet-daemon-perl

To test your installation of the perl library, use the following simple perl script (an adaptation of the CPAN documentation). Create a new file, say "test.pl" and give it the following contents:

#! /usr/bin/perl -w
use File::Scan::ClamAV; # ensure File::Scan::ClamAV is installed
use Net::Syslog; # ensure Net::Syslog is installed
use Tie::RDBM;   # ensure Tie::RDBM is installed
# test configuration of File::Scan::ClamAV
my $av = new File::Scan::ClamAV(port => '/var/run/clamav/clamd.ctl', find_all => 1);
if($av->ping){
       my %found = $av->scan('/usr/share/clamav-testfiles/');
       for my $file (keys %found){
               print "Found virus: $found{$file} in $file\n";
       }
}
1;

run this as

perl -w test.pl

You should get no errors, and output similar to the output of the clamscan output above.

Install ASSP

First, let's build a MySQL home for ASSP

mysql -u root -p # just log in
create database assp;
grant all on assp.* to assp@localhost identified by 'your password here';

http://www.asspsmtp.org/wiki/Debian_Linux_install_using_Postfix

cd /usr/src/
wget -c http://surfnet.dl.sourceforge.net/sourceforge/assp/ASSP_1.3.1-Install.zip
mkdir ASSP
cd ASSP
unzip ../ASSP_*-Install.zip
mkdir -p /usr/share/assp/spam
mkdir /usr/share/assp/notspam
mkdir /usr/share/assp/errors
mkdir /usr/share/assp/errors/spam
mkdir /usr/share/assp/errors/notspam
mv -f ASSP/* /usr/share/assp
cd ..
rm -fRv ASSP
chown -R 0.0 /usr/share/assp
cd /usr/share/assp
# this gives us a starting place for spam filtering
# See http://www.asspsmtp.org/wiki/Documentation#Training
lynx http://www.iworld.de/homes/fb/ASSP/S05BB20E1?WasRead=1 # (download spamdb.zip)
unzip spamdb.zip
perl assp.pl

On your web browser, go to http://yourdomain:55555. Log in with any username, and password nospam4me

Configure postfix and init.d

Stop assp.pl by pressing ctrl-c

Do the following only if running postfixadmin on the proxy server Edit /etc/postfixadmin/config.inc.php and change $CONF smtp_port 25 to 125

Edit /etc/postfix/master.cf

  • Comment out the line that reads smtp inet n - - - - smtpd
  • Add the line ((preserve any additional 'n's) Only if running proxy on your mail server
125  inet  n  -  -  -  -  smtpd

Restart Postfix

/etc/init.d/postfix restart

Create /etc/init.d/assp with the following contents:

#!/bin/sh -e
# Start or stop ASSP
#
# original version by Ivo Schaap <ivo@lineau.nl> had issues on Debian4. Modified by atramos.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
case "$1" in
   start)
      echo -n "Starting the Anti-Spam SMTP Proxy"
      cd /usr/share/assp
      perl assp.pl 2>&1 > /dev/null &
   ;;
   stop)
      echo -n "Stopping the Anti-Spam SMTP Proxy"
      kill -9 ´ps ax | grep "perl assp.pl" | grep -v grep | awk '{ print $1 }'´
   ;;
   restart)
      $0 stop || true
      $0 start
   ;;
   *)
   echo "Usage: /etc/init.d/assp {start|stop|restart}"
   exit 1
   ;;
esac
exit 0

Set permissions, and insert it into the various default runlevels, then start the daemon

chmod 755 /etc/init.d/assp
update-rc.d assp defaults
/etc/init.d/assp start

Configure ASSP

These are the options I turned on. They put the server into test mode, and set some basic things. Explore: there are many more options. You might also go to the assp wiki at http://www.asspsmtp.org/wiki/ which contains additional information.

  1. Network Setup
    1. SMTP Listen Port => 25
    2. SMTP Destination => IP/Port of your mail server
  2. Spam Control
    1. Add Spam Probability Header => Check
  3. Relaying
    1. Skip Local domain Check => Check
  4. Validate Sender
    1. Block All Remote Sender with Local Domain Address => check
    2. Reversed Lookup => 2 (log only)
    3. Validate Sender Domain MX/A => 2 (log only)
  5. Attachment & Viruses
    1. Use ClamAV => check
    2. Port or file socket for ClamAV => /var/run/clamav/clamd.ctl (for Debian)
  6. Bayesian Options
    1. Add Bayes Confidence Header => check
  7. TestModes
    1. Prepend Spam Subject Testmode => TEST MODE
    2. Prepend Spam Tag => check
    3. BlackDomain Test Mode => check
    4. Helo-Blacklist Test Mode => check
    5. Spam Address Test Mode => check
    6. DNSBL Test Mode => check
    7. URIBL Test Mode => check
    8. Missing MX/A Record Test Mode => check
    9. Reversed Lookup Test Mode => check
    10. Invalid Helo Test Mode => check
    11. Forged Local Helo Test Mode => check
    12. Forged Local Sender Test Mode => check
    13. Message Scoring Test Mode => check
  8. Email Interface
    1. Help Address => SpamHelp
    2. Report Spam Address => ThisIsSpam
    3. Report not-Spam Address => NotSpam
    4. Add To Whitelist Address => AddToWhitelist
    5. Remove from Whitelist Address => RemoveFromWhitelist
    6. From Address for Reports => A (possibly valid) admin e-mail address
  9. File Paths
    1. Email Whitelist Database File => mysql
    2. Email Redlist Database File => mysql
    3. Delaying Database => mysql
    4. MySQL hostname or IP => localhost
    5. MySQL database name => assp
    6. MySQL username => assp
    7. MySQL password => the dataase password
  10. Collecting
    1. Use Subject as Maillog Names => Check
  11. Logging
    1. SYSLOG Centralized Logging => Check
  12. Server Setup
    1. Run ASSP as a Daemon => Check
    2. My Name => your FQDN
    3. Web Admin Port => Change to some weird port
    4. Web Admin Password => Change this
    5. Jump to the End of the Maillog => check

Optional

If you have some spam already (say in a private directory), you can jump start the spam learning by copying it into /usr/share/assp/spam and executing

cd /usr/share/assp
perl rebuildspamdb.pl
Last update:
2013-05-12 22:07
Author:
Rod
Revision:
1.6
Average rating:0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.