hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : Howto: ASSP installation in CPanel
Closed Thread

Forum Jump

Howto: ASSP installation in CPanel

Closed Thread Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 01-29-2007, 03:20 AM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,473

Howto: ASSP installation in CPanel


What is ASSP? ASSP is an Anti-Spam SMTP Proxy . The homepage can be found here. ASSP is a lightweight daemon that can filter mail based on various things such as SPF, RBLs, Bayesian word lists, as well as blocking email addresses from getting mail, or having mail filtered.
This tutorial will walk you through getting the admin interface for CPanel setup for ASSP. Currently, a paid user interface can be obtained here (note that I am in no way affiliated with, nor have I tried to use this UI, I am just offering the link to those that might find it useful)

Firstly, the setup:
You will need to activate Cpanel PRO (pro.cpanel.net/activate) for your server in order for this to fully work. This activation is currently free. Simply go to the previous mentioned URL and enter your IP address if you have not done so already.
Once you have activated CPanel PRO, go into whm->addon modules and check clamav connector, then click on "save". This will install clamav for you to use
Once you have done THIS, go to whm->service manager and UNcheck spamd (it is no longer necessary with ASSP), and again click on save/submit. Note that this IS optional, however the purpose of ASSP is to defeat spam before it GETS to SpamAssassin.
Once you have done THAT, go into whm -> tweak settings and uncheck SpamAssassin and BoxTrapper mail.

Secondly, the requirements:
ASSP needs certain perl modules established To install these, simply login (as root) to your server, and type the following
Code:
/scripts/perlinstaller --force Compress::Zlib
/scripts/perlinstaller --force Email::Valid
/scripts/perlinstaller --force File::ReadBackwards
/scripts/perlinstaller --force File::Scan::ClamAV
/scripts/perlinstaller --force Mail::SPF::Query
/scripts/realperlinstaller --force Mail::SRS
/scripts/realperlinstaller --force Tie::RDBM
/scripts/realperlinstaller Sys::Syslog
/scripts/perlinstaller --force Net::LDAP
/scripts/perlinstaller --force Time::HiRes
/scripts/perlinstaller --force Tie::DBI
Note that the --force is optional, however it will make sure you've got it installed. Do these one at a time as some of these have configurable options to them.
One more perl module is needed. Since the later versions of Net::DNS are known to cause issues with RBLs, SPFs and the like, it is advised to use 0.57 . This can be obtained by doing the following:
Code:
mkdir /usr/local/assp
cd /usr/local/assp
mkdir /usr/local/assp/tmp
cd /usr/local/assp/tmp
wget http://www.net-dns.org/download/Net-DNS-0.57.tar.gz
tar xzf Net-DNS-0.57.tar.gz
cd Net-DNS-0.57
perl Makefile.PL
make
make test
make install
Do NOT remove the /usr/local/assp/tmp directory as when you update cpanel, it will try to auto update Net::DNS again, so you will want this intact.

Now, let's get with the program here and install ASSP:
Code:
cd /usr/local/assp
wget http://switch.dl.sourceforge.net/sourceforge/assp/ASSP_1.2.6-Install.zip
unzip -d /usr/local/assp /usr/local/assp/ASSP_1.2.6-Install.zip
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/*
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/.DS_Store
rm -rf /usr/local/assp/__MACOSX
rm -rf /usr/local/assp/ASSP
rm -f ASSP_1.2.6-Install.zip
rm -f Win32-quickstart-guide.txt;rm -f freshclam.bat
cd /usr/local/assp
mkdir pb
cd pb
touch denysmtp.txt
touch exportedextreme.txt
touch pbdb.black.db
touch pbdb.rbl.db
touch pbdb.white.db
cd /usr/local/assp
mkdir /usr/local/assp/notspam
mkdir /usr/local/assp/spam
mkdir /usr/local/assp/errors
mkdir /usr/local/assp/errors/notspam
cd /usr/local/assp
wget http://www.grscripts.com/service/start
chmod 755 start
wget http://www.grscripts.com/service/stop
chmod 755 stop
cd /etc/rc.d/init.d
wget http://www.grscripts.com/service/assp
chmod 755 assp
The core of ASSP is now installed. However, the development versions have updated functions to use for users. Of course, this is completely optional, but is recommended completely. This can be done by the following in SSH
Code:
cd /usr/local/assp/
mv assp.pl assp.pl_old
mv spamdb spamdb.old
mv rebuildspamdb.pl rebuildspamdb.pl.old
mv repair.pl repair.pl.old
mkdir Data
mkdir Data/Lists
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.1/info.png
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.2/rebuildspamdb.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.3/repair.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.5/assp.css
mv assp.css images
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.6/assp.pl
cd Data/Lists
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.0/URIBLCCTLDS.txt
chmod u+x /usr/local/assp/*.pl
Now, let's get it up and running, and configure it, shall we?
Code:
cd /usr/local/assp
/etc/init.d/assp start
You'll see ASSP sending out some messages and then doing nothing. This is ok, and it's the expected response. Now, we need to edit some stuff. Hit ctrl-c (cancel) to shut down ASSP
once it's stopped, you'll see the following file in the assp directory - assp.cfg . Edit that with whatever you want for an editor, something like:
Code:
nano assp.cfg
You want to change a few options immediately just to get it working
Look for the lines that are something like:
Code:
runAsGroup:=
runAsUser:=
and change them to be:
Code:
runAsGroup:=root
runAsUser:=root
Then look for the line that is
Code:
AsADaemon:=
and change it to
Code:
AsADaemon:=1
Now, let's change the password just so that we're secure:
look for the line that is
Code:
webAdminPassword:=nospam4me
and change that to
Code:
webAdminPassword:=insertrandompasswordhere
Now, let's tell ASSP to setup and accept mail for our domains. Look for the line something like
Code:
localDomains:=
and change that to be
Code:
localDomains:=file:/etc/localdomains
Almost there, just a couple more changes needed.
Look for the line that is something like
Code:
smtpDestination:=127.0.0.1:225
and change that to be
Code:
smtpDestination:=127.0.0.1:125
(or another port instead of 125, just REMEMBER the port!!)
and one more change
change the line that looks like
Code:
listenPort:=125
to
Code:
listenPort:=25
Now save and exit the file. If you're using nano/pico, that would be ctrl-x , just make SURE to save the file before you exit!
Now, let's get ASSP fired up again
Code:
/etc/init.d/assp start
let's make sure you have assp starting on system boot:
Code:
chkconfig --add assp
Let's add a crontab to make sure that ASSP rebuilds the bayesian spam list
Quote:
crontab -e
Code:
10 4 * * * cd /usr/local/assp;/usr/local/assp/rebuildspamdb.pl
Occasionally, what I've seen is ASSP will get "hung" on certain things and just kill itself. This fix will work for this, and make sure your ASSP installation is running smoothly

Open up another file on the server, my example will be /bin/asspcheck. In this file, add the following contents
Code:
assplog=/usr/local/assp/check.log
DATE=`date "+%m-%d-%y [%k:%M]"`
pidof=/usr/local/assp/pid
thispid=`cat $pidof`
if [ ! -d /proc/$thispid ];then
rm -rf $pidof;
/etc/init.d/assp start
echo "$DATE - ASSP - restarted" >> $assplog
else
echo "$DATE - ASSP - ok" >> $assplog
fi
Now, chmod the file itself
Code:
chmod u+x /bin/asspcheck
Now, make sure it's called every 60 seconds. Add this to your root crontab
Quote:
crontab -e
Code:
* * * * * /bin/asspcheck
Now, let's go BACK into WHM and setup the variables needed to get exim to use ASSP
In exim configuration editor, click on "advanced editor"
Clear out EVERYTHING from all of the existing boxes. Keeping these with data can cause ASSP to not function as it should
When you've done that, add the following to the top box:
Code:
# assp
local_interfaces = 127.0.0.1.125
If you changed this variable to something else
Code:
smtpDestination:=127.0.0.1:125
put in the other port, NOT 125, so it would look like 127.0.0.1.whateverporthere

Click on Save
Exim will restart and you now have a working installation of assp

Now, let's go to it and work with it a bit, shall we?
go to http://yourip:55555 , enter the user admin and the password you changed nospam4me to. This will get you logged in and you can tweak the settings as you feel necessary.

ASSP is a great and powerful proxy for any mail server, which blocks using RBLS, whitelists, etc. It is advisable to setup the email interface and let your customers know of this so that you can get them to help you in reporting and addressing spam.
Parts of this howto were taken from this page, however much of that data has been found to be outdated as far as downloads from CVS and the like go, and I've added quite a bit of useful information into it as well.

Go through the ASSP configuration VERY carefully, and ONLY change what you're sure of. Start with the RBLs, increase the list to 5 and max hits to 2 as suggested.
If you notice problems with this or know how it might be better, hey, feel free to post in here and I'll keep it as updated as possible :)



Sponsored Links
  #2  
Old 01-29-2007, 07:31 AM
NhojOhl NhojOhl is offline
Junior Guru Wannabe
 
Join Date: Dec 2006
Posts: 34
Nice sum-up

  #3  
Old 01-29-2007, 04:55 PM
sh4ka sh4ka is offline
Web Hosting Evangelist
 
Join Date: Apr 2006
Posts: 498
great how to!

Sponsored Links
  #4  
Old 01-30-2007, 05:15 PM
sytker sytker is offline
Aspiring Evangelist
 
Join Date: Mar 2005
Posts: 359
Very good. Thanks very much.

  #5  
Old 02-19-2007, 08:05 PM
Ran Ran is offline
Web Hosting Master
 
Join Date: Jun 2003
Location: Indiana, US
Posts: 1,354
Will this How-To also work for the new 1.3.0?

  #6  
Old 02-19-2007, 08:30 PM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,473
Quote:
Originally Posted by Ran
Will this How-To also work for the new 1.3.0?
ASSP isn't officially at 1.3.0 (yet).
Once this is an official release, I'll update the howto

  #7  
Old 02-20-2007, 09:34 AM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,473
This should work without problems to update to 1.3.0. IF you already have assp installed:

-- Login to your server (ssh) as root
-- STOP assp
Code:
/etc/init.d/assp stop
Go into the assp directory, and get the new stuff
Code:
cd /usr/local/assp
mkdir files
cd files
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.4/ipwl.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.5/ipnp.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.10/nodelay.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.8/invalidptr.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.7/blackdomains.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.11/bombre.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.0/URIBLCCTLDS.txt
cd ../images/
rm -rf assp.css
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.1/info.png
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.2/assp.css
cd ../
ls
mv assp.pl assp.pl.stable
mv rebuildspamdb.pl rebuildspamdb.stable
mv repair.pl repair.pl.stable
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.6/repair.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.3/rebuildspamdb.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.12/assp.pl
RE-Start assp
Code:
/etc/init.d/assp start
If you do NOT already have assp installed:
Follow the instructions in the FIRST post UP TO
Quote:
The core of ASSP is now installed. However, the development versions have updated functions to use for users. Of course, this is completely optional, but is recommended completely. This can be done by the following in SSH
Once you get to THAT point, then follow the instructions in this post.
Skip that entire section in the original post
Once you've done the beta update stuff, then you can resume the instructions in the ORIGINAL post, beginning with:
Quote:
chmod u+x /usr/local/assp/*.pl
Now, let's get it up and running, and configure it, shall we?
Of course, if you want to wait until March 1st, 1.3.0 will be out stable (or so says the ASSP website )

  #8  
Old 02-24-2007, 02:38 AM
wafer wafer is offline
New Member
 
Join Date: Feb 2007
Posts: 2
secure smtp service is not available anymore, it stop after we applied assp on our server. is there anyway to enable secure smtp again?

  #9  
Old 03-02-2007, 05:12 PM
VVIP VVIP is offline
Disabled
 
Join Date: Dec 2006
Posts: 20
Hi,


How can I know if it's really work when my installation is just new on the server ? Thank you.

Best Regards,

  #10  
Old 03-03-2007, 03:23 PM
weBrazuca weBrazuca is offline
Newbie
 
Join Date: Mar 2006
Posts: 8
I have some CPU High Loads...

ASSP require a High load? ASSP stop any e-mail where not is SPAM?


Thank's for How To...!

__________________
http://www.webrazuca.com/ - weBrazuca do Brasil

  #11  
Old 03-04-2007, 07:54 AM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,473
Quote:
Originally Posted by weBrazuca
ASSP require a High load?
No, ASSP does not load your server down at all. In fact, compared to SpamAssassin (the CPanel alternative as it were), it handles things MUCH easier, as it doesn't parse stupid user rules.

Quote:
Originally Posted by weBrazuca
ASSP stop any e-mail where not is SPAM?
Anything you get to do this will do that, even SpamAssassin will. The good thing about ASSP though is that it is intuitive and LEARNS whom you mail, causing the system to whitelist them, and it takes user interaction (nospam, spam, whitelist reports). As well, ASSP can be told to set in "training mode" which will send everything to you if it thinks it might be spam.
Quote:
Originally Posted by VVIP
How can I know if it's really work when my installation is just new on the server ? Thank you.
If you go to the admin interface (port 55555 unless you change it) and log in, you will see a 'Info and Stats' page. This will tell you how well it is working and what it is doing.
Quote:
Originally Posted by wafer
secure smtp service is not available anymore, it stop after we applied assp on our server. is there anyway to enable secure smtp again?
Directly from the ASSP FAQ ( a good thing to read before you set something like this up)
Quote:
Q: Can ASSP be run with SSL / TLS connections?

No - not natively. Natively, ASSP only works with non-SSL connections. However, there are possibilities to use SSL for your email users to protect their authentication process. Third party utilities such as stunnel (http://stunnel.mirt.net) allow you to use SSL/TLS to encrypt connections between your outside party and ASSP. There is only one caveat; stunnel works as a proxy between your outside connection and ASSP. Consequently, ASSP sees the connection as originating from stunnel (typically 127.0.0.2), and not the sending party. This means that all connection checks (delaying, greylisting, RBL, etc) would not work with these connections. Consequently, if you want to use stunnel to protect any SMTP authentication process with your clients, you should prevent all non-AUTH connections to this port. This can be accomplished by setting the endport of stunnel to "Another Listen Port" (in Network Setup), and enabling "Enforce AUTH before MAIL FROM when connecting to second SMTP port". This will prevent any non-authenticated users from sending email through the encrypted stunnel connection.

  #12  
Old 03-05-2007, 10:54 PM
FazeWire FazeWire is offline
AKA "Faze"
 
Join Date: Mar 2007
Location: Washington State
Posts: 1,083
Is this worth it, what are your opinions on this. Do you guys like it?

  #13  
Old 03-07-2007, 11:03 AM
~G9~ ~G9~ is offline
Junior Guru
 
Join Date: Mar 2007
Location: 1010010101
Posts: 231
ASSP looks good for Internet webmail access but when clients use Outlook or ThunderBird to download (POP3) e-mails from the server and they receive a spam e-mail, what do they do to mark that e-mail is a spam and how ASSP on the server will know about that to add in its database list ?

__________________
Gestion Nexus
www.gestionnexus.qc.ca

  #14  
Old 03-07-2007, 11:12 AM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,473
ASSP has nothing to do with the "mail client" at all. It has everything to do with the SMTP server, as it forwards all mail to the REAL SMTP server after the garbage is filtered out.

Quote:
what do they do to mark that e-mail is a spam
Any decently developed mail client has filters that can scan headers. If the message is marked spam by ASSP, and it's being delivered, they can move that to a special folder, or simply forward it to the interface for blocking.


Is it worth it? Most definitely. Regardless of the mail client you're using, it is worth it. Regardless of the setup you are using, it is worth it. You won't find much else as smart as ASSP is.

  #15  
Old 03-07-2007, 11:23 AM
~G9~ ~G9~ is offline
Junior Guru
 
Join Date: Mar 2007
Location: 1010010101
Posts: 231
Is the special folder has to be the same name as the one on the server: spam & not spam ? Will ASSP update this folder on next download ?

__________________
Gestion Nexus
www.gestionnexus.qc.ca

Closed Thread

Related posts from TheWhir.com
Title Type Date Posted
Hostabulous Listing 2014-01-22 21:39:13
cPanel & WHM Software 11.36 Reaches Stable Tier Status Web Hosting News 2013-04-09 11:44:33
Hosting Control Panel cPanel & WHM 11.34 Release Hits Stable Tier Web Hosting News 2012-11-12 17:04:57
cPanel Releases cPanel, WHM 11.34 with New User Interface Web Hosting News 2012-10-16 13:09:49
cPanel Conference 2012: Branding and How to Do it Better with Felipe Gasper Web Hosting News 2012-10-09 18:00:02


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?