Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Hosting Security and Technology Tutorials : Howto: ASSP installation in CPanel

[linux-tech]

What is ASSP? ASSP is an Anti-Spam SMTP Proxy . The homepage can be found here. ASSP is a lightweight daemon that can filter mail based on various things such as SPF, RBLs, Bayesian word lists, as well as blocking email addresses from getting mail, or having mail filtered.
This tutorial will walk you through getting the admin interface for CPanel setup for ASSP. Currently, a paid user interface can be obtained here (note that I am in no way affiliated with, nor have I tried to use this UI, I am just offering the link to those that might find it useful)

Firstly, the setup:
You will need to activate Cpanel PRO (pro.cpanel.net/activate) for your server in order for this to fully work. This activation is currently free. Simply go to the previous mentioned URL and enter your IP address if you have not done so already.
Once you have activated CPanel PRO, go into whm->addon modules and check clamav connector, then click on "save". This will install clamav for you to use
Once you have done THIS, go to whm->service manager and UNcheck spamd (it is no longer necessary with ASSP), and again click on save/submit. Note that this IS optional, however the purpose of ASSP is to defeat spam before it GETS to SpamAssassin.
Once you have done THAT, go into whm -> tweak settings and uncheck SpamAssassin and BoxTrapper mail.

Secondly, the requirements:
ASSP needs certain perl modules established To install these, simply login (as root) to your server, and type the following

Code:

/scripts/perlinstaller --force Compress::Zlib
/scripts/perlinstaller --force Email::Valid
/scripts/perlinstaller --force File::ReadBackwards
/scripts/perlinstaller --force File::Scan::ClamAV
/scripts/perlinstaller --force Mail::SPF::Query
/scripts/realperlinstaller --force Mail::SRS
/scripts/realperlinstaller --force Tie::RDBM
/scripts/realperlinstaller Sys::Syslog
/scripts/perlinstaller --force Net::LDAP
/scripts/perlinstaller --force Time::HiRes
/scripts/perlinstaller --force Tie::DBI

Note that the --force is optional, however it will make sure you've got it installed. Do these one at a time as some of these have configurable options to them.
One more perl module is needed. Since the later versions of Net::DNS are known to cause issues with RBLs, SPFs and the like, it is advised to use 0.57 . This can be obtained by doing the following:

Code:

mkdir /usr/local/assp
cd /usr/local/assp
mkdir /usr/local/assp/tmp
cd /usr/local/assp/tmp
wget http://www.net-dns.org/download/Net-DNS-0.57.tar.gz
tar xzf Net-DNS-0.57.tar.gz
cd Net-DNS-0.57
perl Makefile.PL
make
make test
make install

Do NOT remove the /usr/local/assp/tmp directory as when you update cpanel, it will try to auto update Net::DNS again, so you will want this intact.

Now, let's get with the program here and install ASSP:

Code:

cd /usr/local/assp
wget http://switch.dl.sourceforge.net/sourceforge/assp/ASSP_1.2.6-Install.zip
unzip -d /usr/local/assp /usr/local/assp/ASSP_1.2.6-Install.zip
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/*
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/.DS_Store
rm -rf /usr/local/assp/__MACOSX
rm -rf /usr/local/assp/ASSP
rm -f ASSP_1.2.6-Install.zip
rm -f Win32-quickstart-guide.txt;rm -f freshclam.bat
cd /usr/local/assp
mkdir pb
cd pb
touch denysmtp.txt
touch exportedextreme.txt
touch pbdb.black.db
touch pbdb.rbl.db
touch pbdb.white.db
cd /usr/local/assp
mkdir /usr/local/assp/notspam
mkdir /usr/local/assp/spam
mkdir /usr/local/assp/errors
mkdir /usr/local/assp/errors/notspam
cd /usr/local/assp
wget http://www.grscripts.com/service/start
chmod 755 start
wget http://www.grscripts.com/service/stop
chmod 755 stop
cd /etc/rc.d/init.d
wget http://www.grscripts.com/service/assp
chmod 755 assp

The core of ASSP is now installed. However, the development versions have updated functions to use for users. Of course, this is completely optional, but is recommended completely. This can be done by the following in SSH

Code:

cd /usr/local/assp/
mv assp.pl assp.pl_old
mv spamdb spamdb.old
mv rebuildspamdb.pl rebuildspamdb.pl.old
mv repair.pl repair.pl.old
mkdir Data
mkdir Data/Lists
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.1/info.png
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.2/rebuildspamdb.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.3/repair.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.5/assp.css
mv assp.css images
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.6/assp.pl
cd Data/Lists
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/05B0C8D4-000F4555.0/URIBLCCTLDS.txt

chmod u+x /usr/local/assp/*.pl
Now, let's get it up and running, and configure it, shall we?

Code:

cd /usr/local/assp
/etc/init.d/assp start

You'll see ASSP sending out some messages and then doing nothing. This is ok, and it's the expected response. Now, we need to edit some stuff. Hit ctrl-c (cancel) to shut down ASSP
once it's stopped, you'll see the following file in the assp directory - assp.cfg . Edit that with whatever you want for an editor, something like:

Code:

nano assp.cfg

You want to change a few options immediately just to get it working
Look for the lines that are something like:

Code:

runAsGroup:=
runAsUser:=

and change them to be:

Code:

runAsGroup:=root
runAsUser:=root

Then look for the line that is

Code:

AsADaemon:=

and change it to

Code:

AsADaemon:=1

Now, let's change the password just so that we're secure:
look for the line that is

Code:

webAdminPassword:=nospam4me

and change that to

Code:

webAdminPassword:=insertrandompasswordhere

Now, let's tell ASSP to setup and accept mail for our domains. Look for the line something like

Code:

localDomains:=

and change that to be

Code:

localDomains:=file:/etc/localdomains

Almost there, just a couple more changes needed.
Look for the line that is something like

Code:

smtpDestination:=127.0.0.1:225

and change that to be

Code:

smtpDestination:=127.0.0.1:125

(or another port instead of 125, just REMEMBER the port!!)
and one more change
change the line that looks like

Code:

listenPort:=125

to

Code:

listenPort:=25

Now save and exit the file. If you're using nano/pico, that would be ctrl-x , just make SURE to save the file before you exit!
Now, let's get ASSP fired up again

Code:

/etc/init.d/assp start

let's make sure you have assp starting on system boot:

Code:

chkconfig --add assp

Let's add a crontab to make sure that ASSP rebuilds the bayesian spam list

Quote:

crontab -e

Code:

10 4 * * * cd /usr/local/assp;/usr/local/assp/rebuildspamdb.pl

Occasionally, what I've seen is ASSP will get "hung" on certain things and just kill itself. This fix will work for this, and make sure your ASSP installation is running smoothly

Open up another file on the server, my example will be /bin/asspcheck. In this file, add the following contents

Code:

assplog=/usr/local/assp/check.log
DATE=`date "+%m-%d-%y [%k:%M]"`
pidof=/usr/local/assp/pid
thispid=`cat $pidof`
if [ ! -d /proc/$thispid ];then
rm -rf $pidof;
/etc/init.d/assp start
echo "$DATE - ASSP - restarted" >> $assplog
else
echo "$DATE - ASSP - ok" >> $assplog
fi

Now, chmod the file itself

Code:

chmod u+x /bin/asspcheck

Now, make sure it's called every 60 seconds. Add this to your root crontab

Quote:

crontab -e

Code:

* * * * * /bin/asspcheck

Now, let's go BACK into WHM and setup the variables needed to get exim to use ASSP
In exim configuration editor, click on "advanced editor"
Clear out EVERYTHING from all of the existing boxes. Keeping these with data can cause ASSP to not function as it should
When you've done that, add the following to the top box:

Code:

# assp
local_interfaces = 127.0.0.1.125

If you changed this variable to something else

Code:

smtpDestination:=127.0.0.1:125

put in the other port, NOT 125, so it would look like 127.0.0.1.whateverporthere

Click on Save
Exim will restart and you now have a working installation of assp

Now, let's go to it and work with it a bit, shall we?
go to http://yourip:55555 , enter the user admin and the password you changed nospam4me to. This will get you logged in and you can tweak the settings as you feel necessary.

ASSP is a great and powerful proxy for any mail server, which blocks using RBLS, whitelists, etc. It is advisable to setup the email interface and let your customers know of this so that you can get them to help you in reporting and addressing spam.
Parts of this howto were taken from this page, however much of that data has been found to be outdated as far as downloads from CVS and the like go, and I've added quite a bit of useful information into it as well.

Go through the ASSP configuration VERY carefully, and ONLY change what you're sure of. Start with the RBLs, increase the list to 5 and max hits to 2 as suggested.
If you notice problems with this or know how it might be better, hey, feel free to post in here and I'll keep it as updated as possible :)

[NhojOhl]

Nice sum-up

[sh4ka]

great how to!

[sytker]

Very good. Thanks very much.

[Ran]

Will this How-To also work for the new 1.3.0?

[linux-tech]

Quote:

Originally Posted by Ran

Will this How-To also work for the new 1.3.0?

ASSP isn't officially at 1.3.0 (yet).
Once this is an official release, I'll update the howto

[linux-tech]

This should work without problems to update to 1.3.0. IF you already have assp installed:

-- Login to your server (ssh) as root
-- STOP assp

Code:

/etc/init.d/assp stop

Go into the assp directory, and get the new stuff

Code:

cd /usr/local/assp
mkdir files
cd files
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.4/ipwl.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.5/ipnp.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.10/nodelay.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.8/invalidptr.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.7/blackdomains.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.11/bombre.txt
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.0/URIBLCCTLDS.txt
cd ../images/
rm -rf assp.css
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.1/info.png
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.2/assp.css
cd ../
ls
mv assp.pl assp.pl.stable
mv rebuildspamdb.pl rebuildspamdb.stable
mv repair.pl repair.pl.stable
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.6/repair.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.3/rebuildspamdb.pl
wget http://www.magicvillage.de/~Fritz_Borgstedt/assp/S05B0C8D4.12/assp.pl

RE-Start assp

Code:

/etc/init.d/assp start

If you do NOT already have assp installed:
Follow the instructions in the FIRST post UP TO

Quote:

The core of ASSP is now installed. However, the development versions have updated functions to use for users. Of course, this is completely optional, but is recommended completely. This can be done by the following in SSH

Once you get to THAT point, then follow the instructions in this post.
Skip that entire section in the original post
Once you've done the beta update stuff, then you can resume the instructions in the ORIGINAL post, beginning with:

Quote:

chmod u+x /usr/local/assp/*.pl
Now, let's get it up and running, and configure it, shall we?

Of course, if you want to wait until March 1st, 1.3.0 will be out stable (or so says the ASSP website )

[wafer]

secure smtp service is not available anymore, it stop after we applied assp on our server. is there anyway to enable secure smtp again?

[VVIP]

Hi,


How can I know if it's really work when my installation is just new on the server ? Thank you.

Best Regards,

[weBrazuca]

I have some CPU High Loads...

ASSP require a High load? ASSP stop any e-mail where not is SPAM?


Thank's for How To...!

[linux-tech]

Quote:

Originally Posted by weBrazuca

ASSP require a High load?

No, ASSP does not load your server down at all. In fact, compared to SpamAssassin (the CPanel alternative as it were), it handles things MUCH easier, as it doesn't parse stupid user rules.

Quote:

Originally Posted by weBrazuca

ASSP stop any e-mail where not is SPAM?

Anything you get to do this will do that, even SpamAssassin will. The good thing about ASSP though is that it is intuitive and LEARNS whom you mail, causing the system to whitelist them, and it takes user interaction (nospam, spam, whitelist reports). As well, ASSP can be told to set in "training mode" which will send everything to you if it thinks it might be spam.

Quote:

Originally Posted by VVIP

How can I know if it's really work when my installation is just new on the server ? Thank you.

If you go to the admin interface (port 55555 unless you change it) and log in, you will see a 'Info and Stats' page. This will tell you how well it is working and what it is doing.

Quote:

Originally Posted by wafer

secure smtp service is not available anymore, it stop after we applied assp on our server. is there anyway to enable secure smtp again?

Directly from the ASSP FAQ ( a good thing to read before you set something like this up)

Quote:

Q: Can ASSP be run with SSL / TLS connections?

No - not natively. Natively, ASSP only works with non-SSL connections. However, there are possibilities to use SSL for your email users to protect their authentication process. Third party utilities such as stunnel (http://stunnel.mirt.net) allow you to use SSL/TLS to encrypt connections between your outside party and ASSP. There is only one caveat; stunnel works as a proxy between your outside connection and ASSP. Consequently, ASSP sees the connection as originating from stunnel (typically 127.0.0.2), and not the sending party. This means that all connection checks (delaying, greylisting, RBL, etc) would not work with these connections. Consequently, if you want to use stunnel to protect any SMTP authentication process with your clients, you should prevent all non-AUTH connections to this port. This can be accomplished by setting the endport of stunnel to "Another Listen Port" (in Network Setup), and enabling "Enforce AUTH before MAIL FROM when connecting to second SMTP port". This will prevent any non-authenticated users from sending email through the encrypted stunnel connection.

[FazeWire]

Is this worth it, what are your opinions on this. Do you guys like it?

[-p9-]

ASSP looks good for Internet webmail access but when clients use Outlook or ThunderBird to download (POP3) e-mails from the server and they receive a spam e-mail, what do they do to mark that e-mail is a spam and how ASSP on the server will know about that to add in its database list ?

[linux-tech]

ASSP has nothing to do with the "mail client" at all. It has everything to do with the SMTP server, as it forwards all mail to the REAL SMTP server after the garbage is filtered out.

Quote:

what do they do to mark that e-mail is a spam

Any decently developed mail client has filters that can scan headers. If the message is marked spam by ASSP, and it's being delivered, they can move that to a special folder, or simply forward it to the interface for blocking.


Is it worth it? Most definitely. Regardless of the mail client you're using, it is worth it. Regardless of the setup you are using, it is worth it. You won't find much else as smart as ASSP is.

[-p9-]

Is the special folder has to be the same name as the one on the server: spam & not spam ? Will ASSP update this folder on next download ?