ASSP – Anti-Spam SMTP Proxy Server

For almost two decades I’ve operated my own email server for the family. It’s a fun hobby item, but does require some maintenance to defend against the constant barrage of spam and malicious actors trying to break in.

For most of that time I’ve been using ASSP (V2) as the front-end to incoming email and send mail and thought it was time to give it a plug here. Being an IT professional, I’ve been exposed to several of ASSP’s counterparts: Spam Assassin, Barracuda Spam Email Proxy, and the like – and I always seem to come back to ASSP because it seems to just do more than the others can despite it not being well known.

ASSP is coded in Perl and is available for just about every operating system possible. It has a bevy of Perl modules that are needed or optional to enhance features. And, oh boy, features – there are a ton:

  • Multiple Weighted DNSBLs
  • Multiple Weighted URIBLs
  • Greylisting
  • Weighted Regular Expression Filtering
  • Bayesian
  • Penalty Box
  • SenderBase
  • Attachment Blocking
  • ClamAV and FileScan
  • Blocking Reporting
  • LDAP support
  • Backscatter Detection
  • Recipient replacement / GUI user access rights management
  • MIME charset conversion / DKIM check and signing
  • Multi DB support for all hashes / level based open plugin support
  • Transparent TCP proxy support
  • Plugins: archive, full attachment check and replacement, OCR
  • Damping (steal spammers time)
  • AUTH to relay host / POP3 collector
  • Configuration value and file synchronization
  • Block Reports design could be customized
  • Razor2 and DCC support via Plugin
  • SNMP support (monitoring, configuring, controll-API)
  • User group import (file or LDAP or command based)
  • Automatic crash analyzer Hidden Markov Model
  • IPv6 socket support
  • Word stemming (several languages) for Bayesian analyzer
  • Perl module autoupdate via PPM or CPAN
  • Hidden Markov Model spam detection engine
  • Full unicode support
  • DMARC support
  • Private Whitelist (legacy, domain based, user based)
  • Private IP and Domain lists (legacy, domain based, user based)
  • CPU affinity settings
  • Web file commander
  • Graphical statistic output (SVG)
  • Native SSL support for target hosts
  • Client SSL-certificate validation
  • Private SMIME signing
  • Corporate SMIME signing, using a single privat certificate
  • Content based executable attachment blocking
  • Content based compressed attachment blocking
  • BATV check and signing
  • Message-ID signing and check FBMTV
  • Remote support

The options are simply dizzying but very powerful. Fortunately, they’ve done an extremely good job of providing a default settings package that does just about what most admins want out of the box.

Where ASSP shines, at least for me, is:

  • Granularity of settings: You can turn them on or off easily, and where it comes to spam scoring you can tweak them up or down for individual hit types to fine turn your scoring numbers that ultimately decide what is spam and what isn’t.
  • Automatic white list generation: one of my users sends an email to someone and that domain is automatically whitelisted for a year (default settings) as a known good recipient. This helps prevent a reply being tagged as spam due to things like a server misconfiguration on the other end.
  • Automatic spam reporting. You can configure your ASSP to have a specific email address that reports spam or nospam. Forwarding or redirecting to that email adds it to your bayesian checks. Yes, I know others offer this but it typically requires a “real user” be added to your email server.
  • “Non-standard” ports for sending: You can configure a non-standard port number that your users send mail though that is still authenticated against your primary SMTP gateway. Why? VPN that blocks standard send mail, and by using a non-standard port for your users it will generally stop harvester bots from hamming well-known ports with dictionary attacks or, in the case of port 25, simply deny any authentication attempt.
  • Speaking of port 25 attacks, after x number of failed auto attempts, you can have it add an attacking IP to your firewall rules to drop all traffic from that IP at your front door. It will do this by default for at least it’s own internal process for a user defined period of time if you don’t opt for the firewall flag.

All this is configured through a web browser via a fairly organized web portal. On that note, the dizzying array of options does make the page seem overwhelming and a lot has been added over the years. I think a talented HTML GUI wizard could do wonders for the project, but the bottomline is it works.

This entry was posted in macOS Server, Tech Trinkets, Windows. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *