proxy代理   soft软件   IT 业界特快   norton 诺顿病毒库   代理列表   search FTP搜索   whois IP地理位置   blog 追求完美  
money理财   life生活   RSS聚合门户   firefox WEB浏览器   免费域名   typeset 假古文   AntiVirus 反病毒   ipcn 站点导航  

« 我爱网络 | Main | [IPCN] 参加挑战杯 2004-04-24 17:00 综体西网球 »

April 21, 2004

antispam assp (qmail) - Anti-Spam SMTP Proxy (ASSP)

版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/04/21/000288.html

http://assp.sourceforge.net

ASSP Documentation
The Anti-Spam SMTP Proxy (ASSP) Server is an open source, platform-independent SMTP Proxy server which implements whitelists and Bayesian filtering to rid the planet of the blight of unsolicited email (UCE). UCE must be stopped at the SMTP server. Anti-spam tools must be adaptive to new spam and customized for each site抯 mail patterns. This free, easy-to-use tool works with any mail transport and achieves these goals requiring no operator intervention after the initial setup phase.
2003-Nov-14 2:02pm jhanna
 
It has long been clear to me that the best place to stop spam is at an organization's SMTP server. This is true for the following reasons:
  1. Most spam has an invalid bounce address, so notifying non-delivery simply bounces to Postmaster, creating even more wasted bandwidth. Failing to notify non-delivery is a problem for false-positives. The SMTP server is the only place where spam can be stopped before entering your system.
  2. The only possible feedback for spammers to void an address is from the SMTP server.
  3. Spam that passes through your SMTP server into mailboxes incurs cost to your organization: storage, transmission, backup, deletion -- in all these ways spam costs you money. The only way to minimize cost is to reject it at the initial point.

However, mail transport systems are slow to adopt new technology, and spammers are quick and flexible, able to adopt new technology as quickly as it becomes available. Consequently, most SMTP servers are ill equipped to stop spam.

Furthermore, one spam-stopping solution could work with all existing SMTP servers if it was implemented on a second level -- a transparent SMTP filtering proxy. This was my goal for this project.

I wanted a server that accepted connections on port 25, passing the transmission on to the official SMTP server, and relaying its replies back to the SMTP client. But when enough of the message had been transmitted to validate its legitimacy the ASSP server could either pipe the remainder of the message to the official SMTP server or close the connection to the official SMTP server and ignore the remainder of the message.

The Anti-Spam SMTP Proxy (ASSP) Server project is an open source platform-independent SMTP Proxy server which implements whitelists and Bayesian filtering to rid the planet of the blight of unsolicited email (UCE). UCE must be stopped at the SMTP server. Anti-spam tools must be adaptive to new spam and customized for each site's mail patterns. This free, easy-to-use tool works with any mail transport and achieves these goals requiring no operator intervention after the initial setup phase.

What features make ASSP great?
  1. Easy browser-based setup (optional).
  2. Uses your existing message transport and existing SMTP server.
  3. Works with Sendmail, qmail, Postfix, Imail, Exchange, Courier, Mercury, Lotus Notes, and all other standard SMTP servers.
  4. Runs on Linux, Unix, Windows, OS X, OS/2, and more.
  5. Automatically customizes to your site's unique email profile.
  6. Automatic whitelist -- noone you email will ever be blocked.
  7. Senders receive immediate notification if mail is blocked but no erroneous bounces are ever generated.
  8. Redlist keeps an address off the whitelist.
  9. No-processing addresses pass through.
  10. Makes use of honeypot type spambucket addresses to automatically recognize spam and update your spam database.
  11. Bayesian filter intelligently classifies email into spam and non-spam.
  12. Supports additional site-defined regular expressions to identify spam or non-spam email.
  13. Can optionally block all non-whitelisted email (for anti-spam zelots).
  14. Mime encoded and other camouflaged spam is also recognized.
  15. Automatically maintains the spam and non-spam databases.
  16. Accepts whitelist submissions and spam error reports by authorized email.
  17. Optionally rejects executable attachments from non-whitelisted (or all) addresses.
  18. Free (as in speech) software -- Licensed under the GPL.
  19. Practically no maintenance required.
  20. Active user community and email list for support questions.
  21. Source code included if you need to customize your installation.
  22. Runs as a service in Windows NT / 2000.
  23. Optionally blocks no mail but adds an email header and/or updates the message subject.
  24. Optionally uses community-based spam statistics to identify hosts that are likely to send spam or non-spam mail.
  25. In *nix environments can switch to non-root user. Also supports chroot jail.
  26. Individual users can be configured to receive all mail.
  27. Shows detailed analysis of spam rating process for specific messages.
  28. Option to forward a copy of every rejected mail to an address.
  29. No perl modules to install -- runs complete "out of the box".
  30. Can block spam-bombs (when spammers forge your domain in the from field).
  31. Keeps spam statistics for your site.
  32. Detailed up-to-date documentation.
  33. Can listen on more than one smtp port.
  34. And much more!

2003-Nov-13 2:31pm jhanna

-----> readme.txt
Written for RedHat 7.x , and many others I believe would work with
minor mods, if any.
The script 'assp' should be copied into /etc/init.d/   and then
linked to the appropriate run-level directories for starting up
and shutting down..   For example, I run at init 3 at startup, so
my script is linked to /etc/rc3.d/S79assp  (just before
S80sendmail)  and also to /etc/rc0.d/K31assp  (just after sendmail
shutdown).  The scripts 'start' and 'stop' should be in the 'sane'
directory (ie: the typical installation directory for ASSP), if
not you will have to modify 'assp' to fit.
Don't forget to set the permissions of assp start stop and assp.pl
(or best: all scripts) to 755

-----> assp.cfg 
AddSpamHeadder:=1
AddSpamProbHeadder:=1
AsADaemon:=
AsAService:=
AttachmentError:=500 Executable attachments are not allowed -- Compress before mailing.
BlockAllExes:=1
BlockExes:=1
ChangeRoot:=
DEBUG:=
EmailFrom:=ASSP <>
EmailHam:=assp-notspam
EmailInterfaceOk:=1
EmailSpam:=assp-spam
EmailWhitelist:=assp-white
ExtensionsToBlock:=exe|scr|pif|vb[es]|js|jse|ws[fh]|sh[sb]|lnk|bat|cmd|com|ht[ab]
KeepWhitelistedSpam:=0
MaxErrors:=10
MaxFiles:=14009
MaxWhitelistDays:=90
NoExternalSpamProb:=1
NoGoodhosts:=1
NoHaiku:=0
NoMaillog:=
NoRelaying:=550 Relaying not allowed
NotGreedyWhitelist:=
OrderedTieHashSize:=5000
OutgoingBufSize:=102400
PopB4SMTPFile:=
RamSaver:=
RestartEvery:=0
SpamError:=500 Mail appears to be unsolicited -- send error reports to postmaster@yourdomain.com
TestMode:=1
UpdateWhitelist:=3600
UseSubjectsAsMaillogNames:=1
WhitelistLocalOnly:=
WhitelistOnly:=
acceptAllMail:=127.0.0.|10.|169.254.|172.16.|192.168.
allowAdminConnectionsFrom:=
base:=/usr/local/assp
blackListedDomains:=
blackRe:=http://[\w\.]+@
bombError:=500 Your message was rejected because it appears to be part of a spam bomb -- rephrase your message and try sending it again.
bombRe:=
correctednotspam:=errors/notspam
correctedspam:=errors/spam
defaultLocalHost:=
dnsbl:=
greylist:=greylist
incomingOkMail:=
listenPort:=25
listenPort2:=
localDomains:=bbs.ipcn.org
localDomainsFile:=
logfile:=maillog.txt
maillogExt:=.eml
myName:=ASSP-nospam
noGreyListUpload:=
noProcessing:=
nogreydownload:=
notspamlog:=notspam
npRe:=
pidfile:=pid
redRe:=
redlistdb:=redlist
relayHost:=
relayHostFile:=
relayPort:=
runAsGroup:=nobody
runAsUser:=nobody
sendAllSpam:=
sendNoopInfo:=
showAdvanced:=1
silent:=
smtpDestination:=127.0.0.1:125
spamLovers:=
spamSubject:=
spamaddresses:=put|your@spambucket.com|addresses|@here.org
spamdb:=spamdb
spamlog:=spam
totalizeSpamStats:=1
webAdminPassword:=secret
webAdminPort:=55555
whiteListedDomains:=sourceforge.net
whiteRe:=
whitelistdb:=whitelist

-----> qmail start
% cat /etc/qmail/start
csh -cf '/var/qmail/rc &'
/etc/qmail/smtp.sh
% cat /etc/qmail/smtp.sh
/usr/local/bin/tcpserver -H -R -l 0 -t 1 -c 100 -v -p -x/etc/qmail/tcp.smtp.cdb -u 10001 -g 1000 0 125 /var/qmail/bin/qmail-smtpd >/dev/null 2>&1 &
% cat /usr/sbin/qmail
#!/bin/sh
PID=`ps -ax |grep qmail-send|grep -v grep`
PIDQ=`ps -ax |grep qmail-remote|grep -v grep`
case $1 in
start)
if [ "$PID" = "" ]; then
echo "Starting Qmail services......"
sh /etc/qmail/start
else
echo "Qmail already running."
fi
;;
stop)
if [ "$PID" = "" ]; then
echo "Qmail not running"
else
echo "Stoping Qmail services......"
killall qmail-send
killall tcpserver
if [ "$PIDQ" = "" ]; then
echo ""
else
killall qmail-remote
fi
fi
;;
restart)
if [ "$PID" = "" ]; then
echo "Qmail not running"
else
echo "Restart Qmail services......"
killall qmail-send
killall tcpserver
if [ "$PIDQ" = "" ]; then
echo ""
else
killall qmail-remote
fi
sh /etc/qmail/start
fi
;;
help)
echo "Qmail manage scripts and Qmail_setup-v1.5 compile by iceblood"
echo "My E-Mail:iceblood@163.com"
echo "qmail {start|stop|help}"
echo "       start      Starting Qmail services"
echo "       stop       Stoping Qmail services"
echo "       help       Qmail manage help"
echo ""
echo "                       Copyright (C) 2002 by iceblood"
echo "Help end."
;;
*)
echo "Qmail manage scripts and Qmail_setup-v1.5 compile by iceblood"
echo "My E-Mail:iceblood@163.com"
echo "qmail {start|stop|restart|help}"
echo "       start      Start Qmail services"
echo "       stop       Stop Qmail services"
echo "       restart    Restart Qmail services"
echo "       help       Qmail manage help"
echo ""
echo "                       Copyright (C) 2002 by iceblood"
echo "Help end."
;;
esac
exit 0
%

-----> demo
% /etc/rc.d/init.d/assp start
Starting ASSP via: /usr/local/assp/start /usr/local/assp
or
% /usr/local/assp/start /usr/local/assp
Starting ASSP Anti-SPAM Proxy server in /usr/local/assp
loading config -- base='/usr/local/assp'
Apr-21-04 02:03:10 ASSP version 1.0.9 initializing
Apr-21-04 02:03:10 Listening for mail connections at 25 and admin connections at 55555
Apr-21-04 02:03:10 Switched effective gid to 99 (nobody)
Apr-21-04 02:03:10 Switched real gid to 99 (nobody)
Apr-21-04 02:03:10 Switched effective uid to 99 (nobody)
Apr-21-04 02:03:10 Switched real uid to 99 (nobody)
Apr-21-04 02:03:10 Warning: Bayesian spam database is small or empty: '/usr/local/assp/spamdb'
Apr-21-04 02:03:10 Warning: Whitelist is small or empty: '/usr/local/assp/whitelist' (ignore if this is a new install)
Apr-21-04 02:03:10 Starting

% pwd
/usr/local/assp
% l
total 732
-rwxr-xr-x    1 root     root          615 Jul 16  2003 start*
-rwxr-xr-x    1 root     root          910 Jul 16  2003 goodhosts.pl*
-rwxr-xr-x    1 root     root          178 Jul 31  2003 stop*
-rwxr-xr-x    1 root     root         2468 Aug 14  2003 stat.pl*
-rwxr-xr-x    1 root     root          475 Oct 20  2003 repair.pl*
-rwxr-xr-x    1 root     root         5150 Nov 24 16:07 stats.sh*
-rwxr-xr-x    1 root     root         1807 Dec 15 11:13 addservice.pl*
-rwxr-xr-x    1 root     root         1390 Dec 17 14:57 move2num.pl*
-rwxr-xr-x    1 root     root        17271 Dec 17 15:09 rebuildspamdb.pl*
-rwxr-xr-x    1 root     root       114372 Dec 22 09:32 assp.pl*
drwx--S---    2 root     root         4096 Apr 21 01:31 notspam/
drwx--S---    4 root     root         4096 Apr 21 01:31 errors/
-rw-r--r--    1 root     root       527641 Apr 21 01:31 greylist
drwx--S---    2 root     root         4096 Apr 21 01:42 spam/
-rw-r--r--    1 root     root         1960 Apr 21 01:49 assp.cfg.bak.bak
-rw-r--r--    1 root     root          172 Apr 21 01:49 asspstats.sav
-rw-r--r--    1 root     root         1959 Apr 21 01:51 assp.cfg.bak
-rw-r--r--    1 nobody   nobody       1960 Apr 21 01:53 assp.cfg
-rw-r--r--    1 root     root            5 Apr 21 02:06 pid
-rw-r--r--    1 root     root         5229 Apr 21 02:06 maillog.txt

% tail maillog.txt

Apr-21-04 01:34:32 Connected: 166.111.154.35:4236
Apr-21-04 01:34:32 166.111.154.35 <windtear@ipcn.org> relay attempt blocked for: windtear@bbs.ipcn.org
Apr-21-04 01:36:02 Admin update: localDomains changed from 'putYourDomains.com|here.org' to 'bbs.ipcn.org'
Apr-21-04 01:36:21 Connected: 166.111.154.35:4238
Apr-21-04 01:36:21 166.111.154.35 <windtear@ipcn.org> to: windtear@bbs.ipcn.org Bayesian spam

-----> orig articles of mine

AntiSpam - C/R System - TMDA - wle - 反垃圾邮件

SOPHOS.ANTIVIRUS.V3.80.MULTILANGUAGE.LINUX-FeDEX

Linux 下命令行 反病毒软件  antivirus @ linux

Sophos sweep IDE update script - Download the IDE file - demo

my attemp about 2 mail and 1 bbs

 

本blog WWW

Posted by windtear at April 21, 2004 2:09 AM

本站使用中的任何问题,请与 windtear @ windtear.net 联系
Copyright© 1999-2024 Windtear. All rights reserved.