Config ASSP (ASSP.freyder.com) Host: centos @ 192.168.1.202

Configuration Sharing

Enable Configuration Sharing (enableCFGShare)

Read all positions in this section carefully (multiple times is recommended!!!)! A wrong configuration sequence or wrong configuration values can lead in to a destroyed ASSP configuration!

If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file.
If the configuration of all values in this section is valid, the synchronization status will be shown in the GUI for each config value that is, or could be shared. There are several configuration values, that could not be shared. The list of all shareable values could be found in the distributed file assp_sync.cfg

For an initial synchronization setup set the following config values in this order: setup syncServer, syncConfigFile, syncTestMode and as last syncCFGPass (leave isShareSlave and isShareMaster off). Use the default (distributed syncConfigFile assp_sync.cfg) file and configure all values to your needs - do this on all peers by removing lines or setting the general sync flag to 0 or 1 (see the description of syncConfigFile ).
If you have finished this initial setup, enable isShareMaster or isShareSlave - now assp will setup all entrys in the configuration file for all sync peers to the configured default values (to 1 if isShareMaster or to 3 if isShareSlave is selected). Do this on all peers. Now you can configure the synchronization behavior for each single configuration value for each peer, if it should differ from the default setup.
For the initial synchronization, configure only one ASSP installation as master (all others as slave). If the initial synchronization has finished, which will take up to one hour, you can configure all or some assp as master and slave. On the initial master simply switch on isShareSlave. On the inital slaves, switch on isShareMaster and change all values in the sync config file that should be bedirectional shared from 3 to 1. As last action enable enableCFGShare on the SyncSlaves first and then on the SyncMaster.
After such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfigFile)! To add or remove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file manualy.

This option can only be enabled, if isShareMaster and/or isShareSlave and syncServer and syncConfigFile and syncCFGPass are configured!
Because the synchronization is done using a special SMTP protocol (without "mail from" and "rcpt to"), this option requires an installed Net::SMTP module in PERL. This special SMTP protocol is not usable to for any MTA for security reasons, so the "sync mails" could not be forwarded via any MTA.
For this reason all sync peers must have a direct or routed TCP connection to each other peer.

This is a Share Master (isShareMaster)

If selected, ASSP will send configured configuration changes to sync peers.

This is a Share Slave (isShareSlave)

If selected, ASSP will receive configured configuration changes from sync peers. To accept a sync request, every sending peer has to be defined in syncServer - even if there are manualy made entrys in the sync config file for a peer.

Default Sync Peers (syncServer)

Define all configuration sync peers here (to send changes to or to receive changes from). Sepatate multiple values by "|". Any value must be a pair of hostname or ip-address and :port, like 10.10.10.10:25 or mypeerhost:125 or mypeerhost.mydomain.com:225. The :port must be defined!
The target port can be the listenPort , listenPort2 or relayPort of the peer.

Test Mode for Config Sync (syncTestMode)

If selected, a master (isShareMaster) will process all steps to send configuration changes, but will not really send the request to the peers. A slave (isShareSlave) will receive all sync requests, but it will not change the configuration values and possibly sent configuration files will be stored at the original location and will get an extension of ".synctest".

Configuration File for Config Sync* (syncConfigFile)

Define the synchronization configuration file here (default is file:assp_sync.cfg).
This file holds the configuration and the current status of all synchronized assp configuration values.
The format of an initial value is: "varname:=syncflag" - where syncflag could be 0 -not shared and 1 -is shared - for example: HeaderMaxLength:=1 . The syncflag is a general sign, which meens, a value of 0 disables the synchronization of the config value for all peers. A value of 1, enables the peer configuration that possibly follows.
The format after an initial setup is: "varname:=syncflag,syncServer1=status,syncServer2=status,......". The "status" could be one of the following:

0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change requests for this value from there
1 - I am a SyncMaster, the value is still out of sync to this peer and should be synchronized as soon as possible
2 - I am a SyncMaster, the value is still in sync to this peer
3 - I am not a SyncMaster but a SyncSlave - only this SyncMaster (peer) knows the current sync status to me
4 - I am a SyncMaster and a SyncSlave (bidirectional sync) - a change of this value was still received from this syncServer (peer) and should not be sent back to this syncServer - this flag will be automaticaly set back to 2 at the next synchronization check

Config Sync Password (syncCFGPass)

The password that is used and required (additionaly to the sending IP address) to identify a valid sync request. This password has to be set equal in all ASSP installations, from where and/or to where the configuration should be synchronized.
The password must be at least six characters long.
If you want or need to change this password, first disable enableCFGShare here an on all peers, change the password on all peers, enable enableCFGShare on SyncSlaves then enable enableCFGShare on SyncMasters.

Show Detail Sync Information in GUI (syncShowGUIDetails)

If selected, the detail synchronization status is shown at the top of each configuration parameter like:

nothing shown - there is no entry defined for this parameter in the syncConfigFile or it is an unsharable parameter
"(shareable)" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"(shared: ...)" - the detail sync status for each sync peer

If not selected, only different colored bulls are shown at the top of each configuration parameter like:

nothing shown - no entry in the syncConfigFile or it is an unsharable parameter
"black bull •" - the parameter is shareable but the general sync sign in the syncConfigFile is zero
"green bull •" - the parameter is shared and in sync to each peer
"red bull •" - the parameter is shared but it is currently out of sync to at least one peer

If you move the mouse over the bull, a hint box will show the detail synchronization status.

Notes Config Sync

Network Setup

Connections Logging (ConnectionLog)

SMTP Listen Port

(listenPort)

The port number on which ASSP will listen for incoming SMTP connections (normally 25). You can specify both an IP address and port number to limit connections to a specific interface. Multiple ports (interface:port) are possible separated by a pipe (|). Hint: If you set this port to 25, you must not set "listenPort2" to 25

Examples:25
123.123.123.1:25|123.123.123.5:25

SMTP Destination (smtpDestination, default=127.0.0.1:1025)

The IP number! and port number of your primary SMTP mail transfer agent (MTA). If multiple servers are listed and the first listed MTA does not respond, each additional MTA will be tried. If only a port number is entered, or the dynamic keyword INBOUND is used with a port number, then the connection will be established to the local IP address on which the connection was received. This is useful when you have several IP addresses with different domains or profiles in your MTA. If INBOUND:PORT is used, ReportingReplies (Analyze,Help,etc and CopyMail will go to 127.0.0.1:PORT. If your needs are different, use smtpReportServer (SMTP Reporting Destination) and sendAllDestination (Copy Spam SMTP Destination). Separate multiple entries by "|".Examples:127.0.0.1:1025, 127.0.0.1:1025|127.0.0.5:1025, INBOUND:1025

ASSP Internal Mail Destination (EmailReportDestination)

Port to connect to when ASSP sends replies to email-interface mails, notifications and block reports. Must be set when smtpDestination contains INBOUND. For example "10.0.1.3:1025", etc.

Second SMTP Listen Port (listenPort2, default=587)

A secondary port number on which ASSP can accept SMTP connections. This is useful as a dedicated port for TLS or VPN clients or for those who cannot directly send mail to a mail server outside of their ISP's network because the ISP is blocking port 25. Multiple ports (interface:port) are possible separated by a pipe (|). Hint: If you set this port to 587, you must not set another portlike "listenPort" to 587

Examples: 587
192.168.0.100:587
192.168.0.100:587|192.168.0.101:587

Second SMTP Destination (smtpAuthServer)

The IP address/hostname and port number to connect to when mail is received on the second SMTP listen port. If the field is blank, smtpDestination will be used. The purpose of this setting is to allow remote users to make authenticated connections and transmit their email without encountering SPF failures.

Examples:127.0.0.1:687

Force SMTP AUTH on Second SMTP Listen Port (EnforceAuth)

Do not allow clients to connect to listenPort2 without Authentication.

Disable SMTP AUTH for External Clients (DisableAUTH)

If you do not want external clients to use SMTP AUTH - check this option.

Primary MX Host (PrimaryMX)

The IP number of the Primary MX if there is one.

Ping Primary MX Host (PrimaryMXping)

Disable connections on port 25 if PrimaryMX is up and running.

Enable IPv6 support (enableINET6)

For IPv6 network support to be enabled, check this box. Default is disabled. IO::Socket::INET6 is able to handle both IPv4 and IPv6. NOTE: This option requires an installed IO::Socket::INET6 module in PERL and your system should support IPv6 sockets.
Before you enable or disable IPv6, please check every IP listener and destination definition in assp and correct the settings. Changing this requires a restart of ASSP! IPv4 addresses are defined for example 192.168.0.1 or 192.168.0.1:25 - IPv6 addresses are defined like [FE80:1:0:0:0:0:0:1]:25 or [FE80:1::1]:25 ! If an IPv4 address is defined for a listener, assp will listen only on the IPv4 socket. If an IPv6 address is defined for a listener, assp will listen only on the IPv6 socket. If only a port is defined for a listener, assp will listen on both IPv4 and IPv6 sockets.

SMTP Destination Routing Table* (smtpDestinationRT)

If INBOUND is used in the SMTP Destination field, the rules specified here are used to route the inbound IP address to a different outbound IP address. You must specify a port number with the outbound IP address. This feature works by assigning as many IP numbers to ASSP as you have different receiving Mailservers.

Example:141.120.110.1=>141.120.110.129:25|141.120.110.2=>141.120.110.130:125|141.120.110.3=>141.120.110.130:125

requires ASSP restart

Notes On Network Setup

SMTP Session Limits

Session Limit Logging (SessionLog)

Maximum Errors Per Session (MaxErrors)

The maximum number of SMTP session errors encountered before the connection is dropped. Scoring is done with meValencePB.

Maximum Sessions (maxSMTPSessions)

The maximum number of simultaneous SMTP sessions. This can prevent server overloading and DoS attacks. 64 simultaneous sessions are typically enough. No entry or zero means no limit.

No Maximum Sessions IP numbers* (noMaxSMTPSessions)

Mail from any of these IP numbers and Hostnames will pass through without checking maximum number of simultaneous SMTP sessions. For example: [localhost]|145.145.145.145

Maximum Sessions Per IP Number (maxSMTPipSessions, default=5)

The maximum number of SMTP sessions allowed per IP number. Use this setting to prevent server overloading and DoS attacks. 5 sessions are typically enough. If left blank or set to 0 there is no limit imposed by ASSP. ispip (ISP/Secondary MX Servers) and acceptAllMail (Accept All Mail) matches are excluded from SMTP session limiting. Scoring is done with iplValencePB.

Include IP's in ispip in Maximum Sessions Per IP Check (maxSMTPipSessionsISPIP)

IP numbers in ispip (ISP/Secondary MX Servers) are normally not checked, this option will include them into SMTP session limiting

Maximum Header Size (HeaderMaxLength)

The maximum allowed header length, in bytes. At each mail hop header information is added by the mail server. A large mail header can indicate a mail loop. If the value is blank or 0 the header size will not be checked.

Maximum Equal X-Header Lines* (MaxEqualXHeader, default=*=>20)

The maximum allowed equal X-header lines - eg. "X-SubscriberID". If the value is set to empty the header will not be checked for equal X-header lines. This check will be skipped for noprocessing, whitelisted and outgoing mails.
The default is "*=>20", which means any X-header can occure 20 time maximum. You can define different values for different X-headers - wildcards like "*" and "?" are allowed to be used.
For example:
*=>20|X-Notes-Item=>100|X-Subscriber*=>10|X-AnyTag=>0
An value of zero disables the check for the defined X-header. The check is also skipped if no default like "*=>20" is defined and the X-header defintion is not found.

Detect Possible Mailloop (detectMailLoop)

If set to a value higher than 0, ASSP count its own Received-header in the header of the mail. If this count exceeds the defined value, the transmission of the message will be canceled.

Max Size of Outgoing Message (maxSize)

If the value of ([message size]) exceeds maxSize in bytes the transmission of the local message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size.

Max Size of Local Message Adresses* (MaxSizeAdr)

Use this parameter to set individual maxSize values for email addresses, domains, user names and IP addresses. A file must be specified if used.
Accepts specific addresses (user@domain.com), user parts (user), entire domains (@domain.com) and IP addresses (CIDR notation like 123.1.101/32 is here not supported!) - group definitions could be used. Use one entry per line. Wildcards are supported (fribo*@domain.co?). A second parameter separated by "=>" specifies the size limit.
For example:
fribo*@thisdomain.co?=>1000000
jhanna=>0
@sillyguys.org=>500000
101.1.2.*=>0
If multiple matches (values) are found in a mail for any IP address in the transport mail chain, any envelope recipient and the envelope sender, the highest value or 0 (no limit) will be used! If no match (value) is found in a mail, the definition in maxSize will take place.

Max Size of Incoming Message (maxSizeExternal)

If the value of ([message size]) exceeds maxSizeExternal in bytes the transmission of the message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the transmit size.

Max Size of External Message Adresses* (MaxSizeExternalAdr)

Use this parameter to set individual maxSizeExternal values for email addresses, domains, user names and IP addresses. A file must be specified if used.
Accepts specific addresses (user@domain.com), user parts (user), entire domains (@domain.com) and IP addresses (CIDR notation like 123.1.101/32 is here not supported!) - group definitions could be used. Use one entry per line. Wildcards are supported (fribo*@domain.co?). A second parameter separated by "=>" specifies the size limit.
For example:
fribo*@thisdomain.co?=>1000000
jhanna=>0
@sillyguys.org=>500000
101.1.2.*=>0
If multiple matches (values) are found in a mail for any IP address in the transport mail chain, any envelope recipient and the envelope sender, the highest value or 0 (no limit) will be used! If no match (value) is found in a mail, the definition in maxSizeExternal will take place.

Don't Check Messages from these Addresses/Domains* (noMaxSize)

Don't check the value of maxSizeExternal and maxRealSizeExternal in messages from these addresses/domain. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com).

Max Real Size of Outgoing Message (maxRealSize)

If the value of (number of [rcpt to] * [message size]) exceeds maxRealSize in bytes the transmission of the message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the total transmit size.

Max Real Size of Local Message Adresses* (MaxRealSizeAdr)

Use this parameter to set individual maxRealSize values for email addresses, domains, user names and IP addresses. A file must be specified if used.
Accepts specific addresses (user@domain.com), user parts (user), entire domains (@domain.com) and IP addresses (CIDR notation like 123.1.101/32 is here not supported!) - group definitions could be used. Use one entry per line. Wildcards are supported (fribo*@domain.co?). A second parameter separated by "=>" specifies the size limit.
For example:
fribo*@thisdomain.co?=>1000000
jhanna=>0
@sillyguys.org=>500000
101.1.2.*=>0
If multiple matches (values) are found in a mail for any IP address in the transport mail chain, any envelope recipient and the envelope sender, the highest value or 0 (no limit) will be used! If no match (value) is found in a mail, the definition in maxRealSize will take place.

Max Real Size of Incoming Message (maxRealSizeExternal)

If the value of (number of [rcpt to] * [message size]) exceeds maxRealSizeExternal in bytes the transmission of the external message will be canceled. No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to limit useless bandwidth wasting based on the total transmit size.

Max Real Size of External Message Adresses* (MaxRealSizeExternalAdr)

Use this parameter to set individual maxRealSizeExternal values for email addresses, domains, user names and IP addresses. A file must be specified if used.
Accepts specific addresses (user@domain.com), user parts (user), entire domains (@domain.com) and IP addresses (CIDR notation like 123.1.101/32 is here not supported!) - group definitions could be used. Use one entry per line. Wildcards are supported (fribo*@domain.co?). A second parameter separated by "=>" specifies the size limit.
For example:
fribo*@thisdomain.co?=>1000000
jhanna=>0
@sillyguys.org=>500000
101.1.2.*=>0
If multiple matches (values) are found in a mail for any IP address in the transport mail chain, any envelope recipient and the envelope sender, the highest value or 0 (no limit) will be used! If no match (value) is found in a mail, the definition in maxRealSizeExternal will take place.

Max Real Size Error Message (maxRealSizeError)

SMTP error message to reject maxRealSize exceeding mails. For example:552 message exceeds MAXREALSIZE byte (size * rcpt)! MAXREALSIZE will be replaced by the value of maxRealSize.

Max Number of AUTHentication Errors (MaxAUTHErrors)

If an IP exceeds this number of authentication errors (535) the transmission of the current message will be canceled and any new connection from that IP will be blocked for 5-10 minutes.
Every 5 Minutes the 'AUTHError' -counter of the IP will be decreased by one. autValencePB is used for the penalty box.
No limit is imposed by ASSP if the field is left blank or set to 0. This option allows admins to prevent external bruteforce or dictionary attacks via AUTH command. Whitelisted and NoProcessing IP's and IP's in npPB are ignored like any relayed connection.

SMTP Idle Timeout (smtpIdleTimeout)

The number of seconds a session is allowed to be idle before being forcibly disconnected. No limit is imposed by ASSP if the field is left blank or set to 0. If you have not defined an IdleTimeout on your MTA, this value should not be set to 0, because then a connection will never be timed out!

SMTP Idle Timeout after NOOP (smtpNOOPIdleTimeout)

The number of seconds a session is allowed to be idle after a "NOOP" command is received, before being forcibly disconnected. No limit is imposed by ASSP if the field is left blank or set to 0.
This should prevent hackers to hold and block connections by sending "NOOP" commands short before the "smtpIdleTimeout" is reached.

SMTP Idle Timeout after NOOP Count (smtpNOOPIdleTimeoutCount)

The number of counts a session is allowed send "NOOP" commands following on each other, before being forcibly disconnected. No limit is imposed by ASSP if the field is left blank or set to 0.
This in cooperation with "smtpNOOPIdleTimeout" should prevent hackers to hold and block connections by sending repeatedly "NOOP" commands short before the "smtpNOOPIdleTimeout" is reached. If "smtpNOOPIdleTimeout" is not defined or 0, this value will be ignored!

Notes On SMTP Session Limits

TestMode

Spam Control

Prepend Spam Tag (spamTag)

ASSP uses many methods. The method which caught the spam will be prepended to the subject of the email. For example: [DNSBL]

Notes On Testmode

Ham Password (NotSpamTag)

If an incoming email matches this text string it will be considered not-spam. This can be used in Spamerror to ask for resending the mail with this text prepended or appended to the subject.

Spam Error (SpamError, default=554 5.7.1 Mail (SESSIONID) appears to be...)

SMTP error message to reject spam. The literal LOCALDOMAIN will be replaced by the recipient domain or defaultLocalHost. SESSIONID will be replaced by the unique ASSP identifier set by uniqeIDLogging. REASON will be replaced by the actual reason. NOTSPAMTAG will be replaced by NotSpamTag. MYNAME will be replaced by myName.

Send 250 OK (send250OK)

Set this checkbox if you want ASSP to reply with '250 OK' instead of SMTP error code '554 5.7.1'.

Add Spam Header (AddSpamHeader)

Adds a line to the email header "X-Assp-Spam: YES" if the message is spam.

Store Assp-Header into Spam Collection (StoreASSPHeader)

Add "X-Assp-" to the collected spam-mails.

Add Custom Header (AddCustomHeader, default=X-Spam-Status:yes)

Adds a line to the email header if the message is spam. For example: X-Spam-Status:yes

Add Graphical Level Header (AddLevelHeader, default=off)

Adds a line to the email header "X-Assp-Spam-Level:**** " showing the totalscore represented by stars (1 - 20), every star representing five scoring points.

Add X-ASSP-Original-Subject Header (AddSubjectHeader, default=on)

Adds a line to the email header "X-ASSP-Original-Subject: the subject".

Add IP Match Header (AddIPHeader)

Add X-Assp- header for all IP matches.

Add RegEx Match Header (AddRegexHeader)

Add Spam Reason Header (AddSpamReasonHeader)

Adds a line to the email header "X-Assp-Spam-Reason: " explaining why the message is spam.

Notes On Spam Control

SPAM Lovers/Haters

Suppress SpamSubject to SpamLover-Messages (spamSubjectSL)

If set spamSubject does NOT get prepended to the subject of any SpamLover-Message.

Suppress SpamSubject For Selected Recipients* (spamLoverSubjectSelected)

spamSubject does NOT get prepended to the subject for these recipients. To enable the selection you need to uncheck spamSubjectSL.

SpamLover Tag (SpamLoverTag)

Suppress spamTags to SpamLover-Messages (spamTagSL)

If set, spamTags does NOT get prepended to the subject of the SpamLover-Message.

Regular Expression to Identify SpamLovers* (SpamLoversRe)

If a message matches this regular expression it will not been blocked, but tagged.

Regular Expression to Identify Newsletter* (NewsLetterRe, default=news\\@|\\@news|newsletter\\@|\\@mailing...)

If a message matches this regular expression it will not been blocked, but tagged.

Block Spamlover Messages Above This Score (slMaxScore)

Messages to e.g. baysSpamLovers whose score exceeds this threshold will be blocked. For example: 75

All Spam-Lover* (spamLovers, default=postmaster|abuse)

Messages to Spam-Lovers are processed and filtered by ASSP, but get tagged with spamSubject and are not blocked. When a Spam-Lover is not the sole recipient of a message, the message is processed normally, and if it is found to be spam, it will not be delivered to the Spam-Lover. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com). Default: postmaster|abuse.
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

This option and all SpamLover-Options below accepting a second score parameter like "user@your-domain.com=>70"
If such a parameter is defined in any option for an entry and the recipient address matches this entry and the message score exceeds the parameter value, the message will be blocked.
If there are multiple possible matches for a recipient address found, the generic longest match (and value) will be used.
ASSP will use the highes found value for all recipients of an email.

Bayesian Spam-Lover* (baysSpamLovers)

Regular Expression to Identify Bayesian SpamLover* (baysSpamLoversRe)

If a message matches this regular expression it will be considered a Bayesian SpamLover message. For example: passwor|news

Do not store Bayesian SpamLover in SpamDB (baysSpamLoversRed)

If set, prevents mail to Bayesian SpamLover from being stored in Spam/Notspam folder.

Blacklisted Domains Spam-Lover* (blSpamLovers)

SpamLover Black Regex Check* (blackSpamLovers)

Bomb Spam-Lover* (bombSpamLovers)

HELO Blacklisted Spam-Lover* (hlSpamLovers)

Valid/Invalid Helo* (hiSpamLovers)

Bad Attachment Spam-Lover* (atSpamLovers)

SPF Failures Spam-Lover* (spfSpamLovers)

DNSBL Failures Spam-Lover* (rblSpamLovers)

URIBL Failures Spam-Lover* (uriblSpamLovers)

Unsigned SRS Bounces Spam-Lover * (srsSpamLovers)

No Delaying Spam-Lover* (delaySpamLovers)

Invalid Sender Spam-Lover* (isSpamLovers)

Missing MX Spam-Lover* (mxaSpamLovers)

Invalid/Missing PTR Spam-Lover* (ptrSpamLovers)

Penalty Box Blocking Spam-Lover * (pbSpamLovers)

Country Blocking Spam-Lover * (sbSpamLovers)

All SpamHaters* (spamHaters)

SpamHaters are used to override SpamLovers / Testmodes / Tagmodes. If a recipient is set as as SpamHater, all spam-messages are blocked, scoring , testmode and spamlover are overwritten..
Example: If you have set your entire domain as a SpamLover(s), but there are some addresses you still wish to block spam for. The message will only be blocked if all recipients are SpamHaters. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).
For example: *fribo@example.com|jhanna|@example.org

Bayesian SpamHater* (baysSpamHaters)

SpamHaters are used to override baysSpamLovers / baysTestMode. It may also be used to increase scoring for DoBayesian with Addhater.

DNSBL Failures SpamHater* (rblSpamHaters)

HELO Blacklisted SpamHater* (hlSpamHaters)

PenaltyBox Blocking SpamHater* (pbSpamHaters)

Switch Spam-Lover to Message Scoring (switchSpamLoverToScoring, default=off)

Put the filter automatically in "Message Scoring Mode" when DoPenaltyMessage is set (instead of stopping spam processing altogether).

Notes On Spam-Lover

NoProcessing

Incoming Messages NoProcessing Size (npSize)

This limit ensures that only incoming messages smaller than this limit are processed by ASSP. Most spam isn't bigger than a few k. ASSP will treat incoming messages larger than this SIZE (in bytes) as 'NoProcessing' mail. Empty or 0 disables the feature.

Message Size Limit Outgoing (npSizeOut)

ASSP will treat outgoing messages larger than this SIZE (in bytes) as 'No Processing' mail. Empty or 0 disables the feature.

NoProcessing IPs* (noProcessingIPs)

Mail from any of these IP numbers and Hostnames will pass through without processing.
For example: 145.145.145.145|[localhost]|146.145. All fields marked by '*' accept a filepath/filename : 'file:files/ipnp.txt'.

NoProcessing Addresses* (noProcessing)

Mail solely to or from any of these addresses are proxied without processing. Like a more efficient version of SpamLovers and redlist combined. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

NoProcessing Sender* (noProcessingFrom)

Mail solely from any of these addresses are proxied without processing. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

NoProcessing Domains* (noProcessingDomains)

Domains from which you want to receive all mail and proxy without processing. Your ISP, domain registration, mail list servers, stock broker, or other key business partners might be good candidates. Note this matches the end of the address, so if you don't want to match subdomains then include the @. Note that buy.com would also match spambuy.com but .buy.com won't match buy.com. For example: sourceforge.net|@google.com|.buy.com

Do not mark these Addresses as Noprocessing* (noNoProcessing)

Enter senders email addresses that you want to be processed, even if they are in noprocessing lists. You can list specific addresses (user@anydomain.com), addresses at any domain (user), or entire domains (@anydomain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo@anydomain.com|jhanna|@sillyguys.org or place them in a plain ASCII file one address per line: 'file:files/nodelayuser.txt'.

Regular Expression to Identify NoProcessing Incoming Mails* (npRe)

If a message matches this Perl regular expression ASSP will treat the message as a 'NoProcessing' mail. For example: X-Assp-Version

Notes On NoProcessing

Whitelist/Redlist

Relaying

Enable Relay logging (RelayLog, default=standard)

Accept All Mail* (acceptAllMail)

Relaying is allowed for these IP numbers and Hostnames. They contribute also to the whitelist. This can take either a directly entered list of IP numbers and Hostnames separated by pipes or a plain ASCII file one address per line: 'file:files/acceptall.txt'.
An IP range is defined e.g. '182.82.10.'. CIDR notation is accepted (182.82.10.0/24). Hyphenated ranges can be used (182.82.10.0-182.82.10.255)

Relay Host File (relayHostFile)

Similar to acceptAllMail, but this is a file with an ABSOLUTE path, not relative to base. No IP-blocks supported. For example: /usr/local/assp/relayhosts

Local Domains* (localDomains)

Put here are the domain names that your mail system considers local. Separate entries with | or place them in a plain ASCII file one address per line: 'file:files/localdomains.txt'. Wildcards are supported.
For example: example.org|*example.com
If ASSP finds no other hint that the domain is local, it will reject messages to domains not listed here with 'RelayAttempt'. A successfull DoLDAP, DoVRFY or hit in LocalAddresses_Flat will put the domain part of the queried address into ldaplistdb and will mark the domain as local. You can set nolocalDomains to disable this check during setup and testing.

Local Domains File (localDomainsFile)

Similar to localDomains, but with absolute path to the file. Wildcards are not supported. For access to MTA generated files.

Local IMail domains (DoLocalIMailDomains)

Consider domains in the IMail registry to be local

Skip Local Domain Check (nolocalDomains, default=on)

Do not check relaying for invalid domains - let the MTA do it. This can be set to prevent 'RelayAttempt' errors during setup and testing. Attention: this will make ASSP an open relay, if the MTA behind it does not reject invalid domains.

Relay Host (relayHost)

Your mail relayhost (smarthost). For example: mail.relayhost.com:25
if you run Exchange/Notes and you want assp to update the nonspam database and the whitelist, then enter your smtp relay host here. Blank means no relayhost.

Username for Authentication to Relay Host (relayAuthUser)

The username used for SMTP AUTH authentication to the relayHost - if your ISP need authentication on the SMTP port. Supported authentication methodes are PLAIN, LOGIN, CRAM-MD5 and DIGEST-MD5 . If the relayhost offers multiple methodes, the one with highest security option will be used. The Perl module Authen::SASL must be installed to use this feature! The usage of this feature will be skipped, if the sending MTA uses the AUTH command. Leave this blank, if you do not want use this feature.

Password for Authentication to Relay Host (relayAuthPass)

The password used for SMTP AUTH authentication to the relayHost. Leave this blank, if you do not want use this feature.

Relay Port (relayPort)

Tell your mail server to connect to this port as its smarthost/relayhost. For example: 225
Note that you'll want to keep the relayPort protected from external access by your firewall.
You can supply an interface:port to limit connections.

Allow Relay Connection from these IPs* (allowRelayCon)

Enter any addresses that are allowed to use the relayPort , separated by pipes (|). If empty, any ip address is allowed to connect to the relayPort. If this option is defined, keep in mind : Addresses defined in acceptAllMail are NOT automaticly included and have to be also defined here, if they should be allowed to use the relayPort. For example: 127.0.0.1|172.16..

Do LDAP lookup for local domains (ldLDAP)

Check local domains against an LDAP database.
Note: Checking this requires filling in LDAP DomainFilter ( ldLDAPFilter ).and NET::LDAP module in Perl.

ISP/Secondary MX Servers* (ispip)

Enter any addresses or hostnames that are your ISP or backup MX servers, separated by pipes (|).
These addresses will (necessarily) bypass Griplist, IP Limiting, Delaying, PenaltyBox, SPF, DNSBL and SRS checks unless the IP can be determined by ispHostnames (ISP Connecting IP). For example: 145.145.145.145|145.145.145.146.

Regular Expression to Identify Forwarded Messages* (contentOnlyRe)

Put anything here to identify messages which should bypass all IP based filter like PB, Sender Validation, Griplist, IP Limiting, Delaying, SPF, DNSBL and SRS. For example: email addresses of people who are forwarding from other accounts to their mailbox on your server.

Regular Expression to Identify ISP/Secondary Hostnames* (ispHostnames)

Hostnames (regular expression) to lookup the IP that connected to the ISP/Secondary server.
If found, this address is used to perform IP-based checks on forwarded messages.
For example: mx1\.yourisp\.com or mx1\.yourisp\.net|mx2\.yoursecondary\.com . This hostnames are found in the 'Received:' header, like 'Received: from ...123.123.123.123... by mx1.yourisp.com'. The frontend IP must be listed in ispip. Leave this blank to disable the feature.

Send 250 OK To ISP/Secondary MX Servers (send250OKISP, default=on)

Set this checkbox if you want ASSP to reply to IP numbers in ispip with '250 OK' instead of SMTP error code '554 5.7.1'.

ISP/Secondary MX Grip Value (ispgripvalue)

It is recommended to set it to 0.5 (Completely GReyIP) for ISP and Secondary MX servers. If left blank the Griplist X value is used (percentage of spam messages in relation to total).
Note: value should be greater than 0 and less than 1, where 0 = never spam and 1 = always spam

Bounce Senders* (BounceSenders)

Envelope sender addresses treated as bounce origins. Null sender (\<\>) is always included.
Accepts specific addresses (postmaster@example.com), usernames (mailer-daemon), or entire domains (@bounces.domain.com)
Separate entries with pipes: |. For example: postmaster|mailer-daemon

Pop Before SMTP DB File (PopB4SMTPFile)

Enter the DB database filename of your POP before SMTP implementation with records stored for dotted-quad IP addresses.
For example: /etc/mail/popip.db

Pop Before SMTP Merak Style (PopB4SMTPMerak)

If set Merak 7.5.2 is supported.

Drop Connection if Relaying Error (NoRelayingStrict)

Set this checkbox if you want ASSP to drop the connection immediately after an Relaying Error is encountered.

Remove Unexpected BCC Recipients (removeForeignBCC)

Set this if you want ASSP to remove unexpected BCC recipient addresses in incoming mail to:
remove nothing
remove all
remove nonlocal

Default Local Domain (defaultLocalHost, default=assp.local)

If you want to be able to send mail to local users without a domain name then put the default local domain here.
Blank disables this feature. For example: assp.local

Notes On Relaying

Control Outgoing

No Outgoing X-ASSP Header (NoExternalSpamProb)

Check this box if you don't want X-Assp- headers on outgoing mail.

Regular Expression to Identify NoProcessing Local Mails* (npLocalRe)

If an outging message matches this Perl regular expression ASSP will treat the message as a 'NoProcessing' mail. For example: autoreply

Regular Expression to Identify Blocked Local Mails* (blockLocalRe)

If an outging message matches this Perl regular expression ASSP will block the message.

Local Frequency Interval (LocalFrequencyInt)

The time interval in seconds in which the number of envelope recipients per sending address should not exceed a specific number ( LocalFrequencyNumRcpt ).
Use this in combination with LocalFrequencyNumRcpt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.

Local Frequency Recipient Number (LocalFrequencyNumRcpt)

The number of envelope recipients per sending address that should not be exceeded in a specific time interval ( LocalFrequencyInt ).
Use this in combination with LocalFrequencyInt to limit the number of recipients in a given interval, to prevent local abuse - for example from highjacked local accounts. A value of 0 (default) will disable this feature and clean the cache within five minutes. It is recommended to enable DoLocalSenderAddress and/or DoLocalSenderDomain, if you want to use this feature. To give users the chance to inform an admin about such blocked mails, local mails to EmailAdmins are never blocked because of that feature.

Check local Frequency for this Users only* (LocalFrequencyOnly)

A list of local addresses, for which the 'local frequency check' should be done. Leave this field blank (default), to do the check for every address.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

Check local Frequency NOT for this Users* (NoLocalFrequency)

A list of local addresses, for which the 'local frequency check' should not be done. Noprocessing messages will skip this check.
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).
For example: fribo*@thisdomain.com|jhanna|@sillyguys.org

Do Local Domain Check for Local Sender (DoLocalSenderDomain)

If activated, each local sender address must have a valid Local Domain - needs localDomains or localDomainsFile or ldLDAP or DoLocalIMailDomains.

Do Local Address Check for Local Sender (DoLocalSenderAddress)

If activated, each local sender must have a valid Local Address - needs DoVRFY or DoLDAP or LocalAddresses_Flat.

Move Local Connection with wrong Sender Address to NULL (LocalSender2NULL)

If set, ASSP will move all Local connections where the sender failed DoLocalSenderDomain or DoLocalSenderAddress to a NULL-connection. The sender will receive "250 OK".

Notes On Control Outgoing

Validate Recipients

Validate Helo

Use the Helo Blacklist (useHeloBlacklist)

Use the list of blacklisted-helo hosts built by rebuildspamdb. Scoring is done with hlValencePB.

Enable Validate Helo Logging (ValidateHeloLog)

Score Suspicious HELOs (DoSuspiciousHelo)

Score servers with SuspiciousHeloRe in Helo. Scoring is done with shValencePB

Regular Expression to Score Suspicious HELO** (SuspiciousHeloRe)

Score Suspicious IPs in Helo (DoIPinHelo)

Score servers with reversed IP number in Helo and check for mismatch with sending IP.

Block Forged Helos (DoFakedLocalHelo)

Block remote servers that claim to come from our Local Domain/Local IPs/Local Host. Scoring with fhValencePB, testmode with fhTestMode.

Enforce Check of Forged Helos Before User Validation (ForceFakedLocalHelo, default=on)

If set and DoFakedLocalHelo is enabled, ASSP will check faked Helos before Delaying. Note: fhTestMode or allTestMode will disable the early execution.

Use Local Domain List for Blocking Forged Helos (DoFakedUseLocalDomain)

If set, DoFakedLocalHelo will use localDomains.

Do Block Whitelisted Forged Helo's (DoFakedWL)

Disable "Block Forged Helo's" for whitelisted addresses (not recommended).

Do Block Noprocessing Forged Helo's (DoFakedNP)

Disable "Block Forged Helo's" for addresses identified as noprocessing (not recommended).

Local Domains,IPs and Hostnames* (myServerRe)

Local Domains, IP numbers and Hostnames are often use to fake (forge) the Helo. Include all IP addresses and hostnames for your server here, localhost is already included. Include Local Domains of your choice here, if you deactivated the automatic use of the localDomains list. For example: 11.22.33.44|mx.example.com|example.org

Don't Validate HELO for these IPs* (noHelo)

Enter IP addresses that you don't want to be HELO validated.
For example: 145.145.145.145|146.145

Don't block these HELO's* (heloBlacklistIgnore)

HELO / EHLO greetings on this list will be excluded from the HELO checks. For example: host123.isp.com|host456.*.com

Enforce Early Helo Checks (ForceValidateHelo)

If set and DoInvalidFormatHelo is enabled, ASSP will do DoInvalidFormatHelo before Delaying. Note: ihTestMode or allTestMode will disable the early execution.

Validate Format of HELO (DoInvalidFormatHelo)

If activated, the HELO is checked against the expression below. If the Regular Expression matches, the HELO is not ok. Scoring is done with ihValencePB, set testmode with ihTestMode.

Regular Expression to Validate Format of HELO** (invalidFormatHeloRe)

Invalidate Format HELO will check incoming HELOs for this. Each regex can be assigned a weight. If the score which results from weight is less than ihValencePB, the message will not be blocked (even if 'block' is set) but scored.
For example: \.user=>0.5|^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$ or place them in a plain ASCII file one address per line: file:files/invalidhelo.txt

Regular Expression to Validate Format of HELO* (validFormatHeloRe, default=^(([a-z\\d][a-z\\d-]*)?[a-z\\d]\\.)+[a-z...)

Validate Format HELO will check incoming HELOs according to rfc1123.
For example: ^(([a-z\d][a-z\d-]*)?[a-z\d]\.)+[a-z]{2,6}$

Do Validate Helo for Whitelisted (DoHeloWL)

Do validate Helo for whitelisted addresses.

Do Validate Helo for Noprocessing (DoHeloNP)

Do validate Helo for messages marked 'noprocessing'.

Notes On Validate Helo

Validate Sender

Enable Validate Sender Logging (ValidateSenderLog)

Do Blacklisted Addresses and Domains (DoBlackDomain)

DoBlackDomain uses blackListedDomains and blackAddresses. Scoring is done with blValencePB, testmode with blTestMode.

Blacklisting Addresses/Domains will overwrite WhiteListing (DoBlackDomainWL)

Do blacklisting addresses & domains in messages which are marked whitelisted by whiteRe, whiteListedDomains, whiteListedIPs or whitelistdb.

Blacklisting Addresses/Domains will overwrite NoProcessing (DoBlackDomainNP)

Do blacklisting addresses & domains in messages marked 'noprocessing' by npRe, npSize, noProcessingDomains, noProcessingIPs or noProcessing.

Blacklisted Domains* (blackListedDomains)

Addresses and Domains from which you always want to reject mail, they only send you spam. Note this matches the end of the address, so if you don't want to match subdomains then include the @. Note that example.com would also match spamexample.com but .example.com won't match example.com. abc@example.com will match abc@example.com but won't match bbc@example.com. Wildcards are supported.

Only the envelope-sender is added/compared to the BlackDomainlist (NotGreedyBlackDomain)

If not enabled all addresses in the FROM, SENDER, REPLY-TO, ERRORS-TO, or LIST-* header fields are checked.

Don't do Blacklisted for these Addresses and Domains* (noBlackDomain)

Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

Blackish & Whitish Addresses** (blackAddresses)

Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported. A positive weight will make the address 'blackish'. A negative weight will make the address into 'whitish'. For example: fribo*@example.com|@*.gov=>-0.5|@*.biz=>0.5 .

Check Message IDs (DoMsgID)

Score messages with missing/suspicious/invalid Message-ID. Scoring is done by midmValencePB / midsValencePB / midiValencePB .

Don't Validate Message-IDs for these IPs* (noMsgID, default= 127.0.0.|192.168.|10.)

Enter IP addresses that you don't want to be Message-ID validated, separated by pipes (|). For example: 127.0.0.1|192.168.

Regular Expression to Validate Format of Message-ID* (validMsgIDRe, default=^.+@.+\\..+$)

Check Message IDs will check incoming messages for valid Message-IDs.
For example: ^.+@.+\..+$

Regular Expression to Invalidate Format of Message-ID** (invalidMsgIDRe)

Check Message IDs will check incoming messages for invalid Message-IDs.

Check External Sender for Local Address (DoNoValidLocalSender)

If activated, each external sender from a domain listed in localDomains is checked against LocalAddresses_Flat, LDAP or is verified using VRFY. An external sender is a sender from an IP not in acceptAllMail, not authenticated and not coming through the relayPort.Scoring is done with flValencePB, testmode with flsTestMode.

Enforce Early Checking of External Sender for Local Address (ForceNoValidLocalSender)

If set and DoNoValidLocalSender is enabled, ASSP will do DoNoValidLocalSender before Delaying. Note: flsTestMode or allTestMode will disable the early execution.

Block Local Addresses from External Sender Alltogether (DoNoSpoofing)

If activated, each external sender address from a domain listed in localDomains is regarded a spoofed address. An external sender is a sender from an IP not in acceptAllMail, not authenticated and not coming through the relayPort. flValencePB is used for scoring, testmode is set with flsTestMode.

Don't do Spoofing Check for these IPs* (noSpoofingCheckIP)

Enter IP numbers and Hostnames that you don't want to be checked for spoofing. For example:145.145.145.145|145.146.

Don't do Spoofing Check for these Addresses/Domains* (noSpoofingCheckDomain)

Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

Validate Sender Address to conform with RFC5322 (DoRFC822Sender)

Sender must be a valid address to conform with RFC5322.

Reversed Lookup (DoPTRCheck, default=disabled)

If activated, each sender IP is checked for a PTR record. This requires an installed Net::DNS module in PERL. Scoring is done with ptmValencePB.

Do Reversed Lookup for Whitelisted (DoPTRCheckWL)

Do reversed lookup for whitelisted addresses.

Do Reversed Lookup for Noprocessing (DoPTRCheckNP)

Do reversed lookup for noprocessing addresses.

Reversed Lookup FQDN Validation (DoPTRCheckInvalid)

If activated - and Reversed Lookup is activated -, the PTR-FQDN record is checked against the Regex. Scoring is done with ptiValencePB

Regular Expression to Invalidate Format of PTR** (invalidPTRRe)

Validate Format PTR will check PTR records for this.
For example: ^\d+\.\d+\.\d+\.\d+$|^[^\.]+\.?$ or place them in a plain ASCII file one address per line: file:files/invalidptr.txt

Regular Expression to Validate Format of PTR* (validPTRRe)

Validate Format PTR will check PTR records for this. If found, the PTR will be considered valid
For example: 'static' or place them in a plain ASCII file one address per line: file:files/validptr.txt

Regular Expression to whitelist a PTR/IP* (whitePTRRe)

Whitelist PTR will check PTR records for this. If found, the IP will be whitelisted
For example: 'lists.sourceforge.net' or place them in a plain ASCII file one address per line: file:files/whiteptr.txt

Reversed Lookup Cache Refresh Interval (PTRCacheExp, default=240)

IPs in cache will be removed after this interval in hours. 0 will disable the cache.

Validate MX or A Record (DoDomainCheck)

If activated, the sender address and each address found in the following header lines (ReturnReceipt:, Return-Receipt-To:, Disposition-Notification-To:, Return-Path:, Reply-To:, Sender:, Errors-To:, List-...:) is checked for a valid MX or A record. Scoring is done for non existing MX record and non existing A record - a messages failes (block), if both records are not found.

Validate Domain MX Cache Refresh Interval (MXACacheExp)

IPs in cache will be removed after this interval in hours. 0 will disable the cache.

Check For Existing From Header (DoNoFrom)

Scoring is done with fromValencePB.

Remove Disposition Notification Headers (removeDispositionNotification, default=on)

If set, all headers "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed (except whitelisted and noprocessing mails). Select this to prevent unwanted whitelisting of spammers . An other way to prevent autowhitelisting because of an autorespond is to use redRe .

Notes On Validate Sender

IP Blocking

Simple IP Greylisting (DelayIP, default=15)

Enable simple delaying for IP's in black penaltybox with totalscore above this value. A value of zero disables this feature.

Simple IP Greylisting Embargo Time (DelayIPTime)

Enter the number of minutes for which delivery, related with IP address of the sending host, is refused with a temporary failure.

Do not check these IPs in IP-based filters* (noBlockingIPs)

Manually maintained list of IP numbers and Hostnames which should not be used in in IP-based filters like ValidateRBL. An IP range is defined e.g. '182.82.10.'. CIDR notation is accepted (182.82.10.0/24). Hyphenated ranges can be used (182.82.10.0-182.82.10.255)

Do Deny Connections from these IPs (DoDropList)

If activated, the IP is checked against the droplist . The droplist is downloaded if a new one is available and contains the Spamhaus DROP List. See "http://www.spamhaus.org/drop/drop.lasso".

Do Deny Connections from these IPs (DoDenySMTP)

If activated, the IP is checked against denySMTPConnectionsFrom. Testmode is set with pbTestMode.

Deny Connections from these IPs* (denySMTPConnectionsFrom)

Manually maintained list of IP numbers and Hostnames which should be blocked. IP numbers and Hostnames in noPB, acceptAllMail, ispip, whiteListedIPs, noProcessingIPs, noBlockingIPs will pass. For example: server.example.com|145.145.145.145|145.146.

Do Deny Connections from these IP numbers and Hostnames Early (DoDenySMTPstrict)

If activated, the IP is checked against denySMTPConnectionsFromAlways. It is possible to use an automated approach to fill denySMTPConnectionsFromAlways. Use exportExtremeBlack for this, make sure DoExtremeExport and DoExtremeExportAppend are enabled. You can then export into the denySMTPConnectionsFromAlways file.

Deny Connections from these IP's Strictly* (denySMTPConnectionsFromAlways, default=file:files/denyalways.txt)

Manually maintained list of IP numbers and Hostnames which should strictly be blocked before body and header is downloaded. If you want a more automatic approach use DoPenaltyExtreme for blocking.

Enables Logging for 'Deny SMTP Connections From' (denySMTPLog)

Deny Error (DenyError)

SMTP error message to reject connections. Will be used from and denySMTPConnectionsFromAlways and DoPenaltyExtreme. For example: 554 5.7.2 Service denied, closing transmission channel.

Check Frequency - Maximum Connections Per IP (DoFrequencyIP)

Scoring is done with ifreqValencePB.

Maximum Frequency of Connections Per IP (maxSMTPipConnects)

The maximum number of SMTP connections an IP Address can make during the maxSMTPipDuration (IP Address Frequency Duration). If a server makes more than this many connections to ASSP within the maxSMTPipDuration (IP Address Frequency Duration) it will be banned from future connections until the maxSMTPipExpiration (IP Address Frequency Expiration) is reached. This can be used to prevent server overloading and DoS attacks. 10 connections are typically enough. If left blank or 0, there is no limit imposed by ASSP. IP numbers in noPB, noDelay, acceptAllMail, ispip, whiteListedIPs, noProcessingIPs, PB-whitebox are excluded from SMTP session limiting, whitelisted and noprocessing addresses are honored.

Maximum Frequency of Connections Per IP Duration (maxSMTPipDuration)

The window (in seconds) during which the maxSMTPipConnects (IP Frequency) (see above for more details) will be scrutinized for each IP.

Expiration of Maximum Frequency (maxSMTPipExpiration)

The number of seconds that must pass before an IP address blocked by the maxSMTPipConnects (IP Address Frequency) setting is allowed to connect again.

Check Number of IP numbers Per Domain (DoDomainIP)

Scoring is done with idomValencePB.

Limit Number of IP numbers Per Domain (maxSMTPdomainIP)

The number of IP(subnet) switches a domain may have during the maxSMTPdomainIPExpiration (Limit Different IP numbers Per Domain Expiration). If a domain switches more often than this it will be banned from future connections until the Expiration is reached. This is NOT a spam blocking filter, it is a tool to fight dictionary attacks, server overloading and DoS attacks. 10 connections are typically enough. If left blank or 0, there is no limit imposed by ASSP. IP numbers in noPB, noDelay, acceptAllMail, ispip, whiteListedIPs, noProcessingIPs, PB-whitebox are excluded, whitelisted and noprocessing addresses are honored.

Expiration of Limit Number (maxSMTPdomainIPExpiration)

The number of seconds that must pass before a domain blocked by the maxSMTPdomainIP (Limit Subnet IP numbers Per Domain) setting (see above for more details) is allowed to connect again.

Do Not Limit Different IP numbers For These Domains* (maxSMTPdomainIPWL)

This prevents specific domains from limiting. For example: yahoo.com|hotmail.*.com|gmail.com

Notes On IP Blocking

SenderBase

Enable SenderBase Logging (SenderBaseLog, default=standard)

Net::SenderBase Timeout (SBtimeout, default=10)

Net::SenderBase will timeout after this many seconds.

Do Organization Whiting

(DoOrgWhiting)

If activated, each sending IP address has its assigned organization looked up. This requires an installed Net::SenderBase module in PERL. Scoring is done with sworgValencePB.

White Organizations and Domains in SenderBase** (whiteSenderBase)

If the organization or domain in the SenderBase IP description matches this Perl regular expression the message will be considered non-spam, the total messagescore will be decreased by sworgValencePB. Place them in a plain ASCII file one address per line: file:files/whiteorg.txt

Do Organization Blocking (DoOrgBlocking, default=monitor)

If activated, each sending IP address has its assigned organization looked up . This requires an installed Net::SenderBase module in PERL. Scoring is done with sborgValencePB, Testmode is set with sbTestMode.

Blacklisted Organizations and Domains in SenderBase** (blackSenderBase)

If the organization or domain in the SenderBase IP description matches this Perl regular expression the message will be considered spam.

Do Country Blocking (DoCountryBlocking, default=monitor)

If activated, each sending IP address has it's assigned country looked up and compared to CountryCodeBlockedRe. This requires an installed Net::SenderBase module in PERL. Testmode is set with sbTestMode, Messages from these countries will increase the total MessageScore using bccValencePB.

Blocked Countries** (CountryCodeBlockedRe)

Messages from IP numbers based in these countries will be blocked if DoCountryBlocking is set accordingly. For example: CN|KR|RU|JP|TR|TH|PL|LT|CL|RO. "all" will block all foreign countrycodes which are not in 'Suspicious Country Codes' or 'Ignore Country Codes'. See: English country names and code elements.

Do Country Blocking for Whitelisted (DoCountryBlockingWL)

Enable Country Blocking for whitelisted messages.

Do Country Blocking for NoProcessing (DoCountryBlockingNP)

Enable Country Blocking for noprocessing messages.

Do Suspicious Country Scoring (DoSenderBase)

If activated, each sending IP address has it's assigned country looked up and compared to CountryCodeRe. This requires an installed Net::SenderBase module in PERL. Testmode is set with sbTestMode.

Suspicious Countries** (CountryCodeRe, default=CN|NG|UA|GR|HU|SA|IN|IE|PT|MD|PE|CZ|TW|B...)

Messages from IP numbers based in these countries will increase the MessageScore. For example: CN|NG|UA|GR|HU|SA|IN|IE|PT|MD|PE|CZ|TW|BR|CL|ID|PH. Messages from these countries will increase the total MessageScore using sbsccValencePB.

Ignore Country Codes from these Countries* (NoCountryCodeRe)

Messages from IP numbers based in these countries will will be ignored in this check.

Home Countries** (MyCountryCodeRe)

Put here your own country code(s) (for example: US). Messages from IP numbers based in these countries will decrease the total MessageScore using sbhccValencePB, messages from other countries will increase the total MessageScore using sbfccValencePB if ScoreForeignCountries is set.

Score Foreign Countries (ScoreForeignCountries)

Messages from countries not in MyCountryCodeRe will increase the total messageScore using sbfccValencePB.

Country Cache Refresh Interval (SBCacheExp)

IPs in cache will be removed after this interval in hours. 0 will disable the cache.

Country Codes

Message Scoring

Message Scoring (DoPenaltyMessage)

If this feature is selected, the total score for all checks during a message is used to determine if the email should be considered Spam. If the combined score is greater than MessageScoringLowerLimit (MessageLimit for WarningTag) and less than or equal MessageScoringUpperLimit (MessageLimit for Blocking) the message will not be blocked but get the MessageScoringWarningTag. If the combined score is greater than the MessageScoringUpperLimit and blocking is selected the message will be blocked. If tagging is selected the message will not be blocked but tagged with spamSubject. Testmode is set with msTestMode.

Enable Message Scoring logging (MessageLog, default=standard)

Spam Friends ** (spamFriends)

A list of addresses that when matched will reduce the messagescore with friendsValencePB. This will make the scoring filter more softly.

Spam Foes ** (spamFoes)

A list of addresses that when matched will increase the messagescore with foesValencePB. This will make the scoring filter more sharply.

MessageScoring on Whitelisted Senders (MessageScoringWL, default=on)

MessageScoring will overwrite Whitelisting

MessageScoring on NoProcessing Messages (MessageScoringNP, default=on)

MessageScoring will overwrite NoProcessing

MessageScoring on Local Senders (MessageScoringLocal)

MessageScoring will overwrite Local

MessageScoring Lower Limit (MessageScoringLowerLimit)

MessageScoring will tag messages with totalscore higher than this limit and not higher than MessageScoringUpperLimit.

Warning Tag (MessageScoringWarningTag, default=[Spam??])

Used instead of spamSubject if totalscore is higher than MessageScoringLowerLimit and not higher than MessageScoringUpperLimit.

MessageScoring Upper Limit (MessageScoringUpperLimit)

If MessageScoring is done to block, it will block messages whose totalscore is higher than this threshold.

MessageScoring Extreme Limit (MessageScoringExtremeLimit)

Spamlover messages whose totalscore is higher than this threshold will not pass but will be blocked.

Notes On Message Scoring

PenaltyBox

IP Scoring (DoPenalty)

The PenaltyBox is a temporary position of low esteem awarded for a perceived misdeed. It scores IP numbers based on some events (see penalty scores ) and writes them into a BlackBox. The total is used by DoPenaltyMessage for assigning a history: pbwaValencePB, pbValencePB, pbeValencePB. The total is also used by DelayIP. There is also an extreme level - PenaltyExtreme - handled by DoPenaltyExtreme. The WhiteBox stores IP numbers which should not be put into the BlackBox. The WhiteBox is always enabled. If an address is in the whitelist or whitedomain, the IP goes into the WhiteBox too. The WhiteBox is one of the sources Delaying/Greylisting uses to determine when delaying should not be done.
Entries in noPB (Don't do penalties for these IP numbers ) or ispip (ISP/Secondary MX Servers) will prevent from penalties. Select 'monitor' to fill WhiteBox and BlackBox. This will not block IP numbers directly but enables DoPenaltyMessage, DoPenaltyExtreme and DelayIP.

Enable PenaltyBox logging (PenaltyLog)

Penalty Interval (PenaltyDuration)

IP numbers will be kept in the BlackBox if their score exceeds the Penalty Limit during this interval in minutes.

Penalty Warning (PenaltyWarning)

PB will tag messages from IP numbers whose totalscore exceeds this threshold during PenaltyDuration.
For example: 45

Penalty Warning Tag (PenaltyWarningTag, default=[Possibly Spam])

For example: [??]

Penalty Limit (PenaltyLimit)

PB will block messages from IP numbers whose totalscore exceeds this threshold during PenaltyDuration.
For example: 50

Expiration Time (PenaltyExpiration)

Penalties with a score lower than PenaltyExtreme will expire after this number of minutes. If set to Zero the Penalty BlackBox will be deleted and started from scratch.

Add IP/Message Scoring Header (AddScoringHeader)

Adds a line to the email header "X-Assp-XXX-Score: ", where XXX may be IP or Message.

PenaltyBox Database (pbdb)

The directory/file with the penaltybox database files. For removal of entries from PenaltyBlackBox use noPB. For removal of entries from WhiteBox use noPBwhite. For whitelisting IP numbers use whiteListedIPs or noProcessingIPs. For blacklisting IP numbers use denySMTPConnectionsFrom and denySMTPConnectionsFromAlways.

Don't add these IP numbers and Hostnames to BlackBox* (noPB)

Enter IP numbers that you don't want to be in BlackBox. For example:145.145.145.145|145.146.

Don't add these IP numbers to WhiteBox* (noPBwhite)

Enter IP numbers and Hostnames that you don't want to be in WhiteBox.

Expiration Time for WhiteBox Entries (WhiteExpiration)

The WhiteBox is always activated. IP numbers in WhiteBox will allow content-related checks like Bayesian, URIBL, Bomb but skip IP-related checks like RBL. WhiteBox entries will expire after this specified number of days. For example: 30

Use IP Netblocks (PenaltyUseNetblocks)

Perform the IP address checks of the sending host based on the /24 subnet rather than on the specific IP. Part of DoPenalty

Clean Up PB Databases (CleanPBInterval)

Delete outdated entries from blackbox and whitebox databases every this many hours.
Note: the current timeout must expire before the new setting is loaded, or you can restart. Defaults to 6 hours.

PenaltyBox Extreme IP Profiling (DoPenaltyExtreme, default=disabled)

Will block IP's whose score meet or exceed Extreme Scoring Threshold (PenaltyExtreme ) after the HEADER is done, based on the IP numbers score from previous and current SMTP session. Testmode is set with pbTestMode.

Don't do Extreme Profiling for these IP's* (noExtremePB)

Enter IP's that you don't want to be extreme penalized. IP's in noPB are already included. For example: 127.0.0.1|172.16.

Don't do Extreme Profiling for Mails from any of these Addresses* (noExtremePBAddresses)

Mails from any of these addresses will not be extreme profiled if DoPenaltyExtremeSMTP is not set. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). Wildcards are supported (fribo*@domain.com).

Extreme Scoring Threshold (PenaltyExtreme, default=150)

PBextreme will use this to determine candidates for blpcking. For example: 150.

Expiration Time for Extreme Penalties (ExtremeExpiration)

Penalties with score higher than PenaltyExtreme will expire after this number of days. If set to Zero nothing will be deleted. For example: 7

Penalize Whitelisted (ExtremeWL)

Enable extreme penalties for whitelisted addresses.

Penalize NoProcessing (ExtremeNP)

Enable extreme penalties for noprocessing addresses.

Do Export Penalty BlackBox Extreme (DoExtremeExport)

Append Export File (DoExtremeExportAppend)

Do not overwrite the export file but append to it.

Use IP Netblocks (ExportUseNetblocks)

Export the IP address based on the /24 subnet rather than on the specific IP.

Export BlackBox Extreme File Interval (exportInterval)

Exported Penalty Black Box Extreme File every this hours.
Defaults to 6 hours.

Exported BlackBox Extreme File (exportExtremeBlack)

IPs in Penalty BlackBox which surpassed the extreme level will be regularly stored into this file.

Enable PenaltyBox Extreme logging (PenaltyExtremeLog)

Notes On PenaltyBox

Scoring Settings

Do Not Score IP numbers in Redlisted Messages (DoNotPenalizeRed)

IPs matching Red Regex or Redlist will not collect scoring values from PenaltyBox.

Do Not Score IP numbers From Bounce/Null-Senders (DoNotPenalizeNull)

IPs matching BounceSenders (Bounce Senders) will not be profiled.

Bad SMTP Authentication (autValencePB)

IP scoring

Bad Attachment (baValencePB)

For Message & IP scoring in DoBlockExes.

Backscatter detection (backsctrValencePB)

Message scoring

Bayesian (baysValencePB, default=42)

For Message scoring in DoBayesian.

Bayesian for Local Messages (baysValencePB_local)

For Message scoring in DoBayesian.

Bayesian for Messages reported as error (baysValencePB_error)

For Message scoring in DoBayesian.

Blocked Country Code (bccValencePB, default=40)

For Message & IP scoring in DoCountryBlocking.

Blacklisted Domain (blValencePB)

For Message & IP scoring in DoBlackDomain

Matching Suspicious Expression (bombSuspiciousValencePB)

message scoring in bombSuspiciousRe

Black Expression Matching (blackValencePB, default=50)

For Message & IP scoring in DoBlackRe

Bomb Expression Matching (bombValencePB, default=26)

For Message & IP scoring in DoBombRe, DoBombHeaderRe, DoBombSenderRe

Script Expression Matching (scriptValencePB)

For Message & IP scoring in DoScriptRe

Match in Droplist (dropValencePB)

For Message & IP scoring in DoDroplist.

Forged HELO Scoring (fhValencePB)

For Message & IP scoring in DoFakedLocalHelo.

Suspicious HELO: IP in HELO (fiphValencePB)

Message/IP scoring

Suspicious HELO: IP in HELO mismatch (fiphmValencePB)

Message/IP scoring

Invalid Local Sender Score (flValencePB)

For Message & IP scoring in DoNoValidLocalSender.

Spam Friends Score (friendsValencePB, default=-10)

Bonus for message scoring if the recipient is in spamFriends.

Spam Foes Score (foesValencePB)

For message scoring if the recipient is in spamFoes.

No From Score (fromValencePB, default=20)

For Message & IP scoring in DoNoFrom

Score for GRIPvalues (gripValencePB)

For Message scoring with griplist values. The final score for an IP is basically the gripvalue * gripValencePB. If the gripvalue is less 0.5 it will be negative.

Blacklisted HELO Score (hlValencePB, default=30)

For Message & IP scoring in useHeloBlacklist.

Number of IP numbers Per Domain Violation Score (idomValencePB)

For IP scoring in DoNumberDomainIP.

IP Frequency Violation Score (ifreqValencePB)

For IP scoring in DoCheckFrequencyIP.

Internal Only Address (iaValencePB)

Message/IP scoring

Domain Changing IP Frequency (idValencePB)

Message/IP scoring

IP Frequency (ifValencePB)

Message/IP scoring

Invalid HELO Score (ihValencePB, default=40)

For Message & IP scoring in DoInvalidFormatHelo.

Suspicious HELO Score (shValencePB)

For Message & IP scoring with SuspiciousHeloRe.

IP Maximum Parallel Sessions Violation Score (iplValencePB)

For IP scoring in maxSMTPipSessions.

Max Errors Exceeded Score (meValencePB)

IP scoring in MaxErrors.

Duplicate Recipient (mdrValencePB)

Message/IP scoring in DoMaxDupRcpt

Missing Message-ID, default=10 (midmValencePB)

Message/IP scoring

Suspicious Message-ID, default=10 (midsValencePB)

Message scoring

Invalid Message-ID, default=10 (midiValencePB)

Message/IP scoring

Invalid MSGID-signature (msigValencePB, default=15)

For Message scoring

Message Scoring Limit Exceeded (msValencePB)

For IP scoring with DoPenaltyMessage

Missing MX Record (mxValencePB)

For Message & IP scoring in DoMXACheck.

Missing MX and A Record (mxaValencePB)

For Message & IP scoring in DoMXACheck.

noPBwhite (nopbwValencePB)

For Message scoring if mail comes from noPBwhite IP numbers.

Message OK (okValencePB)

IP Bonus for passing message

PBwhite (pbwValencePB)

Bonus for Message scoring if mail comes from an IP in PBwhite.

IP History in Warning Range (pbwaValencePB)

message scoring in PenaltyBox ( DoPenaltyMessage )

Bad IP History, TotalScore larger than PenaltyLimit (pbValencePB)

message scoring in PenaltyBox ( DoPenaltyMessage )

Extreme Bad IP History, TotalScore larger than PenaltyExtreme (pbeValencePB)

message scoring in PenaltyBox ( DoPenaltyMessage )

Invalid PTR Record (ptiValencePB, default=15)

For Message & IP scoring in DoPTRCheckInvalid

Missing PTR Record (ptmValencePB, default=15)

For Message & IP scoring in DoPTRCheck

DNSBL Failed (rblValencePB)

For Message & IP scoring in ValidateRBL

DNSBL Neutral (rblnValencePB, default=30)

For Message & IP scoring in ValidateRBL

Recipients Empty Score (reValencePB)

For IP scoring in Recipient Section.

Recipient Invalid (irValencePB, default=10)

For Message & IP scoring in Recipient Section.

RWL Pass (rwlValencePB)

Bonus for Message & IP scoring in ValidateRWL

RWL Neutral (rwlnValencePB)

Bonus for Message & IP scoring in ValidateRWL

Failed Relay Attempt (rlValencePB)

For Message & IP scoring in Relaying Section.

Spam Collect Address (saValencePB)

For IP scoring with spamaddresses

Foreign Country Code (sbfccValencePB)

message scoring in MyCountryCodeRe

Home Country Code (sbhccValencePB)

Bonus for Message & IP Scoring with MyCountryCodeRe

Blocked Organizations (sborgValencePB)

For Message & IP scoring in DoOrgBlocking

No Organization and No CountryCode (sbnValencePB)

For Message & IP scoring in DoOrgBlocking and DoCountryBlocking

White Organizations (sworgValencePB)

Bonus for Message & IP scoring in DoOrgWhiting

Suspicious Country Code (sbsccValencePB, default=15)

message scoring in CountryCodeRe

SPF Failed (spfValencePB, default=20)

For Message & IP scoring in ValidateSPF

SPF Pass Score (spfpValencePB)

Bonus for Message & IP scoring with passing SPF

SPF Neutral (spfnValencePB)

For Message & IP scoring with SPFneutral

SPF Softfailed (spfsValencePB)

For Message & IP scoring with SPFsoftfail

SPF None (spfnonValencePB)

For Message & IP scoring with SPFnone

SPF Unknown (spfuValencePB)

For Message & IP scoring in SPFunknown

SPF Error (spfeValencePB)

For Message & IP scoring in ValidateSPF

SRS Validate Bounce Failed (srsValencePB)

For Message & IP scoring in SRSValidateBounce

SRS Bonus (srsbValencePB)

Bonus for message scoring if the sender is a SRS address.

Penalty Trap Address (stValencePB)

For IP scoring in with spamtrapaddresses

TestRe Valence (teValencePB)

For testmode with testRe

Virus Suspicious (vsValencePB)

message scoring in SuspiciousVirus

OK, Is a SSL/TLS connection, (tlsValencePB)

Message Scoring & IP scoring Bonus for SSL/TLS connections

Virus Detected (vdValencePB)

Message & IP scoring in UseAvClamd

URIBL Neutral (uriblnValencePB, default=30)

Message & IP scoring in ValidateURIBL

URIBL Failed (uriblValencePB)

For Message & IP scoring in ValidateURIBL

URIBL Extras (uribleValencePB)

For Message & IP scoring with URIBLNoObfuscated, URIBLmaxdomains and URIBLmaxuris,

White Expression Matching (whiteValencePB)

For Message & IP scoring with whiteRe

Notes On Scoring Values

Global PenaltyBox

client registration name (globalClientName)

The Name of this global-client for registation on the global-server. This entry has to be the full qualified DNS-Name of the IP-address over which ASSP is doing HTTP-requests! If you are using a HTTP-Proxy, this should be the public IP-address of the last Proxy in chain! This DNS-Name has to be resolveable worldwide and the resolved IP-address has to match the ASSP-HTTP-connection-IP-address. It is not possible to use an IP-address in this field! Dynamic DNS-Names like "yourdomain.dyndns.org" are supported!
To use the global penalty box, you will need a paid subscription. To get registered and/or to get more information, please send an email with your personal/company details and the globalClientName to "assp.globalpb@thockar.com".
The name of this client has to be known by the global server before it could be registered from here. Please wait until you've got an information, that your client name is known by the global server.
In addition to Compress::Zlib this requires an installed LWP::UserAgent module in PERL.

client registration password (globalClientPass)

If the global client is registered on the global-server, you will see a number of "*" in this field. This field is readonly.

client subscription expiration date (globalClientLicDate)

The date of license/subscription expiration for this global client. If this date is exceeded, no upload and download of global PB will be done! This field is readonly.

Enable the Global-Black-Penalty (DoGlobalBlack)

Enables the upload and download of Black-Penalty-Box-Entries, if the client is registered on the global-PB-server.

Value for Global-Black-PB Entries (globalValencePB)

This penalty-value will be given to downloaded Black-Penalty-Box-Entries. As long as entries have the "GLOBALPB" state, they will never become extreme-Black. It is recommended to set this value above PenaltyLimit!

Expiration for Global-PB-Black Records (globalBlackExpiration)

Global-Black-Penalties will expire after this number of hours.

Enable the Global-White-Penalty (DoGlobalWhite)

Enables the upload and download of White-Penalty-Box-Entries, if the client is registered on the global-PB-server.

Expiration for Global-PB-White Records(days) (globalWhiteExpiration)

Global-White-Penalties will expire after this number of days.

Download List and Regex Updates from GPB-Server (GPBDownloadLists, default=download)

Select, if assp should download updates for lists and regular expressions from the global penaltybox server. Downloads will be done to the 'download' folder. If install is selected, the downloaded lines will merged in to the defined files (file:...). If you want to disable a specific line in any of your files, do not delete the line, instead commed it out - putting an '#' or ';' in front of the line. If any list is not configured using the 'file:...' option, only the download will be done, even if install is selected.

Download Plugin and Library Updates from GPB-Server (GPBautoLibUpdate)

Select, if assp should download updates for Plugins or Library-Files (../lib) from the global penaltybox server. Downloads will be done to the 'download' folder. If install is selected, the downloaded Plugins and/or modules will be installed in to there original location, if an older version of the file still exists. If an older version is not found, only the download will be done. To activate updated Plugins or modules a restart of assp is required. This feature will not force an automatic restart of assp!.

Notes On Global Penalty Box

Delaying/Greylisting

SPF/SRS

DNSBL

Enable DNS Blacklist Validation (ValidateRBL)

This requires an installed Net::DNS module in PERL. Scoring is done with rblValencePB for 'fail' and rblnValencePB for 'neutral' results. Testmode is set with rblTestMode.

Enable DNSBL logging (RBLLog)

Don't do DNSBL for these IPs* (noRBL)

Enter IP addresses that you don't want to be DNSBL validated, separated by pipes (|). For example: 145.145.145.145|145.146.

Whitelisted DNSBL Validation (RBLWL)

Enable DNSBL for whitelisted messages

NoProcessing DNSBL Validation (RBLNP)

Enable DNSBL for noprocessing messages

Add X-Assp-DNSBL Header (AddRBLHeader)

Add X-Assp-DNSBL header to messages with positive reply from DNSBL.

RBL Service Providers* (RBLServiceProvider)

Names of DNSBLs to use separated by "|" or name of list 'file:files/dnsbls.txt'. Defaults are:
zen.spamhaus.org=>1|bl.spamcop.net=>1|bb.barracudacentral.org=>1|combined.njabl.org=>1|safe.dnsbl.sorbs.net=>1|psbl.surriel.com=>2|ix.dnsbl.manitu.net=>2|dnsbl-1.uceprotect.net=>2|dnsbl-2.uceprotect.net=>4.
DNSBL providers can be classified like bl.spamcop.net=>1. '1' is the most trustworthy class. '6' is the least trustworthy class. Numbers above 6 will be used as score directly. The value of the class acts as a divisor of rblValencePB. So bl.spamcop.net=>1 would score 50, bl.spamcop.net=>2 would score 25 if rblValencePB is set to 50. If the sum of scores surpasses rblValencePB, the DNSBL check fails. If not, the DNSBL check will be considered 'neutral' and use the resulting score.
Some RBL Service Providers, like blackholes.five-ten-sg.com, provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:

RBL-Service-Provider=>result-to-watch=>weight (like:)
blackholes.five-ten-sg.com=>127.0.0.2=>3
blackholes.five-ten-sg.com=>127.0.0.5=>4
blackholes.five-ten-sg.com=>127.0.?.*=>5

You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same RBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.

Maximum Replies (RBLmaxreplies)

A reply is affirmative or negative reply from a DNSBL.
The DNSBL module will wait for this number of replies (negative or positive) from the DNSBLs listed under Service Provider for up to the Maximum Time(RBLmaxtime).
This number should be equal to or less than the number of DNSBL Service Providers listed to allow for randomly unavailable DNSBLs.

Show All Possible Hits (Showmaxreplies)

Show all hits instead of stopping at RBLmaxhits.

Maximum Hits (RBLmaxhits, default=2)

A hit is an affirmative response from a DNSBL.
The DNSBL module will check all of the DNSBLs listed under Service Provider. If the number of hits is greater or equal Maximum Hits, the email is flagged failed.
If the number of hits is greater 0 and less Maximum Hits, the email is flagged neutral.
RBLmaxhits is ignored if the RBLServiceProvider are classified (weighted), the email is flagged failed if weights for all URIs is greater or equal RBLvalencPB.

Maximum Time (RBLmaxtime)

This sets the maximum time in seconds to spend on each message performing DNSBL checks.

Socket Timeout (RBLsocktime)

This sets the DNSBL socket read timeout in seconds.

Early DNSBL Cache Blocking (ForceRBLCache)

If set and ValidateRBL is enabled, ASSP will use cached DNSBL hits to block messages before Delaying. Note: rblTestMode or allTestMode will disable the early execution.

DNSBL Expiration Time (RBLCacheExp, default=24)

IPs in cache will be removed after this interval in hours. 0 will disable the cache.

DNSBL Cache Refresh Interval for Misses (RBLCacheExpMiss)

Domains in cache with status=2 (miss) will be removed after this interval in hours. Empty or 0 will prevent caching of non-hits.

Notes On DNSBL

URIBL

Enable URI Blocklist Validation

(ValidateURIBL)

Enable URI Blocklist. Messages that fail URIBL validation will receive URIBLError SMTP error code. This requires an installed Net::DNS module and an installed Email::MIME::Modifier module in PERL. Scoring is done with uriblValencePB, testmode is set with uriblTestMode.

Enable URIBL logging (URIBLLog)

Do URI Blocklist Validation for Whitelisted (URIBLWL)

URIBL check is done ignoring all spamlovers and testmodes!

Do URI Blocklist Validation for NoProcessing (URIBLNP)

URIBL check is done ignoring all spamlovers and testmodes!

Do URI Blocklist Validation for Local Mails (URIBLLocal)

Do URI Blocklist Validation for ISP/Secondary (URIBLISP)

URIBL Service Providers* (URIBLServiceProvider)

Domain Names of URIBLs to use separated by "|". You may set for every provider a weight like multi.surbl.org=>50|black.uribl.com=>25.
The value of the weight can be set directly like=>45 or as a divisor of URIBLmaxweight . Low numbers < 6 are divisors . So if URIBLmaxweight = 50 (default) multi.surbl.org=>50 would be the same as multi.surbl.org=>1, multi.surbl.org=>2 would be the same as multi.surbl.org=>25.
If the sum of weights of all found uris surpasses URIBLmaxweight, the URIBL check fails. If not, the URIBL check is scored as "neutral" . URIBLmaxhits is ignored when weights are used.
Some URIBL Service Providers, like multi.surbl.org and black.uribl.com , provides different return codes in a single DNS-zone: like 127.a.b.c - where a,b,c are used to identify a weight or type (or what ever) of the returned entry. If you want to care about special return codes, or if you want to use different weights for different return codes, you should use the following enhanced entry syntax:

URIBL-Service-Provider=>result-to-watch=>weight (like:)
multi.surbl.org=>127.0.0.2=>2
multi.surbl.org=>127.0.0.4=>3
multi.surbl.org=>127.0.0.?=>4
multi.surbl.org=>127.0.0.*=>5

You can see, the wildcards * (multiple character) and ? (single character) are possible to use in the second parameter. Never mix the three possible syntax types for the same URIBL Service Provider. An search for a match inside such a definition is done in reverse ASCII order, so the wildcards are used as last.

URIBL Country Code TLDs* (URIBLTLDS)

List of one level country code TLDs

URIBL Country Code TLDs* (URIBLCCTLDS)

List of two level country code TLDs and three level country code TLDs used to determine the base domain of the uri. Two level TLDs will be checked on third level, third level TLDs will be checked on fourth level. Any not listed domain will be checked in level two.

Maximum URIs (URIBLmaxuris)

More than this number of URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.

Maximum Unique Domain URIs (URIBLmaxdomains)

More than this number of unique domain URIs in the body will increase scoring with uribleValencePB. Enter 0 to disable feature.

Disallow Obfuscated URIs

(URIBLNoObfuscated)

When enabled, messages with obfuscated URIs of types [integer/octal/hex IP, other things!] in the body will will increase scoring with uribleValencePB and if weights are used, the double weight will be used.

Check for 'DOT' in URI (URIBLcheckDOTinURI)

When enabled, assp will also check for the used word 'DOT' instead of a '.' in URI's like 'exampledotcom or example!d o-t_com' .
Enable this feature only, if you don't expect any problems in your national language (using 'dot' + a toplevel domain in any words).

Maximum Replies (URIBLmaxreplies)

A reply is affirmative or negative reply from a URIBL.
The URIBL module will wait for this number of replies (negative or positive) from the URIBLs listed under Service Provider
for up to URIBLmaxtime. This number should be equal to or less than the number of URIBL Service Providers
listed to allow for randomly unavailable URIBLs.

Maximum Hits (URIBLmaxhits)

A hit is an affirmative response from a URIBL.
The URIBL module will check all of the URIBLs listed under Service Provider,
and flag the email with a URIBL failure flag if more than this number of URIBLs return a postive blacklisted response.
This number should be less than or equal to URIBLmaxreplies and greater than 0. If the number of hits is greater or equal URIBLmaxhits, the email is flagged failed. If the number of hits is greater 0 and less URIBLmaxhits, the email is flagged neutral
URIBLmaxhits is ignored if the URIBLServiceProvider are classified (weighted), the email is flagged failed if weights for all URIs is greater or equal URIBLvalencPB.

URIBL Maximum Weight (URIBLmaxweight)

A weight is a number representing the trust we put into a URIBL.
The URIBL module will check all of the URIBLs listed under URIBLServiceProvider for every URI found in an email. If the total of weights for all URIs is greater or equal this Maximum Weight, the email is flagged Failed.
If the total of weights is greater 0 and less Maximum Weight, the email is flagged Neutral . If not defined or set to zero only URIBLmaxhit will be used to detect a fail or neutral state.

Maximum Time (URIBLmaxtime)

This sets the maximum time in seconds to spend on each message performing URIBL checks.

Socket Timeout (URIBLsocktime)

This sets the URIBL socket read timeout in seconds.

Whitelisted URIBL Domains* (URIBLwhitelist)

This prevents specific domains from being checked by URIBL module. For example:files/uriblwhite.txt.

Don't Check Messages from these Addresses* (noURIBL)

Don't validate URIBL when messages come from these addresses. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).
For example: fribo@thisdomain.com|jhanna|@sillyguys.org

Add X-Assp-Received-URIBL Header (AddURIBLHeader)

Add X-Assp-Received-URIBL header to messages with positive reply from URIBL.

URIBL Cache Refresh Interval for Hits (URIBLCacheExp)

Domains in cache will be removed after this interval in hours. Empty or 0 will disable the cache.

URIBL Cache Refresh Interval for Misses (URIBLCacheExpMiss)

Domains in cache with status=2 (miss) will be removed after this interval in hours. Empty or 0 will use URIBLCacheExp for cache of non-hits.

Notes On URIBL

Attachment Checking

Checking (DoBlockExes)

Note:Attachment checking will only be done if Email::MIME::Modifier is installed. Scoring is done with baValencePB, testmode is set with attachTestMode.

Enable Attachment logging (AttachmentLog)

External Attachment Checking Level (BlockExes)

Set the level of Attachment Blocking to 1-3 for attachments that should be blocked, set level to 4 for attachments that should be allowed only. Choose 0 for no attachment blocking.

Whitelisted Attachment Checking (BlockWLExes)

Set the level of Attachment Checking to 0-4 for whitelisted senders. Choose 0 for no attachment blocking.

Local Attachment Checking (BlockLCExes)

Set the level of Attachment Blocking to 0-4 for local senders. Choose 0 for no attachment blocking.

NoProcessing Attachment Checking (BlockNPExes)

Set the level of Attachment Checking to 0-4 for noprocessing messages. Choose 0 for no attachment checking.

Level 1 rejected File Extensions (BadAttachL1)

This regular expression is used to identify Level 1 attachments that should be blocked.
Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it.
For example:
ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk
|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]

Level 2 rejected File Extensions (BadAttachL2)

This regular expression is used to identify Level 2 attachments that should be checked.
Level 2 already includes all rejected extensions from Level 1.
For example:
(ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|
lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]).zip

Level 3 rejected File Extensions (BadAttachL3)

This regular expression is used to identify Level 3 attachments that should be checked.
Level 3 includes Level 2 and Level 1.
For example:
zip|url

Level 4 Allowed File Extensions (GoodAttach)

This regular expression is used to identify attachments that should be allowed. All others are blocked. Separate entries with a pipe |. The dot . is assumed to precede these, so don't include it.
For example:
ai|asc|bhx|dat|doc|docx|eps|gif|htm|html|ics|jpg|jpeg|hqx|od[tsp]|pdf|ppt|rar|
rpt|rtf|snp|txt|xls|zip

Passing File Names (PassAttach)

This regular expression is used to identify attachments that should mark the message as noprocessing. If you enter extensions do not precede it with a dot. This will take precedence over any bad attachment.

Reply Code to Refuse Rejected Attachments (AttachmentError)

The literal FILENAME (case sensitive) will be replaced with the name of the blocked attachment!

Notes On Attachment Blocking

ClamAV and FileScan

Regex / Bombs

Bayesian Options

Enable Bayesian Logging (BayesianLog, default=standard)

Enables verbose logging of Bayesian checks in the maillog.

Bayesian Check

(DoBayesian, default=disabled)

If activated, the message is checked based on Bayesian factors in spamdb . This needs a fully functional spamdb built by rebuildspamdb. For starters it is best practice to put this inactiv and built the spamdb collection with the help of DSNBL ,URIBL and spamaddresses. Scoring is done with baysValencePB for external mails, baysValencePB_local is used for outgoing and internal mails - both values are multiplied with the detected baysProbability .

Bayesian Check on Whitelisted Senders (BayesWL)

Bayesian Check on NoProcessing Messages (BayesNP)

Bayesian Check on Local Senders (BayesLocal)

Bayesian Check Timeout (BayesMaxProcessTime, default=30)

The Bayesian Checks are the most memory and CPU consuming tasks that ASSP is doing on a message. If such tasks running to long on one message, other messages could run in to SMTPIdleTimeout. Define here the maximum time in seconds that ASSP should spend on Bayesian Checks for one message.

Skip Bayesian Check* (noBayesian)

Mail from/to any of these addresses are ignored by Bayesian check, mails will not be stored in spam/notspam collection. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (user*@example.com)

Skip Bayesian for this local senders* (noBayesian_local)

Mail from any of these local addresses are ignored by Bayesian check, mails will not be stored in spam/notspam collection. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com)

Bayesian Testmode User Addresses* (baysTestModeUserAddresses)

These users are in testmode ( mark subject only ) for bayesian spam, even with testmode off

Add Bayes Probability Header (AddSpamProbHeader, default=off)

Adds a line to the email header "X-Assp-Spam-Prob: 0.0123" Probability ranges from 0 to +1 where > 0.6 = spam.

Notes On Bayesian

Block Reporting

Enable Report logging (ReportLog, default=verbose)

Request Block Report (EmailBlockReport, default=assp-blockreport)

Any mail sent by local/authenticated users to this username will be interpreted as a request to get a report about blocked emails. Do not put the full address here, just the user part. For example: assp-blockreport
Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report.
All characters behind the "number of days" will be interpreted as a regular expression to overwrite the BlockReportFilter - leading and trailing white spaces will be ignored.
Only Users defined in EmailBlockTo, EmailAdmins and EmailAdminReportsTo are 'Admins' and can request a report for other users. They have to use a special syntax with '=>' in the body of the report request. The syntax is:
QueryAddress=>ReportRecipient=>ReportDays
There may be one or many lines with this syntax . For example:
user@domain and user@domain=>user@domain - will send a report for this user to this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in this domain to this user
user@domain=>recipient@any-domain - will send a report for user@domain to recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which the report should be created. The default (if empty or not defined) is one day. This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The second parameter is here empty or *.
To overwrite the defined BlockReportFilter, you can define a fourth parameter, which contains the regular expression to use.
*@domain=>*=>14=>virus|newsletter - creates a report for 14 days and skips all lines that contains the words 'virus' or 'newsletter'.
If an admin emails a block report request and specifies a filter in the subject of the email and a fourth parameter in the body, both regular expressions will be merged in to a single regex for each line.
If you or a user want the default BlockReportFilter to become part of the overwrite regex, the literal '$BRF' should be inluded in the regex like:
*@domain=>*=>14=>virus|$BRF|newsletter - or even in the subject of the email
In this case the literal '$BRF' will be replaced by the BlockReportFilter.
Only Admins are able to request blockreports for non local email addresses. For example:
user@non_local_domain=>recipient@any-domain=>4
*@non_local_domain=>recipient@any-domain=>4
This will result in an extended blockreport for the non local address(es). Replace 'non_local_domain' with the domain name you want to query for.
It is possible to change the complete design of the BlockReports to your needs, using a html-css file. An default css-file 'blockreport.css' is in the image folder.
There you can also find a default icon file 'blockreporticon.gif' and a default header-image-file 'blockreport.gif' - which is the same like 'logo.gif'. There is no need to install that fles. If assp can not find this files in its image folder, it will use default hardcoded css and icon. If the file 'blockreport.gif' is not found 'logo.gif' will be used.

Reply to Block-Report Request (EmailBlockReply)

Request Blocked Email Domain (EmailBlockReportDomain, default=@assp-notspam.org)

This is used to generate the addresses in blockreports to which the users can send a request to receive blocked messages. For example: @oneofyourlocaldomains.com.

Queue User Block Report Requests (QueueUserBlockReports)

How to process block report requests for users (not EmailBlockTo, EmailAdmins, EmailAdminReportsTo).
'run instantly' - the request will be processed instantly (not stored).
'store and run once at midnight' - the request will be stored/queued, runs at QueueSchedule, and will be removed from queue after that
'store and run scheduled' - the request will be stored/queued, runs permanently scheduled at BlockReportSchedule until it will be removed from queue - a '+' in the subject is not needed
'run delayed' - the request will be stored and processed during the next minutes
To add a request to queue the user has to send an email to EmailBlockReport. Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report.
If 'run instantly','run delayed' or 'store and run once at midnight' is selected, but a user wants to schedule a permanent request, a leading '+' before the digits in subject is required.
To remove a request from queue the user has to send an email to EmailBlockReport with a leading '-' in the subject.

Runtime for Queued Requests (QueueSchedule)

Runtime hour for reports in QueueUserBlockReports. Set a number between 0 and 23. 0 means midnight and is default

Forward The Blockreportrequest to other ASSP (BlockRepForwHost)

If you are using more than one ASSP (backup MX), define the IP:relayPort of the other ASSP here (separate multiple entries by "|"). The Blockreportrequest will be forwarded to this ASSP and the user will get a blockreport from every ASSP. The perl module Net::SMTP is required to use this feature.

Send Copy of Block-Reports TO (EmailBlockTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

File for Blockreportrequest (BlockReportFile)

A file with BlockReport requests. ASSP will generate a block report for every line in this file (file:files/blockreportlist.txt - file: is required if defined!) every day at midnight for the last day. The perl modules Net::SMTP and Email::MIME::Modifier are required to use this feature. A report will be only created, if there is at least one blocked email found! The syntax is:
QueryAddress=>ReportRecipient=>ReportDays
There may be one or many lines with this syntax. For example:
user@domain and user@domain=>user@domain - will send a report for this user to this user
*@domain (better use) *@domain=>* - will send a report for every blocked user in this domain to this user
*@* - creates a report for all local users in all local domains
user@domain=>recipient@any-domain - will send a report for user@domain to recipient@any-domain
*@domain=>recipient@any-domain - will send a report for every blocked user in this domain to recipient@any-domain
A third parameter is possible to set, which defines the number of days for which the report should be created. The default (if empty or not defined) is one day. This value is used to calculate the 'next run date'. For example:
*@domain=>recipient@any-domain=>2 - creates a report for two days.
*@domain=>*=>14 - creates a report for 14 days.
user@domain=>=>3 or user@domain=>*=>3 - creates a report for three days. The second parameter is here empty or *!
To overwrite the defined BlockReportFilter, you can define a fourth parameter, which contains the regular expression to use.
*@domain=>*=>14=>virus|newsletter - creates a report for 14 days and skips all lines that contain the words 'virus' or 'newsletter'.
Only Admins are able to request blockreports for non local email addresses. For example:
user@non_local_domain=>recipient@any-domain=>4
*@non_local_domain=>recipient@any-domain=>4
This will result in an extended blockreport for the non local address(es). Replace 'non_local_domain' with the domain name you want to query for.

Runtime BlockReportFile (BlockReportSchedule)

Runtime hour for reports in BlockReportFile. Set a number between 0 and 23. 0 means midnight and is default.

Generate a BlockReport from BlockReportFile Now (BlockReportNow)

If selected, ASSP will generate a block report from BlockReportFile now.

Max Search time per log File (BlockMaxSearchTime)

The maximum time in seconds, the Blockreport feature spends on searching in one log file. If this value is reached, the next log file will be processed. A value of 0 disables this feature and all needed log files will be fully processed.

The format of the Report Email (BlockReportFormat, default=text only)

Block reports will be sent as multipart/alternative MIME messages. They normaly contains two parts, a plain text part and a html part. Select "text only" or "html only" if you want to skip any of this parts.
To make it possible to detect a resent email, ASSP will add a header line "X-Assp-Resend-Blocked: myName" to each email!

My HTTP Name (BlockReportHTTPName)

The hostname for HTTP links in AdminUsers Blockreports and use of the webSecondaryPort. If not defined the local hostname will be used.

Regular Expression to Skip Log Records* (BlockReportFilter)

Put anything here to identify messages which should not be reported. For example: \[Virus\]|\[BlackDomain\]

Include a Resend-Link for every resendable email (inclResendLink)

Block reports will be sent as multipart/alternative MIME messages. They contains two parts, a plain text part and a html part. If a blocked email is stored in any folder, it is possible to include a link for each email in to the report. Define here what you want ASSP to do. Note: File name logging (fileLogging) must be on! The perl module Email::Send is required to use this feature.

Which Link Should be included (BlockResendLink, default=both)

If HTML is enabled in inclResendLink, two links (one on the left and one on the right site) will be included in the report email by default. Depending on the used email clients it could be possible, that one of the two links will not work for you. Try out what link is working and disable the other one, if you want.

User which get the Left link only* (BlockResendLinkLeft)

List of users and domains that will get the left link only. The setting for BlockResendLink will be ignored for this entries!

User which get the right link only* (BlockResendLinkRight)

List of users and domains that will get the right link only. The setting for BlockResendLink will be ignored for this entries!

Delete Mails in Spam Folder (DelResendSpam)

If selected, an user request to resend a blocked email will delete the file in the spamlog folder - an admin request will move the file to the correctednotspam folder.

Automatic add Resend Senders to Whitelist (autoAddResendToWhite, default=Users and Admins)

If a resend request is made by any of the selected users, the original sender of the resent mail will be added to whitelist.

Notes On Block Reporting

Email Interface

Enable Email Interface

(EmailInterfaceOk)

Checked means that you want ASSP to intercept and parse mails to the below usernames at any domain which is listed in localDomains. You can use 'assp.local' or '@assp-notspam.org' because they are automatically included. The interface accepts mails only from local senders coming from acceptAllMail or through relayPort or from authenticated SMTP connections. For exceptions see EmailSenderOK

Admin Mail Address (EmailAdminReportsTo)

Warnings/infos will be sent to this address. For example: admin@domain.com

From Address for Reports (EmailFrom, default=<postmaster@assp-notspam.org>)

Email sent from ASSP acknowledging your submissions will be sent from this address. For example:

Help Address (EmailHelp, default=assp-help)

Any mail sent by local/authenticated users to this username will be interpreted as a request for help. Do not put the full address here, just the user part. For example: assp-help. The user would then send to assp-help@anylocaldomain.com.

Authorized Addresses* (EmailAdmins)

Mail from any of these addresses can add/remove to/from redlist, spamlovers, noprocessing. May request an EmailBlockReport for a list of users. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com)

Accept Emails (Reports) from these external addresses* (EmailSenderOK)

Allow these external domains/addresses to send to the email interface. This overwrites the standard behaviour, which allows only reqests from local or authenticated users. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com)

Not Authorized Addresses* (EmailSenderNotOK)

Mail from any of these addresses are not accepted from Email Interface. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com).

Ignore Not Authorized Addresses* (EmailSenderIgnore)

Mail from any of these addresses are not accepted from Email Interface, except "Help Report", "Analyze Report" and "Block Report/Resend". Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). The user will get not informed about the denied request.

Report Spam to this Address (EmailSpam)

Any mail sent or forwarded by local/authenticated users to this username will be interpreted as a report about a Spam that got through (counts 2x). Do not put the full address here, just the user part. For example: assp-spam. The user would then send to assp-spam@anylocaldomain.com.
This works best if the mails are reported as attachments or copied into a new mail (header and body), because forwarding the mail will remove the original header. You can sent multiple emails as attachments. Each attached email-file must have the extension defined in "maillogExt". In this case only the attachments will be processed. Multiple attachments get truncated to MaxBytesReports. To use this multi-attachment-feature an installed Email::MIME::Modifier module in PERL is needed.

Report NotSpamto this Address (EmailHam)

Any mail sent or forwarded by local/authenticated users to this username will be interpreted as a good mail that was mistakenly listed as spam (counts 4x). Do not put the full address here, just the user part. For example: assp-help. The user would then send to assp-notspam@anylocaldomain.com
This works best if the mails are reported as attachments or copied into a new mail (header and body) because forwarding the mail will remove the original header. You can sent multiple emails as attachments. Each attached email-file must have the extension defined in "maillogExt". In this case only the attachments will be processed. Multiple attachments get truncated to MaxBytesReports. To use this multi-attachment-feature an installed Email::MIME::Modifier module in PERL is needed.

Error Max Bytes (MaxBytesReports)

How many bytes of an error report (EmailHam, EmailSpam) will ASSP look at. For example: 20000.

Reply to Spam/NotSpam Reports (EmailErrorsReply)

Send Copy of Spam/NotSpam Reports TO (EmailErrorsTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Spam/NotSpam Report will modify Whitelist (EmailErrorsModifyWhite)

If set to 'modify whitelist' NotSpam Reports will add email addresses to the Whitelist, Spam Reports will remove addresses from the Whitelist. If set to 'show whitelist' Spam Reports will show if addresses are whitelisted. This works best if the mails are reported as attachments or copied into a new mail (header and body) because forwarding the mail will remove the original header.

Combined Spam Report and NoProcessing Deletion (EmailErrorsModifyNoP)

If set to 'modify noProcessing' Spam Reports will remove email addresses from noProcessing list. If set to 'show noProcessing' Spam Reports will show if addresses are on noProcessing list.

Add to Whitelist Address (EmailWhitelistAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add addresses to the whitelist. Whole domains can be added by putting a wildcard in the userpart of the address: '*@example.com'.
Do not put the full address here, just the user part. For example: assp-white. The user would then send to assp-white@anylocaldomain.com.

Remove from Whitelist Address (EmailWhitelistRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove addresses from the whitelist.
Do not put the full address here, just the user part.For example: assp-notwhite. The user would then send to assp-notwhite@anylocaldomain.com.

Allow Whitelist Removals for Admins only (EmailWhiteRemovalAdminOnly)

Only the users defined in EmailWhitelistTo, EmailAdmins and EmailAdminReportsTo are able to remove addresses from the whitelist.

Reply to Add to/Remove from Whitelist (EmailWhitelistReply)

Add Whitelist Removals To Redlist (EmailWhiteRemovalToRed)

Addresses which are removed from Whitelist via EmailWhitelistRemove will automatically be added to the Redlist. The address can only be added again to the Whitelist after it is removed from the Redlist.

Send Copy of Whitelist-Reports TO (EmailWhitelistTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Add to Redlist Address (EmailRedlistAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the redlist. Only the users defined in EmailRedlistTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
Do not put the full address here, just the user part. For example: assp-red. The user would then send to assp-red@anylocaldomain.com.

Remove from Redlist Addresses (EmailRedlistRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from the redlist. Only the users defined in EmailRedlistTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
Do not put the full address here, just the user part. For example: assp-notred. The user would then send to assp-notred@anylocaldomain.com.

Reply to Add to/Remove from Redlist (EmailRedlistReply)

Send Copy of Redlist-Reports TO (EmailRedlistTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Add to SpamLover Addresses (EmailSpamLoverAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to spamLovers. Only the users defined in EmailSpamLoverTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
Do not put the full address here, just the user part. For example: assp-spamlover. To use this option, you have to configure spamLovers in a plain ASCII file one address per line: file:files/bombre.txt".

Remove from SpamLover Addresses (EmailSpamLoverRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from spamLovers. Only the users defined in EmailSpamLoverTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
Do not put the full address here, just the user part.
For example: assp-notspamlover

Reply to Add to/Remove from SpamLovers (EmailSpamLoverReply)

Send Copy of Spamlover-Change-Reports TO (EmailSpamLoverTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Add to NoProcessing Addresses (EmailNoProcessingAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to the noProcessing addresses. Only the users defined in EmailNoProcessingTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
Do not put the full address here, just the user part. For example: assp-nop. To use this option, you have to configure noProcessing in a plain ASCII file one address per line: "file:files/noprocessing.txt"

Remove from noProcessing Addresses (EmailNoProcessingRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the sender address from noProcessing .
Do not put the full address here, just the user part. Only the users defined in EmailNoProcessingTo, EmailAdmins and EmailAdminReportsTo are able to define a list of email addresses in the mail body.
For example: assp-notnop. To use this option, you have to configure noProcessing in a plain ASCII file one address per line: "file:files/noprocessing.txt"

Reply to Add to/Remove from noProcessing (EmailNoProcessingReply)

Send Copy of NoProcessing-Change-Reports TO (EmailNoProcessingTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Add to BlackListed Addresses (EmailBlackAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add to blackListedDomains. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition.
Do not put the full address here, just the user part. For example: assp-black. To use this option, you have to configure blackListedDomains in a plain ASCII file one address per line: "file:files/blackdomains.txt"

Remove from BlackListed Addresses (EmailBlackRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove from blackAddresses .
Do not put the full address here, just the user part. Only the users defined in EmailAdmins and EmailAdminReportsTo are able to request an addition.
For example: assp-notblack. To use this option, you have to configure blackAddresses in a plain ASCII file one address per line: "file:files/blackAddresses.txt"

Spam/NotSpam Report will modify Personal Blacklist (EmailErrorsModifyBlack)

Spam Reports will add email addresses to the Personal Blacklist, NotSpam Reports will remove addresses from the Personal Blacklist.

Add to Personal BlackListed Addresses (EmailPersBlackAdd)

Any mail sent by local/authenticated users to this username will be interpreted as a request to add the listed address(es) to the personal blackListed addresses. Do not put the full address here, just the user part.
For example: assp-persblack.
The add and remove is done via email-interface, by sending specific email addresses to 'EmailPersBlackAdd' and 'EmailPersBlackRemove'. Whole domains can be blocked by putting a wildcard in the userpart of the address: '*@example.com'. A local user can force a complete report about all his personal black list entries by sending an empty add request. Only an admin can force a complete cleanup of all personal black entries for a specific email address for all local users - sending an email to 'EmailPersBlackRemove' with the address followed by ',*' in the body eg: address_to_remove@the_domain.foo,*

Remove from Personal BlackListed Addresses (EmailPersBlackRemove)

Any mail sent by local/authenticated users to this username will be interpreted as a request to remove the listed address(es) from the personal blackListed addresses .
Do not put the full address here, just the user part.
For example: assp-notpersblack.
The add and remove is done via email-interface, by sending specific email addresses to 'EmailPersBlackAdd' and 'EmailPersBlackRemove'. A local user can force a complete report about all his personal black list entries by sending an empty remove request. Only an admin can force a complete cleanup of all personal black entries for a specific email address for all local users - sending an email to 'EmailPersBlackRemove' with the address followed by ',*' in the body eg: address_to_remove@the_domain.foo,*

Reply to Add to/Remove from BlackListed (EmailBlackReply)

Send Copy of Black-Change-Reports TO (EmailBlackTo)

Email sent from ASSP acknowledging your submissions will be sent to this address. For example: admin@domain.com

Request Analyze Report (EmailAnalyze)

Any mail sent or forwarded by local/authenticated users to this username will be interpreted as a request for analyzing the mail. Do not put the full address here, just the user part. For example: assp-analyze

Reply to Analyze Request (EmailAnalyzeReply)

Send Copy of Analyze-Reports (EmailAnalyzeTo)

A copy of the Analyze-Report will be sent to this address. For example: admin@domain.com

Spam and Ham Reports will trigger an additional Analyze Report (DoAdditionalAnalyze)

Additional Analyze Report will be generated for Spam and Ham Reports. Setting the TO Address accordingly and choosing EmailAnalyzeTo will send the Analyze Report to the admin only.

Allow '=' in Addresses (EmailAllowEqual)

Allow '=' in addresses to be whitelisted or redlisted.

Legacy: Don't reply to messages to the Email Interface (NoHaiku)

Check this option to suppress all email reports

Notes On Email Interface

File Paths

Directory Base (base, default=.)

All paths are relative to this folder.
Note: Display only.

Spam Collection (spamlog)

The folder to save the collection of spam emails. This directory will be used in building the spamdb. For example: spam

Not-spam Collection (notspamlog)

The folder to save the collection of not-spam emails. This directory will be used in building the spamdb. For example: notspam

OK Mail (incomingOkMail)

The folder to save non-spam (message ok). These are messages which are considered as HAM, but are not stored in the standard HAM folder because of our policy to use only confirmed HAM messages (whitelisted or local) for SpamDB. If you want to keep copies of ok mail then put in a directory name. This directory will not be used in building the spamdb.

Discarded Spam (discarded)

The folder to save discarded spam-messages. These are Spam messages which are not stored for building the spamdb but for resending with an EmailBlockReport. If you want to keep copies of discarded Spam then put in a directory name.

Attachment/Virus Collection (viruslog)

The folder to save rejected attachments and virii. Leave this blank to not save these files (default). If you want to keep copies of rejected content then put in a directory name. Note: you must create the directory. This directory will not be used in building the spamdb. For example: quarantine

False-negative Collection (correctedspam)

Spam that got through -- counts double. This directory will be used in building the spamdb. For example: errors/spam

False-positive Collection (correctednotspam)

Good mail that was listed as spam, count 4x. This directory will be used in building the spamdb. For example: errors/notspam

try to resend this files (resendmail)

ASSP will try to resend the files in this directory to the original recipient. The files must have the "maillogExt" extension and must have the SMTP-format. ASSP will try to send every file up to ten times (with 5 minutes delay). If the resend fails ten times, the file will be renamed to *.err, on success the file will be deleted!
For example: resendmail. This requires an installed Email::Send module in PERL.

Extension for Mail Files (maillogExt)

Enter the file extension (include the period) you want appended to the mail files in the mail collections. For Example: .eml

Spam Bayesian Database File (spamdb)

The output file from rebuildspamdb.pl.

Last Run Rebuildspamdb

Email Whitelist Database File (whitelistdb)

The file with the whitelist.
Write "mysql" to use a MySQL table instead of a local file, in this case you need to edit the MySQL parameters starting with myhost.

Email Redlist Database File (redlistdb)

The file with the redlist.
Write "mysql" to use a MySQL table instead of a local file, in this case you need to edit MySQL parameters starting with myhost.
The Redlist serves several purposes:
- the Redlist is a list of addresses that cannot contribute to the whitelist and which are not considered local even if their mail is from a local computer. For example, if someone goes on a vacation and turns on their autoresponder, put them on the redlist until they return. Then as they reply to every spam they receive they won't corrupt your non-spam collection or whitelist. There is also a redRe available where you can put some text from standard out of office messages, to automatically add a local user to the redlist when they send the out of office message, for example: \[autoreply\]
- Redlisted addresses will not be added to the Whitelist. This is used by EmailWhiteRemovalToRed to prevent repeated adding to the whitelist. So if somebody whitelisted ebay@ebay.com you will surely remove that from the whitelist, but you can also be sure, that somebody will add that address again. Putting ebay@ebay.com into the redlist will give that pause.
- Redlisted messages will not be stored in the SPAM/NOTSPAM-collection if DoNotCollectRedList and/or DoNotCollectRedRe is set.

LDAP/VRFY Cache (ldaplistdb)

The file with the LDAP/VRFY-cache, see also LDAPShowDB and LDAPcrossCheckInterval.

LDAP/VRFY Not Found Cache (ldapnotfounddb)

The file with the LDAP/VRFY-NotFound-Cache, see also LDAPShowNotFound.

Drop also Connections from these IP's* (droplist)

Automatically downloaded (http://www.spamhaus.org/drop/drop.lasso) list of IP's which should be blocked right away.

Delaying Database (delaydb)

The file with the delay database.
Write "mysql" to use a MySQL table instead of a local file, in this case you need to edit the MySQL parameters starting with myhost.

Personal Blacklist Database File (persblackdb)

The file with the personal blacklist. The check of the personal black list is done shortly after the RCPT TO: command. This command will be rejected if an entry is found - any other setting except send250OK and send250OKISP will be ignored.

GReyIPlist Database (griplist)

The file with the current GRey-IP-List database -- make this blank if you don't use it.

MySQL hostname or IP (myhost)

You need Tie::RDBM to use MySQL instead of local files.
This way you can share whitelistdb, delaydb and redlistdb between servers if "mysql" is written into their file-path.

MySQL database name (mydb)

This database must exist before starting ASSP, necessary tables will be created automatically into this database

MySQL username (myuser)

This user must have CREATE privilege on the configured database in order for tables to be created automatically

MySQL password (mypassword)

ASSP Logfile (logfile)

Blank if you don't want a log file. Change it to maillog.log if you don't want auto rollover. NOTE: Changing this field requires restarting ASSP before changes take effect.

PID File (pidfile)

Blank to skip writing a pid file. *nix users need pid files. Leave it blank in Windows.
You have to restart the service before you get a pid file in the new location.

Notes On File Path

Copy Spam/Ham

Copy Spam and Send to this Address (sendAllSpam)

ASSP will deliver a copy of spam emails to this address if the collection mode in the collection section is set to do so (eg. baysSpamLog ). For example: spammonitor@example.com. The address can be different depending on the recipient. The literal USERNAME (case sensitive) is replaced by the user part of the recipient, the literal DOMAIN (case sensitive) is replaced by the domain part of the recipient. For example: USERNAME@Spam.DOMAIN, USERNAME+Spam@DOMAIN, spammonitor@DOMAIN

Copy Spam and Send to this Address per Domain* (ccSpamInDomain)

ASSP will deliver an additional copy of spam emails of a domain to this address - if the domain of the recipient-address is matched. For example: monitorspam@example1.com|monitor@example2.com.

SMTP Destination for Spam Copies (sendAllDestination)

Port to connect to when Spam messages are copied. If blank they go to the main smtpDestination. eg "10.0.1.3:1025".

Copy Spam to these Recipients Only* (ccSpamFilter)

Restricts Copy Spam to these recipients. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

Copy Spam to these Recipients always* (ccSpamAlways)

Copy Spam to these recipients regardless of collection mode. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

Do Not Copy Spam Regular Expression* (ccSpamNeverRe)

Never Copy Spam regardless of collection mode. Put anything here to identify messages which should not be copied.

Do Not Copy Messages Above This MessageTotal score (ccMaxScore)

Messages whose score exceeds this threshold will not be copied. For example: 75

Cut Copied Spam to MaxBytes Lenght (ccMaxBytes)

MaxBytes will be used to cut off copied mails, thereby reducing the load considerably.

Prepend Spam Subject to Copied Spam (spamSubjectCC)

If set spamSubject gets prepended to the subject of the copied message.

Prepend Spam Tag to Copied Spam (spamTagCC)

The check which caused the spam detection will be prepended to the subject of the message. For example: [DNSBL]

SMTP Destination for Ham Copies (sendAllHamDestination)

Port to connect to when Ham messages are copied. If blank they go to sendAllDestination. eg "10.0.1.3:1025"

Copy Incoming Ham and Send to this Address (sendHamInbound)

If you put an address in this box ASSP will forward a copy of notspam messages from outside to this address. The literal USERNAME is replaced by the user part of the recipient, the literal DOMAIN is replaced by the domain part of the recipient. For example: archiv@example.com, USERNAME@mybackup.domain, catchallforthis@DOMAIN

Copy Outgoing Ham and Send to this Address (sendHamOutbound)

If you put an address in this box ASSP will forward a copy of outgoing notspam messages to this address.

Copy Ham Filter* (ccHamFilter)

Copy Not-Spam to these addresses only. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

Do Not Copy Ham Filter* (ccnHamFilter)

Do Not Copy Ham to these addresses. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Wildcards are supported (fribo*@example.com).

ccMail Recipient Replacement (ccMailReplaceRecpt)

The recipient replacement (ReplaceRecpt) rules from the "Recipients/Local Domains" section, will be used to replace ccMail recipients. For example: sendHamInbound = USERNAME@yourspamdomain.lan - in this case you are able to detect the target domain "yourspamdomain.lan" in a rule and you can replace the recipient/domain depending on its values and/or on the senders address.

Notes On CC Messages

Collecting

Spam Collect Addresses* (spamaddresses)

Mail to any of these addresses are always spam and will contribute to the spam-collection unless from someone on the whitelist. If you want to use invalid addresses readdress them using sendAllCollect. If sendAllCollect is empty sendAllSpam will be used. Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com). Scoring is done using saValencePB.

Catchall Address for Spam Collect Addresses (sendAllCollect)

ASSP will readdress messages addressed to spamaddresses to this address.
For example: collect@example.com

Do Not Collect Messages from/to these Addresses* (noCollecting)

Accepts specific addresses (user@example.com), user parts (user) or entire domains (@example.com).

Do Not Collect Messages - Content Based* (noCollectRe)

If the content of a collected file (incl. X-ASSP-... headers) matches this regular expression, it will be deleted from the collection after the mail is completely processed.
If the ASSP_ARC plugin is used, the file will be deleted from the collection after it was archived. This is the only "no collect" option which removes an already collected file, all other options will prevent assp from creating a collection file - if set to "no collection". The check is limited to MaxBytes or at max 100000 Bytes.

Use Subject as Maillog Names (UseSubjectsAsMaillogNames)

You can turn this on to help you manually identify mail in your spam and non-spam collections.

Max Number of Duplicate File Names (MaxAllowedDups)

The maximum number of logged files with the same filename (subject) that are stored in the spam folder (spamlog), if UseSubjectsAsMaillogNames is selected. A low value reduces the number of possibly duplicate mails, assuming that mails with the same subject will have the same content. A value of 0 disables this feature. If this number of files with the same filename is reached, new files will be stored in the 'discarded' folder, which has to be defined ( in addition to spamlog ) for this feature to work.

Regular Expression to Allow Unlimited Duplicates * (AllowedDupSubjectRe)

Messages with subject matching this regular expression will be collected regardless of the setting in MaxAllowedDups .

Max Length of File Names (MaxFileNameLength)

The maximum character count that is used from the mail subject to build the file name of the logged file, if UseSubjectsAsMaillogNames is selected. This could be usefull, if your mail clients having trouble to build the resend file name (right button - URL) correctly in block reports. Every non printable character will be replaced by a 4 byte string in this link.

Do Not Delete Whitelisted Spams (KeepWhitelistedSpam)

Mails matching Whitelist will not be deleted from the Spam folder.

Do Not Collect Bounced Mails (DoNotCollectBounces)

Mails matching BounceSenders will not be collected.

Don't Collect Mail (NoMaillog)

Check this if you're using Whitelist-Only and don't care to save mail to build the Bayesian database.

Max Files (MaxFiles)

Maximum number of files to keep in each collection (spam and nonspam)

Max Bytes (MaxBytes, default=10000)

How many bytes of the message will ASSP look at? Mails stored in the collecting folders will be truncated to this size if StoreCompleteMail is not set.

Store the Complete Mail (StoreCompleteMail, default=up to 500 kByte)

If set, ASSP will analyze only MaxBytes of the mail, but will store the complete mail up to the selected limit. This could be usefull for example, if you want to resend blocked messages. Be carefull using this option, your disk could be filled up very fast!

OK Mail (baysNonSpamLog)

Where to store non spam (message ok) messages. These are messages which are considered as HAM, but should not stored in the standard HAM folder because of our policy to use only confirmed HAM messages (whitelisted or local) for SpamDB. Set incomingOkMail accordingly if you choose 'okmail folder'.

Non Spam (NonSpamLog)

Where to store whitelisted/local non spam messages.

Store Spam (SpamLog)

Set this to 'disabled' if you do not want to store any Spam regardless of settings in. Default: enabled (store in folder spamlog ).

NoProcessing OK Mails (noProcessingLog)

Where to store noprocessing OK mails.

Rejected Attachments (AttachLog)

Where to store rejected mail+attachments.

Virus Infected (SpamVirusLog)

Where to store virus infected messages.

SpamBombs (spamBombLog)

Where to store spam bombs -> DoBombSenderRe, DoBombHeaderRe, DoBombRe.

Black Regular Expressions (BlackReLog)

Where to store Black Regular Expressions -> DoBlackRe.

Do not collect Spam Bombs detected during scoring modus (DoNotCollectBombs)

Scripts - DoScriptRe (scriptLog)

Where to store scripted messages. Default: spam folder ( spamlog ) and sendAllSpam

Blacklisted Domains - DoBlackDomain (blDomainLog)

Where to store blacklisted domain messages.

Blacklisted Helos - useHeloBlacklist (spamHeloLog)

Where to store spam helo messages.

Forged Helos - DoFakedLocalHelo (forgedHeloLog)

Where to store forged helo messages.

Invalid Helos - DoInvalidFormatHelo (invalidHeloLog)

Where to store invalid helo messages.

Spam Collect Addresses (spamBucketLog)

Where to store emails addressed to Spam Collect Addresses.

Bayesian Spams - DoBayesian (baysSpamLog)

Where to store Bayesian spam messages.

DNSBL Failures - ValidateRBL (RBLFailLog)

Where to store DNSBL Failure spam messages.

SPF Failures - ValidateSPF (SPFFailLog)

Where to store SPF Failure spam messages.

URIBL Failures - ValidateURIBL (URIBLFailLog)

Where to store URIBL Failure spam messages.

SRS Failures - EnableSRS (SRSFailLog)

Where to store SRS Failure (not signed bounces) spam messages.

Missing MX Record (spamMXALog)

Where to store Missing MX record rejected messages. Recommended: spam folder ( spamlog ) & sendAllSpam

Invalid Local Sender - DoNoValidLocalSender (spamISLog)

Where to store messages from a local domain with an unknown userpart.

Blocked Country - DoCountryBlocking, DoOrgBlocking (spamSBLog)

Where to store messages from a blocked country.

Message Limit Blocks - DoPenaltyMessage (spamMSLog)

Where to store Message Scoring Limit rejected messages.

PenaltyBox Blocks - DoPenalty (spamPBLog)

Where to store PB rejected messages.

Denied IP numbers - DoDenySMTP (spamDenyLog)

Where to store IP denied messages.

Backscatter check failed (BackLog)

Where to store FBMTV rejected messages.

Non Spam Collection Frequency (freqNonSpam)

Store every n'th non spam message. If you set the value to 10 then every 10th message is logged. These frequency settings are for ASSP users with a mature installation who experience heavy mail or spam volumes. Enter a larger value if the non spam corpus is being refreshed too quickly.

Spam Collection Frequency (freqSpam)

Store every n'th spam message. The same as for non spam but helps prevent spam corpuses being skewed by flooding. It is recommended that this be set depending on spam volume.

Notes On Collecting

Logging

LDAP Setup

Enable LDAP logging (LDAPLog)

Do LDAP lookup for valid local addresses (DoLDAP)

Check local addresses against an LDAP database before accepting the message.
Note: Checking this requires filling in the other LDAP parameters like LDAPHost.
This requires an installed NET::LDAP module in PERL.

LDAP Host(s)

(LDAPHost)

Enter the DNS-name(s) or IP address(es) of the server(s) that run(s) the LDAP database. Second entry is backup. For example: localhost. Separate entries with pipes: LDAP-1.domain.com|LDAP-2.domain.com

LDAP Query Timeout (LDAPtimeout)

Timeout when connecting to the remote server.

LDAP Login (LDAPLogin)

Most LDAP servers require a login and password before they allow queries.
Enter the DN specification for a user with sufficient permissions here.
For example: cn=Administrator,cn=Users,DC=yourcompany,DC=com

LDAP Password (LDAPPassword)

Enter the password for the specified LDAP login here.

LDAP Version (LDAPVersion)

Enter the version for the specified LDAP here.

LDAP Root container for Local Domains (ldLDAPRoot)

The LDAP lookup will use this container and all sub-containers to match the local domain query.
The literal DOMAIN is replaced by the domain part of SMTP recipient (eg. domain.com) during the search.
For example: DC=yourcompany,DC=com.
If you use DOMAIN here, you must check "LDAP failures return false" below or non local domains will be treated as local. If not defined, LDAPRoot will be used.

LDAP Filter for Local Domains (ldLDAPFilter)

This filter is used to query the LDAP database. This strongly depends on the LDAP structure.
The filter must return an entry if the domain must be relayed.
The literal DOMAIN (case sensitive) will be replaced by the domain name during the search.

LDAP Root container for Local Addresses (LDAPRoot)

The LDAP lookup will use this container and all sub-containers to match the local email address query.
The literal DOMAIN is replaced by the domain part of SMTP recipient (eg. domain.com) during the search.
For example: DC=yourcompany,DC=com.
If you use DOMAIN here, you must check "LDAP failures return false" below or non local domains will be treated as local.

LDAP Filter for Local Addresses (LDAPFilter)

This filter is used to query the LDAP database. This strongly depends on the LDAP structure.
The filter must return an entry if the recipient address matches with that of any user.
The literal EMAILADDRESS is replaced by the fully qualified SMTP recipient (eg. user@example.com) during the search.
The literal USERNAME (case sensitive) is replaced by the user part of SMTP recipient (eg. user) during the search.
The literal DOMAIN (case sensitive) is replaced by the domain part of SMTP recipient (eg. domain.com) during the search.
For example: (proxyaddresses=smtp:EMAILADDRESS) or (|(mail=EMAILADDRESS)(mailaddress=EMAILADDRESS))

Clean Up local LDAP Database (LDAPcrossCheckInterval)

Delete outdated entries from the LDAP cache. Crosscheck LDAP cache to LDAP server and delete not existing entries.
Note: the current timeout must expire before the new setting is loaded, or you can restart. Defaults to 24 hours. Is only used, if ldaplistdb is defined in the filepath section.

force to run LDAP/VRFY-CrossCheck - now. (forceLDAPcrossCheck)

ASSP will force to run a LDAP/VRFY-CrossCheck now!

Show local LDAP/VRFY Database (LDAPShowDB)

The directory/file with the LDAP/VRFY 'found' file. If you change ldaplistdb in section Filepath you must change it here too.

Show LDAP/VRFY Not Found Cache (LDAPShowNotFound)

The directory/file with the LDAP/VRFY 'not found' file. If you change ldapnotfounddb in section Filepath you must change it here too.

Max LDAP/VRFY cache Days (MaxLDAPlistDays)

This is the number of days an address will be kept on the local LDAP cache without any email to this address. 0 disables the cache.

LDAP failures return false (LDAPFail)

LDAP failures return false when an error occurs in LDAP lookups.

Notes On LDAP

Backscatter Detection

Do Message-ID Signing (DoMSGIDsig, default=score)

If activated, the message-ID of each outgoing message will be signed with an unique Tag and every incoming mail from BounceSenders will be checked against this. This tagging is called FBMTV for "FBs Message-ID Tag Validation" and is worldwide unique to ASSP. This tag will be removed from any incoming email, to recover the original references in the mail header. Scoring is done with msigValencePB, testmode is set with sigTestMode.
This check requires an installed Digest::SHA1 module in Perl.

Enable Message-ID signing logging (MSGIDsigLog)

Message-ID pre-Tag for MSGID-TAG-generation (MSGIDpreTag, default=assp)

To use Message-ID signing and to create the MSGID-Tags, a pre-Tag is needed. This Tag must be 2-5 characters [a-z,A-Z,0-9] long.

Message-ID Secrets for MSGID-TAG-generation* (MSGIDSec, default=0=fbmtv)

To use Message-ID signing and to generate the MSGID-Tags, at least one secret key is needed, up to ten are possible.
The notation is : generationnumber[0-9]=secretKey. Multiple paires are separated by pipes (|). Do not define spaces, tabs and '=' as part of the keys(secrets)!

Do MSGID-Signing For These Addresses Only* (MSGIDsigAddresses)

Only messages from any of these addresses will be tagged and checked by FBMTV. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). If empty FBMTV is done for all addresses.

Skip Message-ID signing, mail content dependend* (noMSGIDsigRe, default=out of officeI|on leave)

Use this to skip the Message-ID tagging depending on the content of the email. If the content of the email matches this regular expression (checking MaxBytes only), FBMTV will not be done. For example: 'I am out of office' .

Skip Message-ID signing for Redlisted mails (noRedMSGIDsig)

If selected, FBMTV will not be done for redlisted emails!

Do DNS-Backscatter Detection (DoBackSctr, default=disabled)

If activated, the IP-address of each message received for null sender,bounced or postmaster will be checked against the list below. DNS base checks requires an installed Net::DNS module in Perl.
For more information about backscatter detection please read http://www.backscatterer.org/?target=usage.

Enable DNS-Backscatter detection logging (BacksctrLog)

Backscatter-DNS Cache Refresh Interval (BackDNSInterval)

IP's in cache will be removed after this interval in days. 0 will disable the cache.

ServiceProvider for Backscatterer Detection* (BackSctrServiceProvider)

ServiceProvider for DNS check on Backscatterer. Possible value is ips.backscatterer.org for DNS check.

The following configurations are valid for all Backscatter Detection Options!

Send 250 OK if Backscatter Detection fails (Back250OKISP)

If Backscatter check fails for a bounced mail , ASSP will send "250 OK" , but will discard the mail, if the check is configured to block! 'To ISP' means sender in ispip.

Backscatter Detection checks Whitelisted mail (BackWL)

Tagging will be always done, if not excluded by address or domain!

Backscatter Detection checks NoProcessing mail (BackNP)

Tagging will be always done, if not excluded by address or domain!

Regular Expression to Skip all BackScatter Checks* (noBackSctrRe)

If the content of a mail matches these regular expressions, all BackScatter checks will be skipped.

Do not Backscatter detection for these Addresses * (noBackSctrAddresses)

Mail to and from any of these addresses will not be tagged and checked by the backscatter option. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).

Exclude these IP numbers and Hostnames from any Backscatter detection* (noBackSctrIP)

Enter IP numbers and Hostnames that you want to exclude from FBMTV, separated by pipes (|).

Notes On Backscatter Detection

DNS Setup

Use System Default DNS (UseLocalDNS)

Use system default DNS Name Servers.

Show DNS Name Servers Response Time in Log (DNSResponseLog, default=off)

You can use this to arrange DNSServers for better performance. Put the fastest first.

Overwrite Domain Name Servers* (DNSServers)

Note: UseLocalDNS must be disabled.

DNS Query Timeout (DNStimeout)

Global DNS Query Timeout for DNSBL, RWL, URIBL, PTR, SPF, MX and A record lookups.

DNS Query Retry (DNSretry)

Global DNS Query Retry. Set the number of times to try the query.

DNS Query Retrans (DNSretrans)

Global DNS Query Retransmission Interval. Set the retransmission interval.

Notes On DNS Setup

SSL/TLS

Enable TLS support on listenPorts (enableSSL)

This enables STARTTLS on listenPort, listenPort2 and relayPort if the paths to your SSL Certificate ( SSLCertFile ) and SSL Key (SSLKeyFile) are set correctly. If you do not have valid certificates, you may generate both files online with www.mobilefish.com or you may use OpenSSL to generate Self-signed SSL certificates!. Changing this requires a restart of ASSP.

Enable SSL logging (SSLLog)

Exclude these IP numbers and Hostnames from TLS* (noTLSIP)

Enter IP numbers and Hostnames that you want to exclude from starting TLS. For example, put all IP numbers here, which have trouble to switch to TLS every time.

Disable SSL support on listenPorts (NoTLSlistenPorts)

This disables TLS/SSL on the listenPorts listenPort , listenPort2 and relayPort . The listener definition here has to be the same like in the port definitions. Separate multiple entries by "|".

Examples: 25, 127.0.0.1:25, 127.0.0.1:25|127.0.0.2:25

Retry TLS on "SSL want a read first" error (SSLRetryOnError, default=on)

If selected, ASSP retries 3 times to establish a TLS connection, if the peer was not ready after STARTTLS because of a "SSL want a read/write first" error.

SSL Timeout (SSLtimeout, default=180)

SSL/TLS negotiation will timeout after this many seconds.

TLS Error Cache Refresh Interval (SSLCacheExp)

If a connection fails with 'TSL negotiation with client failed' or 'Connection idle .. timeout' the connecting IP will be stored into this cache. ASSP will not offer STARTTLS to IP numbers in the error cache. The entry will be removed after this interval in days. 0 will disable the error cache.

SSL Certificate File (PEM format) (SSLCertFile, default=/usr/share/assp/certs/server-cert.pem)

Full path to the file containing the server's SSL certificate, for example : '/etc/ssl/certs/yourdomain.com.crt' or 'c:/assp/certs/server-cert.pem'. A general cert.pem file is already provided in /usr/share/assp/certs/server-cert.pem

SSL Key File (PEM format) (SSLKeyFile, default=/usr/share/assp/certs/server-key.pem)

Full path to the file containing the server's SSL privat key, for example: '/etc/ssl/private/yourdomain.com.key' or '/usr/local/etc/ssl/certs/assp-key.pem' or 'c:/assp/certs/server-key.pem'. A general key.pem file is already provided in /usr/share/assp/certs/server-key.pem

SSL Privat Key Password (SSLPKPassword)

Optional parameter. If your privat key ' SSLKeyFile ' is password protected, assp will need this password to decrypt the server's SSL privat key file.

SSL Certificate Authority File (SSLCaFile)

Optional parameter to enable chained certificate validation at the client side. Full path to the file containing the server's SSL certificate authority, for example : /usr/local/etc/ssl/certs/assp-ca.crt or c:/assp/certs/server-ca.crt. A general ca.crt file is already provided in '/usr/share/assp/certs/server-ca.crt'. The default value is empty and leave it empty as long as you don't know, how this parameter works.

SMTPS Listen Port (listenPortSSL)

The port number on which ASSP will listen for SMTPS connections. This is only for legacy clients like Eudora. Hint: If you set this port to 465, you must not set "listenPort" and "listenPort2" to 465.

Examples: 465

Force SMTP AUTH on SMTP Secure Listen Port (EnforceAuthSSL)

Do not allow clients to connect to listenPortSSL without Authentication.

SSL Destination (smtpDestinationSSL)

The IP address and port number to connect to when mail is received on listenPortSSL. The primary smtpDestination will be used if this field is empty (recommended).

Examples:127.0.0.1:565, [::1]:565

Debug Level for SSL/TLS (SSLDEBUG)

Set the debug-level for SSL/TLS. Increasing the level will produce more information to STDOUT

Notes On SSL Setup

Automatic Update / Restart

Prevent Multiple ASSP Processes (NoMultipleASSPs, default=on)

If set, ASSP will try to find out, if it is already running.

Auto Update the Running Script (assp.pl) (AutoUpdateASSP, default=no auto update)

No action will be done if 'no auto update' is selected. You'll get a hint in the GUI (top) and a log line will be written, if a new version is availabe at the dolwnload location.
If 'download only' is selected and a new assp version is available, this new version will be downloaded to the directory /usr/share/assp/download (assp.pl) and the syntax will be checked. The still running script will be saved version numbered to the download directory.
If 'download and install' is selected, in addition the still running script will be replaced by the new version.
Configure ( AutoRestartAfterCodeChange ), if you want the new version to become the active running script.
The perl module Compress::Zlib is required to use this feature.

AutoUpdate with Developer Version (AutoUpdateASSPDev)

Run Auto Update Now (AutoUpdateNow)

If selected, ASSP will run Auto Update.

Enforce Termination on new or changed assp.pl Script (ForceRestartAfterCodeChange)

ASSP will terminate even if AutoRestartCmd is not configured. This is only useful if you run ASSP inside an external loop.

Automatic Restart ASSP on new or changed assp.pl Script (AutoRestartAfterCodeChange)

If selected, ASSP will restart it self, if it detects a new or changed running script. An automatic restart will be done only, if ASSP runs as a Service on Windows or AutoRestartCmd is configured. Leave this field empty to disable the feature. Possible values are 'immed and 1...23' . If set to 'immed', assp will restart within some seconds after a detected code change. If set to '1...23' the restart will be scheduled to that hour. A restart at 00:00 is not supported.

Automatic Restart after Exception (AutoRestart)

If ASSP detects a main exception and a AutoRestartCmd, it will try to restart itself.

Mainloop Timeout (MainloopTimeout, default=360)

Mainloop will timeout after this many seconds.

Automatic Restart after Timeout (AutoRestartAfterTimeOut, default=off)

If ASSP detects a mainloop timeout and a AutoRestartCmd is configured, it will try to restart itself.

OS-shell command for AutoRestart (AutoRestartCmd, default=sleep 30;"/usr/local/bin/perl"...)

The OS level shell-command that is used to autorestart ASSP, if it runs not as a service. A possible value for your system is:
sleep 30;"/usr/local/bin/perl" "/usr/share/assp/assp.pl" "/usr/share/assp" &Put a dummy command here 'cd .', if ASSP runs inside an external loop. If you use runAsUser make sure to start ASSP with root privileges (sudo).

Restart Interval (AutoRestartInterval)

ASSP will automatically terminate and restart after this many hours. Use this setting to periodically reload configuration data, combat potential memory leaks, or perform shutdown/startup processes. This will only work properly if ASSP runs as a Windows service or AutoRestartCmd is configured.

Notes On Automatic Update / Restart

Administration Interface

Server Setup

Enable Maintenance logging (MaintenanceLog)

Charset for STDOUT and STDERR (ConsoleCharset)

Set the characterset for the console output to your local needs. Default is "System Default" - no conversion. Restart is required!

Charset for Maillog (LogCharset)

Set the characterset/codepage for the maillog output to your local needs. Default (and best) on non Windows systems is "UTF-8" if available or "System Default" - no conversion. On Windows systems set it to your local codepage or UTF-8 (chcp 65001). To display nonASCII characters in the subject line and maillog files names setup decodeMIME2UTF8 . Restart is required!

Decode MIME Words To UTF-8 (decodeMIME2UTF8)

If selected, ASSP decodes MIME encoded words to UTF8. This enables support for national languages to be used in Bombs , Scripts , Spamdb , Logging. If not selected, only US-ASCII characters will be used for this functions. This requires an installed Email::MIME::Modifier module in PERL.

Run ASSP as a Windows Service (AsAService)

In Windows NT/2000/XP/2003 ASSP can be installed as a service. This setting tells ASSP that this has been done -- it does not install the Windows service for you. Installing ASSP as a service requires several steps which are detailed in the Quick Start for Win32 doku page.
Information about the Win32::Daemon module which which is necessary can be found here: The Official Win32::Daemon Home Page
requires ASSP restart

Run ASSP as a Daemon (AsADaemon, default=off)

In Linux/BSD/Unix/OSX fork and exit. Similar to the command "perl assp.pl &", but better.
Changing this requires a restart of ASSP.

Run as UID (runAsUser)

The *nix user name to assume after startup (*nix only).

Examples: assp, nobody

Changing this requires a restart of ASSP.

Run as GID (runAsGroup)

The *nix group to assume after startup (*nix only).

Examples: assp, nobody

Changing this requires a restart of ASSP.

Change Root (ChangeRoot)

The new root directory to which ASSP should chroot (*nix only). If blank, no chroot jail will be used. Note: if you use this feature, be sure to copy or link the etc/protocols file in your chroot jail.
Changing this requires a restart of ASSP.

Set ASSP File Permission on Startup (setFilePermOnStart)

If set, ASSP sets the permission of all ASSP- files and directories at startup to full (0777)!

Check ASSP File Permission on Startup (checkFilePermOnStart)

If set, ASSP checks the permission of all ASSP- files and directories at startup - all files must be writable for the running job - the minimum permission is 0600!

My Name (myName, default=ASSP.nospam)

ASSP will identify itself by this name in the email "Received:" header and in the helo when sending report-replies. Usually the fully qualified domain name of the host.

Examples: assp.example.com

My Helo (myHelo)

How ASSP will identify itself when connecting to the target MTA.
transparent - the Helo of the sender will be used
use myName - myName will be used
use Hostname - name of host assp is running on, should be a fully qualified FQDN

assp.cfg (asspCfg)

For internal use only : assp.cfg file.

Automatic Reload ConfigFile (AutoReloadCfg)

If selected and the assp.cfg file is changed externaly, ASSP will reload the configuration from the file.

assp.cfg version (asspCfgVersion, default= )

This is the current assp.cfg version.

Proxy Server (proxyserver)

The Proxy Server to use when uploading global statistics and downloading the greylist.

Examples: 192.168.0.1:8080, 192.168.0.1

Proxy User (proxyuser)

The Proxy-UserName that is used to authenticate to the proxy.

Proxy Password (proxypass)

The password for Proxy-UserName that is used to authenticate to the proxy.

Size of TCP/IP Buffer (OutgoingBufSizeNew)

If ASSP talks to the internet over a modem change this to 4096.

Schedule time for HouseKeeping (HouseKeepingSchedule)

ASSP uses the scheduled hour to run cache-housekeeping. For example '3' will run cache-housekeeping at 3.00. Use 24 to run it at midnight.

Upload Consolidated Spam Statistics (totalizeSpamStats)

ASSP will upload its statistics to be consolidated with the global ASSP totals. This is a great marketing tool for the ASSP project — please do not disable it unless you have a good reason to do so. No private information is being disclosed by this upload.

Reload Option Files Interval (ReloadOptionFiles, default=60)

If set not to zero, ASSP reloads configuration option files (file:.....) every this many seconds if they have changed externally.

Ordered-Tie Hash Table Size (OrderedTieHashTableSize)

The number of entries allowed in the hash tables used by ASSP and rebuildspamdb.pl. Larger numbers require more more RAM but result in fewer disk hits. The default value is 10000. Adjust down to use less RAM.

Module Call Timeout (ALARMtimeout)

Global Timeout for calling other modules.

Use Local Time (UseLocalTime)

Use local time and timezone offset rather than UTC time in the mail headers.

Notes On Server Setup

Rebuild SpamDB / GrIP

Auto Update rebuildspamdb.pl (AutoUpdateREBUILD)

No action will be done if 'no auto update' is selected or AutoUpdateASSP is disabled.
If 'download only' is selected and a new assp version is available, the newest rebuildspamdb.pl will be downloaded to the directory /usr/share/assp/download .
If 'download and install' is selected, the old rebuildspamdb.pl will be saved to download directory (rebuildspamdb.pl_old) and replaced by the new version.
The perl module Compress::Zlib is required to use this feature.

Schedule time for RebuildSpamdb (RebuildSchedule)

If not set to 0 ASSP uses scheduled hours to run RebuildSpamdb.pl. For example '6|18' will run rebuildspamdb.pl at 6.00 and 18.00. Use 24 to run it at midnight. '*' will schedule it every hour. '*/n' will schedule it every n hour.

OS-shell command for AutoRestart (RebuildCmd)

The OS level shell-command that is used to start rebuildspamdb.pl, if it runs not as a separate task. A possible value for your system is:
"/usr/local/bin/perl" "/usr/share/assp/rebuildspamdb.pl" "/usr/share/assp" silent &
You may overwrite it with your own script. Note that the parm 'silent' must be used.

Run RebuildSpamdb Now (RebuildNow)

If selected, ASSP will run RebuildSpamdb.pl now.

Notification Email To (RebuildNotify)

Email address(es) to which you want ASSP to send a notification email after the rebuild task is finished. Separate multiple entries by "|". If empty no notify will take place. This requires an installed Email::Send module in PERL.

Automatic Corpus Correction (autoCorrectCorpus)

(Syntax: a.a[a]-b.b[b]-cccc-dd or empty - default is "0.5-1.5-10000-14") If the corpus norm (the weight between spamwords/hamwords) is less than "a" (0.5 - too much ham) or greater than "b" (1.5 - too much spam), assp will delete the excess (oldest) files from the corresponding folder ( spamlog , notspamlog ). ASSP will keep a minimum of "c" (10000) files in the folder and will never delete files that are younger than "d" days. This cleanup will run at the end of the rebuildspamdb task. So the corrected file corpus will take effect at the next rebuildspamdb!

Don't Upload Griplist Stats (noGriplistUpload)

Check this to disable the Griplist upload when rebuildspamdb runs. The Griplist contains IP numbers and their values between 0 and 1, lower is less spammy, higher is more spammy. This value is called the grip value.

Don't auto-download the Griplist file (noGriplistDownload)

Set this checkbox, if you don't use the Griplist.

Run GriplistDownload Now (GriplistDownloadNow)

If selected, ASSP will download the Griplist now.

Don't do Griplist for these IP numbers and Hostnames* (noGRIP)

Enter IP numbers and Hostnames that you don't want to get gripvalues from. For example:server.example.com|145.145.145.145|145.146.

Full Griplist Download Period (DoFullGripDownload)

The Global Griplist is downloaded once in full, then only deltas are downloaded each day subsequently. This option forces a new full download after this many days. Leave it blank to not force new full downloads. Recommended: 30 days.

Max Age of non Bayes Files (MaxNoBayesFileAge, default=31)

The maximum file age in days of every file in every non bayesian collection folder ( incomingOkMail , discarded , viruslog ). If defined and a file is older than this number in days, the file will be deleted.

Max Days of Keep Deleted (MaxKeepDeleted, default=7)

The maximum number in days deleted files in the bayesian collection folders ( spamlog , notspamlog ) will be kept. This is necessary when EmailBlockReport is used to handle the file and the file is meanwhile deleted. The list of files that are maked for deletion is stored in trashlist.db .

Max Corrected File Age (MaxCorrectedDays)

This is the number of days a error report will be kept in the correctednotspam and correctedspam folders.

Notes On Rebuild

POP3 Collecting

POP3 Configuration File* (POP3ConfigFile)

The file with a valid POP3 configuration. Only the file: option is allowed to use.
If the file exists and contains at least one valid POP3 configuration line and POP3Interval is configured, assp will collect the messages from the configured POP3-servers.
Each line in the config file contains one configuration for one user.
All spaces will be removed from each line.
Anything behind a # or ; is consider a comment.
If the same POP3-user-name is used mutiple times, put two angles with a unique number behind the user name. The angles and the number will be removed while processing the configuration.
e.g: pop3user<1> will result in pop3user - or - myName@pop3.domain<12> will result in myName@pop3.domain
It is possible to define commonly used parameters in a separate line, which begins with the case sensitive POP3-username "COMMON:=" - followed by the parameters that should be used for every configured user.
A commonly set parameter could be overwritten in every user definition.
Each configuration line begins with the POP3-username followed by ":=" : e.g myPOP3userName:=
This statement has to followed by pairs of parameter names and values which are separated by commas - the pairs inside are separated by "=".
e.g.: POP3username:=POP3password=pop3_pass,POP3server=mail.gmail.com,SMTPsendto=demo@demo_smtp.local,......
The following case sensitive keywords are supported in the config file:

POP3password=pop3_password
POP3server=POP3-server or IP[:Port]
SMTPsender=email_address
SMTPsendto=email_address or <TO:> or <TO:email_address>
SMTPserver=SMTP-server[:Port]
SMTPHelo=myhelo
SMTPAUTHuser=smtpuser
SMTPAUTHpassword=smtppass
POP3SSL=0/1

POP3SSL, SMTPHelo, SMTPsender, SMTPAUTHuser and SMTPAUTHpassword are optional.
If POP3SSL is set to 1 - POP3S will be done! The Perl module IO::Socket::SSL is required for POP3S!
If SMTPsender is not defined, the FROM: address from the header line will be used - if this is not found the POP3username will be used.
If the <TO:> syntax is used for SMTPsendto, the mail will be sent to any recipient that is found in the "to: cc: bcc:" header lines if it is a local one.
If the <TO:email_address> syntax is used for SMTPsendto, the literals NAME and/or DOMAIN will be replaced by the name part and/or domain part of the addresses found in the "to: cc: bcc:" header lines. This makes it possible to collect POP3 mails from a POP3 account, which holds mails for multiple recipients.
For example: <TO:NAME@mydomain.com> or <TO:NAME@subdomain.DOMAIN> or <TO:central-account@DOMAIN>
If the <TO:> or <TO:email_address> syntax is used for SMTPsendto, "localDomains" and/or "localAdresses_Flat" must be configured to prevent too much error for wrong recipients defined in the "to: cc: bcc:" header lines. The POP3collector will not do any LDAP or VRFY query!
If you want assp to detect SPAM, use the listenPort or listenPort2 as SMTP-server.
To use this feature, you have to install the perl script "assp_pop3.pl" in the assp-base directory.

POP3 Collecting Interval (POP3Interval)

The interval in minutes, assp should collect messages from the configured POP3-servers. A value of zero disables this feature.

POP3 Keep Rejected Mails on POP3 Server (POP3KeepRejected)

If selected, any collected POP3 mail that fails to be sent via SMTP will be kept on the POP3 server.

POP3 debug (POP3debug)

If selected, the POP3 collection will write debug output to the log file. Do not use it, unless you have problems with the POP3 collection!

Notes On POP3 collecting

Fields marked with at least one asterisk (*) accept a list separated by '|' (for example: abc|def|ghi) or a file designated as follows (path relative to the ASSP directory): 'file:files/filename.txt'. Putting in the file: will prompt ASSP to put up a button to edit that file. files is the subdirectory for files. The file does not need to exist, you can create it from the editor by saving it. The file must have one entry per line; anything on a line following a numbersign or a semicolon ( # ;) is ignored (a comment).
It is possible to include custom-designed files at any line of such a file, using the following directive
# include filename
where filename is the relative path (from /usr/share/assp) to the included file like files/inc1.txt or inc1.txt (one file per line). The line will be internally replaced by the contents of the included file!

Fields marked with two asterisk (**) accept a weight value. Every weighted regex has to be followed by '=>' and the weight value. For example: Phishing\.=>1.45 or FOR YOUR HEALTH=>0.7. The multiplication result of the weight and the penaltybox valence value will be used for scoring, if the absolute value of weight is less or equal 6. Otherwise the value of weight is used for scoring directly. It is possible to define negative values .
Note: Every weighted item that contains at least one '|' has to begin and end with a '~' - inside such regexes it is not allowed to use a '~', even it is escaped - for example: ~abc\~|def~=>23 or ~abc~|def~=>23.
If any parameter that allowes the usage of weighted regular expressions is set to "block", but the sum of the resulting weighted penalty value is less than the corresponding "Penalty Box Valence Value" (because of lower weights) - only scoring will be done!
The literal 'SESSIONID' will be replaced by the unique message logging ID in every SMTP error reply.
The literal 'MYNAME' will be replaced by the configuration value defined in 'myName' in every SMTP error reply.

If the internal name is shown in light blue like (uniqueIDPrefix) , this indicates that the configured value differs from the default value. To show the default value, move the mouse over the internal name. Click on the internal name to reset the value to the default.

IP ranges are defined as for example '182.82.10.'. CIDR notation is accepted (182.82.10.0/24). Hyphenated ranges can be used (182.82.10.0-182.82.10.255).
Text after the range (and before a numbersign) will be accepted as comment to be shown in a match. For example:
182.82.10.0/24 Yahoo #comment to be removed.

'kill -HUP 3986' will load settings from disk. 'kill -USR2 3986' will save settings to disk.

Load Config From Disk:	Panic Button:


ASSP Version: 1.9.2.5(1.0.00)	White/Redlist/Tuplets	SMTP Connections	View Maillog Tail
Started: Thu Jan 5 12:34:36 2012	Mail Analyzer	Info and Stats	Shutdown/Restart