ASSP - Setup question

Discussion, support and announcements for third party applications that work with MailEnable.
Post Reply
dreniarb
Posts: 316
Joined: Mon Jan 19, 2004 5:00 pm
Location: Marion, IN

ASSP - Setup question

Post by dreniarb » Thu Jul 03, 2008 5:45 pm

Got ASSP installed and running. Right now I have it listening on port 1025, and have the destination set to 25. I'm don't feel ready to let it answer on port 25 yet.

When I telnet to 127.0.0.1 1025, mailenable responds. I was expecting ASSP to respond. I know ASSP is listening on 1025 because if I stop the service, I can't telnet to that port number.

I've scoured the configuration pages, but don't see anything that leads me to know what's going on. It's very odd. I've tried googling my question, but I guess I'm not wording it right.

Any help is appreciated.

btw, my main goal with ASSP is to authenticate incoming mail against the auth.tab file, turn on greylisting, and add a prefix to the subject of any spam coming through.

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Thu Jul 03, 2008 5:53 pm

ASSP runs transparent. If ASSP is listening on port 1025 and then connecting to MailEnable... the answer you will get will be MailEnable's answer.

Basically ASSP receives your request... calls ME, receives ME's response and then sends that response to you.

In ASSP's config there is a line that says
Skip Local Domain Check (nolocalDomains)
Do not check relaying based on localDomains. Let the mailserver do it
If you check that box, it will allow ME to do all the authentication for you. That is how my config is setup.
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

dreniarb
Posts: 316
Joined: Mon Jan 19, 2004 5:00 pm
Location: Marion, IN

Post by dreniarb » Thu Jul 03, 2008 7:21 pm

Thanks for the quick response. Much appreciated. I'm in no hurry, but it's nice to be able to keep on it.

In this post:

http://forum.mailenable.com/viewtopic.p ... light=assp

You say:
It runs in front of your ME installation and sorts out the mail before it ever reaches ME.
I've also seen comments from people in other posts about the smtp connector running more stable, processor consumption being down, etc etc.

But if ME is responding to every connection, how is there any improvement? And how can ASSP sort out the mail before ME sees it?

The setup I pictured was ASSP takes the connection, verifies the addresses and authentication via the auth.tab and/or address-map.tab files. Scans the email, tags it or moves it, etc etc. Then once it's done with it, passes it on to ME.

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Thu Jul 03, 2008 7:53 pm

Yes the SMTP connector is more stable
Yes there is WAY lower CPU usage

Basically ASSP sees the message and does a quick AUTH lookup with ME (aside from the .TAB files) then it runs the message thru a battery of tests to make sure it is not spam. If the message passes the test, it is then sent on to ME where you dont need to be doing double scanning (URLBL, SPF, Greylist, Virus, etc). Also since ME is only receiving connections on valid messages, it does not have to do so much work.

The reason ASSP doesn't directly use the .TAB files is because it is designed to run on various email servers (not just ME). Another way to do AUTH lookup is to manually type in all of your valid domains in ASSP. This works, however is not at total AUTH, but just a general idea... it also means that every time you add a new domain, you have to login and add the entry.

My server processes an average of 30,000 emails a day with an average CPU usage of 2-5 %. (P4 3.0, 2GB Ram)
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

dreniarb
Posts: 316
Joined: Mon Jan 19, 2004 5:00 pm
Location: Marion, IN

Post by dreniarb » Mon Jul 07, 2008 2:02 pm

Ok, been watching it for a while, it's making more sense now. ASSP passes the telnet session commands on to ME (thus the "transparent proxy" portion that i couldn't get through my head), and if ME accepts the sender and/or recipient it then scans the message before passing it to ME. I like it because I can still use my ME logs to track things down. Although it's kind of frustrating to see only the 192.168.x.x ip address instead of the sending servers public ip, but i know i can get that from the assp logs if i really need it.

I do have another question though, I don't think it needs to be on a different thread since it still pertains to setup.

I've got all my mail going through ASSP now. It's basically just adding the header info, not blocking anything. I'm still using the ME bayesian filter for now.

I have two new filters set up in ME. One checks for "X-Assp-Spam: YES", and if found, forwards the email to assp_spam@mydomain.com. The other checks for a 60% probability on the ME bayesian header and forwards the email to me_spam@mydomain.com. allows me to do a comparison of the two.

ASSP is a bit ahead of the ME filter right now. However, I've still found spam that ME has caught, but ASSP has missed. I look at the header info, and it's quite confusing.

for example, a typical header from something assp tagged as spam:
Received: from 9d24acb8325c4e7 ([192.168.1.10]) by mydomain.com with MailEnable ESMTP; Mon, 07 Jul 2008 08:40:35 -0400
Received: from 9d24acb8325c4e7 ([122.136.187.217] helo=9d24acb8325c4e7) by
ASSP.nospam; 7 Jul 2008 08:40:32 -0400
Content-Return: allowed
X-Mailer: devMail.Net (3.0.1854.22234-2)
Return-Path: <dixon@dremrich.com>
Message-Id: <20080707164500.3220.qmail@9d24acb8325c4e7>
To: <dixond@mydomain.com>
Subject: ***ME-SPAM***Dear dixond@mydomain.com SALE 89% 0FF on Pfizer
From: VIAGRA ® Official Site <dixond@mydomain.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Assp-Re-Red: bounce
X-Assp-Score: 20 (ValidHelo)
X-Assp-Score: 20 (InvalidHelo)
X-Assp-Score: 20 (PTRmissing)
X-Assp-Spam-Level: ************
X-Assp-Tag: MessageLimit
X-Assp-Envelope-From: dixon@dremrich.com
X-Assp-Version: 1.3.3.8()
X-Assp-Redlisted: Yes
X-Assp-Spam: YES
X-Assp-Block: NO (Testmode)
X-Assp-ID: 4433c2457
X-Assp-Spam-Reason: Message Limit
X-Assp-Totalscore: 60
X-Assp-Score: 20 (bombSuspiciousRe)
X-Assp-Re-Suspicious: Unsubscribe
X-ME-Bayesian: 100.000000
X-ME-Spam: Low (45)
X-ME-Content: Deliver-To=Junk
Lot's of assp info. Now here's one with very little assp info:
Received: from mail2.ai.org ([192.168.1.10]) by mydomain.com with MailEnable ESMTP; Mon, 07 Jul 2008 09:01:19 -0400
Received: from mail2.ai.org ([208.40.244.182] helo=mail2.ai.org) by
ASSP.nospam; 7 Jul 2008 09:01:19 -0400
Received: from exchange01.ai.org (localhost [127.0.0.1])
by mail2.ai.org (Spam Firewall) with ESMTP id 3070C3939F5
for <jradams@mydomain.com>; Mon, 7 Jul 2008 09:05:18 -0400 (EDT)
Received: from exchange01.ai.org (exchange01.ai.org [10.8.49.45]) by mail2.ai.org with ESMTP id cAqs9UsvOExHgf8l (version=TLSv1 cipher=RC4-MD5 bits=128 verify=NO) for <jradams@mydomain.com>; Mon, 07 Jul 2008 09:05:17 -0400 (EDT)
Received: from app03.ai.org (10.8.51.73) by exchange01.ai.org (10.8.49.45)
with Microsoft SMTP Server id 8.1.278.0; Mon, 7 Jul 2008 09:05:15 -0400
Received: from app03 (localhost [127.0.0.1]) by app03.ai.org (Postfix) with
ESMTP id 88AA010ECF for <jradams@mydomain.com>; Mon, 7 Jul 2008 09:05:15
-0400 (EDT)
Message-ID: <27252776.1215435915528.JavaMail.noaccess@app03>
From: <webmaster@www.IN.gov>
To: jradams@mydomain.com
Subject: SOS Bus. Entity Search Receipt
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 7bit
Date: Mon, 7 Jul 2008 09:05:15 -0400
X-Assp-Received-DNSBL: pass
X-Assp-Received-URIBL: pass
X-Assp-Envelope-From: webmaster@www.IN.gov
X-ME-Bayesian: 95.044813
X-MEFilter: 1
Return-Path: <>
The second one seems to have done a completely different test on the email. Any insight on this would be much appreciated.

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Mon Jul 07, 2008 5:42 pm

Sorry, I don't know if I can answer that question, maybe Paarlberg or BrandywineITS can chime in...

Here is another thread that might give some insight.
http://forum.mailenable.com/viewtopic.php?p=60474#60474
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

dreniarb
Posts: 316
Joined: Mon Jan 19, 2004 5:00 pm
Location: Marion, IN

Post by dreniarb » Mon Jul 07, 2008 5:51 pm

No problem, thanks the initial help and feedback.

I'll move my question over to the ASSP forum and post a reply here if i get it fixed.

Post Reply