How to: ASSP anti-spam mailserver

How to: ASSP anti-spam mailserver

How to: ASSP anti-spam mailserver (1.9.9)

 

This is an extensive document that will cover almost everything you need to know in order to run a spam and virus free office when your mail accounts are hosted with Real Webspace

So what is ASSP?

  • Anti-spam engine powered by ASSP.
  • Automatic whitelisting.
  • Clamd Antivirus enabled by default for all email traffic.
  • Detailed LOGS per domain/subdomain and per each filter.
  • Protection against email dictionary attack/bombers.
  • Advanced Spambox (collection of blocked email) and reporting system.

Where are blocked emails collected?

ASSP Anti-spam has been designed with great care to prevent blocking of desired emails from occurring, however, rarely it can still happen. ASSP uses a “SPAM SCORING MODE” which checks each email message sent to your account and it assigns scores using several SPAM filters, sums the scores collected by each filter and then determines if the email should be considered as SPAM or NOTSPAM. All blocked emails (SPAM) are collected in a Spam Folder where they can be inspected and managed as required.

The following is a summarised overview: (We advise you read this as a minimum)

  1. Make sure you are subscribed to the “/spambox” folder if you are using any IMAP powered email client. Mail marked as spam will be stored here for 7 day before being deleted.
  2. Sending an email to asspblck@yourdomain.co.za will return listing all blocked emails for the past 5 days. From this list you may receive/release the blocked email into your inbox.
  3. Automatic whitelisting – Every time you send an email to someone new their email address will be whitelisted automatically; this being the case – never reply to spam emails!
  4. You can see a list of blocked emails in your cPanel.
  5. You can also collect spam (blocked email) by using a spambox POP3 collector.
  6. If you’re having too many legitimate emails blocked you can lower the anti-spam filter setting from inside cPanel.
  7. Blocked email will always be sent a message giving them the opportunity to resend it.
  8. Report spam by forwarding it to assp-spam@yourdomain.co.za and false positive emails by forwarding them to assp-notspam@yourdomain.co.za

Seven steps to spam free email

  1. You can read the /spambox IMAP folder (faster way) using any IMAP powered email client. You can also check the /spambox IMAP folder using Horde, Squirrel or Roundcube webmail programs
    HORDE SQUIRREL ROUNDCUBE

    If you find any good emails in your /spambox you can send these using “forward as attachment” (or “forward” if “forward as attachment” is not supported in your email client) to assp-notspam@yourdomain.co.za, which will whitelist the sending addresses, preventing them from being blocked again.

  2. You can receive a list of all blocked email by sending an email asspblock@yourdomain.co.za. Your will receive a response by return listing all blocked emails. If you find any good emails blocked in this list you can press the Resend link to receive/release the blocked email into your inbox. When you click the “Resend” link/icon, the sender will automatically be whitelisted too.

  3. Automatic whitelisting – Every time you send an email to someone new their email address will be whitelisted automatically. For this reason, you should never reply to any spam mails as this will whitelist their addresses. You can whitelist any email address, or a complete domain, by sending an email to assp-white@yourdomain.co.za; you should specify one or more email addresses you want whitelisted in the email body or email subject. If you want to whitelist a complete domain name (i.e. any_address@domain.com) you can use the wildcard: *@domain.com. You can also send lists of domains and/or email addresses which should be whitelisted to assp-white@yourdomain.co.za. If you become aware that email you want is being blocked simply send an email to that address or you can send an email to assp-white@yourdomain.co.za as described above.
  4. You can see a list of blocked emails in your cPanel by reading the LOGS in the ASSP Deluxe frontend. You can read the blocked email (using the icon) and ask to retrieve it (using the icon).

  5. You can also collect spam (blocked email) by using a spambox POP3 collector. If you are not confident with IMAP protocol you can setup a spambox POP3 collector. All spam sent to @yourdomain.co.za will be collected by your spambox@yourdomain.co.za POP3 account. How to setup a spambox POP3 collector? You should simply create a POP3 email account called spambox@yourdomain.co.za. Using spambox@yourdomain.co.za, you should simply check this email account if you want see all blocked email. In the same way as with the spam collected in IMAP /spambox, if you find any good email blocked in your spambox@yourdomain.co.za you can forward these to assp-notspam@yourdomain.co.za as outline in 1. above, and it will not be blocked again.
  6. If you have too many good senders blocked (even when you are forwarding the errors to assp-notspam@{$service_domain}, you can decrease the sensitivity of your anti-spam filter setting by lowering it from Normal to Low, Lower or Lowest. If you decrease the spam sensitivity some spam could pass, however you considerably reduce the risk of blocking any good emails.

  7. Whenever an email is classified as Spam and is blocked, ASSP will bounce the email and the sender will receive an error like this:554 5.7.1 Mail (SESSIONID) appears to be unsolicited – resend with the code va9ytu5y appended to subject and ask to have your email whitelisted (the code va9ytu5y changes each 24 hours).So, in the case of a genuine sender, they will know their mail has not been delivered and, by re-sending the blocked email with the code va9ytu5y (not spam code) appended to the email subject, that the email will be accepted and you will receive it in your inbox.

ASSP reporting

When you receive a SPAM message in your inbox you have a choice to either just delete it and move on, or better to Report it to our mail server so the anti-spam filter can learn and correct the error improving its anti-spam performance. If you find any good emails in your /spambox you can send these using “forward as attachment” (or “forward” if “forward as attachment” is not supported in your email client) to assp-notspam@yourdomain.co.za, which will whitelist the sending addresses preventing them from being blocked again.

How to report a false positive email

If you see a valid message in your /spambox IMAP or in your spambox@POP3 folder (if your server administrator activated the SPAMBOX@ plugin), you can report this email to our mail server and the anti-spam will learn and correct the error, improving its anti-spam performance. You can send these using “forward as attachment” (or “forward” if “forward as attachment” is not supported in your email client) to assp-notspam@yourdomain.co.za, which will whitelist the sending addresses preventing them from being blocked again.

How to report a valid email (whitelisting)

Every time you send an email to someone new their email address will be whitelisted automatically. For this reason, you should never reply to any spam mails as this will whitelist their addresses. You can whitelist any email address, or a complete domain, by sending an email to assp-white@yourdomain.co.za; you should specify one or more email addresses you want whitelisted in the email body or email subject. If you want to whitelist a complete domain name (i.e. any_address@domain.com) you can use the wildcard *@domain.com. You can also send lists of domains and/or email addresses which should be whitelisted to assp-white@yourdomain.co.za;. If you become aware that email you want is being blocked simply send an email to that address or you can send an email to assp-white@yourdomain.co.za as described above.

Could ASSP anti-spam block my local email?

No, ASSP anti-spam automatically allows local senders, just be sure you are sending email correctly. The correct way to send emails is:

  • You should always send your email using our secure SMTP mailserver. Please see the post
  • Please be sure that “My outgoing server (SMTP) requires authentication” is checked ON in your email client.

Too much SPAM is passing

If you have too much SPAM passing (even though you are forwarding the errors to assp-spam@yourdomain.co.za, you can increase the sensitivity of your anti-spam setting by raising it from Normal to High, Higher or Highest. Doing so will slightly increase the possibility of stopping genuine emails. If the SPAM continues to pass even with High, Higher or Highest settings selected, please check the email headers, as it is likely the sender’s address may been whitelisted at some time. In this case, please let your system administrator know so that the offending address can be checked and, if necessary, removed from the whitelist.

Too many good senders are blocked

If you have too many good senders blocked (even though you are forwarding the errors to assp-notspam@yourdomain.co.za, you can decrease the sensitivity of your anti-spam setting by lowering it from Normal to Low, Lower or Lowest. If you decrease spam sensitivity some spam could pass, however you strongly reduce the risk of blocking any good emails.

If good senders are often blocked even with Low, Lower or Lowest settings and even though you are forwarding the errors to assp-notspam@yourdomain.co.za, please check the email headers as it is possible the sender is blacklisted, or his sending IP address may be on a blocking list. In this event please contact your system administrator who can make arrangements to allow the sender to pass.

Disable anti-spam for one or more domain or email

If you want to disable your ASSP anti-spam for one or more domain names (or email addresses) in your account, please contact your system administrator to arrange for your domains or email addresses to be added to the ASSP noProcessing list.

Email bounces with a Service denied error

If someone who is trying to contact you via email receives a bounced email with a “Service Denied error”, it means their mailserver IP address is blocked by our ASSP Anti-Spam at IP address level. This may happen if that sender’s IP address is on a recognized Blacklist. In this case please contact your system administrator, providing them with the full details, so that appropriate arrangements can be made to allow that sender IP address to pass.

List of anti-spam ASSP email interface commands

You should always receive an email confirmation message any time you send a request to the ASSP email interface (assp-spam@ …, assp-notspam@ …, etc).
If you don’t receive an acknowledgement, your mail was not accepted so please be sure to send the request correctly always using your SMTP mailserver (mail.yourdomain.co.za), also be sure that “My outgoing server (SMTP) requires authentication” is checked ON in your email client SMTP advanced settings).

Available ASSP email interface commands:

assp-spam@ Any mail sent or forwarded by local/authenticated users to this username will be interpreted as a report about a Spam that got through (spam found in your inbox). You should forward the received spam as an attachment to assp-spam@yourdomain.co.za. This works best if the mails are forwarded as attachments or copied into a new mail (header and body), because simply forwarding the mail will remove the original header. You can send multiple emails as attachments.
assp-notspam@ If you see a valid message (not spam) in your /spambox IMAP folder or in your spambox POP3 folder, you can report this email to our mail server and the ASSP anti-spam will learn and correct the error improving its anti-spam performance. If you want report an email blocked incorrectly select the message in your inbox, right-click and select “Forward as attachment“; address it to assp-notspam@yourdomain.co.za and click SEND. Shortly after your request you will receive an email confirmation, you have reported the spam message and it should not be blocked again.
assp-white@ You can whitelist an email or domain by sending an email to assp-white@yourdomain.co.za specifying each email addresses you want whitelisted in the email body with each address on a separate line or, in the case of a single address, in the email subject. If you want to whitelist a whole domain (i.e. All_Addresses@domain.com) you can use the wildcard *@domain.com. Shortly after your request you will receive an email confirmation.
assp-notwhite@ You can remove an email or domain from the whitelist by sending an email to assp-notwhite@yourdomain.co.za; shortly after your request you will receive an email confirmation.
assp-persblack@ Any mail sent by local/authenticated users to assp-persblack@yourdomain.co.za will be interpreted as a request to add the listed address(es) to your personal blackListed addresses. Whole domains can be blocked by putting a wildcard in the user part of the address: ‘*@example.com’. You can receive a complete report about all your personal black list entries by sending an empty email to this address.
assp-notpersblack@ Any mail sent by local/authenticated users to assp-notpersblack@yourdomain.co.za will be interpreted as a request to remove the listed address(es) from your personal blacklisted addresses.
asspanalyze@ Any mail sent or forwarded by local/authenticated users to asspanalyze@yourdomain.co.za will be interpreted as a request for spam analysis of the mail. Shortly after your request you will receive an email with the analysis results.
asspblock@ Any mail sent by local/authenticated users to asspblock@yourdomain.co.za will be interpreted as a request to get a report about blocked emails. Leading digits/numbers in the mail subject will be interpreted as “report request for the last number of days”. If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. All characters behind the “number of days” will be interpreted as a regular expression to overwrite the BlockReportFilter – leading and trailing white spaces will be ignored. If you want to receive an asspblock@ report each day at midnight, please contact your technical support.

The following ASSP email interface commands are available upon request to your technical support who, at their discretion, can arrange to make these available for your direct use by adding you to the allowed users list, (EmailAdmins).

asspof@ Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to a noProcessing addresses list. All email in this noProcessing list will bypass the ASSP anti-spam filters.
asspon@ Any mail sent by local/authenticated users to asspon@ will be interpreted as a request to remove the sender address from noProcessing.
assp-black@ Any mail sent by local/authenticated users to assp-black@ will be interpreted as a request to add the email or domain to our server blackListedDomains list.
assp-notblack@ Any mail sent by local/authenticated users to assp-notblack@ will be interpreted as a request to remove the email or domain to our server blackListedDomains list.

 

About the Author