Tag Archives: xwall

assp – Anti-Spam SMTP Proxy Server

In a bid to cut down on electricity use, I’m currently trying to reduce down the number of Virtual Machines on my VMWare vSphere hosts that are running 24/7 with a view to eventually reducing the remaining two 24/7 HP Servers to one.

One of the VMs due for the chop is a Windows Server 2008 that runs my mail server “gateway” – I am a big fan of the XWall, POPBeamer, ESATInformer and ESATStatus Lite products and have been using them for more than 10 years to filter spam and remove viruses from incoming mail.

So I needed something comparable to the above that could run on a low power device such as a SheevaPlug, PogoPlug or preferably a Raspberry Pi.  This obviously meant Linux based (no problem for me as I have been dealing with Linux for 15 years) and while XWall / PopBeamer can run under Wine I really wanted a headless server build rather than wasting resources on a desktop GUI.

I looked at many different options and finally settled on assp – Anti-Spam SMTP Proxy Server for the following reasons:

  1. It’s written in perl ūüôā
  2. It’s actively being developed
  3. It seems to exceed XWall in terms of configurable options
  4. It has good reporting (EsatInformer will be tough to beat!)
  5. It’s extendible through plugins

I had a few reservations though, the minimum hardware requirements suggested that it would be tough running it on an embedded device and it’s a transparent Proxy that sits in front of your SMTP server, whereas XWall was more of a “relay” in that it took delivery of email, filtered spam etc, then relayed the good stuff on.

So, what follows is a rough run through of how I got assp installed on a Raspberry Pi (512MB version).¬† It was a challenge and it took a pretty long time as some stuff needed building from source and I couldn’t be bothered to set up a cross-compile environment!

The end result has been well worth it though, the Windows Server 2008 VM has now been retired and assp is doing great as the below statistics show:

assp Statistics 1
assp Statistics 1
assp Statistics 2
assp Statistics 2

 

assp Statistics 3
assp Statistics 3
assp Statistics 4
assp Statistics 4
assp Statistics 5
assp Statistics 5
assp Statistics 6
assp Statistics 6
assp Statistics 7
assp Statistics 7

I’m a Debian fan and choose that over any other Linux distro where possible and for all my Pi’s I’ve been using the default Raspbian Wheezy image, so that’s what I started out with. Once that was installed and configured I set the GPU / RAM split to the minimum possible, turned on SSH access and configured the time zone.

So, onto the install of assp itself!

First up, update and upgrade Raspbian:

pi@assp# sudo su
root@assp# apt-get update
root@assp# apt-get upgrade

Configure fqdn and network:

root@assp# nano -w /etc/hosts
root@assp# nano -w /etc/network/interfaces

Increase the swap size to 1024MB (assp is quite memory intensive):

root@assp# nano -w /etc/dphys-swapfile
root@assp# dphys-swapfile setup
root@assp# reboot

I always install screen:

pi@assp# sudo su
root@assp# apt-get install screen
root@assp# screen -R -d

All my kit is monitored by Nagios and Cacti so:

root@assp# apt-get snmpd nagios-nrpe-server

Configure snmpd as appropriate:

root@assp# nano -w /etc/snmp/snmpd.conf

Configure nrpe as appropriate:

root@assp# nano -w /etc/nagios/nrpe.cfg

And now onto dependencies for assp:

root@assp# apt-get install unzip clamav clamav-daemon clamav-docs clamav-testfiles arj unzip zip gzip bzip2 mysql-server libmysqlclient-dev libssl-dev
root@assp# apt-get install imagemagick imagemagick-doc enscript ufraw tesseract-ocr libmagickcore-dev perlmagick libsnmp-perl
root@assp# apt-get install libberkeleydb-perl schedtool snmp-mibs-downloader

I also wanted to use mrtg for graphing assp statistics so installed mrtg and lighttpd as a slim web server.

root@assp# apt-get install mrtg mrtg-contrib rrdtool librrds-perl lighttpd

Finally, fetchmail for POP3 downloading and lftp for backing up.

root@assp# apt-get install fetchmail lftp

A few more dependencies need building from source so add “deb-src http://archive.raspbian.org/raspbian wheezy main contrib non-free” to your sources.list:

root@assp# nano -w /etc/apt/sources.list
root@assp# apt-get update
root@assp# apt-get build-dep unrar-nonfree
root@assp# apt-get source -b unrar-nonfree
root@assp# dpkg -i unrar_4.1.4-1_armhf.deb
root@assp# apt-get build-dep lha
root@assp# apt-get source -b lha
root@assp# dpkg -i lha_1.14i-10.4_armhf.deb

Wait for freshclam to finish:

root@assp# tail -f /var/log/clamav/freshclam.log

Then start clamav-daemon and test it:

root@assp# /etc/init.d/clamav-daemon start
root@assp# clamscan /usr/share/clamav-testfiles/

Onto assp:

root@assp# mkdir /usr/src/assp_source
root@assp# cd /usr/src/assp_source
root@assp# wget http://sourceforge.net/projects/assp/files/latest/download?source=files
root@assp# mv download\?source\=files assp.zip
root@assp# unzip assp.zip
root@assp# mkdir /usr/share/assp
root@assp# cp -rp /usr/src/assp_source/assp/* /usr/share/assp

Some assp plugins:

root@assp# mkdir /usr/src/assp_other
root@assp# cd /usr/src/assp_other
root@assp# wget http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/filecommander/1.03.ZIP/download
root@assp# mv download fc_1.03.zip
root@assp# unzip fc_1.03.zip
root@assp# cp -rp /usr/src/assp_other/fc_1.03/* /usr/share/assp

Create a normal user to run assp as:

root@assp# useradd –system –shell /bin/false –no-create-home assp
root@assp# chown -R assp:assp /usr/share/assp

Create a start/stop script:

root@assp# nano -w /etc/init.d/assp

#########################
#!/bin/sh -e

# Start or stop ASSP (Anti-Spam SMTP Proxy)
#
# Script by Abey Marquez <abeymarquez@gmail.com>
# v1.0.1 Changed 'force-reload' to force a restart if it can't reload the config. Also changed 'restart' to start the proc if not running.
# v1.0.0 I'm not an expert but I tried to make this as LSB compliant as possible. Should work really nice with Ubuntu.

### BEGIN INIT INFO
# Provides: ASSP (Anti-Spam SMTP Proxy)
# Required-Start: $syslog, $local_fs
# Required-Stop: $syslog, $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start or stop ASSP
# Description: Start or stop ASSP (Anti-Spam SMTP Proxy)
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NAME=assp.pl
HOME=/usr/share/assp
DAEMON=$HOME/$NAME
PIDFILE=$HOME/pid
INITSCRIPT=/etc/init.d/assp

. /lib/lsb/init-functions

case "$1" in

start)
log_daemon_msg "Starting ASSP (Anti-Spam SMTP Proxy)" "assp"
start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON 2>&1 > /dev/null --chdir $HOME
log_end_msg $?
;;

stop)
log_daemon_msg "Stopping ASSP (Anti-Spam SMTP Proxy)" "assp"
start-stop-daemon --stop --quiet --pidfile $PIDFILE --chdir $HOME
log_end_msg $?
;;

restart)
if [ -f $PIDFILE ]; then
$0 stop
sleep 1
$0 start
else
$0 start
fi
;;

reload)
log_action_begin_msg "Reloading ASSP (Anti-Spam SMTP Proxy) configuration"
if [ -f $PIDFILE ]; then
if kill -1 $(cat $PIDFILE); then
log_action_end_msg 0
else
log_action_end_msg 1
fi
else
log_action_end_msg 1
exit 1
fi
;;

force-reload)
log_action_begin_msg "Reloading ASSP (Anti-Spam SMTP Proxy) configuration"
if [ -f $PIDFILE ]; then
if kill -1 $(cat $PIDFILE); then
log_action_end_msg 0
else
log_action_cont_msg "Could not reload configuration. Restarting"
$0 restart
fi
else
log_action_cont_msg "Could not reload configuration. Restarting"
$0 restart
fi
;;

status)
status_of_proc $DAEMON "ASSP (Anti-Spam SMTP Proxy)"
;;

*)
log_action_msg "Usage: $INITSCRIPT {start|stop|restart|reload|force-reload|status}"
exit 1
;;

esacexit 0
####################

root@assp# chmod 755 /etc/init.d/assp

Some perl dependencies (note, I chose to do the rest of these through CPAN, but it probably would have been quicker to do them via apt, but that would have involved working out the package names!):

root@assp# perl -MCPAN -e shell (configure CPAN)
root@assp# cpan>exit

Now let CPAN do it’s stuff (note, any issues installing these modules would need resolving manually, but luckily for me they all installed fine, but some took a loooooong time):

root@assp# cpan Text::Glob Number::Compare Compress::Zlib Convert::TNEF Digest::MD5 Digest::SHA1 Email::MIME::Modifier Email::Send Email::Valid File::ReadBackwards
root@assp# cpan File::Scan::ClamAV LWP::Simple MIME::Types Mail::SPF Mail::SRS Net::CIDR::Lite Net::DNS Net::IP::Match::Regexp Net::LDAP Net::SMTP
root@assp# cpan Net::SenderBase Net::Syslog PerlIO::scalar threads threads::shared Thread::Queue Thread::State Tie::DBI Time::HiRes Schedule::Cron Sys::MemInfo IO::Socket::SSL Crypt::CBC Crypt::OpenSSL::AES DBD::mysql
root@assp# cpan YAML DateTime Time::Format Module::Signature File::PathInfo File::Find::Rule File::Slurp File::Which LEOCHARRE::DEBUG File::chmod Linux::usermod
root@assp# cpan LEOCHARRE::CLI Crypt::RC4 Text::PDF Smart::Comments CAM::PDF PDF::API2 PDF::Burst PDF::GetImages
root@assp# cpan Image::OCR::Tesseract PDF::OCR PDF::OCR2 Mail::DKIM::Verifier Mail::SPF::Query Regexp::Optimizer Unicode::GCString Text::Unidecode Lingua::Stem::Snowball Lingua::Identify Archive::Zip

Sort out some errors in the MIB that prevent SNMP working properly:

root@assp# cd /usr/share/assp/mib
root@assp# nano -w ASSP_MIB (remove all _ from OID names)

root@assp# cp ASSP-MIB /var/lib/mibs/ietf

root@assp# cd ..

Start assp manually and note any errors:

root@assp# perl assp.pl (it will take a long time to start!)

Once it’s started, open another shell and check for any module load errors, fix any that you find (note,¬† I couldn’t get CpuAffinity to work as there’s no available kernel headers for the pi kernel I’m using):

root@assp# cat /usr/share/assp/moduleLoadErrors.txt

In theory, assp should now be up and running and can be configured to your requirements on it’s web interface at http://assp:55555!

There were a few more bits and pieces I did after configuring assp, for example setting up mrtg, configuring agentx on snmpd to pass through snmp requests to assp for the relevent OIDs, setting up a backup script, installing some assp plugins to do archiving, etc, etc – I’ll post again at some point to give some more details on those!

Thanks for reading,

Martyn Wendon