Tag Archives: esatstatus lite

assp – Anti-Spam SMTP Proxy Server

In a bid to cut down on electricity use, I’m currently trying to reduce down the number of Virtual Machines on my VMWare vSphere hosts that are running 24/7 with a view to eventually reducing the remaining two 24/7 HP Servers to one.

One of the VMs due for the chop is a Windows Server 2008 that runs my mail server “gateway” – I am a big fan of the XWall, POPBeamer, ESATInformer and ESATStatus Lite products and have been using them for more than 10 years to filter spam and remove viruses from incoming mail.

So I needed something comparable to the above that could run on a low power device such as a SheevaPlug, PogoPlug or preferably a Raspberry Pi.  This obviously meant Linux based (no problem for me as I have been dealing with Linux for 15 years) and while XWall / PopBeamer can run under Wine I really wanted a headless server build rather than wasting resources on a desktop GUI.

I looked at many different options and finally settled on assp – Anti-Spam SMTP Proxy Server for the following reasons:

  1. It’s written in perl 🙂
  2. It’s actively being developed
  3. It seems to exceed XWall in terms of configurable options
  4. It has good reporting (EsatInformer will be tough to beat!)
  5. It’s extendible through plugins

I had a few reservations though, the minimum hardware requirements suggested that it would be tough running it on an embedded device and it’s a transparent Proxy that sits in front of your SMTP server, whereas XWall was more of a “relay” in that it took delivery of email, filtered spam etc, then relayed the good stuff on.

So, what follows is a rough run through of how I got assp installed on a Raspberry Pi (512MB version).  It was a challenge and it took a pretty long time as some stuff needed building from source and I couldn’t be bothered to set up a cross-compile environment!

The end result has been well worth it though, the Windows Server 2008 VM has now been retired and assp is doing great as the below statistics show:

assp Statistics 1
assp Statistics 1
assp Statistics 2
assp Statistics 2
assp Statistics 3
assp Statistics 3
assp Statistics 4
assp Statistics 4
assp Statistics 5
assp Statistics 5
assp Statistics 6
assp Statistics 6
assp Statistics 7
assp Statistics 7

I’m a Debian fan and choose that over any other Linux distro where possible and for all my Pi’s I’ve been using the default Raspbian Wheezy image, so that’s what I started out with. Once that was installed and configured I set the GPU / RAM split to the minimum possible, turned on SSH access and configured the time zone.

So, onto the install of assp itself!

First up, update and upgrade Raspbian:

[email protected]# sudo su
[email protected]# apt-get update
[email protected]# apt-get upgrade

Configure fqdn and network:

[email protected]# nano -w /etc/hosts
[email protected]# nano -w /etc/network/interfaces

Increase the swap size to 1024MB (assp is quite memory intensive):

[email protected]# nano -w /etc/dphys-swapfile
[email protected]# dphys-swapfile setup
[email protected]# reboot

I always install screen:

[email protected]# sudo su
[email protected]# apt-get install screen
[email protected]# screen -R -d

All my kit is monitored by Nagios and Cacti so:

[email protected]# apt-get snmpd nagios-nrpe-server

Configure snmpd as appropriate:

[email protected]# nano -w /etc/snmp/snmpd.conf

Configure nrpe as appropriate:

[email protected]# nano -w /etc/nagios/nrpe.cfg

And now onto dependencies for assp:

[email protected]# apt-get install unzip clamav clamav-daemon clamav-docs clamav-testfiles arj unzip zip gzip bzip2 mysql-server libmysqlclient-dev libssl-dev
[email protected]# apt-get install imagemagick imagemagick-doc enscript ufraw tesseract-ocr libmagickcore-dev perlmagick libsnmp-perl
[email protected]# apt-get install libberkeleydb-perl schedtool snmp-mibs-downloader

I also wanted to use mrtg for graphing assp statistics so installed mrtg and lighttpd as a slim web server.

[email protected]# apt-get install mrtg mrtg-contrib rrdtool librrds-perl lighttpd

Finally, fetchmail for POP3 downloading and lftp for backing up.

[email protected]# apt-get install fetchmail lftp

A few more dependencies need building from source so add “deb-src http://archive.raspbian.org/raspbian wheezy main contrib non-free” to your sources.list:

[email protected]# nano -w /etc/apt/sources.list
[email protected]# apt-get update
[email protected]# apt-get build-dep unrar-nonfree
[email protected]# apt-get source -b unrar-nonfree
[email protected]# dpkg -i unrar_4.1.4-1_armhf.deb
[email protected]# apt-get build-dep lha
[email protected]# apt-get source -b lha
[email protected]# dpkg -i lha_1.14i-10.4_armhf.deb

Wait for freshclam to finish:

[email protected]tail -f /var/log/clamav/freshclam.log

Then start clamav-daemon and test it:

[email protected]/etc/init.d/clamav-daemon start
[email protected]clamscan /usr/share/clamav-testfiles/

Onto assp:

[email protected]# mkdir /usr/src/assp_source
[email protected]# cd /usr/src/assp_source
[email protected]# wget http://sourceforge.net/projects/assp/files/latest/download?source=files
[email protected]# mv download\?source\=files assp.zip
[email protected]# unzip assp.zip
[email protected]# mkdir /usr/share/assp
[email protected]# cp -rp /usr/src/assp_source/assp/* /usr/share/assp

Some assp plugins:

[email protected]# mkdir /usr/src/assp_other
[email protected]# cd /usr/src/assp_other
[email protected]# wget http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/filecommander/1.03.ZIP/download
[email protected]# mv download fc_1.03.zip
[email protected]# unzip fc_1.03.zip
[email protected]# cp -rp /usr/src/assp_other/fc_1.03/* /usr/share/assp

Create a normal user to run assp as:

[email protected]# useradd –system –shell /bin/false –no-create-home assp
[email protected]# chown -R assp:assp /usr/share/assp

Create a start/stop script:

[email protected]nano -w /etc/init.d/assp

#########################
#!/bin/sh -e

# Start or stop ASSP (Anti-Spam SMTP Proxy)
#
# Script by Abey Marquez <[email protected]>
# v1.0.1 Changed 'force-reload' to force a restart if it can't reload the config. Also changed 'restart' to start the proc if not running.
# v1.0.0 I'm not an expert but I tried to make this as LSB compliant as possible. Should work really nice with Ubuntu.

### BEGIN INIT INFO
# Provides: ASSP (Anti-Spam SMTP Proxy)
# Required-Start: $syslog, $local_fs
# Required-Stop: $syslog, $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start or stop ASSP
# Description: Start or stop ASSP (Anti-Spam SMTP Proxy)
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NAME=assp.pl
HOME=/usr/share/assp
DAEMON=$HOME/$NAME
PIDFILE=$HOME/pid
INITSCRIPT=/etc/init.d/assp

. /lib/lsb/init-functions

case "$1" in

start)
log_daemon_msg "Starting ASSP (Anti-Spam SMTP Proxy)" "assp"
start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON 2>&1 > /dev/null --chdir $HOME
log_end_msg $?
;;

stop)
log_daemon_msg "Stopping ASSP (Anti-Spam SMTP Proxy)" "assp"
start-stop-daemon --stop --quiet --pidfile $PIDFILE --chdir $HOME
log_end_msg $?
;;

restart)
if [ -f $PIDFILE ]; then
$0 stop
sleep 1
$0 start
else
$0 start
fi
;;

reload)
log_action_begin_msg "Reloading ASSP (Anti-Spam SMTP Proxy) configuration"
if [ -f $PIDFILE ]; then
if kill -1 $(cat $PIDFILE); then
log_action_end_msg 0
else
log_action_end_msg 1
fi
else
log_action_end_msg 1
exit 1
fi
;;

force-reload)
log_action_begin_msg "Reloading ASSP (Anti-Spam SMTP Proxy) configuration"
if [ -f $PIDFILE ]; then
if kill -1 $(cat $PIDFILE); then
log_action_end_msg 0
else
log_action_cont_msg "Could not reload configuration. Restarting"
$0 restart
fi
else
log_action_cont_msg "Could not reload configuration. Restarting"
$0 restart
fi
;;

status)
status_of_proc $DAEMON "ASSP (Anti-Spam SMTP Proxy)"
;;

*)
log_action_msg "Usage: $INITSCRIPT {start|stop|restart|reload|force-reload|status}"
exit 1
;;

esacexit 0
####################

[email protected]chmod 755 /etc/init.d/assp

Some perl dependencies (note, I chose to do the rest of these through CPAN, but it probably would have been quicker to do them via apt, but that would have involved working out the package names!):

[email protected]perl -MCPAN -e shell (configure CPAN)
[email protected]# cpan>exit

Now let CPAN do it’s stuff (note, any issues installing these modules would need resolving manually, but luckily for me they all installed fine, but some took a loooooong time):

[email protected]cpan Text::Glob Number::Compare Compress::Zlib Convert::TNEF Digest::MD5 Digest::SHA1 Email::MIME::Modifier Email::Send Email::Valid File::ReadBackwards
[email protected]# cpan File::Scan::ClamAV LWP::Simple MIME::Types Mail::SPF Mail::SRS Net::CIDR::Lite Net::DNS Net::IP::Match::Regexp Net::LDAP Net::SMTP
[email protected]# cpan Net::SenderBase Net::Syslog PerlIO::scalar threads threads::shared Thread::Queue Thread::State Tie::DBI Time::HiRes Schedule::Cron Sys::MemInfo IO::Socket::SSL Crypt::CBC Crypt::OpenSSL::AES DBD::mysql
[email protected]# cpan YAML DateTime Time::Format Module::Signature File::PathInfo File::Find::Rule File::Slurp File::Which LEOCHARRE::DEBUG File::chmod Linux::usermod
[email protected]# cpan LEOCHARRE::CLI Crypt::RC4 Text::PDF Smart::Comments CAM::PDF PDF::API2 PDF::Burst PDF::GetImages
[email protected]# cpan Image::OCR::Tesseract PDF::OCR PDF::OCR2 Mail::DKIM::Verifier Mail::SPF::Query Regexp::Optimizer Unicode::GCString Text::Unidecode Lingua::Stem::Snowball Lingua::Identify Archive::Zip

Sort out some errors in the MIB that prevent SNMP working properly:

[email protected]# cd /usr/share/assp/mib
[email protected]# nano -w ASSP_MIB (remove all _ from OID names)

[email protected]# cp ASSP-MIB /var/lib/mibs/ietf

[email protected]# cd ..

Start assp manually and note any errors:

[email protected]# perl assp.pl (it will take a long time to start!)

Once it’s started, open another shell and check for any module load errors, fix any that you find (note,  I couldn’t get CpuAffinity to work as there’s no available kernel headers for the pi kernel I’m using):

[email protected]# cat /usr/share/assp/moduleLoadErrors.txt

In theory, assp should now be up and running and can be configured to your requirements on it’s web interface at http://assp:55555!

There were a few more bits and pieces I did after configuring assp, for example setting up mrtg, configuring agentx on snmpd to pass through snmp requests to assp for the relevent OIDs, setting up a backup script, installing some assp plugins to do archiving, etc, etc – I’ll post again at some point to give some more details on those!

Thanks for reading,

Martyn Wendon