ASSP & ASSP Deluxe for cPanel (notes, articles, and post installation FAQs)

Updated June 10 2008

 

 

ASSP Deluxe for cPanel post-installation steps  ( #16 )

I strongly recommend you to follow and read these steps right after the installation ;
these steps (0-15) reduce possible "false problems" for you (admin) and for your clients .

0)   ASSP (ASSP = Anti Spam Smtp Proxy) works like an smtp proxy before EXIM  ; each time you need to analyze a problem always remember how works ASSP

So, each time you need to analyze an email problem first check if the problem is on ASSP using commands like this

# tail -60000 /usr/local/assp/maillog.txt | grep "email"
or
# tail -60000 /usr/local/assp/maillog.txt | grep "ip_address"

and , If the problem is not on ASSP then check the exim maillog with a command like this

# tail -60000 /var/log/exim_mainlog | grep "email"
or
# tail -60000 /var/log/exim_mainlog | grep "ip_address"

1)  After the installation, and for the first 12/24 hours ASSP is running execute this often

# perl /usr/local/assp/rebuildspamdb.pl

You can execute this command also using the WHM ASSP interface. (REBUILD SPAM DB) . Each time you execute this ASSP Bayesian filter learns what is good and what is bad . If you followed carefully the "HOW TO", you should have already set a cronjob to execute rebuildspamdb.pl each 24 hours. Only in the first hours of usage you should execute it more often.


2) "turn off"  , for all users , Delaying filter  using the "ASSP DOMAIN CONFIG" in your WHM ASSP Deluxe interface ( help ) .  The client will decide if it's the case to turn delaying filter ON using his cPanel frontend.  Dealying filter is extremely powerful to block SPAM , but it could create big confusion for unexperienced users and the email rejected due to delaying cannot be retrieved using the SPAMBOX@ plugin.
 
IMPORTANT : Set also delaying off by default (using the "DEFAULT SETTINGS" >FILTER STATUS DEFAULT SETTINGS  on yourWHM ASSP Deluxe interface ) , so that new hosting clients will receive delaying off/disabled automatically .

3) Enable the "ASSP SCORING MODE" using the ASSP WHM interface . Optional step ,  strongly suggested because it will increase significantly spam detection , reduce false positives , and increase EASY OF USE for your clients .

     Advantages :
      - clients have only few SPAM filters on their cPanel , less confusion , easy of use
      - very good SPAM detection and reduced risk to lose a good email

Once you have enabled ASSP SCORING MODE you may/can analyze what's happening on ASSP maillog

# tail -f /usr/local/assp/maillog.txt 

Any "message ok" is a message accepted which will passed to exim. Any "spam found" is a message rejected by ASSP scoring mode, for example ;

Apr-16-08 01:38:34 190.50.185.143 <cx@spam.com> to: user@myserver.com spam found (MessageScore 48, limit 40)

If you activate the spambox (see the step 6 below) the message will go on the client spambox .


4) You should read all the HELP included on ASSP deluxe cPanel frontend (HELP button near the Change Language drop down).
You should read how to use the assp email interface to report false positives or spam ( assp-spam@ assp-notspam@ .....) and  also this article .  You should invite your clients to read the included documentation . Please read carefully how works the "no local address spam filter".

 

5) Remember that ASSP never blocks or "spam filters" a LOCAL email , so if a local user can't send
     an email please read this .

The correct way to send email with ASSP is always using
smtp   mail.clientdomain.com  plus smtp auth ON

ONLY using this way ASSP will not consider the local users as remote . ONLY using this way ASSP will never block a local email and will able to build an efficient Bayesian filter.  The client can send email on port 25 or the alternative port 26 (by default) .  The alternative port is already configured on ASSP Web interface and it should NOT configured on WHM > Services .

If the isp blocks port 25 and 26 and the client can't send email ,  simply set an uncommon alternative port  for example 56384  instead of default 26.
Open the ASSP Web Interface (http://your_server_ip:55555) > Network Setup > Second SMTP Listen Port (listenPort2)  and enter  56384 , save settings.
Be sure to allow the port 56384  TCP IN/OUT Open the port  on your firewall. Now invite the client which is not able to use port 25 to send email on smtp port 56384 . The isp will not block this uncommon port  and your client will be able to send email correctly using smtp  mail.clientdomain.com .  
 

6) optional ( strongly recommended ) ,enable the SPAMBOX@ plugin using WHM ASSP, so your clients can easly track false positives , no rejected email will be lost , and the client can report false positives as good using the ASSP Email Interface (assp-notspam@clientdomain.com) : if you completed point 4) you already know how works the ASSP Email Interface .
NOTE THAT YOU CAN USE A NOT REGISTERED DOMAIN NAME to set your spambox plugin. The main spambox domain MUST NOT BE a reseller account and it can't be your hostname . The main spambox domain must have CGI functionalities . When you enable the spambox plugin you will see other features on your ASSP WHM ; you will be able to enable/disable imap spambox per domain , and you will be able to enable/disable spam daily reports. Also the client will have a new button on cpanel frontend (SPAMBOX) where he can receive help and disable/enable each spambox feature.

Are you lost installing SPAMBOX ? Try following 3 minutes installation

 

7) avoid to change countless settings on ASSP web interface ( http://yourip:55555 ) . I can guarantee/support  the usage of ASSP and ASSP Deluxe only if you use my default configuration.  Of course you can use ASSP Web interface to whitelist a domain , unprocess a domain , spamtrap and email , change ASSP scoring and so on . Avoid to change something like smtp settings , spamlovers , or other core settings,  and you will not have problems.
 

8) read and learn how to disable temporarly ASSP in case of serios problems which you can't solve ;
    http://www.grscripts.com/howtofaq.html#20 
    So there is no need to uninstall ASSP if you have a temporarly problem and you want return temporarly to the cPanel way.

9) By default ASSP Deluxe for cPanel installs/configure ASSP with PenaltyBox Extreme enabled .
What does it mean ? If an ip address (local or remote) sends emails with repetitive errors  , Penalty Box (PB) will count and sum  score errors on PenaltyBox Database , and when the Extreme Scoring Threshold (PenaltyExtreme) value will be reached (by default set to 400) the ip address will be added/collected on /usr/local/assp/pb/exportedextreme.txt  and blocked at smtp time.

The error that will be sent to the sender by ASSP  is :  
554 5.7.1 Penalty Box error, please contact the server support to ensure delivery

If PenaltyBox Extreme "enabled"  causes you problems or compliants  read this to enable the ASSP Deluxe "alternative PB extreme" (which can be considered a relaxed way to collect bad ips compared with PB extreme).   If it's your first installation and you are new to ASSP I strongly recommend you to setup the alternative PB immediately/right now (click here) (it's easy to setup , you should only setup this single cron job).

NEW ::: starting with ASSP 1.3.9 PB extreme starts disabled and the "alternative PB extreme" is installed by default ; if you installed ASSP 1.3.9 you already have the "alternative PB extreme" cronjob .
     
 

10) I recommend you to ip restrict the access to your "assp web interface" . You can enter a list of allowed
IP addresses which are allowed to use your "assp web interface" ; open the "assp web interface" , open the "Server Setup"
menu , and enter your allowed ips on  "Only Allow Admin Connections From" .
 

11) .ASSP uses DNS very often to executes antispam checks. If your DNS is slow you should fix your
/etc/resolv.conf  . You can test your DNS speed using following ASSP Deluxe for cPanel command (available with ASSP Deluxe 2.9.2 or above)

# cd /usr/local/assp/deluxe;/usr/local/cpanel/3rdparty/bin/php-cgi dns_check.php

The test will be completed in about 2 minutes

12)  I recommend you to read carefully all other FAQs on this page when you have some time or each time you have a problem

13) To block more spam as possible you can always find latest/updated ASSP recommended settings and tweakings in this page

14) Subscribe to ASSP Deluxe for cPanel Mailing List to be notified in case of important updates (you can subscribe below)

15) Before upgrading always read the changelog

 

FAQs

Which is the required cronjob to use ASSP ?  ( #04 )

only this 

10 4 * * * cd /usr/local/assp;perl /usr/local/assp/rebuildspamdb.pl

Which are required cronjobs to use ASSP Deluxe for cPanel  ?  ( #0002 )

If you followed the how to , you should have already set cronjobs as required , here you can
read again more info about required cronjobs .

following 2 cronjobs are required to mantain your list of local email updated

*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php

If you don't want receive email notification each time these cron executes enter them at the end of your cronjob list in this way (please avoid the "> /dev/null" solution , since it DOES NOT work with these scripts.)

MAILTO=""
*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php
MAILTO=root 

If you want monitor ASSP you should use status.php

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php

Also for this cronjob if you do not want receive email notifications put this between  MAILTO="" and
MAILTO=root.

If you install the SPAMBOX@ plugin you should use also

*/5 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/spam_cronjob.php
26 3 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php 

Also for these 2 cronjobs if you do not want receive email notifications put them between  MAILTO="" and
MAILTO=root.

what are spam_cronjob.php and clear_spambox.php ?
spam_cronjob.php is required to use spambox@ .   clear_spambox.php run each day , removing @spambox email on all your user accounts older than 7 days (by default 7 days) . If you want change the default (7 days) you should enter the cron in this way

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=n

and replace n with your days. For example ...

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=15

removes spambox@ emails on all your user accounts older than 15 days.

 

** IMPORTANT**  only if you are using a secondary home location
With assp deluxe 2.2.0 and above versions is no more required to specify secondary home locations on your cronjobs , because the secondary home location (i.e. home2) is automatically detected. Only please be sure to set *exactly * the secondary alternative home location on WHM > "Basic cPanel/WHM Setup"  > "Home Directory Prefix".

 

I am receiving licensing errors , what to do now ?

Go to console and try executing this

# cd /usr/local/assp/deluxe
# wget -r -nH --cut-dirs=10 http://www.grscripts.com/assp150/deluxe/license.deluxe
# mv -f license.deluxe license.php;chmod 755 license.php

Which are required cronjob to update clamav antivirus signatures ?

following cronjob  mantains your clamd signature file updated . You can execute it daily.

10 12 * * * /usr/bin/freshclam --quiet --log-verbose --daemon-notify

Do you support secondary home locations ?  [#89]

yes , the secondary home location (i.e. home2) is automatically detected. Only please be sure to set *exactly * the secondary alternative home location on WHM > "Basic cPanel/WHM Setup"  > "Home Directory Prefix".  For example if your seconday home location is /home2 you should enter home2 .

 

How to monitor assp status ( #19 )

If you followed the how to , you should are already monitoring assp status using status.php cronjob.
You can read more info  here.

How to change/customize language or html for your ASSP deluxe for cPanel frontend ?

By default the ASSP Deluxe cPanel frontend will use the english language . If you want use another language style or if you want change something on the html layout please read here .

First hours of ASSP usage

In the first hours assp will start to build the penalty box , bayesian database , rbl cache , delaying , whitelist ,and much other...  Hour after hour it will work better and better . In the first 48/72 hours I suggest to rebuild the bayesian spam database often .  You can rebuild it executing following command (or simply using the ASSP WHM interface)

# perl /usr/local/assp/rebuildspamdb.pl

If you receive following error executing rebuildspamdb.pl
Couldn't unlink '/usr/local/assp/spamdb.bak' No such file or directory
it's normal (assp has still to create his bayesian filters) ; simply execute rebuildspamdb.pl other 2 or 3 times and the error will stop automatically.

How can I turn off ASSP filtering for some accounts ? ( #71 )

If you followed the post installation step you should have already  ASSP scoring ON on your ASSP Deluxe WHM interface. 
By default your clients have following filters (on ASSP Deluxe cPanel frontend)

assp scoring   
delaying           
no local
antivirus

by default client can't turn off ASSP scoring  , however you can allow them to turn ASSP scoring OFF or ON using

ASSP WHM> ASSP SCORING MODE > ENABLE ASSP SCORING MODE USER CONTROL

Once you have done this step, the client can turn off/on also "ASSP Scoring" using the ASSP Deluxe cPanel frontend , and you can do that too using
ASSP WHM> ASSP DOMAIN CONFIG > Score

If you would FULLY disable ASSP for a client domain (antivirus included) you should put "domain.com"
on

ASSP web interface > SPAM Lover/No Processing >No Processing Addresses* /(noProcessing)/

 

If your client CAN'T SEND email OR receive 530 Relaying not allowed errors  ( #00001 )

Common problems if your client can't send email

A)  If your client can't send email, could be due to your "SMTP AUTH status" on your assp WHM interface
 

B)  The client can't send email omn port 25 (using smtp mail.clientdomain.com)  ; probably his isp is blocking port 25 invite the client to use the alternative port (by default 26) or set an uncommon alternative port if also port 26 is blocked by his isp. (read post installation steps point 6 for more info)

C)  If your client can't still send email, check if the client domain name is listed on /etc/localdomains or if it's incorrectly listed on /etc/remotedomains


D) if after these points the client can't send email

     - ask to the client his ip address
     - check why ASSP is blocking him in this way

       #  tail -100000 /usr/local/assp/maillog.txt | grep "ip_address"

What could be happened ... ;

- probably the client was/is using his ISP smtp to send email (if the his ISP mailserver is misconfigured or listed on some RBL , ASSP could penalize the IP) .
- probably the client is/was not sending email correctly and ASSP is returning relay errors.

How to solve the problem ?

invite the client/all your clients to send email correctly , the correct way to send email  is ...
You (admin) should set  SMTP AUTH ON (using ASSP WHM)

The client should use following settings to send email
=====================
smtp mailserver : mail.clientdomain.com plus smtp authentication ON   smtp port 25
=======================

If their isp is blocking oprt 25 invite the client to use the alternative port (by default 26) or set an uncommon alternative port if also the port 26 is blocked by his isp. (read post installation steps point 6 for more info) .


E)  If after all these points the client can't send email,  ask the client ip , and execute this

# tail -100000 /usr/local/assp/maillog.txt | grep "ip_address"

Send me the results clicking here for support.
 

How to move "assp deluxe for cpanel" from an old server to new server (34)

You should follow these steps to move "ASSP Deluxe for cPanel " from an old server to a new server.

1) Move hosting accounts from old server to new server using WHM .
2) email me and provide me OLD server ip and NEW server ip . I'll reply you when your ASSP Deluxe license will be updated
    (usually in 12/24 hours). There is no fee to change your licensed server ip.

When the new server ip will be licensed follow these steps ;

3) STOP ASSP on old server using this procedure
4) Install "ASSP Deluxe for cPanel" on the new server following the HOW TO
5) STOP ASSP on new server using this procedure
6) Move following files (from old server to new server)
  
/usr/local/assp/whitelist
/usr/local/assp/spamdb.helo
/usr/local/assp/spamdb
/usr/local/assp/red
/usr/local/assp/assp.cfg  (move this file is you want restore assp settings from old server)

/usr/local/assp/files/ipnp.txt
/usr/local/assp/files/ipwl.txt
/usr/local/assp/files/blackdomains.txt
/usr/local/assp/files/whitedomains.txt
/usr/local/assp/files/redre.tx
/usr/local/assp/files/bombre.txt

/usr/local/assp/deluxe/
/usr/local/assp/deluxe/assp_catch_all
/usr/local/assp/deluxe/per_domain_frontend_status
/usr/local/assp/deluxe/frontend_status
/usr/local/assp/deluxe/assp_default
/usr/local/assp/deluxe/*_spam_lover  (all _spam_lover files)

7) Re-enable ASSP on new server using this procedure
8) Now open WHM ASSP Deluxe interface on new server and enable ASSP SCORING MODE , and SPAMBOX (if these services/plugins were enabled on old server too) .
 

How to allow a remote MX ? ( #36 )

If you have some user using remote MX , you should put the ip address of their remote mx server on ISP/Secondary MX Servers .
Open the "ASSP web interface" go to "Relaying menu" , "ISP/Secondary MX Servers" ,  and click edit file , then add  the remote ip and Save. 
NEW : with assp deluxe 2.8.0 and above,  the cronjob ex_localdomains.php take care of this automatically .

Local address filter and default address

After the installation all the filters are enabled for your clients. When the "Local address" filter is ON assp will accept only email sent to local existent email (forwarders and mailing lists included) stopping definitely any spam dictionary email attack problem;  you should advice your clients that using this filter any email sent to randomtext@clientdomain will be rejected if this email does not exist.  With this filter on , the default address will not work. The client can disable this filter (using the assp cpanel frontend) if they wish , and may use the Default address feature.

I messed up my assp.cfg what to do now ?  ( #08 )

To reinstall a working assp.cfg execute this

# cd /usr/local/assp;wget -r -nH --cut-dirs=10 http://www.grscripts.com/135_50/assp.cfg
# pico assp.cfg

...and replace the first 5 lines ;

webAdminPassword:=nospam4me
EmailAdminReportsTo:=email@youremail.com
EmailFrom:=email@youremail.com
EmailVirusReportsTo:=email@youremail.com
SpamError:=500 Mail appears to be unsolicited -- send error reports to email@youremail.com

as follows....

a) email addresses
    replace email@youremail.com 
    with your email address
b) change the default assp web interface password (nospam4me) with a new password
     webAdminPassword:=nospam4me

Save and restart ASSP.
 

I'm using "assp scoring mode" but I am still receiving some spam ....

If some spam is passing , first be sure you followed the post installation steps then apply
http://www.grscripts.com\tweaking.html#08
http://www.grscripts.com\tweaking.html#09

If spam is still passing after this step , copy the spam (email header included) , and paste it inside a myspam.txt file ; repeat this step for min 10 received spam . Now save the file, compress/zip the  myspam.txt file and send it to this email

 

How can we whitelist email address or a full domain name @domain.com ?  [#51]

The user

1) Using the assp email interface : the user should send an email to assp-white@clientdomain.com (to whitelist an email)    

Assuming that your local-domain is mydomain.com,
To add email addresses or full domain names to the whitelist, create a message to assp-white@mydomain.com.   You can either put the addresses in the body of the message,
or as recipients of the message.  The email should be sent using smtp auth ON (email client) ; after few second the user should receive an email notification.
Note that the whitelist is rebuilded each 24 hours (rebuildspamdb.pl cronjob)

2) each time your user send an email to someone , the email will be whitelisted automatically, so
    the user should never reply to a spammer.

Starting with ASSP version 1.3.5 the user can also whitelist a full domain name.
the user should send an email to assp-white@clientdomain.com and he should put 
_ALL_@domain.com on the body of the message (where domain.com is the domain name to be whitelisted)

The server admin
The server admin can whitelist full domain name (@domain.com) and/or email addresses.

As admin you can use points 1) and 2) and if you open the  ASSP WEB INTERFACE (port 55555),  Whitelisting menu , you have a several options and especially ;

Whitelist Domains and ips
set Regular Expression to Identify Non-Spam

The whitelist file is stored on /usr/local/assp/whitelist .

 

mailing list email extraction (mailman problem)

The /user/local/assp/deluxe/assp_local_email file contains all your local/server email (email forwarders and mailing lists included) . If some mailing listing is not working (ie. test@youdomain.com) and you cannot find test@youdomain.com on your assp_local_email flat file , execute this to fix the problem .

# /scripts/fixmailman
# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php

Antivirus and attachments [#41]

With default ASSP antivirus/attachment configuration following attachments are not allowed (cannot be received)  

ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]

Please note that ad[ep] means .ade and .adp ,  ba[st] means .bas and .bat and so on ...

You can receive these attachments only if they are compressed using .zip

Infact if anyone try to send your assp server above attachments the sender receives following error
500 These attachments are not allowed -- Compress before mailing.

Following extensions are allowed
ai|asc|bhx|dat|doc|eps|gif|htm|html|ics|jpg|jpeg|hqx|pdf|ppt|rar|rpt|rtf|snp|txt|xls|zip

You can change these settings using your ASSP Web Interface as required.

 

assp is not detecting virus..

open your /etc/clamd.conf file using pico and check the line
LocalSocket /var/clamd
if you have something different from /var/clamd open the ASSP Web interface and
change /var/clamd with your LocalSocket value. Apply the settings and restart ASSP.

uninstall xinetd service

Since the xinetd is not required by cPanel and ASSP , and if you have a firewall running on your server (or firewall hardware), I suggest you to stop xinetd service and to remove it from startup programs in this way

service xinetd stop
chkconfig --del xinetd

If you have Fedora

/etc/rc.d/init.d/xinetd stop
echo '/etc/rc.d/init.d/xinetd stop' >> /etc/rc.local

If you have FreeBSD

/etc/rc.d/init.d/xinetd stop
echo 'xinetd_enable="NO"' >> /etc/rc.conf

What is the delaying filter ?!

Delaying filter explained
Starting with ASSP version 1.3.0 someone started sending me email like these

all the mail going into the server is delaying, how long will it delay ?
or
my ASSP log file is full of recipient delayed emails . What's happening ?!?
or
what is the delaying Embargo time ?
or
I'm receiving email with a long delay !

Delaying/greylisting is an extremely powerful ASSP feature to fight spam ; false positive are near or exactly 0 . By default there is an embargo time of 5 minutes (default). You can change it as required.

What does it means ? How does work the  DELAYING filter ?
As explained also on the ASSP Deluxe cPanel web interface (HELP button) Delaying is a method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical approaches .This method is also called "Greylisting".
Delaying works on the idea that a correctly configured SMTP server will always attempt re-delivery of an email message if it gets a soft failure.
How does it work exactly ? When someone send an email to our server (and you or your client have the delaying filter enabled), ASSP will return a 451 error (soft failure) which requests deliverly again later. If the sending mail server is correctly configured it will reattempt deliver in X number of minutes. (it depends upon his configuration) . If the sender mail server waits and redelivers , the triplet (email address, domain,IP) gets whitelisted (delaying whitelist) and you'll receive the email .
When will you receive the email ? If the mail server is configured correctly you should receive the email after min 5 minutes (default embargo time) and max 28 hours (default wait time)  . If the Spammer mailserver doesn't reattempt the deliver (and the spammers usually do not reattempt the deliver) the email will be rejected after the wait time (28 hours) and you'll never receive the spam message.

May I lose some valid email ? Only if the sender (mailserver sender) is not configured to reattempt the deliver the email will be rejected. If the client can see some valid email on his delaying Log page he can still whitelist the email using the REPORT button.  

By RFC, all mailservers have to retry the delivery.

When you install ASSP for the first time ASSP will delay almost everything . It's normal .
Such as with the Bayesian filter , remember that day after day assp will learn what is good (WHITELIST) and what is bad .  After few days ASSP knows what is good and will delay only unkown/new emails. In fact if you follow my HOW TO and you install my assp configuration, delaying for whitelist and local email is disabled (unchecked).  Please read also http://www.asspsmtp.org/wiki/Delaying for other info.
If after this point you still cannot understand how works the delaying filter , you can disable it for all accounts (set it to off) .
 

Using the "ASSP Email interface" .

As you have probably already read on ASSP documentation the "ASSP Email inteface" is a powerful ASSP feature which permits to add or remove email to the Whitelist, report Spam, or false-positives improving the Bayesian filter.  For example the "R" button that you can see on the "ASSP deluxe for cpanel" log pages uses the ASSP email interface to report false positives. Some user could report you that is not able to forward a spam message to  assp-spam@clientdomain.com . ASSP email interface (assp-spam@clientdomain.com assp-white@clientdomain.com and so on) accepts reports only if the sender client uses smtp auth on  (only from smtp authenticated users).

Horde and Squirrel mail are automatically configured by ASSP Deluxe for cPanel to use the ASSP email interface . (Many thanks to Steve Hollar for Horde and Squirrel tweaks .)

 

We are getting the following error "Bayesian spam database is small or empty: '/usr/local/assp/spamdb'"

This error happens on the first hours of ASSP usage . It's normal since ASSP has still to build it's database. You can remove this error running following command for 2 or 3 times

cd /usr/local/assp;/usr/local/assp/rebuildspamdb.pl

Otherwise this error will be automaticaly fixed when the rebuildspamdb.pl cronjob will run (each 24 hours).
 

How to find and release good messages ? How does work spambox@ ?

First of all you should activate spambox@ using  the assp WHM web interface.
Then to release a good message your client should use spambox @ pop3 ; or your client can check the /spambox imap folder to read all received spam (and report false positives to
assp-notspam@clientdomain.com)

Some example

a) Using spambox@domain.com pop3
If your client creates spambox@domain.com (pop3 account) all spam sent to @domain.com will reach
spambox@domain.com .

Now if the client login on his pop3 account spambox@domain.com he can see all the spam which reached his domain name @domain.com  . If he see a false positive (good email) he can forward (or forward as attachment , better) the email to the destination contact , for example test@domain.com .
He can check spambox@domain.com such as any other email account on his server , using his email client , horde or  squirrel.

b) Using imap
ASSP deluxe spambox@ sends all the received spam also to each account on your server (exactly to the /spambox imap folder of each email account).
For example if the owner of  test@domain.com checks the email using imap (using an imap email client such as Thunderbird or webmail Horde), if he received some spam , he can find the spam on the  /spambox imap folder.  If no /spambox imap folder exists it means that test@domain.com received no spam . If the owner of test@domain.com see a valid email on /spambox he can forward this email
to assp-notspam@domain.com , and it will be never blocked. Or he can simple reply to the email , and assp will never block it again.

 

Clients have been asking - how do they retrieve legitimate messages that have been rejected by ASSP ?

You , server admin , should activate the  ASSP Deluxe for cPanel SPAMBOX@ plugin using WHM assp web interface. 

If you (server admin) activate the assp deluxe for cPanel SPAMBOX@ plugin
the SPAMBOX@ plugin redirects all rejected spam(*) to  spambox@clientdomain.com  , only if the client creates a spambox@clientdomain.com email AND always to the /spambox imap subfolder of each email user .

Over the useful SPAMBOX plugin , remember to the client that this antispam software (ASSP) is not stupid and day after day it learns what is good and what is bad and probablility to lose a false positive go lower day by day.

Remeber also that you (admin) and the client have powerful ways to avoid to lose valid emails ;

The client ;
- Everyone the client email or reply is added to the whitelist automatically
  (and whitelisted email , bypass ALL filters)
- The client can use the email interface (assp-white@hisdomain.com) to whitelist an address.
- If the SPAMBOX plugin has been enabled , the client can read false positive and report them as good
  (assp-notspam@hisdomain.com).
- The client can disable one or all the email filters using cPanel assp deluxe frontend.

You (admin) ;

If you activated the SPAMBOX@ plugin from WHM assp interface , the client will never lose a false positive.
However on your ASSP web interface (http://yourip:55555) you have other powerful features to avoid to lose valid email for clients (if some client reports problems) . For example you can tweak the Whitelisting  menu (with the WhiteRe - Expression to Identify Non-Spam and Whitelisted Domains for example) , or the SPAM Lover/No Processing menu (with the Unprocessed Addresses tool).

(*) email rejected due to delaying and PB will not be received/collected.

 

Is my Antivirus working fine ?

You can execute 2 checks ;

1) restart exim from command line while assp is running 

service exim restart

The line

Starting clamd: [ OK ]

should not report errors.

2) Open the ASSP Web interface (port 55555)

Click on infostat (left menu)
Click on Module Add-ons

You should see a line like this
File::Scan::ClamAV              1.8                     CPAN

If instead of ClamAV version you see an error your clamd antivirus is NOT working .

 

Do I need to create email addresses assp-white@client.com ?

NO . ASSP will parse these emails automatically . It's the ASSP Email Interface feature ; if you followed my HOW TO the Email Interface is enabled by default . 

for more info
http://www.asspsmtp.org/wiki/Email_Interface

Only smtp authenticated users will be able to use the ASSP Email Interface .

 

How to edit the ASSP whitelist  ?  ( #74 )

There is no way to see/edit the whitelist used by ASSP using ASSP Deluxe or ASSP web interface because the list
is created dynamically by ASSP.  For example each time you send an email , ASSP automatically whitelist each email destination .
Also each time you use assp-notspam@ (and assp-white@ of course) , assp whitelist the emails .
For this reason the whitelist file should not be edited , but you should act with it using assp-white@ assp-notwhite@ assp-notspam@ and so on... . As admin you can also use the whitelist menu on ASSP web interface of course.

If you want see the whitelist

# cat /usr/local/assp/whitelist
or
# pico /usr/local/assp/whitelist

for the reason explained above I do not suggest you to edit the whitelist file.

 

How to disable ASSP temporarly ?  ( #20 )

If for some reason (for example you have an email problem and you don't know if the problem is related to assp,exim or your firewall) you need to disable assp temporarly and you want use only exim (standard cPanel usage) you should  follow these steps ;

1) First we should be sure that assp will not restart automatically. If you are using ASSP MONITOR , uninstall it from assp WHM , OR open WHM then select Service  Configuration > Service Manager and uncheck assp service.   If you are using  the status.php cronjob , comment it (# crontab -e and comment status.php line).
2) STOP ASSP using WHM assp (or from command line  # /etc/rc.d/init.d/assp stop).
3) Open WHM , Exim Configuration Editor , then select Advanced Editor

On the first box comment this line on the first box

# local_interfaces = 127.0.0.1.125

or these 2 lines if you are using daemon_smtp_ports

# local_interfaces = 127.0.0.1
# daemon_smtp_ports = 125

4) Save exim .

Exim now is working without ASSP , normal cPanel usage.

To re-enable ASSP which was temporarly stopped  .....

1) Open WHM , Exim Configuration Editor , then select Advanced Editor

On the first box un-comment the line on the first box

local_interfaces = 127.0.0.1.125

or un-comment following 2 lines if you are using daemon_smtp_ports

local_interfaces = 127.0.0.1
daemon_smtp_ports = 125

2) Save exim .  If exim does not re-start now ,no worry , is normal.

3) START ASSP using WHM assp Deluxe web interface .
4) RESTART exim using WHM (it should re-start without errors)

5) re-enable the ASSP monitor cronjob (crontab -e) uncommenting the line ..

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php

 

 

I'm receiving  "Server replied: 111 Can't open SMTP stream" using Squirrel/Horde

The problem is not related with ASSP . You should find the problem on your firewall. Be sure you have  port 25 TCP IN/OUT  and 125 TCP IN opened . Also your alternative port (26 i.e.) should be opened.

 

My client domain cannot receive email and it's receiving a "relay attempt blocked" error. ( #57 )

Check if your client domain is listed on /etc/localdomains .
If no, add the client domain name to your /etc/localdomains file (#pico /etc/localdomains)  . Restart ASSP using the WHM assp web interface. It fixes the problem. If the problems does not fix check also if the client main domain is listed on /etc/trueuserdomains . 

 

how to bypass ASSP ? ( #56 )

if you want disable ASSP fully for a LOCAL domain name ,
open ASSP Web interface > spamlover >
and add your domain to "No Processing Addresses* /(noProcessing) " , Save .

If you want fully disable ASSP for a REMOTE domain sender
open ASSP Web interface > spamlover >
and add your domain to "No Processing Domains* (noProcessingDomains)", Save.

 

ASSP restarts often , or eats a lot of cpu , what to do ? ( #10 )

It should not happen if you are using 1.3.5 (5.0) or above versions  . If it happens , be sure you are running latest versions of each scripts (using assp WHM web interface) and check if your server is under ddos email attack.
 

exim restart often , what to do ?

exim restarts are not due to assp .  You may try this

/scripts/eximup --force;/etc/rc.d/init.d/assp stop
/etc/rc.d/init.d/exim restart;/etc/rc.d/init.d/assp start

If after this step exim has still problems you can disable temporarly ASSP in this way
http://www.grscripts.com/howtofaq.html#20 , then open a ticket with cPanel and ask to have exim fixed.

 

Are you running out of disk space on /usr ?

First of all you can delete all old assp logs in this way

cd /usr/local/assp
rm -f *.maillog.txt

If you have still disk space problems you can create a symlink for /usr/local/assp/spam and /usr/local/assp/notspam

Suppose you want symlink data from /usr/local/assp/spam to /home/spam and from from /usr/local/assp/notspam to /home/notspam

STOP ASSP using WHM then execute this

# mv /usr/local/assp/spam /home/spam
# mv /usr/local/assp/notspam /home/notspam
# ln -s -f /home/spam /usr/local/assp/spam
# ln -s -f /home/notspam /usr/local/assp/notspam

Now START ASSP using WHM .
Done.  You should not have more disk space problem on your /usr partition due to assp.

socket bind() to port 125 ?

If you are receiving this error when you start assp (exim maillog)
2007-04-16 10:42:22 socket bind() to port 125 for address 127.0.0.1 failed: Address already in use: daemon abandoned
you can ignore it.

 

ex_localdomains.php (some useful command for advanced users)

ex_localdomains.php creates an updated list of email/forwarders/domains/subdomains of your server .
Email are stored on /usr/local/assp/deluxe/assp_local_email , domain names are stored on assp_local_domains . It executes also some other important check (i.e. it checks default assp per domain configuration , checks integrity for spamlovers files , checks if horde,squirrel and mailman are configured correctly to work with assp).

There is some useful hidden command ;

1) If you execute ex_localdomains.php cronjob using crow=1 in this way
      
          /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php crow=1

you may add also one email address as a spamlover. The email address you entered will not be overwritten .

HOW TO use the crow=1 option
Suppose a client ask you to turn off RBL (i.e.) not for all his domain name (he can do that himself with assp deluxe cpanel frontend) but only for one email on his domain .  For example he wants that the email clientemail@domain.com bypasses the RBL filter ;  you should do this

• be sure you are running ex_localdomains.php cronjob with crow=1 (see above)
• open the "assp web interface" and open the  "SPAM Lover/No Processing" menu
• go to DNSBL Failures Spam-Lover (which is the RBL filter) click on edit ,and add the clientemail@domain.com to the list .  

In this way clientemail@domain.com will bypass RBL filter check.

If you do not use the crow=1 option the email added to the spamlover list will be removed each time
will be execute ex_localdomains.php .

2) If you execute ex_localdomains.php from command line could be useful the option show=1
# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php show=1
It will show all the output of ex_localdomains.php . I do not suggest you to add this option
to your cronjob too , it's useful only if you use it from command line.

3) If you add the addhost=1 option , ex_localdomains.php will configure your hostname
to receive email using assp. You should execute it each time you change hostname. You should use it only if you want receive email on your hostname .

 

status.php (a useful command for advanced users)  ( #30 )

If you are using the status.php cronjob to monitor ASSP status you can use myhigh to restart automatically ASSP if the ASSP cpu medium value registered by the update_email.php cronjob is greater your custom myhigh=n .

for example if you set

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php myhigh=15

each time the medium value of latest 5 ASSP cpu values (registered by update_email.php cronjob, each 3 minutes by default) will be greater than your value (15) , ASSP will be automatically restarted and you will receive an email notification. 

You can also use restart=no togheter with myhigh.

for example if you set

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php myhigh=15 restart=no

each time the medium value of latest 5 ASSP cpu values (registered by update_email.php cronjob, each 3 minutes by default) will be greater than your value (15) , you will only receive an email notification. 
 

 

clear_spambox.php (some useful command for advanced users)  ( #09 )

If you are using the spambox@ plugin , mailbox for your client could grow very fast especially for clients receiving a lot of spam.  To avoid disk usage problems for your clients set following cronjob (you can run it daily) using "crontab -e" from command line   

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php

By default the cronjob above will run each day , removing @spambox email on all your accounts older than 7 days . If you want  change the default (7 days) you should enter the cron in this way

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=n

and replace n with your days. For example ...

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=15

removes spambox@ emails on all your accounts older than 15 days.

With assp deluxe 2.3.0 I added some other advanced command which could be added to your clear_spambox.php cronjob

noemail=yes ;   it disables email notifications

 

sp=yes ;
limitspace=x     (x = disk space in Kilobytes)
remdays=x       (x = other days to be removed)
 

These 3 commands (sp limitspace and remdays) should be used/entered at the same time  . At the end of cleaning operation ,  clear_spambox.php checks if disk usage for each already cleaned mail folder is over your limitspace in kilobytes  . If some mail folder is over limit it removes other remdays from this spam folder.

For example, if you set this cronjob

......../deluxe/clear_spambox.php sday=15 sp=yes limitspace=10000 remdays=5

First it removes email older than 15 days . If at the end of cleaning , some cleaned folder is using
over 10000 Kbytes (about 10 MB) ,clear_spambox.php will clean other 5 (remdays) days of older spam from these accounts .

Other useful clear_spambox.php commands are

nodisabled=yes
If you add nodisabled=yes to your clear_spambox cronjob , all the users having imap spambox disabled will not be processed/cleared .

noemail=yes
If you add noemail=yes the clear_spambox will not sent email also if you have DAILY SPAM REPORTS enabled.
 

high=x    (x = cpu load)
If the cpu load will go over this value the script will sleep . By default this value is 5.
 

norep=yes
If you have DAILY SPAM REPORTS enabled on your ASSP WHM and you want execute clear_spambox.php from console without executing the DAILY SPAM REPORTS .

noclean=yes
If you have DAILY SPAM REPORTS enabled on your ASSP WHM and you want execute clear_spambox.php without cleaning the email from emali older than n days.

 

update_email.php (commands for avanced users)

nohup=yes
If you add  nohup=yes  to your update_email.php cronjob , update_email.php  stops to store "number of assp smtp connections" on ASSP STATUS CHART (also if the HUP signal each 3 minutes to store assp connections does not delay assp in any way , someone asked me this feature).

ASSP SSL support on alternative port using stunnel

Please read this how to
 

I would fully disable ASSP for a client (#15b)

If you want fully disable/bypass ASSP for a client you should put all his domain names on ASSP "no processing list".
Open the ASSP WEB INTERFACE , open the "SPAM Lover/No Processing" menu , then enter your client domain names on
No Processing Addresses* (noProcessing) . You can also enter  file:files/noproc.txt , if you want enter your domain names
on a txt files. (enter file:files/noproc.txt save , return to "SPAM Lover/No Processing" and click on Edit ). 
 

how to set a postmaster@ and abuse@ email for all my clients to fix RFC errors on dnsstuff ?  (#20b)

If you want set a working postmaster@  and abuse@ email for each domain , subdomain , addon domain  or parked domain
on your server , ASSP Deluxe deluxe takes care of this too (since version 2.6.5) .
Please follow the procedure explained below

First remove from "no processing , spamlover, whitelist" or from any other ASSP web interface menu, 
each abuse@ and postmaster@ value. 

Now simple execute this from console
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php

The scripts will create 2 forwarders for each domain , subdomain , addon domain  or parked domain on your server.
1) abuse@domain.com redirected to user@domain.com
2) postmaster@domain.com redirected to user@domain.com

If you want forward all the email sent to abuse@ and postmaster to your preferred server email (your own postmaster) for example  abuse@myserver.com (for abuse@) and  post@myserver.com (for postmaster@) you should execute this instead
 

# cd /usr/local/assp/deluxe

# /usr/local/cpanel/3rdparty/bin/php-cgi fix_abuse_postmaster.php forwardto=abuse@myserver.com forwardto2=post@myserver.com

The scripts will create 2 forwarders for each domain , subdomain , addon domain  or parked domain on your server and

1) abuse@domain.com redirected to abuse@myserver.com
2) postmaster@domain.com redirected to post@myserver.com
 

Once you have executed fix_abuse_postmaster.php wait about 5 minutes (in tihs way update_email.php conrjob will load your new forwarders on assp_local_email) and all should work correctly . Now if you check dns for any domain on your server

http://private.dnsstuff.com/tools/dnsreport.ch?domain=clientdomain.com

the mail error related to abuse@ and postmaster@ should be fixed.

Note :
1) the script will not create the forwarder if a pop3 or forwarder abuse@ or postmaster@ email already exists for that domain.

2) If you want undo the changes , removing all postmaster@ and abuse@ lines from your /etc/valiases/* files you should execute this
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php clean=yes

Set a cronjob
If you want be sure that also new domain names will be set with  abuse@ and postmaster@  you may set a cronjob
for fix_abuse_postmaster.php (such as other assp deluxe cronjob put it between MAILTO="" and MAILTO="root" ).

For example the command below will execute the cron each 12 hours ,
10 */12 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php

Credits : fix_abuse_postmaster.php was created following an idea of Elie P. by webdomain.com

 

A powerful tool , find_abusers.php

Click here to read the article (advanced users)

How to block a DDOS SMTP attack using ASSP and ASSP Deluxe for cPanel

Click here to read the article (advanced users)
 

Why are some senders blocked (also with low score) ?  (#15)

NEW ::: starting with ASSP 1.3.9 PB extreme starts disabled and the "alternative PB extreme" is installed by default ; if you installed ASSP 1.3.9 you already have the "alternative PB extreme" cronjob .

With "ASSP Scoring Mode" enabled,  spam filters (Bayesian , MX/A , PTR , HELO , SPF , RBL , URIBL , BOMBre) contribute to SPAM scoring .ONLY if the received email has a score greater than the "Threshold for Combined Scores per Message" (by default 40 ,PB menu) , the message will be rejected.

If an ip address sends emails with repetitive errors (for example BlacklistedHelo) , also if assp scoring mode does not reject it (because BlacklistedHelo is only 5 points and required points fro assp scoring are 40 i.e.) , Penalty Box (PB) will count and sum BlacklistedHelo score errors on PenaltyBox Database , and when the Extreme Scoring Threshold (PenaltyExtreme) value will be reached the ip address will be  added to /usr/local/assp/pb/exportedextreme.txt  and blocked at smtp time generating following errror ;

554 5.7.1 Penalty Box error, please contact the server support to ensure delivery

By default assp 1.3.5 and 1.3.3.8 comes installed with PenaltyBox Extreme enabled . If you would disable PB extreme read below .

How to disable PB extreme blocking  ;

a) If you are using assp 1.3.3.8
you should use Penalty Box (PB) to mode 2 and uncheck Do Extreme Denying for Mode 2 (PB MENU) . In this way you will use only assp scoring mode and ips will not be penalized  for a repetitive error.  

b) If you are using assp 1.3.5

  -  assp web interface > PB menu  and set "PenaltyBox Extreme - IP Profiles (DoPenaltyExtreme)" to 0 .
  -  assp web interface > PB menu  and uncheck  "Use Exported Penalty BlackBox Extreme for SMTP Denying" .  
   - assp web interface > PB menu , set to 0 "Use Exported Penalty BlackBox Extreme for SMTP Denying (exportExtremeFileDeny)"
 

c) If you are using assp 1.3.9

  -  assp web interface > PB menu  and set "PenaltyBox Extreme IP Profiling (DoPenaltyExtreme)" to disabled .
  -  assp web interface > PB menu  and uncheck  "Do Export Penalty BlackBox Extreme (DoExtremeExport)" .  

In this way ips will not be penalized  for repetitive errors and the exportedextreme.txt extreme file is no more used/created .  You may consider to enable it (PB extreme) again if your server goes under heavy email attack.

NOTE :   Alternative to PB extreme :

(Thanks for idea to Remy Gardien  e-dot.nl ,and Manuel  arteryplanet )
With ASSP Deluxe 2.8.0 and above , if you would collect and block all ips which are bombarding your server ONLY using

"email dictionary attack"
"assp scoring mode"
"max errors"
"relay attempt blocked"
"limited connections"

you can do that adding this cron to your  "ASSP cron list"
 

*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=30 addpb=30 deny=yes on=yes

This cron turns OFF AUTOMATICALLY Penalty box extreme and will collect (each 15/20 minutes) on your /files/denysmtp.txt file (denySMTPConnectionsFrom) all ips which received min.  min 30 "assp scoring mode" or min "max errors" or min 30 "relay attempt blocked" or min 30 "limited connections" . These ips will be blocked by denySMTPConnectionsFrom .
All ips which received min.  min 30 "email dictionarty attacks" (invalid address check)  will be collected on your /files/blockip.txt  and blocked by  denySMTPConnectionsFromAlways .

The sender will receive this error
554 5.7.1 Penalty Box error, please contact the server support to ensure delivery

This alternative ip collection  strongly reduces the risk to block valid ips (a common problem with the standard ASSP PB extreme) . Of course you can customize the addpb value . If you decrease the addpb value you collect more ips however you increase the risk to block some good ip and viceversa. Be sure that show= value is always lesser than addpb value .

Such as with PB extreme if you think the some good/valid sender ip is blocked   , open ASSP web interface and add the sender ip on
Penalty box MENU > Don't do Profiling for these IP's* /(noPB) In this way the ip  will not be blocked again .

Advanced settings for the alternative PB extreme 
Instead to use addpb=30  you can separate values for each collection in this way

dc= for "email dictionary attack"
sc= for "assp scoring mode"
rl= for "relay attempt blocked"
er= for "max errors"
lm= for "limited connections"

for example...
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=10 rl=40 sc=30 lm=40 er=15 dc=25 deny=yes on=yes

you can also use merge addpb= with the commands above for example
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=10 addpb=40 dc=15 deny=yes on=yes
 

note: be sure that the show= value should be always lesser than any value set.

dm=  feature  (#h01)

With ASSP Deluxe 2.9.2 and above versions is available also the dm= feature .  Suppose you are using a conservative cron ip collection like this

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=15 sc=40 lm=30 dc=25 deny=yes on=yes

however you have a single domain which is under heavy email dictionary attack . You can add another cron (this time aggressive) to collect ip on a single domain , for example

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=1 sc=20 lm=30 dc=2 dm=domain.com er=2 deny=yes on=yes

it will collect bad ips only for domain.com . In other words you can set an aggressive bad ips collection per domain (one or more domains) easly, and use at the same time a relaxed ip collection server wide. 

unexpected disconnection while reading SMTP command

If on EXIM maillog you see "unexpected disconnection while reading SMTP command" lines without ACL errors , it's a normal behavior , ASSP is disconnecting from EXIM because the email was rejected due to spam (email dictionary attack or any other reason) .

 

Someone can't email me because is receiving the error 554 5.7.1 Penalty Box error  ; what to do ?

First of all you need the ip address of the email remote sender.

Now you can investigate why ASSP blocked the ip in this way
# grep ip_address  /usr/local/assp/maillog.txt

Then you can check if the ip has been penalized in this way
# grep ip_address  /usr/local/assp/pb/*

Once you find the problem , to allow the good ip address you can add it to your  "Don't do Profiling for these IP's* (noPB)" list
(open assp web interface > PB menu ) .  In this way assp will not block again your ip.

If the good ip is listed also on exportedextreme.txt , execute also
# replace "ip_address" "" -- /usr/local/assp/pb/exportedextreme.txt

If you are receiving several compliants due to PB extreme usage turn it off (read above How to disable extreme blocking)
or collect and block only email dictionary attacks (read this)

NOTE : with assp deluxe 2.7.0 and above , ASSP Deluxe automatically fixes common PB problems related to local users . ASSP Deluxe removes automatically from /usr/local/assp/pb/exportedextreme.txt  local pop3 authenticated users and ip adresses of (recently) email whitelisted using the email interface ,  /usr/local/assp/deluxe/deluxe.log logs these automatic fixes. So , if you have ASSP Deluxe 2.7.0 or above PB extreme should not cause you problems with local users.

 

I would upgrade to ASSP 1.3.5 5.0  or 1.3.9 (#67)

Before upgrading to ASSP 1.3.5 5.0 or to 1.39 using ASSP WHM interface you should execute this

# cd /usr/local/assp
# rm -f assp_modules_installer
# wget http://www.grscripts.com/assp/assp_modules_installer;chmod 700 assp_modules_installer
# ./assp_modules_installer;rm -f assp_modules_installer

to update all perl modules required by ASSP

how to use roundcube webmail with ASSP Deluxe ?

If you would use ASSP email interface on Roundcube you should only
change in the roundcube conf file following line

$rcmail_config['smtp_server'] = '';

with

$rcmail_config['smtp_server'] = 'localhost';

Then restart exim and ASSP. It will allow you to use the ASSP Email interface (assp-spam@ assp-notspam@..)