ASSP & ASSP Deluxe for cPanel (notes, articles, and post installation FAQs)

Updated Jul 11 2010

ASSP Deluxe for cPanel post-installation steps  ( #16 )

I strongly recommend you to apply carefully following steps right after the installation ;
these steps (0-13) reduce possible "false problems" for you (admin) and for your clients .

0)   ASSP (ASSP = Anti Spam Smtp Proxy) works like an smtp proxy before EXIM  ; each time you need to analyze a problem always remember how works ASSP

So, each time you need to analyze an email problem first check if the problem is on ASSP using commands like this

# tail -60000 /usr/local/assp/maillog.txt | grep "email"
or
# tail -60000 /usr/local/assp/maillog.txt | grep "ip_address"

and , If the problem is not on ASSP then check the exim maillog with a command like this

# tail -60000 /var/log/exim_mainlog | grep "email"
or
# tail -60000 /var/log/exim_mainlog | grep "ip_address"

You can monitor ASSP running in this way

# tail -f /usr/local/assp/maillog.txt

1)  After the installation, and for the first 12/24 hours ASSP is running execute this often

# cd /usr/local/assp;/usr/bin/perl /usr/local/assp/rebuildspamdb.pl

You can execute this command also using the WHM ASSP interface. (REBUILD SPAM DB) . Each time you execute this ASSP Bayesian filter learns what is good and what is bad . If you followed carefully the "HOW TO", you should have already set a cronjob to execute rebuildspamdb.pl each 24 hours. Only in the first hours of usage you should execute it more often, so the ASSP Bayesian filter can learn better and faster.

In the first days/hours rare good email (less than 1%) could be blocked for spam incorrectly (false positives) . It happens especially because your spamdb is new and you should give some guideline to ASSP Bayesian filter.  If spambox is enabled these email are not lost and following steps will strongly reduce this problem in the first days of usage;

Especially in the first days of usage you/your users can correct rare errors forwarding the good email found in spambox to
assp-notspam@clientdomain.com and spam not blocked found in inbox to assp-spam@clientdomain.com .
As admin , you can do these correction also using ASSP WHM > SPAM ANALYZER and NOT SPAM ANALYZER.
Using this way (recommended even if not strictly required) you can speedup a lot the process to build
an efficient spam database. Your clients can receive a list of blocked spam by sending an email to
asspblock@clientdomain.com (the email includes commands to resend the blocked email too).

Spambox can be read in several ways. This can be done sending email to asspblock@userdomain.com , reading spambox using pop3 , imap , webmail (Horde,Squirrel,Roundcube), or ASSP Deluxe cPanel frontend . You should simply invite the client to read the HELP, WHITELIST and SPAMBOX button , on the cPanel frontend so he can learn how to use spambox , how to  report email , how to whitelist email or domain names.

Once the user is able to read the spambox and he find a good email in spambox he should forward the email to assp-notspam@clientdomain.com , so ASSP can correct the error and learn better and faster.  In the same way the user can report a SPAM found in his inbox , forwarding the SPAM to assp-spam@clientdomain.com . It's all explained on the client ASSP Deluxe cPanel frontend.

If this easy procedure can't be done by the client for some reason, you can do this for the client as admininstrator. Go to ASSP WHM and open the SPAM ANALYZER. Here you can search the email which was blocked , using [R] you can resend the email to user inbox , and using NOTSPAM button you can help ASSP to correct the error .  As admininstrator you can also whitelist the email or the ip address (or add it No Processing Domains or NO Processing Addresses) using the ASSP Web interface  .

Another good idea to reduce problems with false positive is to invite your users to use assp-white@clientdomain.com to whitelist their email customer list.  Even if ASSP automatically creates the whitelist In this way ASSP create a good whitelist faster and it could strongly reduce false positves in the first days. The users can read how to use assp-white in the ASSP Deluxe frontend , HELP and WHITELIST buttons .

 

2) Enable the "ASSP SCORING MODE" using the ASSP WHM interface . Optional step ,  strongly recommended because it increases significantly spam detection , strongly reduces false positives , increasing EASY OF USE for your clients .

     Advantages :
      - clients have only few SPAM filters on their cPanel , less confusion , easy of use
      - very good SPAM detection and reduced risk to lose a good email

Once you have enabled ASSP SCORING MODE you may/can analyze what's happening on ASSP maillog

# tail -f /usr/local/assp/maillog.txt 

Any "message ok" is a message accepted which will passed to exim. Any "[spam found]" is a message rejected by ASSP scoring mode, for example ;

Apr-16-08 01:38:34 190.50.185.143 <cx@spam.com> to: user@myserver.com [spam found] (MessageScore 48, limit 40)

If you activate the SPAMBOX (see the steps below) the blocked spam will go on the client spambox .


3) Delaying (also known as greylisting) filter permits to block more SPAM (if required) , however it has 2 negative points ;
      -it's behavior could create big confusion to unexperienced users
      -the email rejected due to delaying filter cannot be retrieved using the SPAMBOX@ plugin.

For these reason "turn off"  , for all users , Delaying filter  using the "ASSP DOMAIN CONFIG" in your WHM ASSP Deluxe interface  .  The client can/will decide if it's the case to turn delaying filter ON using his cPanel frontend .  
 
IMPORTANT : Set also delaying off by default using the "DEFAULT SETTINGS" > FILTER STATUS DEFAULT SETTINGS  on your WHM ASSP Deluxe interface , so that new hosting clients will receive delaying off/disabled automatically ; this setting will be applied only to new hosting accounts and it will NOT apply/work to transferred accounts . If you will transfer accounts from other server by default they will have the delaying filter enabled (does not matter the the "DEFAULT SETTINGS"  values) . So , I recommend you to turn OFF the delaying filter for all transferred accounts; it can be done using ASSP WHM > "ASSP DOMAIN CONFIG" > delaying filter , set the filter delaying OFF for each transferred account.


4) Read all the HELP included on ASSP deluxe cPanel frontend (HELP button near the Change Language drop down).
Read how to use the ASSP email interface to report false positives or spam ( assp-spam@ assp-notspam@ .....) and  also this article .  Invite your clients to read documentation included . Read carefully how works the "no local address spam filter".

 

5) (#005) Remember that ASSP by default does not block or "filter" a LOCAL email , so if a local user can't send
     an email please read this .

The correct way to send email with ASSP is always using
smtp   mail.clientdomain.com  plus smtp auth ON

ONLY using this way ASSP will not consider the local users as remote . ONLY using this way ASSP will never block a local email and will able to build an efficient Bayesian filter.  The client can send email on port 25 or the alternative port 26 (by default) .  The alternative port is already configured on ASSP Web interface and it should NOT configured on WHM > Services .

If the isp blocks port 25 and 26 and the client can't send email ,  simply set an uncommon alternative port  for example 56384  instead of default 26.
Open the ASSP Web Interface (http://your_server_ip:55555) > Network Setup > Second SMTP Listen Port (listenPort2)  and enter  56384 , save settings.
Be sure to allow the port 56384  TCP IN/OUT Open the port  on your firewall. Now invite the client which is not able to use port 25 to send email on smtp port 56384 . The isp will not block this uncommon port  and your client will be able to send email correctly using smtp  mail.clientdomain.com .  
 

6) . (#.6) optional ( strongly recommended ) ,enable the SPAMBOX@ plugin using WHM ASSP, so your clients can easly track false positives , no rejected email will be lost , and the client can report false positives as good using the ASSP Email Interface (assp-notspam@clientdomain.com) : if you completed point 4) you already know how works the ASSP Email Interface .
NOTE THAT YOU CAN USE A NOT REGISTERED DOMAIN NAME to set your spambox plugin. The main spambox domain MUST NOT BE a reseller account and it can't be your hostname . The main spambox domain must have CGI functionalities . When you enable the spambox plugin you will see other features on your ASSP WHM ; you will be able to enable/disable imap spambox per domain , and you will be able to enable/disable spam daily reports. Also the client will have a new button/functionality on his cpanel frontend (SPAMBOX near the "change language" dropdown) where he can receive help and disable/enable each spambox feature.

Are you lost installing SPAMBOX ? Try following 3 minutes installation

7) avoid to change countless settings on ASSP web interface ( http://yourip:55555 ) . I can guarantee/support  the usage of ASSP and ASSP Deluxe only if you use my default configuration.  Of course you can use ASSP Web interface to whitelist a domain , unprocess a domain , spamtrap and email , change ASSP scoring and so on . Avoid to change something like smtp settings , spamlovers , or other core settings,  and you will not have problems.
 

8) There is no need to uninstall ASSP if you have a temporarly problem and you want return temporarly to the cPanel way. 
    Learn how to disable temporarly ASSP in case of problems which you can't solve ;
    http://www.grscripts.com/howtofaq.html#20 
   
9) .ASSP uses DNS very often to executes antispam checks. If your DNS is slow you should fix your
/etc/resolv.conf  . You can test your DNS speed using following ASSP Deluxe for cPanel command

# cd /usr/local/assp/deluxe;/usr/local/cpanel/3rdparty/bin/php-cgi dns_check.php

The test will be completed in about 1 minute .

10)  I recommend you to read carefully all other FAQs on this page when you have some time or each time you have a problem

11) To block more spam as possible you can always find latest/updated ASSP recommended settings and tweakings in this page .     In this page you can find also latest recommended RBLs and URIBls
 

12) Recommended articles

                                  

13) If you have ASSP installed on more than 1 server , I recommend to whitelist all the ips of your ASSP servers
      Open the ASSP web interface > Whitelisting/Redlisting menu > Whitelisted IPs
      DO NOT enter local ips in Whitelisted IPs .
  

14). If in the ASSP usage you will experience big delays to send email or smtp timeouts sending email these could be due only to 2 reasons (#14) ;

a) server DNS slow
b) server under heavy email attack (number of ASSP smtp sessions is too high to be supported) .

Case a) . Check your server DNS speed using  the command already discussed above at point/step 9)

# cd /usr/local/assp/deluxe;/usr/local/cpanel/3rdparty/bin/php-cgi dns_check.php

If you receive VERY GOOD or EXCELLENT dns speed , there is no problem in your DNS. If you receive lower result speed , you should otpmize your /etc/resolv.conf and you should be sure your DNS is caching results. Each time you tweak /etc/resolv.conf , restart your DNS and try the DNS speed check again. When you will receive VERY GOOD or EXCELLENT results you should stop to experience smtp timeouts to send your email. If you have still problems your server is probably under a huge email attack in this case read the next case b) below.
 

Case b)  Exactly when you are experiencing delay to send email (or smtp timeouts to send email) , open your ASSP WHM and click the SMTP CONN button . If you see a lot of* simultaneos smtp connections your server is under an email attack which your server is not able to support .  Using

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php

you can understand which are accounts most bombarded . Now to reduce the attack you may ;
- Be sure the "no local filter" is enabled for at least your 5 most bombarded accounts .
- Configure a more aggressive bad ip collection using  find_abusers.php .
- Configure a very aggressive bad ip collection using  find_abusers.php per domain (dm=)
   or better per domains using dm=file (recommended and efficient).
- Open ASSP Web Interface > IP Blocking menu > and set  maxSMTPipConnects to 1 and maxSMTPdomainIP to 1. Save settings.
- You may consider to move your most 1-3 bombarded accounts on another server , or consider to use a remote MX service
  for these accounts .
- Only if ASSP restarts frequently try using following cronjob to monitor ASSP status

*/4 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php long=1

- if you want accept traffic only from some country, open ASSP Web Interface > sender base menu and set  
"Do Country Blocking" to block and CountryCodeBlockedRe to all and in Ignore Country Codes (NoCountryCodeRe) enter all the countries from which you want receive email (separated by a pipe | ) for example  US|FR|ES|IT

- If after these steps you are still experiencing timeouts/big delays to send email open ASSP Web interface , go to SPF/SRS menu , and set "Enable SPF Validation (ValidateSPF)" to disabled ; now go to URIBL menu and set  "Enable URI Blocklist Validation (ValidateURIBL)" to disabled ; now go to DNBL and set "Maximum Time (RBLmaxtime)" to 5; now go to SMTP Session Limits menu and set   "Maximum Sessions Per IP Address (maxSMTPipSessions)" to 4 and "SMTP Idle Timeout (smtpIdleTimeout)" to 20. Save ASSP settings . Now go to ASSP WHM > SCORE settings and increase a little score for Bayesian and RBL.

- If after these steps you was not able to cut at least 40%-60% of your bad smtp connections and consequently you are still experiencing timeouts to send email , you should configure deeper your ASSP settings or you should upgrade your server hardware or you  should move most bombarded accounts towards another server .
If you need professional and fast support to reduce the attack you may consider my services.

a lot of* = for an old server about 20-30 smtp sessions
               for a new powerful server about 30-50 smtp sessions
               for a monster server about 50-70 smtp sessions

Case a) and b)  . Sometime I found servers which are under attack and the dns is slow too ; in this situation you should first fix the dns issue then you should configure ASSP to limit the attack (as explained above).

14) Subscribe to ASSP Deluxe for cPanel Mailing List to be notified in case of important updates (you can subscribe below)

15) Before upgrading always read carefully the changelog

 

 

FAQs

Which is the required cronjob to use ASSP ?  ( #04 )

only this 

10 4 * * * cd /usr/local/assp;perl /usr/local/assp/rebuildspamdb.pl

Which are required cronjobs to use ASSP Deluxe for cPanel  ?  ( #0002 )

If you followed the how to , you have already set cronjobs as required , here you can
read again more info about required cronjobs .

following 2 cronjobs are required to mantain your list of local email updated

*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php

following cronjob is required to mantain a list of bad ips (please be sure to enter it on a single line)

*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php sw=12 sc=32 er=13 lm=13 dc=25 rl=20 on=1

following cronjob is required to restart ASSP automatically ASSP if it crashes

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php

following cronjob is required for a better spam detection using clamd (more info)

30 7 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/signatures.php

If you don't want receive email notification each time these cron executes enter them at the end of your cronjob list in this way (please avoid the "> /dev/null" solution , since it DOES NOT work with these scripts.)

MAILTO=""
*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php
*/3 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php long=1
*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php sw=12 sc=32 er=13 lm=13 dc=25 rl=20 on=1
30 7 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/signatures.php
MAILTO=root 

If you install the SPAMBOX@ plugin you should use also

*/5 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/spam_cronjob.php
26 3 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php 

Also for these 2 cronjobs if you do not want receive email notifications put them between  MAILTO="" and
MAILTO=root.

what are spam_cronjob.php and clear_spambox.php ?
spam_cronjob.php is required to use spambox@ .   clear_spambox.php run each day , removing @spambox email on all your user accounts older than 7 days (by default 7 days) . If you want change the default (7 days) you should enter the cron in this way

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=n

and replace n with your days. For example ...

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=15

removes spambox@ emails on all your user accounts older than 15 days.

Which are required cronjob to update clamav antivirus signatures ?

following cronjob  mantains your clamd signature file updated . You can execute it daily.

10 12 * * * /usr/bin/freshclam --quiet --daemon-notify

I am receiving licensing errors , what to do now ?

Go to console and try executing this

# cd /usr/local/assp/deluxe
# wget -r -nH --cut-dirs=10 http://www.grscripts.com/assp150/deluxe/license.deluxe
# mv -f license.deluxe license.php;chmod 755 license.php

Do you support secondary home locations ?  [#89]

yes , the secondary home location (i.e. home2) is automatically detected. Only please be sure to set *exactly * the secondary alternative home location on WHM > "Basic cPanel/WHM Setup"  > "Home Directory Prefix".  For example if your seconday home location is /home2 you should enter home2 .

With ASSP Deluxe 4.0.0 and above versions also 3rd and 4rd home locations are supported . So , if you have more than 2 home locations please follow this guideline ; go to console/SSH and execute this

 # pico /usr/local/assp/deluxe/home

and enter a list of your home locations one by line , for example 

home home2 home3

or if you have 4 home locations ...

home home2 home3 home4

save file (ctrl x) and exit .

Now if you would test the home locations, go to console and execute this

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php show=1

Then check if your  /usr/loca/assp/deluxe/assp_local_email  e /usr/loca/assp/deluxe/assp_local_domains contains all email and domain from your home locations . 

How to monitor assp status ( #19 )

If you followed the how to , you should are already monitoring assp status using status.php cronjob.
You can read more info  here.

How to change/customize language or html for your ASSP deluxe for cPanel frontend ?

By default the ASSP Deluxe cPanel frontend will use the english language . If you want use another language style or if you want change something on the html layout please read here .

How can I turn off ASSP filtering for some accounts ? ( #71 )

If you followed the post installation step you should have already  ASSP scoring ON on your ASSP Deluxe WHM interface. 
By default your clients have following filters (on ASSP Deluxe cPanel frontend)

assp scoring   
delaying           
no local
antivirus

by default your clients can't turn off ASSP scoring  , however you can allow them to turn ASSP scoring OFF or ON using

ASSP WHM> ASSP SCORING MODE > ENABLE ASSP SCORING MODE USER CONTROL

Once you have done this step, the client can turn off/on also "ASSP Scoring" using the ASSP Deluxe cPanel frontend , and you can do that too using

ASSP WHM> ASSP DOMAIN CONFIG > Score

If you would FULLY disable ASSP for a client domain (antivirus included) you should put "domain.com"
in  ASSP web interface > No Processing >No Processing Addresses* /(noProcessing)/

 

If your client CAN'T SEND email OR receive 530 Relaying not allowed errors  ( #00001 )

Common problems if your client can't send email

A)  If your client can't send email, could be due to your "SMTP AUTH status" on your assp WHM interface
 

B)  The client can't send email using port 25 (using smtp mail.clientdomain.com)  ; probably his isp is blocking port 25 invite the client to use the alternative port (by default 26) or set an uncommon alternative port if also port 26 is blocked by his isp. (HOW TO)

C)  If your client can't still send email, check if the client domain name is listed on /etc/localdomains or
     if it's incorrectly listed on /etc/remotedomains

D) if after these points the client can't send email

     - ask to the client his ip address
     - check why ASSP is blocking him in this way

       #  tail -100000 /usr/local/assp/maillog.txt | grep "ip_address"

What could be happened ... ;

- probably the client was/is using his ISP smtp to send email (if the his ISP mailserver is misconfigured or listed on some RBL ,
  ASSP could penalize the IP) .
- probably the client is/was not sending email correctly and ASSP is returning relay errors.

How to solve the problem ?

invite the client/all your clients to send email correctly , the correct way to send email  is ...
You (admin) should set  SMTP AUTH ON (using ASSP WHM)

The client should use following settings to send email
=====================
smtp mailserver : mail.clientdomain.com plus smtp authentication ON   smtp port 25
=======================

If their isp is blocking port 25 invite the client to use the alternative port (by default 26) or set an uncommon alternative port if also the port 26 is blocked by his isp. (HOW TO) .


E)  If after all these points the client can't send email,  ask the client ip , and execute this

# tail -100000 /usr/local/assp/maillog.txt | grep "ip_address"

Send me the results clicking here for support.
 

What should I do when I transfer an hosting account on a server running ASSP Deluxe for cPanel (45)

each time you transfer an account from another server you should execute

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php

in this way the email/domain for the transferrred account will be immediately available for ASSP usage.
Otherwise they will be available in max 59 minutes ( ex_localdomains.php cron execution )

Also be sure to disable delaying for the transferred account using the "ASSP DOMAIN CONFIG" in your WHM ASSP Deluxe interface  
 

How to move "assp deluxe for cpanel" from an old server to new server (#34)

You should follow these steps to move "ASSP Deluxe for cPanel " from an old server to a new server.

You can follow 2 ways/procedures (A and B)

Procedure A (expert , faster way) ::
The faster/expert/better to migrate ASSP between 2 server is ;

1) email me and provide me OLD server ip and NEW server ip . I'll reply you when your ASSP Deluxe license will be updated
    (usually in 12/24 hours). There is no fee to change your licensed server ip.

When the new server ip will be licensed follow these steps ;

2) install ASSP Deluxe for cPanel (how to) in the new server, follow carefully all the post installation steps ; once you have completed this step and all is working correctly , STOP ASSP using the ASSP WHM interface ; now rsync from old to new server all your old ASSP , for example in /usr/local/assp/old ; You can do/rsync it in this way ; execute this in your old server , and replace 209.xx.xx.xx with your new server ip (be sure you created /usr/local/assp/old in the new server).

# rsync -av ssh /usr/local/assp root@209.xx.xx.xx:/usr/local/assp/old

Then using # mc (mc=midnight commander; you can install it in this way  # yum install mc ) move from /usr/local/assp/old to /usr/local/assp  following folders 

/spam
/notspam

and these 2 files
whitelists , spamdb

3) Now start ASSP on new server using ASSP WHM , and rebuild the spamDB using ASSP WHM.


Procedure B (easy , slower way) ::
1) Move hosting accounts from old server to new server using WHM .
2) email me and provide me OLD server ip and NEW server ip . I'll reply you when your ASSP Deluxe license will be updated
    (usually in 12/24 hours). There is no fee to change your licensed server ip.

When the new server ip will be licensed follow these steps ;

3) STOP ASSP on old server using this procedure
4) Install "ASSP Deluxe for cPanel" on the new server following the HOW TO
5) STOP ASSP on new server using this procedure
6) Move following files and folders (from old server to new server)
  
/usr/local/assp/whitelist
/usr/local/assp/spamdb.helo
/usr/local/assp/spamdb
/usr/local/assp/red
/usr/local/assp/assp.cfg  (move this file is you want restore assp settings from old server)

/usr/local/assp/files/ipnp.txt
/usr/local/assp/files/ipwl.txt
/usr/local/assp/files/blackdomains.txt
/usr/local/assp/files/whitedomains.txt
/usr/local/assp/files/redre.tx
/usr/local/assp/files/bombre.txt

/usr/local/assp/deluxe/
/usr/local/assp/deluxe/assp_catch_all
/usr/local/assp/deluxe/per_domain_frontend_status
/usr/local/assp/deluxe/frontend_status
/usr/local/assp/deluxe/assp_default
/usr/local/assp/deluxe/*_spam_lover  (all _spam_lover files)

finally move these folders
/usr/local/assp/spam
/usr/local/assp/notspam

7) Re-enable ASSP on new server using this procedure
8) Now open WHM ASSP Deluxe interface on new server and enable ASSP SCORING MODE , and SPAMBOX (if these services/plugins were enabled on old server too) .
 

How to allow a remote MX ? ( #36 )

If you have some user using remote MX , you should put the ip address of their remote mx server on ISP/Secondary MX Servers .
Open the "ASSP web interface" go to "Relaying menu" , "ISP/Secondary MX Servers" ,  and click edit file , then add  the remote ip and Save. 
NEW : with ASSP Deluxe 2.8.0 and above,  the cronjob ex_localdomains.php take care of this automatically .

I messed up my assp.cfg what to do now ?  ( #08 )

To reinstall a working (default) assp.cfg execute this

STOP ASSP using ASSP WHM. Now from console execute this

# cd /usr/local/assp;wget -r -nH --cut-dirs=10 http://www.grscripts.com/135_50/assp.cfg
# pico assp.cfg

...and replace the first 5 lines ;

webAdminPassword:=nospam4me
EmailAdminReportsTo:=email@youremail.com
EmailFrom:=email@youremail.com
SpamError:=500 Mail appears to be unsolicited -- send error reports to email@youremail.com

as follow....

a) email addresses
    replace email@youremail.com 
    with your email address
b) change the default assp web interface password (nospam4me) with a new password
     webAdminPassword:=nospam4me

replace email@youremail.com  with your email address .  Your email address should be a local email , I recommend the usage of   root@yourhostname.com (of course replace yourhostname.com  with your hostname . 
You can get know your current server hostname simply executing

# hostname

 

Save settings , now START ASSP using ASSP WHM.

Now force an ASSP upgrade to any supported version (even if you already have latest version) and be sure to allow overwriting of your assp.cfg .

Finished , now you have reset your assp.cfg and all should work correctly.
 

I'm using "ASSP scoring mode ON" but I am still receiving some spam .... (#A86)

If few spam is passing , first be sure you followed the post installation steps . If spam is still passing after this step , copy the spam (email header included) , and paste it inside a myspam.txt file ; repeat this step for min 10 received spam . Now save the file, compress/zip the  myspam.txt file and send it to this email

 

How can we whitelist email address or a full domain name @domain.com ?  [#51]

The user

1) Using the assp email interface : the user should send an email to assp-white@clientdomain.com (to whitelist an email)    

Assuming that your local-domain is mydomain.com,
To add email addresses or full domain names to the whitelist, create a message to assp-white@mydomain.com.   You can either put the addresses in the body of the message,
or as recipients of the message.  The email should be sent using smtp auth ON (email client) ; after few second the user should receive an email notification.
Note that the whitelist is rebuilded each 24 hours (rebuildspamdb.pl cronjob)

2) each time your user send an email to someone , the email will be whitelisted automatically, so
    the user should never reply to a spammer.

Starting with ASSP version 1.3.5 the user can also whitelist a full domain name.
the user should send an email to assp-white@clientdomain.com and he should put 
_ALL_@domain.com on the body of the message (where domain.com is the domain name to be whitelisted)

The server admin
The server admin can whitelist full domain name (@domain.com) and/or email addresses.

As admin you can use points 1) and 2) and if you open the  ASSP WEB INTERFACE (port 55555),  Whitelisting menu , you have a several options and especially ;

Whitelist Domains and ips
set Regular Expression to Identify Non-Spam

The whitelist file is stored on /usr/local/assp/whitelist .

mailing list email extraction (mailman problem)

The /user/local/assp/deluxe/assp_local_email file contains all your local/server email (email forwarders and mailing lists included) . If some mailing listing is not working (ie. test@youdomain.com) and you cannot find test@youdomain.com on your assp_local_email flat file , execute this to fix the problem .

# /scripts/fixmailman
# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php

Antivirus and attachments [#41]

With default ASSP antivirus/attachment configuration following attachments are not allowed (cannot be received)  

ad[ep]|asx|ba[st]|chm|cmd|com|cpl|crt|dbx|exe|hlp|ht[ab]|in[fs]|isp|js|jse|lnk|md[abez]|mht|ms[cipt]|nch|pcd|pif|prf|reg|sc[frt]|sh[bs]|vb|vb[es]|wms|ws[cfh]

Please note that ad[ep] means .ade and .adp ,  ba[st] means .bas and .bat and so on ...

You can receive these attachments only if they are compressed using .zip

Infact if anyone try to send your assp server above attachments the sender receives following error
500 These attachments are not allowed -- Compress before mailing.

Following extensions are allowed
ai|asc|bhx|dat|doc|eps|gif|htm|html|ics|jpg|jpeg|hqx|pdf|ppt|rar|rpt|rtf|snp|txt|xls|zip

You can change these settings using your ASSP Web Interface as required ( attachment menu ).

 

ASSP is not detecting virus..

open your /etc/clamd.conf file using pico and check the line
LocalSocket /var/clamd
if you have something different from /var/clamd open the ASSP Web interface and
change /var/clamd with your LocalSocket value. Apply the settings and restart ASSP.

uninstall xinetd service

Since the xinetd is not required by cPanel and ASSP , and if you have a firewall running on your server (or firewall hardware), I suggest you to stop xinetd service and to remove it from startup programs in this way

service xinetd stop
chkconfig --del xinetd

What is the delaying filter ?!

Delaying/greylisting is another powerful ASSP feature to fight spam .

How does work the  DELAYING filter ?
As explained also on the ASSP Deluxe cPanel web interface (HELP button) Delaying is a method of blocking significant amounts of spam at the mailserver level .This method is also called "Greylisting".
Delaying works on the idea that a correctly configured SMTP server will always attempt re-delivery of an email message if it gets a soft failure.
How does it work exactly ? When someone send an email to our server (and you or your client have the delaying filter enabled), ASSP will return a 451 error (soft failure) which requests deliverly again later. If the sending mail server is correctly configured it will reattempt deliver in X number of minutes. (it depends upon his configuration) . If the sender mail server waits and redelivers , the triplet (email address, domain,IP) gets whitelisted (delaying whitelist) and you'll receive the email .
When will you receive the email ? If the mail server is configured correctly you should receive the email after min 5 minutes (default embargo time) and max 28 hours (default wait time)  . If the Spammer mailserver doesn't reattempt the deliver (and the spammers usually do not reattempt the deliver) the email will be rejected after the wait time (28 hours) and you'll never receive the spam message.

May I lose some valid email ? Only if the sender (mailserver sender) is not configured to reattempt the deliver the email will be rejected. If the client can see some valid email on his delaying Log page he can still whitelist the email using the REPORT button.  

By RFC, all mailservers have to retry the delivery.

Negative points related to the delaying filter ;

      delaying filters has the following negative points ;

      -it's behavior could create big confusion to unexperienced users    
      -the email rejected due to delaying filter cannot be retrieved using the SPAMBOX@ plugin.

For these reasons I strongly recommend "turn off"  , for all users , Delaying filter  using the "ASSP DOMAIN CONFIG" in your WHM ASSP Deluxe interface  .  The client can/will decide if it's the case to turn delaying filter ON using his cPanel frontend .  
 
IMPORTANT : Set also delaying off by default using the "DEFAULT SETTINGS" > FILTER STATUS DEFAULT SETTINGS  on your WHM ASSP Deluxe interface , so that new hosting clients will receive delaying off/disabled automatically .

 

Using the "ASSP Email interface" .

The "ASSP Email inteface" is a powerful ASSP feature which permits to add or remove email to the Whitelist, report Spam, or false-positives improving the Bayesian filter.  For example the "R" button that you can see on the "ASSP deluxe for cpanel" log pages uses the ASSP email interface to report false positives. Some user could report you that is not able to forward a spam message to  assp-spam@clientdomain.com . ASSP email interface (assp-spam@clientdomain.com assp-white@clientdomain.com and so on) accepts reports only if the sender client uses smtp auth on  (only from smtp authenticated users).

Horde, Squirrel and Roundcube  are automatically configured by ASSP Deluxe for cPanel to use the ASSP email interface (thanks to Steve Hollar for Horde and Squirrel tweaks).

 

We are getting the following error "Bayesian spam database is small or empty: '/usr/local/assp/spamdb'"

This error happens on the first hours of ASSP usage . It's normal since ASSP has still to build it's database. You can remove this error running following command for 2 or 3 times

cd /usr/local/assp;/usr/local/assp/rebuildspamdb.pl

Otherwise this error will be automaticaly fixed when the rebuildspamdb.pl cronjob will run (each 24 hours).
 

How to find and release good messages ? How does work spambox@ ?
Clients have been asking - how do they retrieve legitimate messages that have been rejected by ASSP ?

First of all you should activate spambox@ using  the assp WHM web interface.
Then to release a good message your client should use spambox @ pop3 ; or your client can check the /spambox imap folder to read all received spam (and report false positives to assp-notspam@clientdomain.com)

You , server admin , should activate the  ASSP Deluxe for cPanel SPAMBOX@ plugin using WHM assp web interface. 

If you (server admin) activate the assp deluxe for cPanel SPAMBOX@ plugin
the SPAMBOX@ plugin redirects all rejected spam(*) to  spambox@clientdomain.com  , only if the client creates a spambox@clientdomain.com email AND always to the /spambox imap subfolder of each email user .


Some example

a) Using spambox@domain.com pop3
If your client creates spambox@domain.com (pop3 account) all spam sent to @domain.com will reach
spambox@domain.com .

Now if the client login on his pop3 account spambox@domain.com he can see all the spam which reached his domain name @domain.com  . If he see a false positive (good email) he can forward (or forward as attachment , better) the email to the destination contact , for example test@domain.com .
He can check spambox@domain.com such as any other email account on his server , using his email client , horde or  squirrel.

b) Using imap
ASSP deluxe spambox@ sends all the received spam also to each account on your server (exactly to the /spambox imap folder of each email account).
For example if the owner of  test@domain.com checks the email using imap (using an imap email client such as Thunderbird or webmail Horde), if he received some spam , he can find the spam on the  /spambox imap folder.  If no /spambox imap folder exists it means that test@domain.com received no spam . If the owner of test@domain.com see a valid email on /spambox he can forward this email to assp-notspam@domain.com , and it will be never blocked. Or he can simple reply to the email , and assp will never block it again.

3) Using webmail
Using webmail Horde , Squirrel , and Roundcube the user can check the spam reading the /spambox folder.
Horde detects the /spambox folder automatically (after the first spam received) . On Squirell  and horde the user should subscribe
the /spambox imap folder (there are easy instruction on ASSP Deluxe cpanel frontend).  If the owner of test@domain.com see a valid email on /spambox he can forward this email to assp-notspam@domain.com , and it will be never blocked (or he can simple reply to the email , and assp will never block it again). Using Squirrell the user can also move to INBOX the false positive contained on /spambox (!)

 

Is my Antivirus clamAV working fine ?

You can execute 2 checks ;

1) restart exim from command line while assp is running 

service exim restart

The line

Starting clamd: [ OK ]

should not report errors.

2) Open the ASSP Web interface (port 55555)

Click on "info and stats" and click on "Perl Modules"

You should see a line like this
File::Scan::ClamAV              1.8                     CPAN

If instead of ClamAV version you see an error your clamd antivirus is NOT working .
 

Do I need to create email addresses assp-white@client.com ?

NO . ASSP will parse these emails automatically . It's the ASSP Email Interface feature ; if you followed corrently the HOW TO the Email Interface is enabled by default . 

Only smtp authenticated users will be able to use the ASSP Email Interface .


 

Should I forward spam collected in spambox to assp-spam@mydomain.com ?

NO , you should never email spam in spambox to assp-spam@ . It useless , ASSP already know it's spam .
The spambox exists for one important reason ;

- collect all the spam and check if there is some good email inside , only for this

If you do not want collect spam in spambox simply disable spambox for your account . ASSP send/collect spam in your spambox (if you enabled it) because you want see if there is some good email inside , only for this.

So only if you see a good email in spambox you should report it to assp-notspam@
and only if you see spam in inbox you should report it to assp-spam@

Adjustments to your ASSP settings are required if

1- too much spam is going to inbox
2- too much good email are going to spambox

If 1 and 2 and are not happening there is no reason to adjust your ASSP settings.
 

What does it mean "strictly denied by denySMTPConnectionsFromAlways or droplist" ?

If you see something like this in ASSP maillog ( /usr/local/assp/maillog.txt )

Jan-21-10 19:17:08 65.11.11.11:19231 strictly denied by denySMTPConnectionsFromAlways or droplist: 65.11.11.11

If you receive an error like above it means find_abusers.php collected the ip 65.11.11.11 in bad list (denySMTPConnections and/or denySMTPConnectionsFromAlways) , so even if you whitelisted the sender email ASSP knows that the ip 65.11.11.11
MUST be blocked .

If you want allow this ip to pass, simply open ASSP web interface ,no processing menu , No Processing IPs* (noProcessingIPs) , enter the ip and save. Now the ip address will pass .

How to avoid the problem in the future ? If you grep 65.11.11.11 in the old ASSP logs you can understand why find_abusers.php collected this ip and you can apply more relaxed settings to your find_abusers.php bad ip collection in case.

If you are waiting an email from a remote sender but there is no trace of the email AND of the sender IP address in ASSP/exim log , it means that something else is blocking the sender (firewall for example).

If you suspect the sender ip is blocked and you have no idea which is the sender ip you can clean the bad ip collections in this way

(it's a single line command)

# cd /usr/local/assp/files;/etc/init.d/assp stop;echo "" > blockip.txt;echo "" > denyalways.txt;echo "" > denysmtp.txt;/etc/init.d/assp start

Now invite the sender to email again you and check ( # tail -f /usr/local/assp/maillog.txt )  if it will be penalized for some reason ; in case you can whitelist the sender ip/email using the ASSP Web interface ( whitelisting or noprocessing menu ).

 

How to edit the ASSP whitelist  ?  ( #74 )

There is no way to see/edit the whitelist used by ASSP using ASSP Deluxe or ASSP web interface because the list
is created dynamically by ASSP.  For example each time you send an email , ASSP automatically whitelist each email destination .
Also each time you use assp-notspam@ (and assp-white@ of course) , assp whitelist the emails .
For this reason the whitelist file should not be edited , but you should act with it using assp-white@ assp-notwhite@ assp-notspam@ and so on... . As admin you can also use the whitelist menu on ASSP web interface of course.

If you want only see the whitelist

# cat /usr/local/assp/whitelist

for the reason explained above I do not suggest you to edit the whitelist file.

 

How to disable ASSP temporarly ?  ( #20 )

If for some reason (for example you have an email problem and you don't know if the problem is related to assp,exim or your firewall) you need to disable ASSP temporarly and you want use only exim (standard cPanel usage) you should  follow these steps ;


If you have using ASSP WHM 4.0.0  (or above) and ASSP Deluxe 3.1.5 (or above) skip point 1)
 

1) First we should be sure that ASSP will not restart automatically. If you are using  the status.php cronjob , comment it (# crontab -e and comment status.php line). If you are using ASSP MONITOR  open WHM then select Service  Configuration > Service Manager and uncheck assp service.

 

2) STOP ASSP using WHM ASSP (do not stop it from command line/console).

3) Open WHM , Exim Configuration Editor , then select Advanced Editor

On the first box comment this line (add a #) on the first box

# local_interfaces = 127.0.0.1.125

or these 2 lines (if you are using daemon_smtp_ports)

# local_interfaces = 127.0.0.1
# daemon_smtp_ports = 125

4) Save exim .

Exim now is working without ASSP , normal cPanel usage.

To re-enable ASSP which was temporarly stopped  .....

1) Open WHM , Exim Configuration Editor , then select Advanced Editor

On the first box un-comment the line on the first box  (remove the #)

local_interfaces = 127.0.0.1.125

or un-comment following 2 lines if you are using daemon_smtp_ports (remove the #)

local_interfaces = 127.0.0.1
daemon_smtp_ports = 125

2) Save exim .  If exim does not re-start now ,no worry , is normal.

3) START ASSP using WHM ASSP .

4) RESTART exim using WHM (it should re-start without errors)
 

If you have using ASSP WHM 4.0.0  (or above) and ASSP Deluxe 3.1.5 (or above) skip point 5)

5) re-enable the ASSP monitor cronjob (crontab -e) uncommenting the line ..

*/1 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/status.php

 

I'm receiving  "Server replied: 111 Can't open SMTP stream" using Squirrel/Horde

The problem is not related with ASSP . You should find the problem on your firewall. Be sure you have  port 25 TCP IN/OUT  and 125 TCP IN opened . Also your alternative port (26 i.e.) should be opened.

 

My client domain cannot receive email and it's receiving a "relay attempt blocked" error. ( #57 )

Check if your client domain is listed correctly on /etc/localdomains (or if it's listed incorrectly on /etc/remotedomains) .
If no, add the client domain name to your /etc/localdomains file (#pico /etc/localdomains)  . Restart ASSP using the WHM assp web interface. It fixes the problem. If the problems does not fix check also if the client main domain is listed on /etc/trueuserdomains . 

how to bypass ASSP ? ( #56 )

if you want disable ASSP fully for a LOCAL domain name ,
open ASSP Web interface > no processing menu >
and add your domain to "No Processing Addresses* /(noProcessing) " , Save .

If you want fully disable ASSP for a REMOTE domain sender
open ASSP Web interface > no processing menu >
and add your domain to "No Processing Domains* (noProcessingDomains)", Save.

With ASSP 1.4.4 and above versions also the asspof@ and asspon@ are available on ASSP Web Interface
(email interface menu) (more info).

ASSP restarts often , or eats a lot of cpu , what to do ? ( #10 )

It should not happen if you are using 1.3.9 or above versions  . If it happens , be sure you are running latest versions of each scripts (using assp WHM web interface) and check if your server is under a ddos email attack.

exim restart often , what to do ?

exim restarts are not due to ASSP .  You may try this

# /scripts/eximup --force;/etc/rc.d/init.d/assp stop
# /etc/rc.d/init.d/exim restart;/etc/rc.d/init.d/assp start

If after this step exim has still problems you can disable temporarly ASSP in this way
http://www.grscripts.com/howtofaq.html#20 , then open a ticket with cPanel and ask to have exim fixed.

Are you running out of disk space on /usr ? #71O

First of all you can delete all old assp logs in this way

cd /usr/local/assp
rm -f *.maillog.txt

If you have still disk space problems you can create a symlink for /usr/local/assp/spam and /usr/local/assp/notspam

Suppose you want symlink data from /usr/local/assp/spam to /home/spam and from from /usr/local/assp/notspam to /home/notspam

STOP ASSP using WHM then execute this

# mv /usr/local/assp/spam /home/spam
# mv /usr/local/assp/notspam /home/notspam
# ln -s -f /home/spam /usr/local/assp/spam
# ln -s -f /home/notspam /usr/local/assp/notspam

Now START ASSP using WHM .
Done.  You should not have more disk space problem on your /usr partition due to assp.

socket bind() to port 125 ?

If you are receiving this error when you start assp (exim maillog)
2007-04-16 10:42:22 socket bind() to port 125 for address 127.0.0.1 failed: Address already in use: daemon abandoned
you can ignore it.

ex_localdomains.php (some useful command for advanced users)

ex_localdomains.php creates an updated list of email/forwarders/domains/subdomains of your server .
Email are stored on /usr/local/assp/deluxe/assp_local_email , domain names are stored on assp_local_domains . It executes also some other important check (i.e. it checks default assp per domain configuration , checks integrity for spamlovers files , checks if horde,squirrel and mailman are configured correctly to work with assp).

There is some useful hidden command ;

1) If you execute ex_localdomains.php cronjob using crow=1 in this way
      
          /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php crow=1

you may add also one email address as a spamlover. The email address you entered will not be overwritten .

HOW TO use the crow=1 option
Suppose a client ask you to turn off RBL (i.e.) not for all his domain name (he can do that himself with assp deluxe cpanel frontend) but only for one email on his domain .  For example he wants that the email clientemail@domain.com bypasses the RBL filter ;  you should do this

• be sure you are running ex_localdomains.php cronjob with crow=1 (see above)
• open the "assp web interface" and open the  "SPAM Lover/No Processing" menu
• go to DNSBL Failures Spam-Lover (which is the RBL filter) click on edit ,and add the clientemail@domain.com to the list .  

In this way clientemail@domain.com will bypass RBL filter check.

If you do not use the crow=1 option the email added to the spamlover list will be removed each time
will be execute ex_localdomains.php .

2) If you execute ex_localdomains.php from command line could be useful the option show=1
# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php show=1
It will show all the output of ex_localdomains.php . I do not suggest you to add this option
to your cronjob too , it's useful only if you use it from command line.

 

clear_spambox.php (some useful command for advanced users)  ( #09 )

If you are using the spambox@ plugin , mailbox for your client could grow very fast especially for clients receiving a lot of spam.  To avoid disk usage problems for your clients set following cronjob (you can run it daily) using "crontab -e" from command line   

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php

By default the cronjob above will run each day , removing @spambox email on all your accounts older than 7 days . If you want  change the default (7 days) you should enter the cron in this way

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=n

and replace n with your days. For example ...

10 4 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/clear_spambox.php sday=15

removes spambox@ emails on all your accounts older than 15 days.

With assp deluxe 2.3.0 I added some other advanced command which could be added to your clear_spambox.php cronjob

noemail=yes ;   it disables email notifications

 

sp=yes ;
limitspace=x     (x = disk space in Kilobytes)
remdays=x       (x = other days to be removed)
 

These 3 commands (sp limitspace and remdays) should be used/entered at the same time  . At the end of cleaning operation ,  clear_spambox.php checks if disk usage for each already cleaned mail folder is over your limitspace in kilobytes  . If some mail folder is over limit it removes other remdays from this spam folder.

For example, if you set this cronjob

......../deluxe/clear_spambox.php sday=15 sp=yes limitspace=10000 remdays=5

First it removes email older than 15 days . If at the end of cleaning , some cleaned folder is using
over 10000 Kbytes (about 10 MB) ,clear_spambox.php will clean other 5 (remdays) days of older spam from these accounts .

Other useful clear_spambox.php commands are

nodisabled=yes
If you add nodisabled=yes to your clear_spambox cronjob , all the users having imap spambox disabled will not be processed/cleared .

noemail=yes
If you add noemail=yes the clear_spambox will not sent email also if you have DAILY SPAM REPORTS enabled.
 

high=x    (x = server load)
If the server load will go over this value the script will sleep . By default this value is 5.
 

norep=yes
If you have DAILY SPAM REPORTS enabled on your ASSP WHM and you want execute clear_spambox.php from console without executing the DAILY SPAM REPORTS .

noclean=yes
If you have DAILY SPAM REPORTS enabled on your ASSP WHM and you want execute clear_spambox.php without cleaning the email from emali older than n days.

update_email.php (commands for avanced users)

nohup=yes
If you add  nohup=yes  to your update_email.php cronjob , update_email.php  stops to store "number of assp smtp connections" on ASSP STATUS CHART (also if the HUP signal each 3 minutes to store assp connections does not delay assp in any way , someone asked me this feature).

.ASSP SSL

If you want use ASSP SSL please read this how to

(*) NOTE : ASSP SSL native (not using stunneling) is currently under testing in ASSP 1.7.1.3

 

email I send out gets bounced with ip reputation problems #76A

 0 - be sure there is no outgoing spam activity in your WHM email queue.
 1- check if your server ip is blacklisted in some rbl list and ask an ip removal ( you can check here i.e. )
 2- remember that ASSP deluxe offers several way to protect you against spam exiting from your server
     http://www.grscripts.com/howtofaq.html#90
     http://www.grscripts.com/howtofaq.html#56b
     http://www.grscripts.com/howtofaq.html#A44

     Other ways could be listed here

 3- after you fix the first point for a better reputation apply this
     http://www.grscripts.com/howtofaq.html#840
 

I would fully disable ASSP for a client (#15b)

If you want fully disable/bypass ASSP for a client you should put all his domain names on ASSP "no processing list".
Open the ASSP WEB INTERFACE , open the "SPAM Lover/No Processing" menu , then enter your client domain names on
No Processing Addresses* (noProcessing) . You can also enter  file:files/noproc.txt , if you want enter your domain names
on a txt files. (enter file:files/noproc.txt save , return to "SPAM Lover/No Processing" and click on Edit ). 
 

how to set a postmaster@ and abuse@ email for all my clients to fix RFC errors on dnsstuff ?  (#20b)

If you want set a working postmaster@  and abuse@ email for each domain , subdomain , addon domain  or parked domain
on your server , ASSP Deluxe deluxe takes care of this too (since version 2.6.5) .
Please follow the procedure explained below

First remove from "no processing , spamlover, whitelist" or from any other ASSP web interface menu, 
each abuse@ and postmaster@ value. 

Now simple execute this from console
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php

The scripts will create 2 forwarders for each domain , subdomain , addon domain  or parked domain on your server.
1) abuse@domain.com redirected to user@domain.com
2) postmaster@domain.com redirected to user@domain.com

If you want forward all the email sent to abuse@ and postmaster to your preferred server email (your own postmaster) for example  abuse@myserver.com (for abuse@) and  post@myserver.com (for postmaster@) you should execute this instead
 

# cd /usr/local/assp/deluxe

# /usr/local/cpanel/3rdparty/bin/php-cgi fix_abuse_postmaster.php forwardto=abuse@myserver.com forwardto2=post@myserver.com

The scripts will create 2 forwarders for each domain , subdomain , addon domain  or parked domain on your server and

1) abuse@domain.com redirected to abuse@myserver.com
2) postmaster@domain.com redirected to post@myserver.com
 

Once you have executed fix_abuse_postmaster.php wait about 5 minutes (in tihs way update_email.php conrjob will load your new forwarders on assp_local_email) and all should work correctly . Now if you check dns for any domain on your server

http://private.dnsstuff.com/tools/dnsreport.ch?domain=clientdomain.com

the mail error related to abuse@ and postmaster@ should be fixed.

Note :
1) the script will not create the forwarder if a pop3 or forwarder abuse@ or postmaster@ email already exists for that domain.

2) If you want undo the changes , removing all postmaster@ and abuse@ lines from your /etc/valiases/* files you should execute this
/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php clean=yes

Set a cronjob
If you want be sure that also new domain names will be set with  abuse@ and postmaster@  you may set a cronjob
for fix_abuse_postmaster.php (such as other assp deluxe cronjob put it between MAILTO="" and MAILTO="root" ).

For example the command below will execute the cron each 12 hours ,
10 */12 * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/fix_abuse_postmaster.php

Credits : fix_abuse_postmaster.php was created following an idea of Elie P. by webdomain.com

 

How to remove automatically old ASSP maillog ? (#55)

You should simply add clean_logs=yes to your ex_localdomains.php cron , in this way

*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php clean_logs=yes

By default all old ASSP maillog except of latest 2 will be removed. You can customize this value (min 2 max 10) using your
ASSP WHM > ASSP Deluxe for cPanel Advanced tools > REMOVE OLD LOGS and click on  [ change it ]

 

What is asspblock@ ? Is it possible to receive via email a list of blocked email ? #7U

If a user in your server would know all the email blocked latest "n" days he should send an email to asspblock@clientdomain.com
The email should be sent from a clientdomain.com  email account and using the smtp clientdomain.com (so ASSP can authenticate the request) .

The client will receive a list of email blocked latest "n" days (which can be specified in the subject of the email) like the following ;

the user  can resend a blocked email by clicking the "mail" icon on left .

When the user ask to resend and email , the sender could be whitelisted automatically . By default this feature is set to "Admin only" . If you would you can set automatic whitelist for each resent email in this way , open ASSP web interface > Blocking  Reporting menu > and set  "Automatic add Resend Senders to Whitelist (autoAddResendToWhite)" to Users and Admins , save settings.

In the Blocking  Reporting menu (in your ASSP web interface) you will find other features to customize how works asspblock@

How to detect possible SPAM activity which is exiting from my server ? (#56b)

With ASSP Deluxe 3.1.7 and above versions in ex_localdomains.php and find_abusers.php has been added  code to detect possible huge SPAM activity which is exiting from your server using a script (perl,php..other). In case of detected SPAM activity you will receive an email warning or you may change permissions on the folder which is sending the email .


1) OUTGOING SPAM ACTIVITY DETECTOR using ex_localdomains.php

If any user on your server sends 800 email (a) using a script and the exim queue value is greater than 500 (b), you will receive a detailed email warning with the script location which is sending the email. ex_localdomains.php analyzes latest 100000 lines of your exim_mainlog .

The user will not be blocked automatically , however you can investigate and block him if required.

The email will be sent to the email contact you have set on your ASSP WHM .

If you want set a custom email you add cex=custom@email to your ex_localdomains.php cronjob (only with ASSP Deluxe 3.7.4 or above)

(a) this can be customized adding lim_email=your_value to to your
ex_localdomains.php cron
(b) this can be customized adding lim_queue=your_value to to your
ex_localdomains.php cron

This feature is enabled by default. If you would disable this functionality you should add nsp=yes to your ex_localdomains.php cron , in this way

*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php nsp=yes

2) OUTGOING SPAM ACTIVITY DETECTOR using find_abusers.php #88c
 

Ok but what is find_abusers.php ? Click here to read the article or skip it if you are already using it.

By default if you execute  find_abusers.php from console

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php

you may receive something like this

Email sent from your server using a script : looking for more than 100 email on latest 100000 lines of your exim_maillog
=============================================
82 = > /home/chat/public_html/preloginchat4
26 = > /home/harleyb/public_html/condo/yabb

By default , as explained on the title above (Email sent from your server using a script...) , find_abusers.php analyzes latest 100000 (a) lines of your exim_maillog looking for clients which sent more than 100 (b) email using a script.
You will not receive an email notification such as with ex_localdomains.php and the user will not be blocked in any way. It will only show you the results on your console (such as on the example above).

(a) it can be customized adding ex=your_value to your find_abusers.php
(b) it can be customized adding lim_email=your_value to your find_abusers.php

Blocking and avanced features
If you add bl=1 to your find_abusers.php cronjob , find_abusers.php will check if latest 5 (c) new created hosting accounts send more than 600 email (d) . In this case (if bl=1 has been set) the script location will be chmoded 000 and you will receive an email warning.

The email will be sent to the email contact you have set on your ASSP WHM.
If you want set a custom email you add cex=custom@email to your find_abusers.php cronjob (only with ASSP Deluxe 3.7.4 or above)

This is useful to block spammers which open new accounts only to send spam after few days/hours .

(c) this can be customized adding lu=your_value to your find_abusers.php cronjob
(d) this can be customized adding lx=your_value to your find_abusers.php cronjob

Also (a) and (b) can be customized (see above).

If you add demo=1 you will only receive the email warning , however the chmod 000 will not apllied (demo mode)
If you would monitor some suspected account add the username to  /usr/local/assp/deluxe/checkabuser (one user per line)
If you would ignore some account add the user to  /usr/local/assp/deluxe/checkignore (one user per line)
 

Of course these customized values can be added togheter with your find_abusers.php values used for bad ip collection.
For example you may use also lu=0 and enter only your suspected users on /usr/local/assp/deluxe/checkabuser

You may report bug or suggestions here . Thank you!.

Other ways to block outgoing SPAM (available in 1.7.1.3 and above) #A44

With ASSP 1.7.1.3 you have other ways to block outgoing spam (SPAM exiting from your server) , over the two ways you should already know

    -- http://www.grscripts.com/howtofaq.html#90
    -- http://www.grscripts.com/howtofaq.html#56b   

You can now use/activate the following which are disabled by default

ASSP Web Interface => Control Outgoing menu => Local Frequency Interval (LocalFrequencyInt)
ASSP Web Interface => Control Outgoing menu => Local Frequency Recipient Number (LocalFrequencyNumRcpt)
ASSP Web Interface => Regex/Bomb menu => Do Black Regular Expressions Checks for Local Messages (blackReLocal)
ASSP Web Interface => Bayesian option menu => Bayesian Check on Local Senders (BayesLocal)
ASSP Web Interface => ClamAV and FileScan > Scan Local Senders (ScanLocal)
ASSP Web Interface => Penalty Box menu > MessageScoring on Local Senders (MessageScoringLocal)
ASSP Web Interface => smtp session limits > Max Size of Local Message (maxSize)
ASSP Web Interface => smtp session limits > Max Real Size of Local Message (maxRealSize)

_ :  find_abusers.php (bad ip collection) #70

(Thanks for idea to Remy Gardien  e-dot.nl ,and Manuel  plusplushosting.net )

(#88A) In ASSP Deluxe there is a useful tool which can be executed in this way from console

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php

It reports a lot of useful information, to undestand in a fast way what kind of email attack is receiving your server
, which are your accounts under heavy attack , which are bad ips attacking your server (sorted) , and much more.

Available commands

sw=n (or show=n )
The command sw=n  will permit to show you only data over the number n .  If you don't specify it, a value of 15 will be used.

example

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php sw=20

find_abusers.php can also show  all the email sent from your server using a script .

For example you can see something like this

Email sent from your server using a script ( >100 email )
=============================================
574 = > /home/hat/public_html/chat
207 = > /home/spa/public_html/preloginchat
167 = > /home/dieone/public_html/archiv/datenb
114 = > /home/rad/public_html/ine/news

using find_abusers.php as a cronjob
find_abusers.php is not only a tool to receive information from console  . You can execute it each 20 minutes using a cronjob with several commands to collect and blocks repetitive attacks from spammer ips . By default you should already have this cronjob .

Find_abusers.php permits to collect and block all ips which are repetitively bombarding your server using...

"email dictionary attack"  (unknown email address errors)
"ASSP scoring mode"
"max errors"
"relay attempt blocked"
"limited connections"

Compared with the ip collected used by PB extreme in ASSP web interface , this way (find_abusers.php) strongly reduces the risk to block a good/valid ip/sender . If you install this cron , Penalty box extreme will be turned off automatically . 

You can collect bad ips adding this cron to your  "ASSP cron list" (per installation you should already have this cronjob

*/20 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=14 sc=32 er=13 lm=13 dc=25 rl=20 on=1

dc= set the starting collection limit for "email dictionary attack"
sc= set the starting collection limit for "ASSP scoring mode"
rl= set the starting collection limit for "relay attempt blocked"
er= set the starting collection limit for "max errors"
lm= set the starting collection limit for "limited connections"
on=1 (or on=yes) = required if you want collect the ips
sw=n (or show=n)  any value below n will not be processed ! .
                           If you don't specify show=n a default value of 15 will be assigned
log=logfile optional use it only if you would analyze a log different from current maillog.txt

note:  the sw= value should be always lesser than any value set.

The cron above collects (each 20 minutes) on your /files/denysmtp.txt file (denySMTPConnectionsFrom) all ips which received min.  32 "ASSP Scoring mode" failures or min 13 "max errors" or min 20 "relay attempt blocked" or min 13 "limited connections" . These ips will be collected and blocked by denySMTPConnectionsFrom (ASSP Web Interface > IP Blocking > IP's* denySMTPConnectionsFrom) .
All ips which received min 25 "email dictionarty attacks" (invalid address check) will be instead collected on your /files/blockip.txt  and blocked by  denySMTPConnectionsFromAlways(ASSP Web Interface > IP Blocking > IP's* denySMTPConnectionsFromAlways )  .

If you think the some good/valid sender ip is blocked   , open ASSP web interface and add blocked ip in
Penalty box MENU > Don't do Profiling for these IP's* /(noPB) In this way the ip  will not be blocked again .
You may also put the blocked ip in ASSP Web interface > whitelist menu > white ips or in
ASSP Web interface > no processing menu > no processing ips

==> Using a /usr/local/assp/deluxe/ignore.txt file
You can also put the ip on this file /usr/local/assp/files/ignore.txt and find_abusers.php will remove ips in this list from /files/denysmtp.txt and  /files/blockip.txt automatically.

==> Using a /usr/local/assp/deluxe/nodict file (70h)
With ASSP Deluxe 4.1.7 and above versions if you want exclude from bad ip collection 1 or more domain names , simply put them (one by line) in  /usr/local/assp/deluxe/nodict . For example if you save
 

gmail.com
yahoo.com
google.com

in your /usr/local/assp/deluxe/nodict file , no ip will be collected for errors (email dictionary,spam scoring ..) generated by gmail.com,yahoo.com, and google.com . 

==> Using a /usr/local/assp/deluxe/dmfile file
If you have 1 or more domain names under heavy email dictionary attack, you can add all your domain names under heavy attack in the file /usr/local/assp/deluxe/dmfile (one domain per line), then you can use this

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=2 sc=8 lm=30 dc=3 dm=file er=2  on=1

...using dm=file , find_abusers.php will process only domain names listed in file /usr/local/assp/deluxe/dmfile

So for example you may have this 2 cronjobs..

*/30 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=14 sc=32 er=13 lm=13 dc=25 rl=20 on=1
*/10 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php show=2 sc=6 dm=file er=6 lm=4 dc=3 on=1

where the first find_abusers.php is server wide , and it will create a failry moderate bad ip collection , while the second find_abusers.php cron line will create a very aggressive bad collection ip using only domain names in  /usr/local/assp/deluxe/dmfile .  So , /usr/local/assp/deluxe/dmfile should contain a list of your most email dictionary attack bombarded domain names ( you can get the list executing

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/find_abusers.php

)

==> How to reset/clean blockip.txt and denyalways.txt ?

go to console and execute this (it's a single line command)

cd /usr/local/assp/files;/etc/init.d/assp stop;echo "" > blockip.txt;echo "" > denyalways.txt;echo "" > denysmtp.txt;/etc/init.d/assp start

==> Other data returned by find_abusers.php
With ASSP Deluxe 3.5.5 (#10) and above versions , if you execute find_abusers.php from console , it returns also a list of email sent from Foreign Country (ip address country). For example ;

Email sent from Foreign Country ============================================= 220 = > BR 192 = > TR 188 = > NL 157 = > GB 154 = > PL 143 = > CA

returned data wil be useful to block bad countries  using ASSP Web Interface > "validate sender" menu .

#50 find_abusers.php (if you execute find_abusers.php from console ) returns also a list of email sent from ISP organizations ; for example ;

Email sent by ISP organizations (it analyzes your current /usr/local/assp/pb/pbdb.sb.db) ============================================= 55 = > US-Yahoo-yahoo.com 38 = > US-TheSolo 28 = > TR-TurkTelekom- 28 = > US-PerformanceSystems 24 = > US-NthAir-nthair.net 22 = > US-Thefacebook.com-tfbnw.net 19 = > US-MicrosoftCorp-hotmail.com 18 = > TR-TurkTelekom-ttnet.net.tr 18 = > BR-TeleNorte 17 = > TH-TrueInternet

How to use above data ? You can use above information (if required) in the  "Do Organization Blocking" feature available on ASSP SenderBase menu . 

==> Other usage allowed by find_abusers.php
find_abusers.php can be also used such as OUTGOING SPAM ACTIVITY DETECTOR . You can read the article here

unexpected disconnection while reading SMTP command

If on EXIM maillog you see "unexpected disconnection while reading SMTP command" lines without ACL errors , it's a normal behavior , ASSP is disconnecting from EXIM because the email was rejected due to spam (email dictionary attack or any other reason) .

Is dovecot IMAP compatible with ASSP Deluxe ? #j0

Yes , ASSP Deluxe is compatible with dovecot IMAP (available with cPanel 11.24 and above)
 

Is NSD compatible with ASSP ? #h0

Yes , NSD is fully supported .
 

DoLocalSenderDomain enabled by default with ASSP WHM 4.6.0  #90

With ASSP WHM 4.6.0 and above versions,  ASSP DoLocalSenderDomain (ASSP Web interface , Control Outgoing menu) is set enabled by default.  DoLocalSenderDomain blocks local spammers like this
 

Mar-6-09 01:00:07 127.0.0.1 <random@yahoo.com> to: anyemail@any.com relay attempt blocked for unknown local sender address

where the sender ip is local or authenticated but the sender domain is not local (spam sent from local server) , in the email above the sender is yahoo.com which is not local . For additional protection you can also use/enable  Do Local Address Check for Local Sender  ( ASSP Web interface >> Control Outgoing >> Do Local Address Check for Local Sender (DoLocalSenderAddress) ), which checks also the local sender email (not only the domain sender).

If you don't like the DoLocalSenderDomain behavior because it blocks for example your ticket system between your servers running ASSP in a way like this ...

Mar-6-09 01:00:07 127.0.0.1 <myticket@myticketsystem.com> to: user@anyemail.com relay attempt blocked for unknown local sender address

 ... you can add your myticketsystem.com domain in /usr/local/assp/deluxe/custom_assp_local_domains (assp deluxe 3.4.5 or above required) . In this way myticketsystem.com will be added to your /usr/local/assp/deluxe/assp_local_domains list automatically and your ticket email from myticketsystem.com will be allowed. Wildcard are accepted so you can use enter also
*.myticketsystem.com . You can enter as many domains as you wish in /usr/local/assp/deluxe/custom_assp_local_domains , one by line.

If you don't like at all the DoLocalSenderDomain behavior simply open ASSP Web interface , Control Outgoing , and set it DoLocalSenderDomain  off . Your change will be preserved after each future ASSP upgrade .
 

I would "no local address filter" enabled for all users but hide it from the cpanel interface. How to do it ? #75

1) Only for some domain names

Suppose you want "no local" filter ENABLED for main domain , for example domainx.com (and all its subdomains and parked/addon domain names), but you would the filter "no local" fully HIDDEN on customer control panel you should do this tweak ;

1) Open ASSP WHM , open ASSP DOMAIN CONFIG, select nolocal and be sure that nolocal filter for domainx.com is ENABLED.

2) Open ASSP WHM , open ASSP DOM FILTER STATUS, select nolocal,  and be sure that nolocal filter for domainx.com is ENABLED.

3) Now go to console and execute this

echo "domainx.com_nolocal" >> /usr/local/assp/deluxe/per_domain_frontend_status

(of course replace domainx.com with the main domain of your client)

In case you would turn back , simply remove the line domainx.com_nolocal from
/usr/local/assp/deluxe/per_domain_frontend_status using an editor like pico,nano,vi ..
 

2) for all your accounts

simply execute this

# touch /usr/local/assp/deluxe/nolocal_hidden
# chmod 605 /usr/local/assp/deluxe/nolocal_hidden

no local filter will not be shown on cpanel frontend. However you can control no_local filter status using ASSP WHM

To disable this feature and show again "no local" filter on cpanel frontend simply execute this

# rm -f /usr/local/assp/deluxe/nolocal_hidden

 

how to use roundcube webmail with ASSP Deluxe ?

With cPanel 11.25 it should work automatically . If you do not have cpanel 11.25 please read below

If you would use ASSP email interface on Roundcube you should only change in the roundcube conf file following line

$rcmail_config['smtp_server'] = '';

with

$rcmail_config['smtp_server'] = 'localhost';

Then restart exim and ASSP. It will allow you to use the ASSP Email interface (assp-spam@ assp-notspam@..)

How to add custom email/domain names to your assp_local_email and assp_local_domains #820

If you want add custom domain names to your autogenerated /deluxe/assp_local_domains , execute this

# pico /usr/local/assp/deluxe/custom_assp_local_domains

and add allowed local domain names , line by line .

If you want add custom email to your autogenerated /deluxe/assp_local_email , execute this

# pico /usr/local/assp/deluxe/custom_assp_local_email

and add allowed local email , line by line .
 

Automatic ASSP restarts to freeup resources #819

ASSP Deluxe automatically safe restarts ASSP to free up resources  , only if there are 0 ASSP connections and if memory usage is over 90 MB. To avoid multiple restarts this check will not apply again for 3 hours.

If you would customize it, 3 options can be added to your update_email.php cronjob as follow ;

=> raml=n to customize default 90MB
=> fr=1 to force an ASSP restart even if there are more than 0 ASSP connections.
=> nofreeup=yes to disable this feature ( fully disable automatic restarts in each situation )
 

spfdomainkey.php (install or uninstall spf and domainkey for all your users)  #840

With assp deluxe 3.7.0 and above a new script is avavilable , spfdomainkey.php . It can be executed from console in this way

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/spfdomainkey.php

It permits to install or uninstall spf and domainkey for all your domain names in your server. You can use following commands

SPF and domainkey installer/uninstaller

spf=on install spf for all users
spf=off uninstall spf for all users
dkey=on install domainkeys for all users
dkey=off uninstall domainkeys for all users

For example if you would install spf and domainkeys for all your users you should execute this

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/spfdomainkey.php spf=on dkey=on

How to add a custom local ip address ? #841

note: following feature is available with ASSP Deluxe 3.7.0 and above .
BY default local ip addressed (which are allowed to send email in your server) are automatically extracted by ASSP Deluxe using ex_localdomains.php cronjob . If you want allow an ip which is not local you should follow this steps

Suppose you want allow ip address 134.120.120.134

Go to console and execute

pico /usr/local/assp/deluxe/custom_assp_local_ips

add the ip address 134.120.120.134 and save the file.

Now execute

/usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php

after this step the ip 134.120.120.134 should be listed in /usr/local/assp/deluxe/assp_local_ips

Now you should allow the ip in EXIM too . Open the file pico /etc/alwaysrelay

pico /etc/alwaysrelay

add the ip address 134.120.120.134 and save the file.

Now restart antirelayd in this way

/scripts/restartsrv_tailwatchd

after this step the ip 134.120.120.134 should be listed in /etc/relayhosts .

Is there a way to block users from send email using "username@hostname" ? I find that often spam are sent using this addresses and they actually don't exist.  (#A79)

Yes you can block this SPAM in this way
http://www.grscripts.com/howtofaq.html#90

In other words you should enable DoLocalSenderDomain and for maximum protection DoLocalSenderAddress too .
In this way , if the address do not exist , it will not be able to send email.

Why is ASSP blocking local senders ? . (#A80)

If ASSP is blocking a local sender there is only one reason.  He is not sending email correctly , so ASSP is treating him such as remote sender .  Since ASSP applies all SPAM filters to remoter senders , if the client send email using his isp (i.e.)
ASSP will consider the local user such a remote sender, and the email could be blocked (often the isp ips
are blacklisted on RBLs or have some misconfiguration).

To solve the problem simply invite the client to send email correctly using

smtp  mail.clientdomain.com

in this way ASSP will recognize him such as localsender and ASSP will never block him , on the countrary
each email sent by the client will contribute to automatic ASSP whitelisting
 

I'm now receiving a lof of LOCALHOSTRELAY emails from CSF / lfd .  (#A82)

It's a normal behavior( ASSP communicates with EXIM via 127.0.0.1 ) ; to fix this "problem" open the csf web interface , go to "Edit lfd ignore file" ,  select RT_Localrelay , click "edit" and enter 127.0.0.1 . Save Settings.

 

 

ASSP Deluxe for cPanel exim queue notifications #2IK

ASSP Deluxe for cPanel (version 4.2.0 and above) using the ex_localdomains.php cronjob, checks each hour email queue size. If your email queue is bigger than 3000(^a) you will receive an email queue warning notification . You can customize the 3000 value, adding qu=new value to your ex_localdomains.php cronjob , i.e.

*/59 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/ex_localdomains.php qu=6000

The email will be sent to the email contact you have set on your ASSP WHM .
If you want set a custom email you should add cex=custom@email to your ex_localdomains.php cronjob .

You can stop this notification executing this from console

 # touch /usr/local/assp/deluxe/stop_queue

and re-enable executing this from console

 # rm -f /usr/local/assp/deluxe/stop_queue

Some useful exim queue command which could be useful if your server exim queue is huge

Number of email in Queue:

# exim -bpc

Queue overview

# exim -bp | exiqsumm

msg-ids in queue

# exiqgrep -i

Search sender messages in queue

# exiqgrep -f [sender]@domain.tld

Search recipient messages in queue

# exiqgrep -r [sender]@domain.tld

Search messages in queue, based on age (older than 24 hours)

# exiqgrep -o 86400

Search messages in queue, based on age (younger than 24 hours)

# exiqgrep -y 86400

Remove all frozen messages in queue:

# exiqgrep -z -i | xargs exim -Mrm

Remove old queued messages, for example older than 24 hours:

# exiqgrep -o 86400 -i | xargs exim -Mrm

Remove messages matching sting in body :

# grep -lr 'string to match' /var/spool/exim/input/ | sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | xargs exim -Mrm

Remove all messages in queue

# grep -lr '' /var/spool/exim/input/ | sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g' | grep -v "spool" | xargs exim -Mrm

 

ASSP Deluxe and ASSP WHM automatic updates #2KK

Since ASSP WHM version 5.8.0 and ASSP Deluxe 4.2.0 , you can automatically update ASSP WHM and ASSP Deluxe for cPanel .
Simply open your ASSP WHM interface and be sure you have AUTOMATIC UPDATES enabled for ASSP WHM and ASSP Deluxe like the image below ;

Your ASSP WHM or ASSP Deluxe version will be checked each 24 hours using ex_localdomains.php cronjob.
If a new version will be detected your ASSP WHM and/or ASSP Deluxe will be updated automatically.
You will receive an email notification . The email will be sent to the email contact you have set on your ASSP WHM .
If you want set a custom email you should add cex=custom@email to your ex_localdomains.php cronjob .

You can stop this email notification executing this from console

 # touch /usr/local/assp/deluxe/stop_update_notification

and re-enable executing this from console

 # rm -f /usr/local/assp/deluxe/stop_update_notification

 

I want remove from whitelist all whitelist entries newer than date 03-27-2010 , how to do that ?  #7JK
or ... I want remove from whitelist all whitelist entries older than date 03-27-2010 , how to do that ?

dater=date
Suppose you want remove from whitelist all whitelist entries newer than date 03-27-2010 ; be sure you have ASSP Deluxe 4.1.2 or above . Stop ASSP using ASSP WHM , then clean all the entries in your whitelist NEWER than the date 3-27-2010 in this way ; go to console and execute this

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php dater=03-27-2010

It will remove all the whitelist entries newer than date 03-27-2010
Now you should delete all ASSP maillogs (current and old) in your /usr/local/assp (in this way your rebuildspamdb will not re-enter the bad whitelist entries). Now return to ASSP WHM and start it .

dateo=date
On the countrary suppose you want remove from whitelist all whitelist entries older than date 03-27-2010 ; be sure you have ASSP Deluxe 4.1.2 or above . Stop ASSP using ASSP WHM , then clean all the entries in your whitelist OLDER than the date 3-27-2010 in this way ; go to console and execute this

# /usr/local/cpanel/3rdparty/bin/php-cgi /usr/local/assp/deluxe/update_email.php dateo=03-27-2010

It will remove all the whitelist entries older than date 03-27-2010
 

Is it possible to skip antispam processing for specific user in the domain … not all the domain ? #9U

yes, open the ASSP Web interface , noprocessing menu , No Processing Addresses* (noProcessing) and enter the email which should not be processed by ASSP .
 

Is it possible to run "spam assassin" along with ASSP ( do not worry about cpu or resource).  We want to build ASSP spam database first and run all filters in test mode to build spamdb for about a week, before setting it to active. And till that time, we want to run "spam assassin" to filter spams. #8U

Yes even if it's useless ; if you use ASSP such as recommended in post installation steps and you use
relaxed scores (ASSP WHM  interface , SET SCORES) there is no risk to block a good email and only less than 5% spam will pass server wide) .  If you use relaxed antispam settings right after the installation , even if there is still no whitelist and an empty spamdb, false positives (good email sent in spambox) should be rare or none in the first one or two weeks.  After 1 or 2 weeks (depending also on your email traffic) ASSP will have also an efficient spamdb (bayesian) and a big whitelist (created automatically based
on your user utilization) . So you can increase a little your score settings , reducing near to zero passing spam , and leaving very very low the risk to block a good sender .

Especially in the first days of usage you/your users can correct rare errors forwarding the good email found in spambox to
assp-notspam@clientdomain.com and spam not blocked found in inbox to assp-spam@clientdomain.com .
As admin , you can do these correction also using ASSP WHM > SPAM ANALYZER and NOT SPAM ANALYZER.
Using this way (recommended even if not strictly required) you can speedup a lot the process to build an efficient spam database. Your clients can receive a list of blocked spam by sending an email to asspblock@clientdomain.com (the email includes commands to resend the blocked email too).   You can find other ASSP tweakings on FAQs page http://www.grscripts.com/howtofaq.html 
and here http://www.grscripts.com/tweaking.html#09