I don't see where ASSP does any recipient address validation to
ward-off dictionary attacks. There was some mention of LDAP
validation, but only a passing reference
ASSP has two forms of recipient validation and also checks for RFC 822 email
address format conformity.
A simple text file will do and yes, it does have LDAP. Works very well. It
simply rejects invalid recipients with "550 5.1.1 User unknown". We reject
lots of spam this way. We use both Windows AD LDAP and a text file. The
text file is for Imail aliases and lists and for our second domain which
only has a few addresses. We could do it all with the text file but there
would a bit more maintenance involved or delay if we wait for our script to
add new addresses to the text file.
On my server, heavily abused/repeated invalid addresses are, in time,
manually converted into spam addresses which apply more penalty points
against the sending server IP. Heavily abused spam addresses are then
converted into spamtrap addresses which blocks a sending IP on first contact
and refuses future SMTP communications for a configurable number of days.
All of these emails are kept from the "real MTA", "saving cycles". There is
also RBL lookup and RBL caching to block emails as early as possible that
fail multiple lookups. My server is set to reject an email if it is on 3
block lists out of 17. I capture all blocked spam except that which is
denied at the SMTP communication level and have almost no false positives.
The couple that I have had in the last few months have been due to my
configuration changes and testing of spam bomb regular expressions that I
messed up for a couple of hours one day.
Certainly we would be seeing more invalid addresses blocked if it weren't
for the biggest advantage provided by ASSP in delaying or greylisting. Most
malware infected computers simply don't retry after they are delayed with a
"451 4.7.1 Please try again later". This feature alone removes the biggest
chunk of crap from our MTA including virus laden emails.
The current release has gone through a flurry of development and
documentation is sparse. Most of the configurable items in the GUI have
text explaining the options and the help forum:
https://sourceforge.net/forum/forum.php?forum_id=235333
and mailing list:
https://sourceforge.net/mailarchive/forum.php?forum_id=19005
are quick to respond to questions. The beta release has a few more options
than the production version (available on sourceforge:
https://sourceforge.net/project/showfiles.php?group_id=69172)
and is stable and can be downloaded here:
http://www.magicvillage.de/~Fritz_Borgstedt/assp/
Doug Traylor
Future questions regarding ASSP's functions are best aimed at the ASSP
specific lists, but here is a quick rundown of ASSP's abilities.
ASSP 1.2.3(9) (beta):
An SMTP "proxy" (not an MTA=no mail caching if MTA fails)
runs as a service in Perl, likes Active State Perl 5.8,
Multiple listen ports, authentication pass through,
Connection logging,
Max SMTP connection limiting,
Max connections per IP,
Connection timeout,
Recipient Based testing:
Local user list & LDAP/ invalid address rejection
Spam addresses (blocks email)
SpamTrap addresses (blocks IP)
NoProcessing addresses (ignored by ASSP)
SpamLover addresses (configurable for individual type of testing)
Content based testing:
Bayesian testing based on collected spam/ham,
Blacklisted HELO based on collected spam/ham,
Blacklisted sender or domain list,
Expression to identify spam (RegEx)
Expression to identify not-spam
Expression to identify no-processing
Expression to Identify spamBomb (email addresses in here work like
blacklisted sender)
Expression to test spambomb (logging only)
Expression to mark email for Content testing only
Whitelisting Domains/Users
Connection based testing:
Delaying/greylisting IP
RBL lookup/ RBL caching
SPF validation (block on fail)
HELO format testing
Local HELO forgery testing
HELO whitelisting
Reverse DNS/PTR/MX lookup
Penalty Box (PB) scoring for all of the above
Email blocking threshold and SMTP blocking threshold
Testmode for all ASSP tests
extensive logging, local or syslog.
(I think that's most of it, there are other features but some of them have
been deprecated like the integrated anti-virus)
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
