ASSP Antivirus / Anti-Spam Mailserver Help Guide

ASSP Antivirus / Anti-Spam Mailserver

 ASSP Main features

  • Anti-spam engine powered by ASSP.
  • Automatic whitelisting.
  • Clamd Antivirus enabled by default for all email traffic.
  • Detailed LOGS per domain/subdomain and per each filter.
  • Protection against email dictionary attack/bombers.
  • Advanced Spambox (collection of blocked email) and reporting system.
Even though this help section is related to yourdomain.com, all the help sections can be applied to your other domain names or subdomains (if you have any).

 Where are blocked emails collected?

ASSP Anti-spam has been designed and configured with great care to prevent blocking of good emails from occurring however, rarely, it can still happen. ASSP uses a "SPAM SCORING MODE" which checks each email message sent to your account and it assigns scores using several SPAM filters, sums the scores collected by each filter and then determines if the email should be considered as SPAM or NOTSPAM.  All blocked emails (SPAM) are collected in a /spambox Folder where they can be inspected and managed as required.

    1. You can read the /spambox IMAP folder (fastest method) using any IMAP capable email client. You can also check the /spambox IMAP folder using Horde, Squirrel or Roundcube webmail programs (i.e. info@yourdomain.com/spambox folder). If you find any good emails in your /spambox you can send these using "forward as attachment" to assp-notspam@yourdomain.com, which will whitelist the sending addresses preventing them from being blocked again.
    2. You can receive a list of all blocked email by sending an email to asspblock@yourdomain.com. You will receive a response which lists all blocked emails. If you find any good emails blocked in this list you can press the Resend link to receive/release the blocked email into your inbox. When you click the "Resend" link/icon, the sender will automatically be whitelisted as well.
    1. Automatic whitelisting - Every time you send an email to someone new their email address will be whitelisted automatically. For this reason, you should never reply to any spam mails as this will whitelist their addresses. You can whitelist any email address, or a complete domain, by sending an email to assp-white@yourdomain.com; you should specify one or more email addresses you want whitelisted in theemail subject. If you want to whitelist a complete domain name (i.e. any_address@domain.com) you can use the wildcard *@domain.com. You can also send lists of domains and/or email addresses which should be whitelisted to assp-white@yourdomain.com;. If you become aware that email you want is being blocked simply send an email to that address or you can send an email to assp-white@yourdomain.com as described above.
    2. You can see a list of blocked emails in your cPanel as well (in this area) by reading the LOGS in the ASSP Deluxe frontend. You can read the blocked email (using the  icon) and ask to retrieve it (using the  icon).
    1. You can also collect spam (blocked email) by using a spambox POP3 collector. If you are not confident with IMAP protocol you can setup a spambox POP3 collector. All spam sent to *@yourdomain.com will be collected by your spambox@yourdomain.com POP3 account. How to setup a spambox POP3 collector? You should simply create a POP3 email account called spambox@yourdomain.com (using spambox@yourdomain.com, you should simply check this email account if you want see all blocked email). In the same way as with the spam collected in IMAP /spambox, if you find any good email blocked in your spambox@yourdomain.com you can forward as attachment these to assp-notspam@yourdomain.com as outline in 1. above, and it will not be blocked again.
    2. If you have too many good senders blocked (even when you are forwarding as attachments the errors to assp-notspam@yourdomain.com), you can decrease the sensitivity of your anti-spam filter setting by lowering it from Normal to Low, Lower or Lowest. If you decrease the spam sensitivity some spam could pass, however you considerably reduce the risk of blocking any good emails.
  1. Whenever an email is classified as Spam and is blocked, ASSP will bounce the email and the sender will receive an error like this:

    554 5.7.1 Mail (SESSIONID) appears to be unsolicited - resend with the code va9ytu5y appended to subject and ask to have your email whitelisted (the code va9ytu5y changes each 24 hours).



    So, in the case of a genuine sender, they will know their mail has not been delivered and, by re-sending the blocked email with the code va9ytu5y (not spam code) appended to the email subject, that the email will be accepted and you will receive it in your inbox.

 ASSP reporting

When you receive a SPAM message in your inbox you have a choice to either just delete it and move on, or better to Report it (forward as attachment) to our mail server so the anti-spam filter can learn and correct the error improving its anti-spam performance. If you find any good emails in your /spambox you can send these using "forward as attachment" to assp-notspam@yourdomain.com, which will whitelist the sending addresses preventing them from being blocked again.

How to report a false positive email

If you see a valid message in your /spambox IMAP or in your spambox@POP3 folder (if your server administrator activated the SPAMBOX@ plugin), you can report this email to our mail server and the anti-spam will learn and correct the error, improving its anti-spam performance. You can send these using "forward as attachment" to assp-notspam@yourdomain.com, which will whitelist the sending addresses preventing them from being blocked again.

How to report a valid email (whitelisting)

Every time you send an email to someone new their email address will be whitelisted automatically. For this reason, you should never reply to any spam mails as this will whitelist their addresses. You can whitelist any email address, or a complete domain, by sending an email to assp-white@yourdomain.com; you should specify one or more email addresses you want whitelisted in the email subject. If you want to whitelist a complete domain name (i.e. any_address@domain.com) you can use the wildcard *@domain.com. You can also send lists of domains and/or email addresses which should be whitelisted to assp-white@yourdomain.com;. If you become aware that email you want is being blocked simply send an email to that address or you can send an email to assp-white@yourdomain.com as described above.
 

 Could ASSP anti-spam block my local email?

No, ASSP anti-spam automatically allows local senders, just be sure you are sending email correctly. The correct way to send emails is:

  • You should always send your email using your SMTP mailserver mail.yourdomain.com.
  • Please be sure that "My outgoing server (SMTP) requires authentication" is checked ON in your email client.

 Too much SPAM is passing

If you have too much SPAM passing (even though you are forwarding the errors to assp-spam@yourdomain.com, you can increase the sensitivity of your anti-spam setting by raising it from Normal to High, Higher or Highest. Doing so will slightly increase the possibility of stopping genuine emails. If the SPAM continues to pass even with High, Higher or Highest settings selected, please check the email headers, as it is likely the sender's address may been whitelisted at some time. In this case, please let your system administrator know so that the offending address can be checked and, if necessary, removed from the whitelist.
 

 Too many good senders are blocked

If you have too many good senders blocked (even though you are forwarding the errors to assp-notspam@yourdomain.com, you can decrease the sensitivity of your anti-spam setting by lowering it from Normal to Low, Lower or Lowest. If you decrease spam sensitivity some spam could pass, however you strongly reduce the risk of blocking any good emails.

If good senders are often blocked even with Low, Lower or Lowest settings and even though you are forwarding the errors to assp-notspam@yourdomain.com, please check the email headers as it is possible the sender is blacklisted, or his sending IP address may be on a blocking list. In this event please contact your system administrator who can make arrangements to allow the sender to pass. 
 

 Disable anti-spam for one or more domains or email

If you want to disable your ASSP anti-spam for one or more domain names (or email addresses) in your account, please contact your system administrator to arrange for your domains or email addresses to be added to the ASSP noProcessing list. 
 

 Email bounces with a Service denied error

If someone who is trying to contact you via email receives a bounced email with a "Service Denied error", it means their mailserver IP address is blocked by our ASSP Anti-Spam at IP address level. This may happen if that sender's IP address is on a recognized Blacklist. In this case please contact your system administrator, providing them with the full details, so that appropriate arrangements can be made to allow that sender IP address to pass.

 List of anti-spam ASSP email interface commands

You should always receive an email confirmation message any time you send a request to the ASSP email interface (assp-spam@ ..., assp-notspam@ ..., etc).
If you don't receive an acknowledgement, your mail was not accepted so please be sure to send the request correctly always using your SMTP mailserver (mail.yourdomain.com), also be sure that "My outgoing server (SMTP) requires authentication" is checked ON in your email client SMTP advanced settings).

 list of available ASSP anti-spam email interface commands:

assp-spam@

Any mail sent or forwarded as atttachment by local/authenticated users to this username will be interpreted as a report about a Spam that got through (spam found in your inbox). You should forward the received spam as an attachment to assp-spam@yourdomain.com. This works best if the mails are forwarded as attachments or copied into a new mail (header and body), because simply forwarding the mail will remove the original header. You can send multiple emails as attachments too.

assp-notspam@ If you see a valid message (not spam) in your /spambox IMAP folder or in your spambox POP3 folder, you can report this email to our mail server and the ASSP anti-spam will learn and correct the error improving its anti-spam performance. If you want report an email blocked incorrectly select the message in your inbox, right-click and select "Forward as attachment"; address it to assp-notspam@yourdomain.com and click SEND. Shortly after your request you will receive an email confirmation, you have reported the spam message and it should not be blocked again.
assp-white@ You can whitelist an email or domain by sending an email to assp-white@yourdomain.com specifying each email addresses you want whitelisted in the email subject . If you want to whitelist a whole domain (i.e. All_Addresses@domain.com) you can use the wildcard *@domain.com. Shortly after your request you will receive an email confirmation.

assp-notwhite@ You can remove an email or domain from the whitelist by sending an email to assp-notwhite@yourdomain.com; shortly after your request you will receive an email confirmation.
assp-persblack@ Any mail sent by local/authenticated users to assp-persblack@yourdomain.com will be interpreted as a request to add the listed address(es) to your personal blackListed addresses. Whole domains can be blocked by putting a wildcard in the user part of the address: '*@example.com'. You can receive a complete report about all your personal black list entries by sending an empty email to this address.
assp-notpersblack@ Any mail sent by local/authenticated users to assp-notpersblack@yourdomain.com will be interpreted as a request to remove the listed address(es) from your personal blacklisted addresses.
asspanalyze@ Any mail sent or forwarded by local/authenticated users to asspanalyze@yourdomain.com will be interpreted as a request for spam analysis of the mail. Shortly after your request you will receive an email with the analysis results.
asspblock@ Any mail sent by local/authenticated users to asspblock@yourdomain.com will be interpreted as a request to get a report about blocked emails. Leading digits/numbers in the mail subject will be interpreted as "report request for the last number of days". If the number of days is not specified in the mail subject, a default of 5 days will be used to build the report. All characters behind the "number of days" will be interpreted as a regular expression to overwrite the BlockReportFilter - leading and trailing white spaces will be ignored. If you want to receive an asspblock@ report each day at midnight, please contact your technical support.

The following ASSP email interface commands are available upon request to your technical support who, at their discretion, can arrange to make these available for your direct use by adding you to the allowed users list, (EmailAdmins).

asspof@ Any mail sent by local/authenticated users to this username will be interpreted as a request to add the sender address to a noProcessing addresses list. All email in this noProcessing list will bypass the ASSP anti-spam filters.
asspon@ Any mail sent by local/authenticated users to asspon@ will be interpreted as a request to remove the sender address from noProcessing.
assp-persblack@ Any mail sent by local/authenticated users to assp-persblack@ will be interpreted as a request to add the email or domain to your personal blacklist.
assp-notpersblack@ Any mail sent by local/authenticated users to assp-notpersblack@ will be interpreted as a request to remove the email or domain from your personal blacklist .

 How does the Delaying filter (Greylisting) work?

Delaying is an additional method we provide for blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical approaches. This method is also called "Greylisting".

Delaying works on the principal that a correctly configured SMTP server will always attempt re-delivery of an email message if it gets a soft failure. This procedure is in standard use to ensure mail deliveries still take place even when a receiving server is offline for a while for maintenance or other reasons.

How exactly does this work? 
When someone, not already on our system whitelist, sends an email to our server (and you have the delaying filter enabled), it will create and store a triplet (email address, domain, IP address) and will then return a 451 error (soft failure) to the sending server which effectively requests delivery again later. If the sending mail server is correctly configured, to accepted industry standards, it will re-attempt the delivery every X number of minutes for the next 24 to 28 hours typically. (X depending upon their exact server configuration). When the sender mail server re-delivers, the triplet (email address, domain, IP address) gets whitelisted (delaying whitelist) and you'll receive the email.

When will you receive the email? 
If the sending mailserver is configured correctly you should receive the email after min minutes (default embargo time) and max 24 hours (default wait time) . If the sender mailserver doesn't reattempt the delivery (and slammer's relay senders usually do not) the email will be rejected after the wait time of (24 hours) and you'll never receive the spam message.

Will I lose any valid email?
Only if the sending mailserver is not configured to reattempt the delivery will the email be rejected. All legitimate, properly configured, mailservers do attempt re-deliveries. However, in the very unlikely event that you see some valid email listed on your delaying Log page, you can always whitelist the email using the REPORT button.

Delaying is an additional method we provide for you to block spam at the mailserver level, it's not as efficient as the normal ASSP anti-spam "Scoring mode". This method is also called "Greylisting" and it operates on the principle that a correctly configured SMTP server will always attempt re-delivery of an email message if it gets a soft failure.

Email blocked by the Delaying filter can't be collected using your spam box (or alternative ways) so we recommend only turning it ON if it's strictly required.

Was this answer helpful? 1 Users Found This Useful (1 Votes)