ASSP 2.4.1 Version Manual

ASSP version 2.4.
1(14132)
Table of Contents:
Configuration Synchroniation an! Sharing
"et#or$ Setu%
S&TP Session 'i(its
)rou% !efinition
SPA& Control
Co%y S%a( * +a(
SPA& 'over,+ater
"o Processing
-hitelisting
.elaying
.eci%ients,'ocal /o(ains
0ali!ate +elo
0ali!ate Sen!er
1P 2loc$ing
Sen!er2ase , -hois
Penalty2o3
/elaying,)reylisting
SP4,/&A.C,S.S
/"S2'
5.12'
Attach(ent 2loc$ing
Cla(A0 an! 4ileScan
.ege3 4ilter , S%a(bo(b
2ayesian an! +i!!en &ar$ov &o!el (+&&) 6%tions
2ac$scatter /etection
Test&o!es
7(ail 1nterface
4ile Paths an! /atabase
Collecting
'ogging
'/AP Setu%
/"S Setu%
Server Setu%
.ebuil! S%a(!b
Char Conversions , T"74
SS' Pro3y an! T'S su%%ort
)lobal Penalty2o3
2loc$ .e%orting
S"&P Configuration
P6P3 Collecting
&o!ule Setu%
ASSP8A4C9Plugin
ASSP8A.C9Plugin
ASSP8/CC9Plugin
ASSP86C.9Plugin
ASSP8.aor9Plugin
12.05.2014 Seite 1 von 134
Configuration Synchroniation an! Sharing
7nable Configuration Sharing (enableCFGShare)

.ea! all %ositions in this section carefully ((ulti%le ti(es is reco((en!e!:::): A #rong configuration se;uence or
#rong configuration values can lea! in to a !estroye! ASSP configuration:
If set, the configuration value and option files synchronization will be enabled. This synchronization belong to the configuration
values, to the file that is possibly defined in a value and to the include files that are possibly defined in the configured file. If you
don't want a specific configuration file or include file to be synchronized (send and receive), write
# assp-no-sync
as a coent anywhere in the file. !n possible reason could be for e"aple 'local/o(ains' - if !##$% is hosting &'(!I)% and
&'(!I)* but !##$* is hosting only &'(!I)* - so the entry for &'(!I)* could be put in a not synchronized include file on
!##$% and the synchronized ain config file contains the entry for &'(!I)%.
If the configuration of all values in this section is valid, the synchronization status will be shown in the +,I for each config value
that is, or coul! be share!. There are several configuration values, that could not be shared. The list of all shareable values could
be found in the distributed file assp-sync.cfg
.or an initial synchronization setup set the following config values in this order/ setup syncServer, syncConfig4ile,
syncTest&o!e and as last syncC4)Pass (leave isShareSlave and isShare&aster off). ,se the default (distributed
syncConfig4ile assp-sync.cfg) file and configure all values to your needs - do this on all peers by reoving lines or setting the
general sync flag to 0 or % (see the description of syncConfig4ile ).
If you have finished this initial setup, enable isShare&aster or isShareSlave - now assp will setup all entries in the configuration
file for all sync peers to the configured default values (to % if isShare&aster or to 1 if isShareSlave is selected). &o this on all
peers. )ow you can configure the synchronization behavior for each single configuration value for each peer, if it should differ fro
the default setup.
.or the initial synchronization, configure only one !##$ installation as aster (all others as slave). If the initial synchronization has
finished, which will ta2e up to one hour, you can configure all or soe assp as aster and slave. 'n the initial aster siply
switch on isShareSlave. 'n the inital slaves, switch on isShare&aster and change all values in the sync config file that should
be bidirectional shared fro 1 to %. !s last action enable enableC4)Share on the #ync#laves first and then on the #ync(aster.
!fter such an initial setup, any changes of the peers (syncServer) will have no effect to the configuration file (syncConfig4ile)3
To add or reove a sync peer after an initial setup, you have to configure syncServer and you have to edit the sync config file
anualy.
This option can only be enabled, if isShare&aster and4or isShareSlave and syncServer and syncConfig4ile and syncC4)Pass
are configured3
2ecause the synchroniation is !one using a s%ecial S&TP %rotocol (#ithout <(ail fro(< an! <rc%t to<)= this o%tion
re;uires an installe! "et::S&TP (o!ule in P7.'. 1f you #ant the sync feature to use a secure! connection (using
STA.TT'S) = /oT'S has to be set to <!o T'S<. This s%ecial S&TP %rotocol is not usable to for any &TA for security
reasons= so the <sync (ails< coul! not be for#ar!e! via any &TA.
4or this reason all sync %eers (ust have a !irect or route! TCP connection to each other %eer.
If you build a sync topology with ore than two !##$, please notice, that it is not allowed to build any ring-synchronization. 'nly
a chain-, tree- or star- topology is supported. It is also not allowed to build a sync ring inside any of the three allowed topologies3
show sync status
This is a Share &aster (isShareMaster)
If selected, !##$ will send configured configuration changes to sync peers.
This is a Share Slave (isShareSlave)

If selected, !##$ will receive configured configuration changes fro sync peers. To accept a sync re5uest, every sending peer has
to be defined in syncServer - even if there are anualy ade entries in the sync config file for a peer.
/efault Sync Peers (syncServer)
10.69.1.60:25
&efine all configuration sync peers here (to send changes to or to receive changes fro). #epatate ultiple values by 676. !ny
value ust be a pair of hostnae or ip-address and /port, li2e %0.%0.%0.%0/*8 or ypeerhost/%*8 or
ypeerhost.ydoain.co/**8. The /port ust be defined3
The target port can be the listenPort , listenPort2 , relayPort or if sync5sesSS' is enabled, it has to be the listenPortSS' of
the peer.
SS' is use! for the Sync S&TP Trans%ort (syncUsesSSL)
If selected, ##9 will be used for the transport of the sychronisation re5uests. In this case the target ip/port of all peers ust be its
listenPortSS' 3 The $erl odules )et//#(T$//##9 and I'//#oc2et//##9 ust be installed and enabled if this option is selected,
otherwise all synchronisation re5uests will fail3
Test &o!e for Config Sync (syncTestMode)

If selected, a aster (isShare&aster) will process all steps to send configuration changes, but will not realy send the re5uest to
the peers. ! slave (isShareSlave) will receive all sync re5uests, but it will not change the configuration values and possibly sent
configuration files will be stored at the original location and will get an e"tension of 6.synctest6.
Configuration 4ile for Config Sync> (syncConfigFile)
file:assp_sync.cfg Edit file
&efine the synchronization configuration file here (default is file/assp-sync.cfg).
This file holds the configuration and the current status of all synchronized assp configuration values.
The forat of an initial value is/ 6varnae/:syncflag6 - where syncflag could be 0 -not shared and % -is shared - for e"aple/
;eader(a"9ength/:% . The syncflag is a general sign, which eens, a value of 0 disables the synchronization of the config value
12.05.2014 Seite 2 von 134
for all peers. ! value of %, enables the peer configuration that possibly follows.
The forat after an initial setup is/ 6varnae/:syncflag,sync#erver%:status,sync#erver*:status,......6. The 6status6 could be one
of the following/
0 - no sync - changes of this value will not be sent to this syncServer - I will ignore all change re5uests for this value fro there
% - I a a #ync(aster, the value is still out of sync to this peer and should be synchronized as soon as possible
* - I a a #ync(aster, the value is still in sync to this peer - I a also a #ync#lave to this peer (bidirectional sync) if
isShareSlave is enabled
1 - I a not a #ync(aster but a #ync#lave - only this #ync(aster (peer) 2nows the current sync status to e
< - I a a #ync(aster and a #ync#lave (bidirectional sync) - a change of this value was still received fro this syncServer (peer)
and should not be sent bac2 to this syncServer - this flag will be autoaticaly set bac2 to * at the ne"t synchronization chec2
Config Sync Pass#or! (syncCFGPass)
123456
The password that is used and re5uired (additionaly to the sending I$ address) to identify a valid sync re5uest. This password has
to be set e5ual in all !##$ installations, fro where and4or to where the configuration should be synchronized.
The password ust be at least si" characters long.
If you want or need to change this password, first disable enableC4)Share here and on all peers, change the password on all
peers, enable enableC4)Share on #ync#laves then enable enableC4)Share on #ync(asters.
Sho# /etail Sync 1nfor(ation in )51 (syncShowGUIDetails)
If selected, the detail synchronization status is shown at the top of each configuration paraeter li2e/
nothing shown - there is no entry defined for this paraeter in the syncConfig4ile or it is an unsharable paraeter
6(shareable)6 - the paraeter is shareable but the general sync sign in the syncConfig4ile is zero
6(shared/ ...)6 - the detail sync status for each sync peer
If not selected, only different colored bulls are shown at the top of each configuration paraeter li2e/
nothing shown - no entry in the syncConfig4ile or it is an unsharable paraeter
6blac2 bull ?6 - the paraeter is shareable but the general sync sign in the syncConfig4ile is zero
6green bull ?6 - the paraeter is shared and in sync to each peer
6red bull ?6 - the paraeter is shared but it is currently out of sync to at least one peer
If you ove the ouse over the bull, a hint bo" will show the detail synchronization status. !n clic2 on the bull or lin2 will open a
sync config dialog bo" for the single configuration paraeter.
)otes =onfig #ync
Notes
12.05.2014 Seite 3 von 134
"et#or$ Setu%
/isable all ne# S&TP an! Pro3y "et#or$ Connections (DisableSMTPetwor!ing)
If selected, !##$ will not answer to new #(T$ and $ro"y connections on 'listenPort , listenPort2 , listenPortSS' , relayPort
and Pro3yConf'. =urrently e"isting #(T$ and $ro"y connections are not affected3 >eb and #tat connection are also not affected.
7nable 1Pv@ su%%ort (enableI"T#) ?

.or I$v? networ2 support to be enabled, chec2 this bo". &efault is disabled. I'//#oc2et//I)@T? is able to handle both I$v< and
I$v?. )'T@/ This option re5uires an installed 16::Soc$et::1"7T@ odule in $@A9 and your syste should support I$v? soc2ets to
give enableing this option a sense3
Before you enable or disable I$v?, please chec2 every I$ listener and destination definition in assp and correct the settings. !fter
changing this option a restart of assp is recoended. I$v< addresses are defined for e"aple %C*.%?D.0.% or %C*.%?D.0.%/*8 -
I$v? addresses are defined li2e E.@D0/%/0/0/0/0/0/%F/*8 or E.@D0/%//%F/*8 3 If an I$v< address is defined for a listener, assp will
listen only on the I$v< soc2et. If an I$v? address is defined for a listener, assp will listen only on the I$v? soc2et. If only a port is
defined for a listener, assp will listen on both I$v< and I$v? soc2ets.
.or the definition of destination I$'s applies the sae. Gou are free to define hostnaes instead of I$ addresses li2e
yhost.ydoain.co/*8 - how ever, because of the needed I$ address resolving, this will possibly slow down assp.
S&TP 'isten Port (listenPort) ?
25
The port nuber on which !##$ will listen for incoing #(T$ connections (norally *8). Gou can specify both an I$ address and
port nuber to liit connections to a specific interface. #eparate ultiple entries by 676.
Examples: *8, %*H.0.0.%/*8, %*H.0.0.%/*87%*H.0.0.*/*8
S&TP /estination (s$t%Destination) ?
10.69.1.60:425
The I$ nu(ber: and port nuber of your priary #(T$ (ail transfer agent ((T!). If ultiple servers are listed and the first
listed (T! does not respond, each additional (T! will be tried. If only a port nuber is entered, or the dynaic 2eyword
1"265"/ is used with a port nuber, then the connection will be established to the local I$ address on which the connection was
received. This is useful when you have several I$ addresses with different doains or profiles in your (T!. If I)B',)&/$'AT is
used, AeportingAeplies (!nalyze,;elp,etc and =opy(ail will go to %*H.0.0.%/$'AT or E//%F/$'AT. If your needs are different, use
stpAeport#erver (#(T$ Aeporting &estination) and sen!All/estination (=opy #pa #(T$ &estination). #eparate ultiple
entries by 676
. If you need to connect to the #(T$ destination host using native ##9, write '##9/' in front of the I$4host definition. In this case
the $erl odule 16::Soc$et::SS' ust be installed and enabled ( use16Soc$etSS' ).
Examples: %*8, %*H.0.0.%/%*8, %*H.0.0.%/%*87%*H.0.0.8/%*87##9/%*H.0.0.%/<?8, I)B',)&/%*8
S&TP /estination .outing Table> (s$t%Destination&T) ?
If I)B',)& is used in the #(T$ &estination field, the rules specified here are used to route the inbound I$ address to a different
outbound I$ address. Gou ust specify a port nuber with the outbound I$ address.
Example:%<%.%*0.%%0.%:I%<%.%*0.%%0.%*C/*87%<%.%*0.%%0.*:I%<%.%*0.%%0.%10/%*87%<%.%*0.%%0.1:I##9/%<%.%*0.%%0.%10/%*8
S&TP Secure 'isten Port (listenPortSSL) ?
456
The port nuber on which !##$ will listen for incoing secure #(T$ connections (norally <?8). Gou can specify both an I$
address and port nuber to liit connections to a specific interface. #eparate ultiple entries by 676.
Examples: <?8, %*H.0.0.%/<?8, %*H.0.0.%/<?87%*H.0.0.*/<?8
. (ore configuration options are s(t%SS'.e;uireClientCert, SS'S&TPCert0erifyC2 and SS'S&TPConfigure .
SS' /estination (s$t%DestinationSSL) ?
10.69.1.60:425
The I$ a!!ress: and port nuber to connect to when ail is received on the ##9 listen port. If the field is blan2, the priary
#(T$ destination will be used.
If you need to connect to the ##9 destination host using native ##9, write '##9/' in front of the I$4host definition. In this case the
$erl odule 16::Soc$et::SS' ust be installed and enabled ( use16Soc$etSS' ).
Examples:%*H.0.0.%/8?8, 8?8
Secon! S&TP 'isten Port (listenPort') ?
555
! secondary port nuber on which !##$ can accept #(T$ connections. This is useful as a dedicated port for J$) clients or for
those who cannot directly send ail to a ail server outside of their I#$'s networ2 because the I#$ is bloc2ing port *8. Gou ay
also specify an I$ address to liit connections to a specific interface. #eparate ultiple entries by 676.
Examples: *8*8, %*H.0.0.%/*8*8, %C*.%?D.0.%00/*8000
Secon! S&TP /estination (s$t%()thServer) ?
The I$ address and port nuber to connect to when ail is received on the second #(T$ listen port. If the field is blan2, the
priary #(T$ destination will be used. The purpose of this setting is to allow reote users to a2e authenticated connections and
transit their eail without encountering #$. failures. If you need to connect to the second #(T$ destination host using native
##9, write '##9/' in front of the I$4host definition. In this case the $erl odule 16::Soc$et::SS' ust be installed and enabled
( use16Soc$etSS' ).
Examples: 8DH, %*H.0.0.%/8DH, ##9/%*H.0.0.%/<?8
12.05.2014 Seite 4 von 134
/isable A5T+ su%%ort on listenPorts (o(UT*listenPorts) ?
This disables the #(T$ !,T; coand on the defined listen$orts independed fro any other setting. This option wor2s for
listenPort , listenPort2 and listenPortSS' . The listener definition here has to be the sae li2e in the port definitions. #eparate
ultiple entries by 676.
Examples: *8, %*H.0.0.%/*8, %*H.0.0.%/*87%*H.0.0.*/*8
/isable S&TP A5T+ for 73ternal Clients (Disable"+t(UT*) ?
If you do not want e"ternal clients (I$ not in acce%tAll&ail or relayPort is not used) to use #(T$ !,T; - for e"aple to prevent
address and password harvesting - chec2 this option.
The 6!,T;6 offer in the @;9' and ;@9$ reply will be stripped out, if set to on.
)otice/ setting this option to ') could prevent roaing users (dynaic I$) fro being able to authenticate3
4orce S&TP A5T+ on Secon! S&TP 'isten Port ("nforce()th) ?
.orce clients connecting to the second listen port to authenticate before transferring ail. To use this setting, both listenPort2
(#econd #(T$ 9isten $ort) and s(t%AuthServer (#econd #(T$ &estination) ust be configured.
)otes 'n )etwor2 #etup
Notes
12.05.2014 Seite 5 von 134
SMTP Session Limits
Maximum Errors Per Session (MaxErrors)
11
The maximum number of SMTP session errors encountered before the connection is dropped. An value of zero disables this
feature. PB: meValencePB
Maximum Sessions (maxSMTPSessions)
500
The maximum number of simultaneous SMTP sessions. This can prevent server overloading and DoS attacs. !" simultaneous
sessions are t#picall# enough. $ero means no limit. %onnections on relayPort &ill be counted' but connections on relayPort &ill
never be limited because of this value. (f the value is reached' assp &ill &ait until the number of simultaneous SMTP sessions is
lo&er than )value * +,- or )value . ,./0-.
No Maximum Sessions IP numbers* (noMaxSMTPSessions)
Mail from an# of these (P numbers &ill pass through &ithout checing maximum number of simultaneous SMTP sessions. 1or
example: 2"0.2"0.2"0.2"0
Maximum Sessions Per IP Address (maxSMTPipSessions)
5
The maximum number of SMTP sessions allo&ed per (P address. 3se this setting to prevent server overloading and DoS attacs. 0
sessions are t#picall# enough. (f set to , there is no limit imposed b# ASSP. ispip )(SP4Secondar# M5 Servers- and acceptAllMail
)Accept All Mail- matches are excluded from SMTP session limiting. PB: iplValencePB
Maximum eader Si!e (HeaderMaxLength)
10001
The maximum allo&ed header length' in b#tes. At each mail hop header information is added b# the mail server. A large mail
header can indicate a mail loop. (f the value is blan or , the header size &ill not be checed.
"etect Possible Mailloop (detectMailLoop)
3
(f set to a value higher than ,' ASSP count it6s o&n 7eceived*header in the header of the mail. (f this count exceeds the defined
value' the transmission of the message &ill be canceled.
Maximum E#ual $%eader Lines* (MaxEqualXHeader)
*=>20
The maximum allo&ed e8ual 5*header lines * eg. 95*Subscriber(D9. (f the value is set to empt# the header &ill not be checed for
e8ual 5*header lines. This chec &ill be sipped for noprocessing' &hitelisted and outgoing mails.
The default is 9.:;+,9' &hich means an# 5*header can occure +, time maximum. <ou can define different values for different
5*headers * &ildcards lie 9.9 and 9=9 are allo&ed to be used.
1or example:
.:;+,>5*?otes*(tem:;2,,>5*Subscriber.:;2,>5*An#Tag:;,
An value of zero disables the chec for the defined 5*header. The chec is also sipped if no default lie 9.:;+,9 is defined and
the 5*header defintion is not found.
Max &eal Si!e o' Local Messa(e (maxRealSize)
(f the value of )number of @rcpt toA . @message sizeA- exceeds max&ealSi!e in b#tes the transmission of the local message &ill be
canceled. ?o limit is imposed b# ASSP if the field is left blan or set to ,. This option allo&s admins to limit useless band&idth
&asting based on the total transmit size.
Max &eal Si!e o' Local Messa(e Addresses* (MaxRealSizeAdr)
file:files/MaxRealSize.txt Edit file
3se this parameter to set individual max&ealSi!e values for email addresses' domains' user names and (P addresses. A file must
be specified if used.
Accepts specific addresses )userBdomain.com-' user parts )user-' entire domains )Bdomain.com- and (P addresses )%(D7
notation lie 2+C.2.2,24C+ is here not supportedD- * group definitions could be used. 3se one entr# per line. Eildcards are
supported )fribo.Bdomain.co=-. A second parameter separated b# 9:;9 specifies the size limit.
1or example:
fribo.Bthisdomain.co=:;2,,,,,,
Fhanna:;,
Bsill#gu#s.org:;0,,,,,
2,2.2.+..:;,
@adminsA:;,
(f multiple matches )values- are found in a mail for an# (P address in the transport mail chain' an# envelope recipient and the
envelope sender' the highest value or , )no limit- &ill be usedD (f no match )value- is found in a mail' the definition in
max&ealSi!e &ill tae place.
Max &eal Si!e o' External Messa(e (maxRealSizeExternal)
(f the value of )number of @rcpt toA . @message sizeA- exceeds max&ealSi!eExternal in b#tes the transmission of the external
12.05.2014 Seite 6 von 134
message &ill be canceled. ?o limit is imposed b# ASSP if the field is left blan or set to ,. This option allo&s admins to limit
useless band&idth &asting based on the total transmit size.
Max &eal Si!e o' External Messa(e Addresses* (MaxRealSizeExternalAdr)
file:files/MaxRealSizeExt.txt Edit file
3se this parameter to set individual max&ealSi!eExternal values for email addresses' domains' user names and (P addresses. A
file must be specified if used.
1or example:
Fhanna:;,
2,2.2.+..:;,
@adminsA:;,
max&ealSi!eExternal &ill tae place.
max real messa(e si!e Error (maxRealSizeError)
552 message exceeds MAXREALSIZE byte (size !c"t#
SMTP error message to reFect max&ealSi!e 4 max&ealSi!eExternal exceeding mails. 1or example:00+ message exceeds
MA57GAHS($G b#te )size . rcpt-D MA57GAHS($G &ill be replaced b# the value of max&ealSi!e 4 max&ealSi!eExternal.
Max Si!e o' Local Messa(e (maxSize)
(f the value of )@message sizeA- exceeds maxSi!e in b#tes the transmission of the local message &ill be canceled. ?o limit is
imposed b# ASSP if the field is left blan or set to ,. This option allo&s admins to limit useless band&idth &asting based on the
transmit size.
Max Si!e o' Local Messa(e Addresses* (MaxSizeAdr)
file:files/MaxSize.txt Edit file
3se this parameter to set individual maxSi!e values for email addresses' domains' user names and (P addresses. A file must be
specified if used.
1or example:
Fhanna:;,
2,2.2.+..:;,
@adminsA:;,
envelope sender' the highest value or , )no limit- &ill be usedD (f no match )value- is found in a mail' the definition in maxSi!e
&ill tae place.
Max Si!e o' External Messa(e (maxSizeExternal)
(f the value of )@message sizeA- exceeds maxSi!eExternal in b#tes the transmission of the external message &ill be canceled. ?o
limit is imposed b# ASSP if the field is left blan or set to ,. This option allo&s admins to limit useless band&idth &asting based on
the transmit size.
Max Si!e o' External Messa(e Addresses* (MaxSizeExternalAdr)
file:files/MaxSizeExt.txt Edit file
3se this parameter to set individual maxSi!eExternal values for email addresses' domains' user names and (P addresses. A file
must be specified if used.
1or example:
Fhanna:;,
2,2.2.+..:;,
@adminsA:;,
maxSi!eExternal &ill tae place.
max messa(e si!e Error (maxSizeError)
12.05.2014 Seite 7 von 134
552 message exceeds MAXSIZE byte (size)
SMTP error message to reFect maxSi!e 4 maxSi!eExternal exceeding mails. 1or example:00+ message exceeds MA5S($G b#te
)size-D MA5S($G &ill be replaced b# the value of maxSi!e 4 maxSi!eExternal.
Max Number o' A)Tentication Errors (MaxATHErrors)
(f an (P )4+" net&or is used- exceeds this number of authentication errors )0C0 or 0C,- the transmission of the current message
&ill be canceled and an# ne& connection from that (P &ill be bloced for 0*2, minutes.
Gver# 0 Minutes the 6A3TIGrror6 *counter of the (P &ill be decreased b# one. autValencePB is used for the penalt# box.
?o limit is imposed b# ASSP if the field is left blan or set to ,. This option allo&s admins to prevent external bruteforce or
dictionar# attacs via A3TI command. Ehitelisted' noBloc*in(IPs and ?oProcessing (P6s are ignored lie an# rela#ed connection.
"o not c+ec* MaxA)TErrors 'or t+ese IP,s* (noMaxATHError!Ps)
Hist of (P6s &hich should not be checed for MaxA)TErrors . 1or example: 2"0.2"0.2"0.2"0>2"0.2"!.
-+ec* Same Sub.ects ("oSameSu#$ect)
disabled
(f activated' assp &ill chec the mail subFects for e8ualit# using the config parameters belo&. Scoring is done &ith 6isValencePB6.
Sub.ect /re#uency Inter0al (su#$ect%requenc&!nt)
300
The time interval in seconds in &hich the number of e8ual subFects has not to exceed a specific number
) sub.ect/re#uencyNumSub. -.
3se this in combination &ith sub.ect/re#uencyNumSub. to limit the number of e8ual subFects in a given interval. A value of ,
)default- &ill disable this feature and clean the cache &ithin five minutes.
edit Subject Fe!ue"cy #ac$e
Sub.ect /re#uency Number o' Sub.ects (su#$ect%requenc&'umSu#$)
5
The number of e8ual sbuFects that has not to exceed in a specific time interval ) sub.ect/re#uencyInt -.
3se this in combination &ith sub.ect/re#uencyInt to limit the number of e8ual subFects in a given interval. A value of , )default-
&ill disable this feature and clean the cache &ithin five minutes.
edit Subject Fe!ue"cy #ac$e
-+ec* E#ual Sub.ect /re#uency 'or t+is )sers only* (su#$ect%requenc&(nl&)
A list of local addresses' for &hich the 6subFect fre8uenc# chec6 should be done. Heave this field blan )default-' to do the chec
for ever# address.
Accepts specific addresses )userBdomain.com-' user parts )user- or entire domains )Bdomain.com-. Eildcards are supported
)fribo.Bdomain.com-.
1or example: fribo.Bthisdomain.com>Fhanna>Bsill#gu#s.org
-+ec* E#ual Sub.ect /re#uency N1T 'or t+is )sers* ('oSu#$ect%requenc&)
A list of local addresses' for &hich the 6subFect fre8uenc# chec6 should not be done.
Accepts specific addresses )userBdomain.com-' user parts )user- or entire domains )Bdomain.com-. Eildcards are supported
)fribo.Bdomain.com-.
1or example: fribo.Bthisdomain.com>Fhanna>Bsill#gu#s.org
-+ec* E#ual Sub.ect /re#uency N1T 'or t+is IP,s* ('oSu#$ect%requenc&!P)
Mail from an# of these (P numbers &ill pass through &ithout checing the e8ualit# of subFects. 1or example: 2"0.2"0.2"0.2"0
SMTP Idle Timeout (smtp!dleTimeout)
%&0
The number of seconds a session is allo&ed to be idle before being forcibl# disconnected. The default is 2J, seconds. ?o limit is
imposed b# ASSP if the field is left blan or set to ,. (f #ou have not defined an (dleTimeout on #our MTA' this value should not be
set to ,' because then a connection &ill never be timed outD
SMTP Idle Timeout 'or 2+itelisted an Noprocessin( ('p)lTime(ut)
%200
The number of seconds a &hitelisted or noprocessing session is allo&ed to be idle before being forcibl# disconnected. The default is
2+,, seconds. ?o limit is imposed b# ASSP if the field is left blan or set to ,. (f #ou have not defined an (dleTimeout on #our
MTA' this value should not be set to ,' because then a connection &ill never be timed outD
SMTP Idle Timeout a'ter N11P (smtp'((P!dleTimeout)
30
The number of seconds a session is allo&ed to be idle after a 9?KKP9 command is received' before being forcibl# disconnected.
The default is , seconds. ?o limit is imposed b# ASSP if the field is left blan or set to ,.
12.05.2014 Seite 8 von 134
This should prevent hacers to hold and bloc connections b# sending 9?KKP9 commands short before the 9smtpIdleTimeout9 is
reached.
SMTP Idle Timeout a'ter N11P -ount (smtp'((P!dleTimeout*ount)
5
The number of counts a session is allo&ed send 9?KKP9 commands follo&ing on each other' before being forcibl# disconnected.
The default is ,. ?o limit is imposed b# ASSP if the field is left blan or set to ,.
This in cooperation &ith 9smtpN11PIdleTimeout9 should prevent hacers to hold and bloc connections b# sending repeatedl#
9?KKP9 commands short before the 9smtpN11PIdleTimeout9 is reached. (f 9smtpN11PIdleTimeout9 is not defined or ,' this
value &ill be ignoredD
?otes Kn SMTP Session Himits
Notes
12.05.2014 Seite 9 von 134
3roup de'inition
Address and "omain 3roups* (+roups)
file:files/groups.txt Edit file
(f #ou don6t &ant to use group definitions' leave this field blan other&ise a file definition lie 6file:files4groups.txt6 is re8uired.
Lroup definitions could be used in an# other configuration value &here multiple user names' email addresses or domain names or
(P addresses could be defined.
3roups are defined and used using the same s#ntax @group*nameA )including the bracets- in a single line. (n the configuration
parameters' the line @group*nameA &ill be replaced b# the content of the group definition' that is done here.
All group definitions are case sensitive. Lroup names can onl# contain the follo&ing characters: A*$' a*z' ,*M' * ' N and B D
The structure of this file has to be as follo&s:
@superNspamloversA
m#Boss
ldap:Ohost:;m#NHDAPNserver:CJM'base:;)sep-D%:domain'D%:tld)sep-'user:;)sep-%?:admin'D%:domain)sep-'pass&ord:;
)sep-pass)sep-'timeout:;+'scheme:;ldap'STA7TTHS:;2'version:;CP'O)%?:management-POmemberP'O)%?:Q3SG7(DQ-P
OmailaddressP
entr#
exec:4usr4bin4listNpostfixNusers **domain m#domain **group postoffice
entr#
...
@adminsA
ldap:Ohost:;domino2.m#domain.com:CJM'base:;)sep-D%:domain'D%:tld)sep-'user:;)sep-Administrator)sep-'pass&ord:;
)sep-pass)sep-'timeout:;+'scheme:;ldap'STA7TTHS:;2'version:;CP'O)%?:HocalDomainAdmins-POmemberP'O)%?:Q
3SG7(DQ-POmailaddressP
entr#
entr#
...
@special(PHistA
2.+.C."
2+C.+C".,.,42!
::2
Hines starting &ith a R K7 S are consider a comment. Gmpt# lines &ill be ignored. An group definition stopps' if a ne& group
definition starts or at the end of the file. %omments are not allo&ed inside a definition line.
There are t&o possible methodes to import entries from an external source in to a group * the execution of a s#stem command or
a HDAP 8uer#.
To import entries via a s#stem command lie )eg. cat>grep or find or #our self made shell script-' &rite a single line that begins
&ith exec: follo&ed b# the command to be executed * lie:
exec:cat 4etc4an#dir4..txt>grep 6B6
The executed s#stem command has to &rite a comma)'- or pipe)>- or linefeed)H1'%7H1- separated list of entries to STDK3T' that
should become part of that group' &here this line is used. There could be multiple and an# combination of entr# t#pes in one
group definition.
(f #ou are familar &ith the usage of HDAP' #ou can define HDAP 8uer#s to import entries from one or more HDAP server. This is
done' defining one 8uer# per line. The s#ntax of such a line is:
ldap:OhostNandNprotocolP'OHDAPNgroupN8uer#NfilterPOHDAPNgroupN8uer#NattributNtoNreturnP'OHDAPNentr#N8uer#NfilterP
OHDAPNentr#N8uer#NattributNtoNreturnP
(f the 6hostNandNprotocol6 part is empt# OP' the default HDAP configuration &ill be used. An 6hostNandNprotocol6 part should
contain the follo&ing entries in the follo&ing structure:
Ohost:;2+/.,.,.2:CJM'base:;)sep-D%:domain'D%:tld)sep-'user:;)sep-...)sep-'pass&ord:;)sep-pass
)sep-'timeout:;..'scheme:;ldap4ldaps'STA7TTHS:;,42'version:;+4CP
The 6host6 has to be set' if #ou &ant to define an# other HDAP parameter. (f an# other parameter is not defined' the default HDAP
configuration value &ill be used' except user and pass&ord. The port definition ):xxx- in the host setting is optional * if not
defined' the default HDAP ports CJM)HDAP- and !C!)HDAPS- &ill be used. (t is possible to define a comma)'- separated list of hosts
for failover functionalit# lie 6host:;9localhost:CJM'2M+.2!J.2.2:CJM'....96 * notice the 8uotes as terminator &hich are re8uired in
this caseD
The value of the base' pass&ord and user parameter has to start and end &ith a single character )sep- as terminator' that is not
part of the value and is not used in the value. The parameter 9base9 defines the HDAP search root lie L"AP&oot .
The 6HDAPNgroupN8uer#Nfilter6 and 6HDAPNgroupN8uer#NattributNtoNreturn6 are used to 8uer# a HDAP group for it6s members
)users-. The resulting list &ill contain the re8uested attributes of all group members. The definition of these t&o parameters could
loo as follo&s:
O)T)obFectclass:dominoLroup-)%?:HocalDomainAdmins--POmemberP
(t is possible to modif# each returned value &ith a callbac*code. This is for example usefull for MS*AD 8uer#s on the attribute
6prox#addresses6' &hich returns a list of all available mail addresses )SMTP'smtp'5",,...-.
example: ldap:OP'O)T)%?:firstname lastname-)prox#addresses:smtp:.--U:s4VWs.smtp:Ws.).X-Ws.Y4Y24iPOprox#addressesP'OP
OP
U: is the re8uired separator' s4VWs.smtp:Ws.).X-Ws.Y4Y24i is the callbac code.
The callbac code has to return a value of not zero or undef on success. The code gets the HDAP result in the variable YN and has
to modif# this variable in place on success.
(t is not allo&ed to use an# of the follo&ing characters in the callbac definiton of a ldap line: OP>
The 6HDAPNentr#N8uer#Nfilter6 and 6HDAPNentr#N8uer#NattributNtoNreturn6 are used to 8uer# each member from the first 8uer#' for
it6s email address. The literal 6Q3SG7(DQ6 in the 6HDAPNentr#N8uer#Nfilter6 &ill be replaced b# each HDAP*attribute result of the
first 8uer#. The definition of these t&o parameters could loo as follo&s:
12.05.2014 Seite 10 von 134
{(&(objecttype=person)(CN=%USERID%)(o=%USERID%))}{mailaddress}
or more simple
{(&(objecttype=person)(CN=%USERID%))}{mailaddress}
!n callbac" code co#ld be #sed t$e same %ay li"e &or '(D!)*+ro#p*,#ery*&ilter' - {(&(objecttype=person)(CN=%USERID%))
.=callbac"-code}{mailaddress}/
0o brea" lon+ lines in to m#ltiple1 terminate a contin#ed line %it$ a slas$ 232
I& yo# are able to +et all res#lts (e+/ email addresses or domain names) %it$ t$e '(D!)*+ro#p*,#ery' ,#ery1 lea4e t$e de&inition o&
'(D!)*entry*,#ery*&ilter' and '(D!)*entry*,#ery*attrib#t*to*ret#rn' empty {}{}/
0$e res#lt o& eac$ +ro#p de&inition %ill be stored in a &ile in &iles3+ro#p*e5port36R7U)N!8E/t5t/
0$e +ro#ps are b#ild at e4ery start o& assp and i& t$e de&ined &ile or an incl#de &ile is stored (c$an+ed &ile time)/ 0o &orce a reload
o& all +ro#ps1 open t$e &ile and clic" 'Sa4e c$an+es' or c$an+e t$e &ile time %it$ an e5ternal s$ell script/ It is also possible to #se
GroupsReloadEvery1 to reload t$e Groups de&inition in time inter4als1 i& t$e e5ec9 or ldap9 option are #sed/
Reload the Groups definitions every this minutes
s
(GroupsReloadEvery)
60
!SS) %ill reload t$e Groups de&initon e4ery t$is min#tes1 i& t$e e5ec9 or ldap9 option is #sed in Groups/
!n 4al#e o& :ero disables t$e sc$ed#led reload/ De&a#lts to ;< min#tes/
Notes 7n 6ro#p De&initions
Notes
12.05.2014 Seite 11 von 134
SPAM Control
Regular Expression to Identify Redlisted Mail* (redRe)
I& an email matc$es t$is )erl re+#lar e5pression it %ill be considered redlisted/
redRe detects ta+s to process a mail li"e t$e recipient %ere redlisted - not$in+ else (no redlist addition3remo4al)/
0$e Redlist ser4es t%o p#rposes9
=) t$e Redlist is a list o& addresses t$at cannot contrib#te to t$e %$itelist and %$ic$ are not considered local e4en i& t$eir mail is
&rom a local comp#ter/ >or e5ample1 i& someone +oes on a 4acation and t#rns on t$eir a#toresponder1 p#t t$em on t$e redlist #ntil
t$ey ret#rn/ 0$en as t$ey reply to e4ery spam t$ey recei4e t$ey %on't corr#pt yo#r non-spam collection or %$itelist9 ?@a#toreply?A
B) Redlisted addresses %ill not be added to t$e C$itelist %$en yo#r local #ser sends mail to t$at address1 t$ereby pre4entin+
accidental poll#tion o& t$e C$itelist by1 say1 inad4ertent replies by yo#r #sers to mails &rom t$e spammer/
Redlisted messa+es %ill not be stored in t$e S)!83N70S)!8-collection/ !s all &ields mar"ed by D t$is &ield accepts a list separated
by E or a speci&ied &ile '&ile9&iles3redre/t5t'/
Add hitelist Removals !o Redlist (EmailWhiteRemovalToRed)
I& set addresses %$ic$ are remo4ed &rom C$itelist 4ia email-inter&ace %ill a#tomatically be added to t$e Redlist/ 0$e address can
only be added a+ain to t$e C$itelist a&ter it is remo4ed &rom t$e Redlist/
Spam Error (SpamError)
554 5.7.1 ERROR mail appears to be SPAM - will be blacklisted
S80) error messa+e to reject spam/ 0$e literal (7C!(D78!IN %ill be replaced by t$e recipient domain/ >or e5ample9FFG F/H/=
8ail appears to be #nsolicited -- send error reports to postmasterI(7C!(D78!IN/
"on#t $pload Griplist Stats (noGriplistUpload)
C$ec" t$is to disable t$e 6riplist #pload %$en reb#ildspamdb r#ns/ 0$e 6riplist contains I)s and t$eir 4al#e bet%een < and =1
lo%er is less spammy1 $i+$er is more spammy/ 0$is 4al#e is called t$e +rip 4al#e/
"on#t auto%do&nload the Griplist file (noGriplistDownload)
Set t$is c$ec"bo51 i& yo# don't #se t$e 6riplist/ Jo# $a4e to disable also noGriplist$pload to do%nload t$e 6riplist/
Store Assp%'eader into Spam Colle(tion (StoreASSPHeader)
!dd 2K-!ssp-2 to t$e collected spam-mails/
Add Envelope%Re(ipient 'eader (AddIntendedorHeader)
!dds t%o lines to t$e email $eader9 2K-!ssp-Intended->or9 #serIdomain2 and 2K-!ssp-En4elope->rom9 #serIdomain2/
)lo(* +utgoing Spam%Pro, header (!oE"ternalSpamPro#)

C$ec" t$is bo5 i& yo# don't %ant yo#r K-!ssp-Spam-)rob $eader on e5ternal mail
Note t$is means mail &rom local #sers to local #sers %ill also be missin+ t$e $eader/
Add Spam 'eader (AddSpamHeader)

!dds a line to t$e email $eader 2K-!ssp-Spam9 JES2 i& t$e messa+e is spam/
Add Custom 'eader (Add$ustomHeader)
X-SMSMSE-SC! "
!dds a line to t$e email $eader i& t$e messa+e is spam/ >or e5ample9 -%Spam%Status.yes
Add Graphi(al /evel 'eader (Add%evelHeader)

!dds a line to t$e email $eader 2K-!ssp-Spam-(e4el9 DDDD 2 s$o%in+ t$e total messa+e score represented by stars (= - B<)1 e4ery
star represents &i4e scorin+ points/
Add -%ASSP%+riginal%Su,0e(t 'eader (AddSu#&e'tHeader)
!dds a line to t$e email $eader 2K-!SS)-7ri+inal-S#bject9 t$e s#bject2/
Add Spam Reason 'eader (AddSpamReasonHeader)

!dds a line to t$e email $eader 2K-!ssp-Spam-Reason9 2 e5plainin+ %$y t$e messa+e is spam/
Notes 7n Spam Control
#otes
12.05.2014 Seite 12 von 134
Copy Spam 1 'am
Copy Spam and Send to this Address (sendAllSpam)
I& t$is is set !SS) %ill deli4er a copy o& spam mails to t$is address/ >or e5ample9 spammasterImydomain/com/ 0$e literal
USERN!8E is replaced by t$e #ser part o& t$e recipient1 t$e literal D78!IN is replaced by t$e domain part o& t$e recipient/ >or
e5ample9 USERN!8EISpam/D78!IN1 USERN!8ELSpamID78!IN1 catc$allspamt$isID78!IN/ Separate m#ltiple entries by
comma or space/ 0o deli4er copy o& spams based on t$e domain name (only some special $osted domains)1 #se
((SpamIn"omain /
Copy Spam and Send to this Address per "omain* (''SpamInDomain)
!SS) %ill deli4er an additional copy o& spam emails o& a domain to t$is address (e4en i& sendAllSpam is not set) - i& t$e domain
o& t$e recipient-address is matc$ed/ >or e5ample9 monitorspamIe5ample=/comEmonitorIe5ampleB/com/
Copy Spam SM!P "estination (sendAllDestination)
)ort to connect to %$en Spam messa+es are copied/ I& blan" t$ey +o to t$e main S80) Destination/ e+ 2=</</=/M9=<BF21
2SS(9=</</=/M9G;F21 2=<BF21 etc/
Copy Spam to these Re(ipients +nly* (''Spamilter)
Restricts Copy Spam to t$ese recipients/ !ccepts speci&ic addresses (#serIdomain/com)1 #ser parts (#ser) or entire domains
(Idomain/com)/ Cildcards are s#pported (&riboDIdomain/com)/
Copy Spam to these Re(ipients al&ays* (''SpamAlways)
Copy Spam to t$ese recipients re+ardless o& collection mode/ !ccepts speci&ic addresses (#serIdomain/com)1 #ser parts (#ser) or
entire domains (Idomain/com)/ Cildcards are s#pported (&riboDIdomain/com)/
"o 2ot Copy Spam Regex* (''Spam!everRe)
Ne4er Copy Spam re+ardless o& collection mode/ )#t anyt$in+ $ere to identi&y messa+es %$ic$ s$o#ld not be copied/
"o 2ot Copy Messages A,ove !his Message!otal s(ore (''(a"S'ore)
8essa+es %$ose score e5ceeds t$is t$res$old %ill not be copied/ >or e5ample9 HF
Restri(t Copy Spam to Max)ytes (''(a")ytes)

CC8ail %ill c#t o&& Spam mails1 t$ereby red#cin+ t$e load considerably (recommended)/
Prepend Spam Su,0e(t to Copied Spam (spamSu#&e't$$)
I& set1 spamSu,0e(t +ets prepended to t$e s#bject o& t$e copied messa+e/
Prepend Spam !ag to Copied Spam (spamTa*$$)

0$e c$ec" %$ic$ ca#sed t$e spam detection %ill be prepended to t$e s#bject o& t$e messa+e/ >or e5ample9 @DNSN(A
Copy 2ot%Spam SM!P "estination (sendAllHamDestination)
)ort to connect to %$en Oam messa+es are copied/ I& blan" t$ey +o to t$e Spam S80) Destination/ e+ 2=</</=/M9=<BF21
2SS(9=</</=/M9G;F211 2=<BF21 etc/
Copy In(oming 2ot%Spam and Send to this Address (sendHamIn#ound)
I& yo# p#t an address in t$is bo5 !SS) %ill &or%ard a copy o& notspam messa+es &rom o#tside to t$is address/ 0$e literal
USERN!8E is replaced by t$e #ser part o& t$e recipient1 t$e literal D78!IN is replaced by t$e domain part o& t$e recipient/ >or
e5ample9 arc$i4Imydomain/com1 USERN!8EImybac"#p/domain1 catc$all&ort$isID78!IN
Copy +utgoing 2ot%Spam and Send to this Address (sendHam+ut#ound)
I& yo# p#t an address in t$is bo5 !SS) %ill &or%ard a copy o& o#t+oin+ notspam messa+es to t$is address/
Copy 'am 3ilter* (''Hamilter)
Copy Not-Spam to t$ese addresses only/ !ccepts speci&ic addresses (#serIdomain/com)1 #ser parts (#ser) or entire domains
"o 2ot Copy 'am 3ilter* (''nHamilter)
12.05.2014 Seite 13 von 134
Do Not Copy Oam to t$ese addresses/ !ccepts speci&ic addresses (#serIdomain/com)1 #ser parts (#ser) or entire domains
((Mail Re(ipient Repla(ement (''(ailRepla'eRe'pt)
0$e recipient replacement (Repla(eRe(pt) r#les &rom t$e 2Recipients3(ocal Domains2 section1 %ill be #sed to replace cc8ail
recipients/ >or e5ample9 send'amIn,ound = USERN!8EIyo#rspamdomain/lan - in t$is case yo# are able to detect t$e tar+et
domain 2yo#rspamdomain/lan2 in a r#le and yo# can replace t$e recipient3domain dependin+ on its 4al#es and3or on t$e senders
address/
Notes 7n CC 8essa+es
#otes
12.05.2014 Seite 14 von 134
SPAM /over4'ater
Suppress SpamSu,0e(t to Spam%/over%Messages (spamSu#&e'tS%)
I& set1 spamSu,0e(t and spam!ag does N70 +et prepended to t$e s#bject o& t$e Spam-(o4er-8essa+e/
Suppress Spam!ags to Spam%/over%Messages (spamTa*S%)

I& set1 spam0a+s does N70 +et prepended to t$e s#bject o& t$e Spam-(o4er-8essa+e/
Group Spam/overs and 2ot Spam/overs per mail (*roupSpam%overs)
I& set1 t$e &irst en4elope recipient consider a mail to be &or spamlo4ers or not/ I& t$e &irst en4elope recipient is any Spam(o4er1 all
ot$er (&ollo%in+) en4elope recipients m#st be also any Spam(o4er (or re4erse) - i& not1 t$eir address %ill be not accepted by !SS)
&or t$is sin+le mail and 'GFB too many recipients' %ill be sent/
All Spam%/over* (spam%overs)
Thomas.Eckardt@hen-sch.de|@thockar.com
8essa+es to Spam-(o4ers are processed and &iltered by !SS)1 b#t +et ta++ed %it$ spamSu,0e(t and are not bloc"ed/ C$en a
Spam-(o4er is not t$e sole recipient o& a messa+e1 t$e messa+e is processed normally1 and i& it is &o#nd to be spam1 it %ill not be
deli4ered to t$e Spam-(o4er/ !ccepts speci&ic addresses (#serIdomain/com)1 #ser parts (#ser) or entire domains (Idomain/com)/
Cildcards are s#pported (&riboDIdomain/com)/ De&a#lt9 postmasterEab#se/
>or e5ample9 &riboDIt$isdomain/comEj$annaEIsilly+#ys/or+
0$is option and all Spam(o4er-7ptions belo% acceptin+ a second score parameter li"e 2#serIyo#r-domain/com=PH<2
I& s#c$ a parameter is de&ined in any option &or an entry and t$e recipient address matc$es t$is entry and t$e messa+e score
e5ceeds t$e parameter 4al#e1 t$e messa+e %ill be bloc"ed/
I& t$ere are m#ltiple possible matc$es &or a recipient address &o#nd1 t$e +eneric lon+est matc$ (and 4al#e) %ill be #sed/
!SS) %ill #se t$e $i+$est &o#nd 4al#e &or all recipients o& an email/
Regular Expression to Identify Spam%/over* (Spam%oversRe)
I& a messa+e matc$es t$is re+#lar e5pression it %ill be considered a Spam-(o4er messa+e/
)ayesian Spam%/over* (#aysSpam%overs)
Regular Expression to Identify )ayesian Spam%/over* (#aysSpam%oversRe)
I& a messa+e matc$es t$is re+#lar e5pression it %ill be considered a Nayesian Spam-(o4er messa+e/ >or e5ample9 pass%orEne%s
"o not store )ayesian Spam%/over in Spam") (#aysSpam%oversRed)
I& set1 mail to Nayesian Spam-(o4er %ill not be stored in Spam3Notspam &older/
)la(*listed "omains Spam%/over* (#lSpam%overs)
)om, Spam%/over* (#om#Spam%overs)
'E/+ )la(*listed Spam%/over* (hlSpam%overs)
5alid4Invalid 'elo* (hiSpam%overs)
)ad Atta(hment Spam%/over* (atSpam%overs)
SP3 3ailures Spam%/over* (sp,Spam%overs)
"2S)/ 3ailures Spam%/over* (r#lSpam%overs)
$RI)/ 3ailures Spam%/over* (uri#lSpam%overs)
$nsigned SRS )oun(es Spam%/over * (srsSpam%overs)
12.05.2014 Seite 15 von 134
No Delaying Spam-Lover* (delaySpamLovers)
Invalid Sender Spam-Lover* (isSpamLovers)
Missing MX Spam-Lover* (mxaSpamLovers)
Invalid/Missing PTR Spam-Lover* (ptrSpamLovers)
Penalty Bo Blo!"ing Spam-Lover * (pbSpamLovers)
#o$ntry Blo!"ing Spam-Lover * (sbSpamLovers)
%ll Spam-&aters* (spamHaters)
Spam-Haters are used to override Spam-Lovers. Example: If you have set your entire domain as a Spam-Lover(s), but there are
still some addresses you still ish to blo!" spam for. If you add those addresses to the Spam-Haters field allos messa#es to only
those addresses to be blo!"ed hile still alloin# the messa#es to the other Spam-Lovers pass throu#h. $he messa#e ill only be
blo!"ed if all re!ipients are Spam-Haters. %!!epts spe!ifi! addresses (user&domain.!om), user parts (user) or entire domains
(&domain.!om). 'ild!ards are supported (fribo(&domain.!om).
)or example: (fribo&thisdomain.!om*+hanna*&silly#uys.or#
Bayesian Spam-&ater* (baysSpamHaters)
DNSBL 'ail$res Spam-&ater* (rblSpamHaters)
&(L) Bla!"listed Spam-&ater* (hlSpamHaters)
S*it!+ Spam-Lover to Message S!oring (switchSpamLoverToScoring)
,ut the filter automati!ally in -.essa#e S!orin# .ode- hen DoPenaltyMessage is set (instead of stoppin# spam pro!essin#
alto#ether).
/otes 0n Spam-Lover
Notes
12.05.2014 Seite 16 von 134
No Pro!essing
No Pro!essing IPs* (noProcessingIPs)
file:files/ipnp.txt Edit file
.ail from any of these I,1s ill pass throu#h ithout pro!essin#.
)or example: 234.234.234.234*235.234.
$o define I,1s only for spe!ifi! email addresses or domains (re!ipients) you must use the file:... option
%n entry (line) may loo" as follos:
234.235.6.672589(&lo!al.domain*user&mydomain*user:&(.mydomain ; !omment
It is possible to define a predefined #roup on any or both sides of the 1891 separator, li"e:
<ip#roup=89<user#roup=*user&mydomain
/0$I>E: the folloin# !ombination of to entries, ill lead in to a user7domain based mat!hin# - the #lobal entry ill be i#nored?
234.235.6.6725 ; !omment
If multiple user7domain based entries are defined for the same I,, only the last one ill be used?
%ll fields mar"ed by 1(1 a!!ept a filepath7filename : 1file:files7ipnp.txt1.
No Pro!essing %ddresses* (noProcessing)
.ail solely to or from any of these addresses are proxied ithout pro!essin#. $he envelope sender and re!ipients are !he!"ed. Li"e
a more effi!ient version of Spam-Lovers @ redlist !ombined. %!!epts spe!ifi! addresses (user&domain.!om), user parts (user) or
entire domains (&domain.!om). 'ild!ards are supported (fribo(&domain.!om). If you re#ister $0 addresses here, all re!ipients
for a sin#le mail must be mar"ed as nopro!essin# to fla# the mail as -nopro!essin#-.
No Pro!essing %ddresses 'rom* (noProcessingFrom)
.ail solely from any of these addresses are proxied ithout pro!essin#. %!!epts spe!ifi! addresses (user&example.!om), user
parts (user) or entire domains (&example.!om). 'ild!ards are supported (fribo(&example.!om).
No Pro!essing Domains* (noProcessingDomains)
sourceforge.net
Aomains from hi!h you ant to re!eive all mail and proxy ithout pro!essin#. Bour IS,, domain re#istration, mail list servers,
sto!" bro"er, or other "ey business partners mi#ht be #ood !andidates. /ote this mat!hes the end of the address, so if you don1t
ant to mat!h subdomains then in!lude the &. /ote that buy.!om ould also mat!h spambuy.!om but .buy.!om on1t mat!h
buy.!om. )or example: sour!efor#e.net*&#oo#le.!om*.buy.!om
Reg$lar (pression to Identi,y No Pro!essing Mail* (npRe)
NPM09355
If a messa#e mat!hes this ,erl re#ular expression %SS, ill treat the messa#e as a 1/o ,ro!essin#1 mail. )or example: 25CD.:43
D.2::D.*2E:D.25D.*D<autoreplyD=.
Message Si-e Limit (npSie)
500000
%SS, ill treat in!omin# messa#es lar#er than this SIFE (in bytes) as 1/o ,ro!essin#1 mail, after the header part of the mail is
re!eived ithout any error. Empty or 6 disables the feature.
Message Si-e Limit )$tgoing (npSie!"t)
500000
%SS, ill treat out#oin# messa#es lar#er than this SIFE (in bytes) as 1/o ,ro!essin#1 mail. Empty or 6 disables the feature.
Pro!ess )nly T+ese %ddresses* (process!nly#ddresses)
.ail solely to or from any of these addresses ill be pro!essed by %SS,. %ll others ill be proxied ithout pro!essin#. %!!epts
spe!ifi! addresses (user&domain.!om), user parts (user) or entire domains (&domain.!om). 'ild!ards are supported
(fribo(&domain.!om).
/ote that if an address mat!hes both the /o,ro!essin# and the 0nly$hese,ro!essin# lists, the /o,ro!essin# rules ta"e
pre!eden!e.
(na.le Pro!ess )nly %ddresses (poTest$ode)
/otes 0n /o ,ro!essin#
Notes
12.05.2014 Seite 17 von 134
/+itelisting
/+itelisted IPs* (whiteListedIPs)
file:files/ipwl.txt Edit file
edit Groups file
$hey !ontribute to the 'hitelist and to /otspam. )or example: 234.234.234.234*235.234.*235.234.6.6725. It is re!ommended to
use the >IAG notation.
$o define I,1s only for spe!ifi! email addresses or domains (re!ipients) you must use the file:... option
%n entry (line) may loo" as follos:
It is possible to define a predefined #roup on any or both sides of the 1891 separator, li"e:
<ip#roup=89<user#roup=*user&mydomain
/0$I>E: the folloin# !ombination of to entries, ill lead in to a user7domain based mat!hin# - the #lobal entry ill be i#nored?
234.235.6.6725 ; !omment
If multiple user7domain based entries are defined for the same I,, only the last one ill be used?
%ll fields mar"ed by 1(1 a!!ept a filepath7filename : 1file:files7ipl.txt1.
Reg$lar (pression to Identi,y Non-Spam* (whiteRe)
7007|2002399|5475599
If an in!omin# email mat!hes this ,erl re#ular expression it ill be !onsidered hitelisted.
)or example: Se!ret Ham ,assord*H6EDAI6,HJEH6DAI6,HJ3<2:=DdDd
)or help ritin# re#ular expressions !li!" +ere.
I.,0G$%/$: $he body is s!anned in a later sta#e %)$EG all sender related !he!"s are performed. So a hite re#ular expression
here mi#ht not prevent the messa#e to be blo!"ed by e#. invalid ,$G. Set the sender related !he!"s to s!ore only if you ant to
ma"e sure that the hite re#ular expression ill be seen. Some thin#s you mi#ht in!lude here are your offi!e phone number or
street address, spam rarely in!ludes these details. .
/+itelisted Domains and %ddresses* (whiteListedDomains)
file:files/whitedomains.txt Edit file
Aomains and addresses from hi!h you ant to re!eive all mail. Bour IS,, domain re#istration, mail list servers, sto!" bro"er, or
other "ey business partners mi#ht be #ood !andidates. Ke !areful not to put idely used domains here li"e #oo#le.!om or
hotmail.!om. 0ur re!ommended approa!h is to put hitelisted domains into *+iteSenderBase. /ote this mat!hes the end of the
address, so if you don1t ant to mat!h subdomains then in!lude the &. /ote that example.!om ould also mat!h
spamexample.!om but .example.!om on1t mat!h example.!om. 'ild!ards are supported. )or example:
sour!efor#e.net*#roup(&#oo#le.!om*.example.!om
It is possible to ma"e email addresses hitelisted only for a set of lo!al domains and7or lo!al users. Lse ild!ards (( and M) to
define domains.
Lse the folloin# syntax to do this:
(&anydomain89(&anyNlo!alNdomain - for domain to domain
(&(.anydomain89(&anyNlo!alNdomain - for any sub-domain to domain
user&anydomain89(&(.anyNlo!alNdomain - for user to any sub-domain
It is possible to define more than one entry at the left and the ri#ht side of the definition (89), li"e:
(&anydomain*(&otherNdomain89(&anyNlo!alNdomain*(&otherNlo!alNdomain - alays separate multiple entries by pipes
It is also possible to use a OroupAefinition in any or both sides, li"e:
<sender#roup=89<re!ipient#roup=
<sender#roup2=*<sender#roup:=*(&domain89<re!ipient#roup2=*<re!ipient#roup:=*user&lo!alNdomain
/0$I>E - that the lo!al email addresses and domains are not !he!"ed to be lo!al on!e
/ild!ard 0ser ,or /+ite Domain (wildcard%ser)
If you add this user via email-interfa!e(e#: (&domain.!om), the hole domain ill be hitelisted. )or example: 1(1
(na.le Realtime /+itelist 1alidation (&alidateR'L)
G'L: Geal-time hite list. $hese are lists of I, addresses that have someho been verified to be from a "non #ood host. Senders
that pass G'L validation ill pass I,-based filters. $his rePuires an installed Net22DNS module in ,EGL.
/+itelist all R/L 1alidated %ddresses (R'Lwhitelisting)
If set, the messa#e ill also pass Kayesian )ilter and LGIKL.
R/L Servi!e Providers* (R'LServiceProvider)
!uer".#ondedsender.or$|exemptions.ah#l.or$|iad#.isipp.%om|hul.ha#eas.%om
Host /ames of G'Ls to use separated by -*-.
Examples are:
list.dnsl.or#*Puery.bondedsender.or#*!ml.anti-spam.or#.!n*iadb.isipp.!om*hul.habeas.!om
Maim$m Replies (R'Lmaxreplies)
12.05.2014 Seite 18 von 134
3
% reply is affirmative or ne#ative reply from a G'L. $he G'L module ill ait for this number of replies (ne#ative or positive) from
the G'Ls listed under Servi!e ,rovider for up to the .aximum $ime belo. $his number should be ePual to or less than the
number of G'L Servi!e ,roviders listed to allo for randomly unavailable G'Ls.
Minim$m &its (R'Lminhits)
1
% hit is an affirmative response from a G'L. $he G'L module ill !he!" all of the G'Ls listed under Servi!e ,rovider, and fla# the
email ith a G'L pass fla# if ePual to or more than this number of G'Ls return a postive hitelisted response. $his number
should be less than or ePual to .aximum Geplies above and #reater than 6
Maim$m Time (R'Lmaxtime)
10
$his sets the maximum time to spend on ea!h messa#e performin# G'L !he!"s
Don3t 1alidate R/L ,or t+ese IPs* (noR'L)
Enter I, addresses that you don1t ant to be G'L validated, separated by pipes (*). )or example: 234.234.234.234*235.234.
%dd X-%ssp-Re!eived-R/L &eader (#ddR'LHeader)

%dd Q-%ssp-Ge!eived-G'L header to header of all mails pro!essed by G'L.
R/L #a!+e Re,res+ Interval (R'L(acheInterval)
30
I,1s in !a!he ill be removed after this interval in days. 6 ill disable the !a!he. Show RWL Cache
Priva!yLevel o, t+e /+itelist ('hitelistPrivacyLevel)
global & private(legacy)
Sets the priva!y level of the *+itelistd. . If an (lo!al) user adds an email address to the hitelist:
(6) #lobal @ private - this email address is automati!aly hitelisted for all other lo!al users
(2) domain @ private - this email address is automati!aly hitelisted for all other lo!al users in the same lo!al domain
(:) private only - this email address is only hitelisted for this sin#le lo!al user
(6-2) unless another user has removed this email address from his hitelist. Aefault is Rero, hi!h is the le#a!y settin#.
/0$I>E: independend from this settin#, the *+itelistd. is filled ith all three entries (#lobal,domain,private), to ma"e it possible
to !han#e this value.
Ma /+itelist/Personal Bla!" Days ($ax'hitelistDays)
360
$his is the number of days an address ill be "ept on the hitelist and personal bla!"list ithout any email to7from this address.
Set it to 6 to "eep the entries infinity.
Re4e!t %ll B$t /+itelisted Mail ('hitelist!nly)
>he!" this if you don1t ant Kayesian filterin# and ant to re+e!t all mail from anyone not hitelisted. $o do this related to lo!al
user addresses, use Internal%nd/+ite%ddresses and sit!h this option off.
)nly (mail-Inter,a!e %ddition to /+itelist5 ()o#"to'hite)
>he!" this box to allo additions to the hitelist by email interfa!e only.
No %$to/+ite %ddresses* ()o#"to'hite#dresses)
.ail solely to or from any of these addresses are ex!luded from automati! hitelist additions. %!!epts spe!ifi! addresses
(user&domain.!om), user parts (user) or entire domains (&domain.!om). 'ild!ards are supported (fribo(&domain.!om).
)nly t+e envelope-sender is added/!ompared to t+e *+itelist ()ot*reedy'hitelist)
check all addresses
/ormal operation in!ludes addresses in the )G0., SE/AEG, GE,LB-$0, EGG0GS-$0, or LIS$-( header fields.
$his allos nearly all list email to be hitelisted. If set to 1envelope-sender only1, only this address is !ompared7added.
If set to 1!he!" all addresses - one mat!h for hite - add all1, one mat!h in any of this fields is enou#h to #et hite and all
addresses ill be added to hitelist.
If set to 1!he!" all addresses - all mat!hes for hite - update all1, all defined addresses in all defined fields must be already
hitelisted for a messa#e to #et a hitelisted state and all addresses ill updated in hitelist.
If any address is found in redlist, no hitelist addition ill be done and the messa#e #ets not hite.
If the penalty s!ore of a messa#e has rea!hed PenaltyMessageLo* , or the S,)-!he!" has failed, or the ASI.-!"e!" has failed
no hitelist addition ill be done.
'ill not do anythin# if you add7remove hitelist entries via email-interfa!e.
&o* add 6reedy Senders to /+itelist (*reedy'hitelist#dditions)
oe
Aefines hat sender addresses are added to the hitelist if a messa#e is !onsidered to be from a hitelisted sender.
Not6reedy/+itelist is !onsidered in determinin# if a messa#e is from a hitelisted sender.
12.05.2014 Seite 19 von 134
)nly lo!al or a$t+enti!ated $sers !ontri.$te to t+e *+itelist5 ('hitelistLocal!nly)
/ormal operation allos all lo!al, authenti!ated, or hitelisted users to !ontribute to the hitelist.
>he!" this box to not allo hitelisted users to add to the hitelist.
)nly $sers *it+ a lo!al domain in mail,rom !ontri.$te to t+e *+itelist5 ('hitelistLocalFrom!nly)
>he!" this box to prevent sender ith non-lo!al domains from !ontributin# to the hitelist. (for example: redire!ted messa#es).
/+itelist mails ,rom a$t+enti!ated $sers5 ('hitelist#"th)
.ails from authenti!ated users ill be pro!essed as hitelisted.
Save /+itelist
s
(%pdate'hitelist)
3600
Save a !opy of the hite list every this many se!onds. Empty or Fero ill prevent any savin# and the !leanup of old re!ords.
/otes 0n 'hitelist
!otes
12.05.2014 Seite 20 von 134
Relaying
Accept All Mail* (acceptAllMail)
Relaying is allowed for these IPs. They contribute also to the whitelist. This can take either a directly entered list of IP's separated
by pipes or a file 'file:files/acceptall.txt'.
For exaple: !"#.!"#.!"#.!"#$!"%.!"#.
Do Local Domain Check for Local Sender (DoLocalSenderDomain)
If acti&ated' each local sender address ust ha&e a &alid (ocal )oain.
Do Local Address Check for Local Sender (DoLocalSenderAddress)
If acti&ated' each local sender address ust ha&e a &alid (ocal *ddress.
Skip Local Domain Check (nolocalDomains)
)o not check relaying based on localDomains. (et the ailser&er do it. NOT RCOMMNDD.
Do LDA! look"p for local domains (ldLDAP)
+heck local doains against an ()*P database.
,ote: +hecking this re-uires filling in ()*P )oainFilter . ldLDA!#ilter / in the ()*P section.
This re-uires an installed NT$$LDA! odule in Perl.
%S!&Secondary M' Ser(ers* (ispip)
0nter any addresses that are your I1P or backup 23 ser&ers' separated by pipes .$/.
These addresses will .necessarily/ bypass 4riplist' IP (iiting' )elaying' Penalty 5ox' 1PF' ),15( 6 1R1 checks unless the IP can
be deterined by .isp)ostnames/ I1P/1econdary 7ostnaes. For exaple: !89.:.:.!$!98.!%..
Reg"lar *pression to %dentify #or+arded Messages* (contentOnlyRe)
Put anything here to identify essages which should bypass P5' 1ender ;alidation' 4riplist' IP (iiting' )elaying' 1PF' ),15( 6
1R1 checks. For exaple: eail addresses of people who are forwarding fro other accounts to their ailbox on your ser&er.
Reg"lar *pression to %dentify %S!&Secondary )ostnames* (ispHostnames)
7ostnaes .regular expression/ to lookup the IP that connected to the I1P/1econdary ser&er.
If found' this address is used to perfor IP<based checks on forwarded essages.
For exaple: x!=.yourisp=.co or x!=.yourisp=.net$x8=.yoursecondary=.co . This hostnames are found in the 'Received:'
header, like 'Received: from ...123.123.123.123... by mx1.yourisp.com'. (ea&e this blank to disable the feature.
Send ,-. O/ To %S!&Secondary M' Ser(ers (send25O!"SP)

1et this checkbox if you want *11P to reply to IP's in I1PIP with '8#: >?' instead of 12TP error code '##" #.9.!'.
%S!&Secondary M' 0rip 1al"e (isp#rip$alue)
0.5
It is recoended to set it to :.# .+opletely 4ReyIP/ for I1P and 1econdary 23 ser&ers. If left blank the 4riplist 3 &alue is used
.percentage of spa essages in relation to total/.
,ote: &alue has to be greater than : and less than !' where : @ ne&er spa and ! @ always spa
2o"nce Senders* (%ounceSenders)
postmaster|mailer-daemon|renzo.derry@ungstrup.com|maneyipr@ungstrup.com|ney-rieveley@kuwano.co.jp|aylinbaris@gmail.com|bell-messer@acs2000.net|tammiesimon@fix.net|cmwvitellarium@range.com|!os!i-tos!i!iko@fivestarenviro.com|bruegel@lycos.com|sop!eim@rodriguezlaw.com|d!maumets@want"d.com|dusty@winternet.com|#kxcftinc@!otmail.com|denis@nilsonreport.com|jan@fujixerox.co.jp|buncoked@ultrastretc!away.com|mxbio!erm@trimtalk.com|me!ul$monteiro@2stie!l.net|i!sd%wto@advsol.com|griesel@itmcg.net|info@gaylin.org|irepray@d!m-cctv.com|l!inundate@candaceellman.com|anel-roland@informatica-web.com|yrzbombacaceous@e-artmusic.com|xcpwkvmt@!otmail.com|!ammel@potetc!ips.net|pasc!edag@potetc!ips.net|neu@web.de|vrrboatside@e-ssimo.com|vg!ozffy@!otmail.com|b!at@&20interactive.net|narbe!@cosburn.ca|bellow@atomic.com|janet@apostolicvideo.com|c!aumaggee@antares.org|antwanedmonds@mail2world.com|vescoburt@vuuu.com|jaimemosesij@wal-mart.com|sonia@lans!eng.net|cnaimbecilitate@soldbyowner!omes.com|s!aron&soua0&@bis.midco.net|dabackplanes@msiforums.com|tris!a@fujitsu.com|info@galuska.de|krjserwamby@gigsdigs.com|bpalpifer@mes!-e.com|c!ascrissy@goodwill-rdg.org|ccxcxkxfrukzzr@msn.com|lunimbodied@spunkfactor.com|yijagreer@maelstromliving.com|fcalstonidine@jonkidney.com|bairagirkiy@raysappliances.com|br!odeszn@nort!state.net|gdcorneas@s!a!as.com|tcalcareosiliceous@marryusinbigbear.com|tgwpsrjdy@bnpparibas.com|t!omas.ebert@t-online.de|gygbwye@!otmail.com|!sjjnoimr@msn.com|s!arky%2&@cbs-print.ru|blodgett@marketwatc!.dk
0n&elope sender addresses treated as bounce origins. ,ull sender .AB/ is always included.
*ccepts specific addresses .postasterCdoain.co/' usernaes .ailer<daeon/' or entire doains .Cbounces.doain.co/
1eparate entries with pipes: $. For exaple: postaster$ailer<daeon
!op 2efore SMT! D2 #ile (Pop%&SM'P(ile)
0nter the )5 database filenae of your P>P before 12TP ipleentation with records stored for dotted<-uad IP addresses.
For exaple: /etc/ail/popip.db
!op 2efore SMT! Merak Style (Pop%&SM'PMera))
If set 2erak 9.#.8 is supported.
Relay )ost (relayHost)
0.%'..%0(&25
Dour isp's ail relayhost .sarthost/. For exaple: ail.isp.co:8#
If you run 0xchange/,otes and you want assp to update the nonspa database and the whitelist' then enter your isp's stp relay
host here. 5lank eans no relayhost. >nly re-uired if clients don't deli&er through 12TP. 1eparate ultiple entries by E$E.
If you need to connect to the relay host using nati&e 11(' write '11(:' in front of the IP/host definition. In this case the Perl
odule %O$$Socket$$SSL ust be installed and enabled . "se%OSocketSSL /.
0xaples: yourFI1PF1er&er:8#' !"G.!.!.!:8#' 11(:!"G.!.!.8:"%#$anyFotherFhost:8# H
12.05.2014 Seite 21 von 134
3ser to A"thenticate to Relay )ost (relayAut*+ser)
The usernae used for 12TP *IT7 authentication to the relayhost < for exaple' if your I1P need authentication on the 12TP
portH 1upported authentication ethodes are P(*I,' (>4I,' +R*2<2)# and )I401T<2)# . If the relayhost offers ultiple
ethodes' the one with highest security option will be used. The Perl odule A"then$$SASL ust be installed to use this featureH
The usage of this feature will be skipped' if the sending 2T* uses the *IT7 coand. (ea&e this blank' if you do not want use
this feature.
!ass+ord to A"thenticate to Relay )ost (relayAut*Pass)
The password used for 12TP *IT7 authentication to the relayhost H (ea&e this blank' if you do not want use this feature.
Relay !ort (relayPort)
625
Tell your ail ser&er to connect to this IP/port as its sarthost / relayhost. For exaple: 88#
,ote that you'll want to keep the relay!ort protected fro external access by your firewall.
Dou can supply an interface:port to liit connections. 1eparate ultiple entries by E$E.
Examles: 88#' !89.:.:.!:88#' !G8.!%J.!.!:88#$!G8.!%J.8.!:88#
H
Allo+ Relay Connection from these %!4s* (allo,Relay-on)
0nter any addresses that are allowed to use the relay!ort ' separated by pipes .$/. If epty' any ip address is allowed to connect
to the relay!ort. If this option is defined' keep in ind : *ddresses defined in acceptAllMail are NOT autoaticly included and
ha&e to be also defined here' if the should allow to use the relay!ort. For exaple: !89.:.:.!$!98.!%..
No Relaying rror (.oRelayin#)
550 Relaying not allowed
12TP error essage to deny relaying.
Defa"lt Local )ost (de/aultLocalHost)
If you want to be able to send ail to local users without a doain nae then put the default local doain here.
5lank disables this feature. For exaple: ydoain.co .
Local #re5"ency %nter(al (Local(re0uency"nt)
0
The tie inter&al in seconds in which the nuber of en&elope recipients per sending address has not to exceed a specific nuber
. Local#re5"encyN"mRcpt /.
Ise this in cobination with Local#re5"encyN"mRcpt to liit the nuber of recipients in a gi&en inter&al' to pre&ent local
abuse < for exaple fro highKacked local accounts. * &alue of : .default/ will disable this feature and clean the cache within fi&e
inutes. It is recoended to enable DoLocalSenderAddress and/or DoLocalSenderDomain' if you want to use this feature.
To gi&e users the chance to infor an adin about such blocked ails' local ails to mailAdmins are ne&er blocked because of
that feature.
edit local Frequency Cache
Local #re5"ency Recipient N"m6er (Local(re0uency.umRcpt)
0
The nuber of en&elope recipients per sending address that has not to exceed in a specific tie inter&al . Local#re5"ency%nt /.
Ise this in cobination with Local#re5"ency%nt to liit the nuber of recipients in a gi&en inter&al' to pre&ent local abuse < for
exaple fro highKacked local accounts. * &alue of : .default/ will disable this feature and clean the cache within fi&e inutes. It
is recoended to enable DoLocalSenderAddress and/or DoLocalSenderDomain' if you want to use this feature. To gi&e
users the chance to infor an adin about such blocked ails' local ails to mailAdmins are ne&er blocked because of that
feature.
edit local Frequency Cache
Check local #re5"ency for this 3sers only* (Local(re0uencyOnly)
* list of local addresses' for which the 'local fre-uency check' should be done. (ea&e this field blank .default/' to do the check for
e&ery address.
*ccepts specific addresses .userCdoain.co/' user parts .user/ or entire doains .Cdoain.co/. Lildcards are supported
.friboMCdoain.co/.
For exaple: friboMCthisdoain.co$Khanna$Csillyguys.org
Check local #re5"ency NOT for this 3sers* (.oLocal(re0uency)
* list of local addresses' for which the 'local fre-uency check' should not be done. ,oprocessing essages will skip this check.
*ccepts specific addresses .userCdoain.co/' user parts .user/ or entire doains .Cdoain.co/. Lildcards are supported
.friboMCdoain.co/.
For exaple: friboMCthisdoain.co$Khanna$Csillyguys.org
12.05.2014 Seite 22 von 134
Check local #re5"ency NOT for this %!4s* (.oLocal(re0uency"P)
* list of local IP<addresses' for which the 'local fre-uency check' should not be done.
For exaple: !"#.!"#.!"#.!"#$!"#.!"%.
0enerate and Add D/%M signat"res to relayed messages (#enD!"M)
If selected' *11P will add )?I2 signatures to relayed essages if it finds a &alid )?I2 configuration in D/%MgenConfig for the
sending doain. This will also be done for noprocessing ails. This re-uires an installed Mail$$D/%M odule in P0R(.
The #ile +ith the D/%M config"rations* (D!"M#en-on/i#)
file:dkim/dkimconfig.txt Edit file
The file that contains the )?I2 configuration. * description how to configure )?I2 could be found in the default file
dki/dkiconfig.txt.
,otes >n Relaying
Notes
12.05.2014 Seite 23 von 134
Recipients&Local Domains
remo(e #oreign 2CC (remo$e(orei#n%--)
Reo&e foreign 5++: header lines fro the ail header. The reo&e is done before the Do)eaderAddrCheck is doneH
Check TO7CC and 2CC headers (DoHeaderAddr-*ec))
If enabled T>: ' ++: and 5++: header lines are checked the following way:
!. a possible recipient replaceent is done
8. local eail address &alidation is done < if >?' the next address or headerline is processed
N. spamtrapaddresses will be detected < scored with st1alence!2 < mail is 6locked .no!enaltyMakeTraps is honored/
". a local but not &alid T>/++/5++: address will be detected < scored with ir1alence!2
#. a Relay*ttept will be detected if a 5++ address is not local < scored with rl1alence!2 < mail is 6locked
The check N and " honors whitelisting ' noprocessing and no5lockingIPs
0nable this check only' if assp is configured to &alidate local doains and eail addressesH
,>TI+0: that remo(e#oreign2CC take place before this check is done < step # will be ne&er reached if remo(e#oreign2CC is
enabledH
Catchall Address for Messages to !ostmaster (sendAllPostmaster)
*11P will deli&er essages addressed to all postasters of your local doains to this address. For exaple:
postasterCydoain.co
Skip Spam Checks for !ostmaster Catchall (sendAllPostmaster.P)
Catchall Address for Messages to A6"se (sendAllA1use)
*11P will deli&er essages to all abuse addresses of your local doains to this address. For exaple: abuseCydoain.co
Skip Spam Checks for A6"se Catchall (sendAllA1use.P)

1alidate addresses to conform +ith R#C 8,, (DoR(-222)
recipients
If acti&ated' the en&elope sender and/or each en&elope recipient is checked to confor with the eail forat defined in RF+ J88.
For an in&alid sender address 'nofrom1alence!2' is used for scoring < for in&alid recipient addresses' each is scored with
ir1alence!2 .
For the sender address in addition a top le&el doain existence and ),1 nae ser&er registration check is done.
Look"p (alid Local Addresses from here* (LocalAddresses3(lat)
file:files/LocalAddresses_Flat.txt Edit file
These eail addresses are the list of your local addresses. Dou can list specific addresses .userCydoain.co/' addresses at
any local doain .user/' or entire doains .Cydoain.co/. Lildcards are supported .friboMCdoain.co/. .$/.
For exaple: friboCthisdoain.co$Khanna$Csillyguys.org or place the in a plain *1+II file one address per
line:file:files/localuser.txt. Dou can use entries like Cydoain.co@B&rfyhost:port to ;RFD users on your 2T*' for ore
inforation read localDomains. Dou can use an entry like *((@B&rfyhost:port to define a ;RFD host for all doain entries
. better use 0ro"ps /.
3se Addresses +itho"t 494 as Domains (LocalAddresses3(lat3Domains)

Lill handle entries without 'C' as full doains
Re:ect These Local Addresses* (Re4ect'*eseLocalAddresses)
If *,D recipient is on reKect list' essage will not be deli&ered. Ised for disabled legitiate accounts' where a user ay ha&e left
the copany. This stops wildcard ailboxes fro getting these essages.
Local Domains* (localDomains)
thockar.dyndns.org|hen-sch.de|thockar.com|assp-nospam.org
+heck local doains against these addresses. *dd a fake doain like 'assp<nospa.org' for the eail interface if you run 21
0xchange. Lhen ailing to eg. 'spaCassp<nospa.org' 21 0xchange forwards it outbound to *11P who handles the different
options. *s in e&ery field arked by 'M' separate addresses with $ or use file 'file:files/localdoains.txt'. Lildcards are supported.
For exaple: Mydoain.co$M.ydoain.co$here.org
Ise the syntax:
Mydoain.co@Bstp.ydoain.co$other.co@Bx.other.co:port$other8.co@Bx.other.co:port'x8.other.co:port
to &erify the recipient addresses with the 12TP<;RFD .if ;RFD is not supported '2*I( FR>2:' and 'R+PT T>:' will be used/
coand on other 12TP ser&ers. The entry behind @B ust be the hostnae:port or ip<address:port of the 2T* which is used to
&erify 'R+PT T>' addresses with a ;RFD coandH If :port is not defined' port :8# will be used. Dou can use an entry like
*((@B&rfyhost:port to define a ;RFD host for all local doain entries that don't ha&e a 2T* defined . better use 0ro"ps /.
1eparate ultiple ;RFD hosts for failo&er by coa E'E. Dou ha&e to enable the 12TP ';RFD' coand on your 2T* < the '03P,'
coand should be enabledH This re-uires an installed Net$$SMT! odule in P0R(.
If you ha&e configured ()*P and enabled DoLDA! and *11P finds a ;RFD entry for a doain' ()*P search will be done first and if
this fails' the ;RFD will be used. 1o ;RFD could be used for ()*P backup/fallback/failo&erH
It is recoended to configure 'ldaplistd6' in the 'File Paths and )atabase' section when using this &erify extension < so *11P will
store all &erified recipients addresses there to iniiOe the -uerys on 2T*'s. There is no need to configure ()*P' but both ;RFD
12.05.2014 Seite 24 von 134
and ()*P are using ldaplistd6. Please go to the '()*P setup' section to configure Ma*LDA!listDays and
LDA!crossCheck%nter(al or start a crosscheck now with forceLDA!crossCheck. This three paraeters belong also to ;RFD.
1erify Recipients +ith SMT!;1R#< (Do5R(6)
If acti&ated and the forat ')oain@B2T*' is encountered in localDomains recipient addresses will be &erified with 12TP<;RFD
.if ;RFD is not supported '2*I( FR>2:' and 'R+PT T>:' will be used/. If you know that ;RFD is not supported with a 2T*' you ay
put the 2T* into 1R#<forceRC!TTO. )on't forget to configure LDA!#ail .belongs also to ;RFD/ to your needsH
SMT! 1R#<;="ery Timeo"t (5R(67uery'imeOut)
5
The nuber of seconds *11P will wait for an answer of the 2T* that is -ueryed with the ;RFD coand to &erify a recipient
address.
#orce the "sage of RC!T TO* (5R(6/orceR-P''O)
)efine 2T*'s here for which you want *11P to force the usage of 2*I( FR>2:'R+PT T>: instead of the ;RFD coand. The
definition of each 2T* has to be the sae as defined in LocalAddresses>#lat and/or localDomains .after the '@B'/ for
exaple: stp.ydoain.co$x.other.co:port$!:.!.!.!$!:.!.!.8:!8# .
Disa6le 1R#< and '!N for *ternal Clients (Disa1le5R(6)

If you ha&e enabled ;RFD and/or 03P, on your 2T* to ake assp able to &erify addresses and you do not want external clients to
use ;RFD and 03P, < select this option.
Do LDA! look"p for (alid local addresses (DoLDAP)
+heck local addresses against an ()*P database before accepting the essage.
,ote: +hecking this re-uires filling in the other ()*P paraeters below.
This re-uires an installed Net$$LDA! odule in P0R(.
Do Not 1alidate Local Addresses if in No!rocessing List (LocalAddresses.P)
If a recipient is found in ,oProcessing' the user &alidation is skipped.
Catchall per Domain* (-atc*All)
*11P will send to this addresses/doain if no &alid user is found in (ocal*ddressesFFlat/()*P.
For exaple: catchallCdoain!.co$catchallCdoain8.co
Catchall for All Domains (-atc*AllAll)
*11P will send to this address if no &alid user is found in (ocal*ddressesFFlat/()*P and no atch is found in +atchall per )oain.
For exaple: catchallCdoain.co
Mo(e %S! Connection +ith +rong Recipient Address to N3LL (-atc*allall"SP2.+LL)
If set' *11P will o&e all I1P connections with wrong recipient addresses to a ,I((<connection. The I1P will recei&e E8#: >?E until
the ail has passed' but the ail will not be sent to your 2T*. This is done after CatchAll but before CatchAllAll is checked.
N3LL Connection Addresses* (.ullAddresses)
file:files/nllconnect.txt Edit file
*11P will dup a essage silently when encountering such an address in E2*I( FR>2:E or ER+PT T>:E. *ccepts specific addresses
.nullCexaple.co/' user parts .nobody/ or entire doains .Cexaple.co/.
Accept Mail from Local Domains only* ("nternalAddresses)
These local addresses accept ail only fro local doains. *ccepts specific addresses .userCdoain.co/' user parts .user/ or
entire doains .Cdoain.co/. Lildcards are supported .friboMCdoain.co/.
Accept Mail from Local Domains and ?hitelisted Senders only* ("nternalAnd8*iteAddresses)
These local addresses accept ail only fro local doains and whitelisted external serders. *ccepts specific addresses
.userCdoain.co/' user parts .user/ or entire doains .Cdoain.co/. Lildcards are supported .friboMCdoain.co/.
Separation Character for S"6addressing (Sep-*ar)
RF+ N#GJ describes subaddressing with a 1eparation +haracter. * star .'M'/ is not allowed as 1eparation +haracter. 0&erything
between 1eparation +haracter and C is ignored .including 1eparation +haracter/. For 0xaple @ 'P' will allow
userPsubaddressCdoain.co.
S"pport 2ang !ath (9na1le%an#Pat*)
If set' *11P will support addresses like doainxHuser and will con&ert the to userCdoainx .
12.05.2014 Seite 25 von 134
Maximum recipient verification Errors (MaxVRFYErrors)
0
The maximum number of failed 'RCPT TO' or 'VRFY' commands encountered before the connection is dropped. You can leave this
field at 0 if !ou are usin" 'DoLDAP' 'LocalAddresses_Flat'# $f confi"ured %&&P 'ill drop the connection if the count of '((0
un)no'n user' errors received from !our 'smtp*estination'+,T%- reached this value#
Block Max Duplicate Recipients (DoMaxDupRcpt)
score
.loc) remote servers that uses the same recipient address more times than the number defined in MaxDupRcpt in the RCPT TO/
command. &corin" is done 'ith mdrValencePB . This chec) is s)ipped for out"oin" noprocessin" 'hitelisted and spamlovers
mails. $f a messa"e has to be dela!ed this chec) 'ill score before the dela! if set to bloc) or score 0 and score and1or bloc) on the
next server re2uest.
Maximum Alloed Duplicate Recipient Addresses (MaxDupRcpt)
0
The maximum number of duplicate recipient addresses that are allo'ed in the se2uence of the RCPT TO/ commands#
The number per mail is calculated b! 'number of RCPT TO/ commands 0 number of uni2ue recipient addresses'.
For example/ if one address is used three times or t'o addresses are used each t'o times 'ill result in the same count 0 3. Or if
both is the case in one mail the count 'ill be 4.
Ena!le recipient replacement" (ReplaceRecpt)
recommented if used/ file/files1rcptreplrules.txt 0 default empt! # This enables recipient replacement. $f !ou do not use file/
separate the rules 'ith 5. The replacement 'ill be done before an! %&&P chec). 6se this option carefull! 0 for example/ if !ou have
enabled *7$, chec) the *7$, chec) 'ill fail if the recipient of the mail 'as modified. For a more detailed description of the rules
and options read the file/ files1rcptreplrules.txt#
#o$Valid$Local$%ser Repl& (NoValidRecipient)
550 5.1.1 User <EMAILADDRESS> unknown
&,TP repl! for invalid 6sers. *efault/ '((0 (.8.8 6ser un)no'n/ 9,%$:%**R9&&'
The literal 9,%$:%**R9&& +case sensitive- is replaced b! the full! 2ualified &,TP recipient +e.". thisuser;!ourcompan!.com-.
<otes On :ocal %ddresses
Notes
12.05.2014 Seite 26 von 134
Validate 'elo
%se t(e 'elo Blacklist (useHeloBlacklist)
disabled
6se the list of blac)listed0helo hosts built b! rebuildspamdb.
%se t(e 'elo )oodlist (useHeloGoodlist)
bonus
6se the list of )no'n "ood helo hosts built b! rebuildspamdb.
bonus 0 the messa"e1$P "et a bonus of the 'ei"thed ne"ative value of (lValencePB
'hitelisted 0 the messa"e is processed as 'hitelisted
The "ood helos and 'ei"hts are stored to"ether 'ith the helo blac)list.
Do *core *uspicious 'elos (DoIPinHelo)
score
&core servers 'ith $P number in =elo and chec) for mismatch 'ith sendin" $P.
Enforce +(eck of For,ed 'elos Before Dela&in, (ForceFakedLocalHelo)

$f set %&&P 'ill chec) For"ed =elos before *9:%Y$<>. Collectin" Testmode Cop!&pam &pam0:over is i"nored.
Block For,ed 'elos (DoFakedLocalHelo)
block
.loc) remote servers that claim to come from our :ocal *omains1:ocal $P's1:ocal =ost.
%se Local Domain List for Blockin, For,ed 'elos (DoFakedseLocalDo!ain)

$f set DoFakedLocal'elo 'ill use localDomains.
Do #ot Block -(itelisted (DoFaked"L)
*isable ?.loc) For"ed =elo's? for 'hitelisted addresses +not recommended-.
Do #ot Block #oprocessin, (DoFakedNP)
*isable ?.loc) For"ed =elo's? for addresses identified as noprocessin" +not recommended-.
Local Domains./P0s and 'ostnames" (!#$er%erRe)
thockar.com|eck-domino|thockar.dyndns.org|domino.thockar.dyndns.org|10.
:ocal *omains $P's and =ostnames are often use to fa)e +for"e- the =elo. $nclude all $P addresses and hostnames for !our server
here localhost is alread! included. $nclude :ocal *omains of !our choice here if !ou deactivated the automatic use of the local
domain list. For example/ 88.33.@@.445mx.Your*omains.com5here.or"
Don0t Validate 'EL1 for t(ese /P0s" (noHelo)
9nter $P addresses that !ou don't 'ant to be =9:O validated.
For example/ 83A.0.0.858B3.8CD.
Don0t !lock t(ese 'EL10s" (&eloBlacklistI'nore)
=9:O 1 9=:O "reetin"s on this list 'ill be excluded from the =9:O chec)s. For example/ host83@.isp.com5host4(C.E.com
Enforce Earl& 'elo +(ecks (ForceValidateHelo)
$f set %&&P 'ill Validate1$nvalidate the format of =9:O before *9:%Y$<>. Collectin" Testmode Cop!&pam &pam0:over is
i"nored.
Validate Format of 'EL1 (DoValidFor!atHelo)
block
$f activated the =9:O is chec)ed a"ainst the expression belo'. $f the Re"ular 9xpression matches the =9:O is validated as bein"
o).
Re,ular Expression to Validate Format of 'EL1" (%alidFor!atHeloRe)
^(([a-z\d][a-z\d\-]*)[a-z\d]\.)![a-z]"#$%&'
Validate Format =9:O 'ill chec) incomin" =9:Os accordin" to rfc883@.
For example/ F+G/H'IH'H.H0JEH.H'K3CL-M or F+G/+G/Ia0NHdJIa0NHdH0JE-GIa0NHdJH.-OIa0NJK3CLM
/nvalidate Format of 'EL1 (DoIn%alidFor!atHelo)
block
$f activated the =9:O is chec)ed a"ainst the expression belo'. $f the Re"ular 9xpression matches the =9:O is invalidated as
bein" not o).
Re,ular Expression to /nvalidate Format of 'EL1"" (in%alidFor!atHeloRe)
12.05.2014 Seite 27 von 134
^\d!\.\d!\.\d!\.\d!'|^[^\.]!\.'
$nvalidate Format =9:O 'ill chec) incomin" =9:Os for this.
For example/ FHdOH.HdOH.HdOH.HdOM5FIFH.JOH.GM
Do Valid2/nvalid2Black 'elo for -(itelisted (DoHelo"L)

*o valid1invalid =elo for 'hitelisted addresses.
Do Valid2/nvalid2Black 'elo for #oprocessin, (DoHeloNP)

*o valid1invalid =elo for noprocessin" addresses.
<otes On Validate =elo
(otes
12.05.2014 Seite 28 von 134
Validate *ender
Do Blacklisted Addresses and Domains (DoBlackDo!ain)
block
Do Blacklistin, Addresses and Domains for -(ite (DoBlackDo!ain"L)

*o blac)listin" addresses P domains in messa"es 'hich are mar)ed 'hitelisted b! (iteRe (iteListedDomains
(iteListed/Ps (itelistd! Do1r,-(itin, or ValidateR-L .
Do Blacklistin, Addresses and Domains for #oProcessin, (DoBlackDo!ainNP)

*o blac)listin" addresses P domains in messa"es 'hich are mar)ed noprocessin" b! npRe noProcessin,Domains
noProcessin,/Ps or noProcessin,.
Blacklisted Addresses and Domains" ((lackListedDo!ains)
%ddresses P *omains from 'hich !ou al'a!s 'ant to reQect mail the! onl! send !ou spam. <ote this matches the end of the
address so if !ou don't 'ant to match subdomains then include the ;. <ote that bu!.com 'ould also match spambu!.com
but .bu!.com 'on't match bu!.com. abc;def.com 'ill match abc;def.com but 'on't match bbc;def.com. Rildcards are
supported. For example/ cc5info5biN5seller;ba!er.com5sellE;basf.com
$t is possible to ma)e email addresses blac)listed onl! for a set of local domains and1or local users. 6se 'ildcards +E and G- to
define domains.
6se the follo'in" s!ntax to do this/
E;an!domainSTE;an!UlocalUdomain 0 for domain to domain
E;E.an!domainSTE;an!UlocalUdomain 0 for an! sub0domain to domain
user;an!domainSTE;E.an!UlocalUdomain 0 for user to an! sub0domain
$t is possible to define more than one entr! at the left and the ri"ht side of the definition +ST- li)e/
E;an!domain5E;otherUdomainSTE;an!UlocalUdomain5E;otherUlocalUdomain 0 al'a!s separate multiple entries b! pipes
$t is also possible to use a >roup*efinition in an! or both sides li)e/
Isender"roupJSTIrecipient"roupJ
Isender"roup8J5Isender"roup3J5E;domainSTIrecipient"roup8J5Irecipient"roup3J5user;localUdomain
<OT$C9 0 that the local email addresses and domains are not chec)ed to be local once
+(eck Messa,e /Ds (DoMs'ID)
score
&core messa"es 'ith missin"1suspicious1invalid ,essa"e0$*. &corin" is done b! midmValencePB 1 midsValencePB 1
midiValencePB .
Don0t Validate Messa,e$/Ds for t(ese /Ps" (noMs'ID)
127.0.0.|192.168.|10.
9nter $P addresses that !ou don't 'ant to be ,essa"e0$* validated separated b! pipes +5-. For example/ 83A.0.0.858B3.8CD.
Re,ular Expression to Validate Format of Messa,e$/D" (%alidMs'IDRe)
^.*@.*\..*$
Chec) ,essa"e $*s 'ill chec) incomin" messa"es for valid ,essa"e0$*s.
For example/ F.OH;.OH..OM
Re,ular Expression to /nvalidate Format of Messa,e$/D"" (in%alidMs'IDRe)
Chec) ,essa"e $*s 'ill chec) incomin" messa"es for invalid ,essa"e0$*s.
Validate Remote *ender it( Local Domain Address (DoNoValidLocal$ender)
block
$f activated each remote sender 'ith a local domain is chec)ed a"ainst the Local Addresses File and1or :*%P.
Earl& 3Remote *ender it( Local Domain Address3 +(eck (ForceNoValidLocal$ender)

$f set %&&P 'ill chec) Remote &ender 'ith :ocal *omain %ddress before *ela!in" a messa"e.
Collectin" Testmode Cop!&pam and &pam0:over settin"s are i"nored.
Block Local Address from External *ender (DoNo$poo)in')
block
$f activated each external sender address built 'ith a domain in localDomains is re"arded a spoofed address. %n external sender
is a sender from an $P not in acceptAllMail and not authenticated.
Do *poofin, +(eck 1#L4 for t(ese /P0s" (onl#$poo)in'*&eckIP)
9nter $P's that !ou 'ant to be chec)ed for spoofin". $f this is set O<:Y these $P's 'ill be chec)ed. For
example/84(.84(.84(.84(584(.84C.
Do *poofin, +(eck 1#L4 for t(ese Addresses2Domains" (onl#$poo)in'*&eckDo!ain)
12.05.2014 Seite 29 von 134
%ccepts specific addresses +user;example.com- user parts +user- or entire domains +;example.com-. Rildcards are supported
+friboE;example.com-. $f set O<:Y these addresses1domains 'ill be chec)ed for spoofin".
Don0t do *poofin, +(eck for t(ese /P0s" (no$poo)in'*&eckIP)
9nter $P's that !ou don't 'ant to be chec)ed for spoofin". For example/84(.84(.84(.84(584(.84C.
Don0t do *poofin, +(eck for t(ese Addresses2Domains" (no$poo)in'*&eckDo!ain)
%ccepts specific addresses +user;example.com- user parts +user- or entire domains +;example.com-. Rildcards are supported
+friboE;example.com-.
Do #o*poofin, for from5 (DoNo$poo)in'+Fro!)
*o the <o&poofin" chec) also for header 'from/' addresses.
Reversed Lookup (DoRe%ersed)
block
$f activated each sender $P is chec)ed for a PTR record. This re2uires an installed #et55D#* module in P9R:.
Do Reversed Lookup for -(itelisted (DoRe%ersed"L)

*o reversed loo)up for 'hitelisted addresses.
Do Reversed Lookup for #oprocessin, (DoRe%ersedNP)

*o reversed loo)up for noprocessin" addresses.
Reversed Lookup F6D# (DoIn%alidP,R)
block
$f activated 0 and Reversed :oo)up is activated 0 the PTR0FV*< record is chec)ed a"ainst the Re"ex. This re2uires an installed
#et55D#* module in P9R:.
Re,ular Expression to /nvalidate Format of P7R"" (in%alidP,RRe)
file:files/invalidptr.txt Edit file
Validate Format PTR 'ill chec) PTR records for this.
For example/ FHdOH.HdOH.HdOH.HdOM5FIFH.JOH.GM or file/files1invalidptr.txt
Re,ular Expression to Validate Format of P7R" (%alidP,RRe)
static
Validate Format PTR 'ill chec) PTR records for this.
For example/ static or file/files1validptr.txt
Reversed Lookup +ac(e Refres( /nterval (P,R*ac&eInter%al)
30
$P's in cache 'ill be removed after this interval in da!s. 0 'ill disable the cache. Show PTR Cache
Validate M8 or A Record (DoDo!ain*&eck)
block
$f activated the sender address and each address found in the follo'in" header lines +ReturnReceipt/ Return0Receipt0To/
*isposition0<otification0To/ Return0Path/ Repl!0To/ &ender/ 9rrors0To/ :ist0.../- is chec)ed for a valid ,W or % record. &corin"
is done for non existin" ,W record and non existin" % record 0 a messa"es failes +bloc)- if both records are not found.
Validate Domain M8 +ac(e Refres( /nterval (M-.*ac&eInter%al)
30
$P's in cache 'ill be removed after this interval in da!s. 0 'ill disable the cache. Show ! Cache
+(eck For Existin, From 'eader (DoNoFro!)
score
&corin" is set 'ith fromValenceP..
Do Do#oFrom for -(itelisted (DoNoFro!"L)

Chec) for existin" From =eader for 'hitelisted addresses.
Do Do#oFrom for #oProcessin, (DoNoFro!NP)

Chec) for existin" From =eader for noprocessin" addresses.
Remove Disposition #otification 'eaders (re!o%eDispositionNoti)ication)
12.05.2014 Seite 30 von 134
If set, all headers : "ReturnReceipt: , Return-Receipt-To: and Disposition-Notification-To:" will be removed from not whitelisted
and not noprocessing incoming mails. elect this to prevent unwanted whitelisting of spammers that re!uest a Disposition
Notification. "n other wa# to prevent autowhitelisting because of an autoresponds is to use redRe .
Validate DomainKeys Identified Mail (DoDKIM)
score
If activated, Domain$e#s Identified %ails are chec&ed for the right signature and contents. "ll D$I% parameters belongs also to
the old Domain$e# specification. This re!uires an installed Mail::DKIM::Verifier module in '(R). In addition D$I% is used to
process Domain-based %essage "uthentication, Reporting * +onformance - described in DMARC ,D%"R+ re!uires also
ValidateSPF to be enabled-.
Validate DomainKeys Identified Mail strictly (DoStrictDKIM)
The D$I% test will fail, if the mail was modified b# a mailhop. In this case the from address, the from domain, the to domain, the
D$I%-signature b# itself and the prefi. of the digest-verification are valid, onl# the lower digest value differs/ This ma# happen, if
a mailhop has modified an# other headerfield li&e 0-.../ If unchec&ed a mail will onl# pass, if the author polic# and sender polic#
are accept or neutral/
Do not any DKIM Check for this Addresses * (noDKIMAddresses)
%ail from an# of these addresses will not be tagged and chec&ed for D$I%. "ccepts specific addresses ,user1domain.com-, user
parts ,user- or entire domains ,1domain.com-.
!cl"de these IP#s from any DKIM Check* (noDKIMIP)
(nter I'2s that #ou want to e.clude from D$I% chec&, separated b# pipes ,3-.
Validate DKIM$Pre$Check$Cache Refresh Inter%al (DKIMCacheInterval)
7
domains2s in cache will be removed after this interval in da#s. 4 will disable the cache.
If activated a D$I%-pre-chec& will be done. If "' finds a D$I%-ignature in the mail header, it chec&s the DN records of the
sending domain for valid D$I% configurations and writes a record in to the D$I%-pre-chec&-cache, if it finds such configuration.
If "' does not find a D$I%-ignature in the mail header, it also chec&s the DN records of the sending domain for valid D$I%
configurations. If it find such a configuration, the mail is considered spam, because it should have a D$I%-ignature.
The ne.t mail from a domain that is found in this cache, must have a D$I%-ignature to pass the D$I%-pre-chec&. 5ow ever,
some DN records are wrong or inaccurate and will cause "' to bloc& mails because of this - register such domains and6or I'2s
in noDKIMAddresses and6or noDKIMIP .
Show DKIM Cache
Add &$Ass'$DKIM (eader (AddDKIMHeader)

"dd 0-"ssp-D$I% header.
Sender Validation rror (SenderInvalidError)
554 5.7.7 REASON .- do not try to send more mai - yo! wi "e "ac#isted
%T' error message to re7ect invalid senders. The literal R("8N is replaced b# ,missing %0, missing 'TR, invalid 5elo, invalid
user- depending on the chec&.
Notes 8n 9alidate ender
Notes
12.05.2014 Seite 31 von 134
IP )lockin*
Sim'le IP +reylistin* (DelayIP)
(nable simple dela#ing for I'2s in blac& penalt#bo. with totalscore above this value. "n value of :ero or empt# disables this
feature.
Sim'le IP +reylistin* m,ar*o -ime (DelayIPTime)
5
(nter the number of minutes for which deliver#, related with I' address of the sending host, is refused with a temporar# failure.
Default is ; minutes.
Do Deny Connections from these IP#s (DoDenySMTP)
"oc#
If activated, the I' is chec&ed against ,denySM-PConnectionsFrom- Den# +onnections from these I'2s.
Deny Connections from these IP#s* (denySMTPConnectionsFrom)
%anuall# maintained list of I'2s which should be bloc&ed. I'2s in noP), noDelay, acce'tAllMail, is'i', .hite/istedIPs,
noProcessin*IPs, whitebo. will pass. <or e.ample: file:files6bloc&ip.t.t.
To define I'2s onl# for specific email addresses or domains ,recipients- #ou must use the file:... option
"n entr# ,line- ma# loo& as follows:
=>;.=>?.4.46=?@AB1local.domain3user1m#domain3userC1B.m#domain D comment
It is possible to define a predefined group on an# or both sides of the 2@A2 separator, li&e:
EipgroupF@AEusergroupF3user1m#domain
N8TI+(: the following combination of two entries, will lead in to a user6domain based matching - the global entr# will be ignored/
=>;.=>?.4.46=? D comment
If multiple user6domain based entries are defined for the same I', onl# the last one will be used/
Do not ,lock Connections from these IP#s* (noBlockinIPs)
%anuall# maintained list of I'2s which should not be bloc&ed. <or e.ample: =>;.=>;.=>;.=>;3=>;.=>?.
To define I'2s onl# for specific email addresses or domains ,recipients- #ou must use the file:... option
"n entr# ,line- ma# loo& as follows:
It is possible to define a predefined group on an# or both sides of the 2@A2 separator, li&e:
EipgroupF@AEusergroupF3user1m#domain
N8TI+(: the following combination of two entries, will lead in to a user6domain based matching - the global entr# will be ignored/
=>;.=>?.4.46=? D comment
If multiple user6domain based entries are defined for the same I', onl# the last one will be used/
Do Deny Connections from these IP#s Strictly (DoDenySMTPstrict)
"oc#
If activated, the I' is chec&ed against ,2denySM-PConnectionsFromAl.ays2- Den# +onnections from these I'2s trictl#.
Deny Connections from these IP#s Strictly* (denySMTPConnectionsFromAl!ays)
%anuall# maintained list of I'2s which should strictly be bloc&ed after address verification and before bod# and header is
downloaded. +ontrar# to denySMTPConnectionsFrom I'2s in noDelay, acce'tAllMail, is'i', .hite/istedIPs, noProcessin*IPs,
whitebo. will not pass if listed here.
Do also Deny Connections from these IP#s (DoDro"#ist)
disa"ed
If activated, the I' is chec&ed against the Droplist in addition to 2denySM-PConnectionsFromAl.ays2 and6or
2denySM-PConnectionsFrom2. The dro'list is downloaded if a new one is available and contains the pamhaus DR8' )ist. ee
"http:66www.spamhaus.org6drop6drop.lasso".
Do Strictly Deny Connections arly (denySMTPstrictEarly)
I'2s in denySM-PConnectionsFromAl.ays will be denied right awa#.
Do an nhanced 0ri*in IP Address Detection in the Mail (eader (enhanced$riinIPDetect)

If selected, "' will anal#:e the mail headers "R(+(I9(D:" lines for I'2s on the mail routing wa# to detect spam bots, that uses
open rela# or high7ac&ed mail servers for mail deliver#.
)ocal and private I'2s, and I'2s listed in is'i', acce'tAllMail, .hite/istedIPs, noProcessin*IPs, noDelay and noP) will be
ingnored.
The detected I'2s will be additional# chec&ed for I'-Gloc&ing, DNG) and I'-<re!uenc# - the same wa# li&e the connected I'.
These I'2s are also additional# used for the ma.imum mail si:e calculation in Ma!RealSi1eAdr and Ma!RealSi1e!ternalAdr.
12.05.2014 Seite 32 von 134
Check Fre2"ency $ Ma!im"m Connections Per IP (DoFre%&encyIP)
block
Ma!im"m Fre2"ency of Connections Per IP (ma'SMTPi"Connects)
5
The ma.imum number of %T' connections an I' "ddress can ma&e during the IP Address Fre2"ency D"ration. If a server
ma&es more than this man# connections to "' within the ,ma!SM-Pi'D"ration- I' "ddress <re!uenc# Duration it will be
banned from future connections until the ,ma!SM-Pi'!'iration- I' "ddress <re!uenc# (.piration is reached. This can be used
to prevent server overloading and Do attac&s. =4 connections are t#picall# enough. If left blan& or 4, there is no limit imposed b#
"'. I'2s in noP), noDelay, acce'tAllMail, is'i', .hite/istedIPs, noProcessin*IPs, 'G-whitebo. are e.cluded from %T'
session limiting, whitelisted and noprocessing addresses are honored
Ma!im"m Fre2"ency of Connections Per IP D"ration (ma'SMTPi"D&ration)
90
The window ,in seconds- during which the ,ma!SM-Pi'Connects- I' <re!uenc# ,see above for more details- will be scrutini:ed
for each I'. The default is H4 seconds.
!'iration of Ma!im"m Fre2"ency (ma'SMTPi"E'"iration)
3600
The number of seconds that must pass before an I' address bloc&ed b# the ,ma!SM-Pi'Connects- I' "ddress <re!uenc# setting
is allowed to connect again. The default is IC44 ,seconds- .
Check 3"m,er of IP#s Per Domain (DoDomainIP)
block
This chec& is s&ipped if the I' and domain have passed the '<-chec&. If ValidateSPF is enabled and an I'6Domain reaches the
ma!SM-PdomainIP limit, the %aintThread starts a bac&ground '< chec& to prevent bloc&ing good mails in future.
/imit 3"m,er of IP#s Per Domain (ma'SMTPdomainIP)
0
The number of I',subnet- switches a domain ma# have during the ,ma!SM-PdomainIP!'iration- )imit Different I'2s 'er
Domain (.piration. If a domain switches more often than this it will be banned from future connections until the (.piration is
reached. This can be used to prevent server overloading and Do attac&s. =4 connections are t#picall# enough. If left blan& or 4,
there is no limit imposed b# "'. I'2s in noP), noDelay, acce'tAllMail, is'i', .hite/istedIPs, noProcessin*IPs, 'G-
whitebo. are e.cluded, whitelisted and noprocessing addresses are honored.
!'iration of /imit 3"m,er (ma'SMTPdomainIPE'"iration)
7200
The number of seconds that must pass before a domain bloc&ed b# the ,ma!SM-PdomainIP- )imit ubnet I'2s 'er Domain
setting ,see above for more details- is allowed to connect again. The default is IC44 ,seconds-.
Do 3ot /imit Different IP#s For -hese Domains* (ma'SMTPdomainIP(#)
yahoo.com|hotmail.com|gmail.com
This prevents specific domains from limiting. <or e.ample: #ahoo.com3hotmail.B.com3gmail.com
Notes 8n I' Gloc&ing
Notes
12.05.2014 Seite 33 von 134
Sender)ase 4 5hois
Sender)ase -estmode (s)TestMode)
6se 5hois 7"eries instead or after or ,efore of Sender)ase 7"eries (ena)le(hois)
disabled
If enabled, J58I !ueries to Jhois-servers
""RIN" @A "whois.arin.net" - ,which will possible redirect to-
"RI'(" @A "whois.ripe.net"
""'NI+" @A "whois.apnic.net"
"$RNI+" @A "whois.&rnic.net"
")"+NI+" @A "whois.lacnic.net"
""<RINI+" @A "whois.afrinic.net"
will be done instead6after6before ,J58I onl#6enderGase first6J58I first- the enderbase !ueries to +I+82s Ironport servers
to get informations about an I' address. "RIN will be the first !ueried J58I server.
<or the two 2...first2 options, the alternative second chec& is done, if the first chec& failes or assp has got no result for the count#
code.
This is useful, if #our DN-servers don2t get answers for senderbase !ueries or senderbase !ueries are too slow.
In most cases J58I !ueries are much more faster than senderbase !ueries/
N8TI+(: #ou must open the J58I-port ,>K- for T+' on #our firewall for outgoing traffic from assp ,if not alread# done-/
Do 0r*ani1ation 5hitin* (Do$r(hitin)
whiting
If activated, each sending I' address has its assigned organi:ation loo&ed up. coring is set with s.or*ValenceP).
5hitelisted 0r*ani1ations and Domains in Sender)ase** (!hiteSenderBase)
If the organi:ation or domain in the Sender)ase I' description matches this 'erl regular e.pression the message will be
considered non-spam. <or e.ample file:files6whiteorg.t.t
Do 0r*ani1ation )lockin* (Do$rBlockin)
monitor
If activated, each sending I' address has its assigned organi:ation loo&ed up. coring is set with s,or*ValenceP), Testmode is
set with s,-estMode.
)lacklisted 0r*ani1ations and Domains in Sender)ase** ()lackSenderBase)
If the organi:ation or domain in the Sender)ase I' description matches this 'erl regular e.pression the message will be
considered spam.
Do Co"ntry )lockin* (DoCo&ntryBlockin)
block
If activated, each sending I' address has its assigned countr# loo&ed up.
)locked Co"ntry Codes** (Co&ntryCodeBlocked*e)
%essages from I'2s based in these countries will be bloc&ed. <or e.ample:
+N3$R3RL3M'3TR3T53')3)T3+)3R83L"3NR35L3"3IN3I(3'T3%D3'(3+O3TJ3GR3+). "all" will bloc& all foreign countr#codes which are
not in 2uspicious +ountr# +odes2 or 2Ignore +ountr# +odes2. ee: n*lish co"ntry names and code elements.
Do Co"ntry Code Scorin* (DoSenderBase)
score
If activated, each sending I' address has its assigned countr# loo&ed up.
I*nore Co"ntries* (+oCo&ntryCode*e)
US
%essages from I'2s based in these countries will be ignored. <or e.ample: L3+"3D(
S"s'icio"s Co"ntry Codes** (Co&ntryCode*e)
%essages from I'2s based in these countries will increase the %essagecore. <or e.ample:
+N3$R3RL3M'3TR3T53')3)T3+)3R83L"3NR35L3"3IN3I(3'T3%D3'(3+O3TJ3GR3+)3ID3'5
(ome Co"ntry Codes** (MyCo&ntryCode*e)
'ut here #our own countr# code,s- ,for e.ample: L-. %essages from I'2s based in these countries will decrease, messages from
other countries will increase the %essagecore.
Score Forei*n Co"ntries (ScoreForeinCo&ntries)

12.05.2014 Seite 34 von 134
%essages from foreign countries will increase the total messagecore using s,fccValenceP).
Co"ntry Cache Refresh Inter%al (SBCacheE'")
3
I'2s in cache will be removed after this interval in da#s. 4 will disable the cache. show cache
12.05.2014 Seite 35 von 134
PenaltyBox
Do PenaltyBox - IP History (DoPenalty)
block
The PenaltyBox is a temporary position of low esteem awarded for a perceived misdeed. It scores IP's based on some events
( baValencePB see penalty scores )and writes them into a BlackBox. If the score per specified time interval surpasses the
threshold the messae is re!ected (and the IP is marked for blockin). They continue to et scored up to the "xtreme Threshold.
These top performers can et a special treatment PenaltyExtreme when DoPenaltyExtreme is enabled. The #hiteBox stores
IP's which should not be put into the BlackBox. The #hiteBox is always enabled. If an address is in the whitelist or whitedomain$
the IP oes into the #hiteBox. The #hiteBox is one of the sources %elayin&'reylistin uses to determine when delayin should
not be done.
"ntries in Don't do penalties for these IP's or ISP/Secondary MX Servers will prevent from penalties. (elect
'monitor&messae(corin' to fill #hiteBox and BlackBox. 'monitor&messae(corin' is also the riht choice if you do not want to
block IP's but rather score a messae in ')essae (corin )ode'.
Message Scoring Mode (DoPenaltyMessage)
block
If this feature is selected$ the total score for all checks durin a messae is used to determine if the email is (pam. If the
combined score is reater than the Low MessageLimit (PenaltyMessageLow) and less than or e*ual the High MessageLimit
(PenaltyMessageLimit) the messae will not be blocked but taed. If the combined score is reater than the High
MessageLimit (PenaltyMessageLimit)$ the messae will be blocked.
Message Scoring on End (MsgScoreOnEnd)
+((P will wait usin the 'DoPenaltyMessage' action$ until all confiured possible checks are finished. ,se this$ to force
calculatin a complete messae score over all values$ includin all bonus values.
Low MessageLimit (PenaltyMessageLow)
40
)essae)ode will not block messaes whose score exceeds this threshold durin the messae but will ta them. -or example. /0
High MessageLimit (PenaltyMessageLimit)
50
)essae)ode will block messaes whose score exceeds this threshold durin the messae. -or example. 10
dd IP!Message Scoring Header (AddScoringHeader)

+dds a line to the email header 234+ssp43334(core. 2$ where 333 may be IP$ )essae or both.
PenaltyBox Database (pbdb)
DB:
The directory&file with the penaltybox database files. -or removal of entries from BlackBox use noPB . -or removal of entries from
#hiteBox use noPBwhite. -or whitelistin IP's use whiteListedIPs or noProcessingIPs . -or blacklistin use
denySM"P#onnections$rom and denySM"P#onnections$romlways .
#rite only 2%B.2 to use a database table instead of a local file.
Show BlackBox Show White Box
Don%t do Pro&iling &or these IP%s' (noPB)
10.
"nter IP's that you don't want to be penali5ed. These IP's will also be automatically removed from PB4BlackBox. -or example.
678.0.0.69687.6:.
Don%t do (hiteBox &or these IP%s' (noPBwhite)
"nter IP's that you want to be penali5ed. These IP's will also be automatically removed from PB4#hiteBox.
Ex)iration "ime &or (hiteBox Entries (WhiteEpiration)
90
The #hiteBox is always activated. The #hiteBox is similar to the #hitelist 4 but it is not a whitelist. content4related checks like
Bayesian$ ,;IB<$ Bomb will be done$ IP4related checks will be skipped. #hiteBox entries will expire after this specified number of
days. -or example. =0
Do Dam)ing on Messagescore *+,,,--. (DoDamping)
0
If DoPenalty and DoPenaltyMessage are set not to disabled and DoDam)ing is not set to 0$ +((P will slowdown the spammers
traffic speed proportional to the current messae score 4 because slowin down their speed will reduce spam everywhere.
The delay in seconds per receive&read cycle is calculated by the division >messaescore & DoDam)ing? . + recommended value is
1 default is 0. In this case the delay for a messae score of 10 would be 60 seconds.
%o not use this option$ if you have a hihly fre*uented system$ because the spammers connections will stay possibly a lon time
on your system$ and you system could possibly reach the sessions limit ( maxSM"PSessions ).
%ampin is never done for. noprocessin$ whitelisted$ nodelay$ I(P$ redlisted$ noPB$ outoin&releayed and contentonly
addresses$ IP's$ messaes.
%ampin may not be done for forced checks$ relay attemps$ messaes reachin maxerrors$ s)amtra)addresses and if any block
condition is found 4 because +((P will no more read from those connections and closes such connections immediately 4 but +((P
will try to keep the connection open for the calculated time$ before it closes the connection.
12.05.2014 Seite 36 von 134
,sin this option or usin a too low value (lon delay) could possibly prevent +((P from receivin spam messaes$ for example
for spamlovers or sendllS)am . (ome (ervers could ive up sendin data$ because of too lon delays.
Max time /sed &or Dam)ing (maDamping!ime)
30
The maximum time in second$ that is used for one dampin cycle if DoDam)ing is not set to 0$ even if the calculated value
caused by DoDam)ing is hiher. -or example. =0
PenaltyBox "ra) ddresses ' (spamtrapaddresses)
put|your@spamtrap.com|addresses|@here.org
)ail to any of these addresses will be blocked and the scorin value is added. #hitelist and noPenaltyMa0e"ra)s will be inored.
@othin will be stored in the (pam Aollection$ if these addresses are not checked for validity. TB. and AA. addresses will be also
checked 4 BAA. addresses only$ if 'remo1e$oreignB##' is not set. +ccepts specific addresses (userCdomain.com)$ user parts
(user) or entire domains (Cdomain.com).
Penalty"ra) 2e)ly (Penalty!rapPolite)
550 5.1.1 User unknown: EMAIA!!"E##
()TP reply for invalid ,sers. %efault. '110 1.6.6 ,ser unknown. ")+I<+%%;"(('
The literal ")+I<+%%;"(( (case sensitive) is replaced by the fully *ualified ()TP recipient (e..$ thisuserCexample.com).
Do Hea1y /sed In1alid ddresses as PenaltyBox "ra) ddresses (DoPenaltyMa"e!raps)
make traps$ on%y co%%ect them
If set to 'make traps$ only collect them'$ the fre*uency of Invalid +ddresses is stored$ no other action taken. If set to 'do not make
them but block' or 'make traps and block them'$ addresses in heavy use will act like s)amtra)addresses (PenaltyBox Trap
+ddresses). If /se"ra)"o#ollect is also set they will work like s)amaddresses and collect the mails.
In1alid ddresses Limit (PenaltyMa"e!raps)
10
)inimum number of times an address must appear before it will be used as Trap. -or example 60.
Exce)tionlist &or "ra)s' (noPenaltyMa"e!raps)
+ddresses which should not be used for traps. This list is also opponent to s)amtra)addresses . +ccepts specific addresses
(userCdomain.com)$ user parts (user) or entire domains (Cdomain.com). #ildcards are supported (friboDCdomain.com).
In1alid ddresses 2e&resh Inter1al (PB!rap#nter$al)
3
+ddresses will be removed after this interval in days. -or example =. #how In&a%'d Addresses
/se IP 3etbloc0s (Penalty%se&etbloc"s)

Perform the IP address checks of the sendin host based on the &7/ subnet rather than on the specific IP.
Penalty 2e)ly (PenaltyError)
55( 5.).1 Error$ you ha&e got a pena%ty * to much +ad ema'%s
If set ()TP reply for Penalty %eny. e. '11/ 1.8.6 "rror$ send your mail to postmasterC<BA+<%B)+I@ to ensure delivery'. The
literal <BA+<%B)+I@ will be replaced by the recipient domain. -or example.11/ 1.8.6 )ail appears to be unsolicited 44 send error
reports to postmasterC<BA+<%B)+I@.
Penalty Inter1al (PenaltyD'ration)
,0
IP's will be kept in the BlackBox if their score exceeds the Penalty <imit durin this interval (minutes).
Penalty Limit (PenaltyLimit)
50
PB will block IP's whose score exceeds this threshold durin the Penalty Interval.
(uccessful +((P checks will increase the internal score per IP. -or example. 10
Ex)iration "ime (PenaltyEpiration)
3,0
Penalties will expire after this number of minutes. If set to Eero the Penalty BlackBox will be deleted and started from scratch.
#lean /) PB Databases
s
((leanPB#nter$al)
3
%elete outdated entries from blackbox and whitebox databases every this many hours.
%efaults to = hours.
PenaltyBox Extreme IP Pro&iling (DoPenaltyEtreme)
12.05.2014 Seite 37 von 134
monitor
If set PBextreme will block IP's whose score meet or exceed "xtreme (corin Threshold. DoPenaltyExtreme blocks after the
header is done$ based on the IP's score from previous and current ()TP session
En&orce Early PenaltyBox Extreme IP Pro&iling (DoPenaltyEtremeSM!P)
disabled
If set PBextreme will block IP's whose score meet or exceed "xtreme (corin Threshold before %"<+FI@'$ based on the IP's score
from previous ()TP sessions. This can be set independently from DoPenaltyExtreme above. #hitelist$ Aollectin$ Testmode$
Aopy(pam$ (pam4<over is inored.
Don%t do Extreme Pro&iling &or these IP%s' (noEtremePB)
"nter IP's that you don't want to be extreme penali5ed. IP's in noPB are already included. -or example. 678.0.0.69687.6:.
Don%t do Extreme Pro&iling &or Mails &rom any o& these ddresses' (noEtremePBAddresses)
)ails from any of these addresses will not be extreme profiled if DoPenaltyExtremeSM"P is not set. +ccepts specific addresses
(userCdomain.com)$ user parts (user) or entire domains (Cdomain.com). #ildcards are supported (friboDCdomain.com).
Extreme Scoring "hreshold (PenaltyEtreme)
150
PBextreme will use this to determine candidates for special treatment. -or example. 610.
Penali4e (hitelisted (EtremeWL)
"nable extreme penalties for whitelisted addresses.
Penali4e 3onProcessing (Etreme&P)
"nable extreme penalties for addresses on the noProcessing list.
Ex)iration "ime &or Extreme Penalties (EtremeEpiration)
7
"xtreme penalties will expire after this number of days. -or example. 8
Do Ex)ort Penalty Blac0Box Extreme (DoEtremeEport)

))end Ex)ort $ile (DoEtremeEportAppend)
%o not overwrite the export file but append to it.
Ex)ort Blac0Box Extreme $ile Inter1al
s
(eport#nter$al)
6
"xported Penalty Black Box "xtreme -ile every this hours.
%efaults to : hours.
Ex)orted Blac0Box Extreme $ile (eportEtremeBlac")
file:pb/extremeblack.db Edit file
IP's in Penalty BlackBox which surpassed the extreme level will be reularly stored into this file. )ay be used for settin the
firewall or similar applications.
Do 3ot Score IP%s in 2edlisted Messages (Do&otPenali)e*ed)
IP's matchin ;ed ;eex or ;edlist will not collect scorin values from PenaltyBox.
Do 3ot Score IP%s $rom Bo5nce!35ll-Senders (Do&otPenali)e&'ll)
IP's matchin Bo5nceSenders will not be IP4penali5ed.
Bad SM"P 5thentication6 de&a5lt78+ 9 (a't+alencePB)
60
)essae&IP scorin
This option and all other DGalencePB options with an 2H2 at the end of the description$ accepts a second comma or pipe separated
value like. 270$602 .
In this case the first value is used for messae scorin and the second value is used for IP scorin.
If only the first value is defined$ this value is used for both scorin mechanism.
If a DGalencePB option is related to any feature which allowes the usae of weihted penalties$ the messae scorin value is used
to calculate the weihted penalty and the result is used for messae and IP scorin.
Bad ttachment6 de&a5lt7:+ 9 (ba+alencePB)
12.05.2014 Seite 38 von 134
20
)essae&IP scorin
Bac0scatter detection6 de&a5lt7;+ 9 (bac"sctr+alencePB)
10
)essae scorin
Bayesian6 de&a5lt7<- 9 (bays+alencePB)
0
)essae&IP scorin
Bayesian &or Local Messages6 de&a5lt7== 9 (bayslocal+alencePB)
44
)essae&IP scorin
Hidden-Ma0o1-Model6 de&a5lt7<- 9 (HMM+alencePB)
49
)essae&IP scorin
Hidden-Ma0o1-Model &or Local Messages6 de&a5lt7== 9 (HMMlocal+alencePB)
55
)essae&IP scorin
Blac0listed Domain6 de&a5lt7:+ 9 (bl+alencePB)
200
)essae&IP scorin
Bomb S5s)icio5s - scoring only6 de&a5lt7;+ 9 (bombS'spicio's+alencePB)
20
)essae scorin
Bomb Ex)ression6 de&a5lt7:+ 9 (bomb+alencePB)
100
)essae&IP scorin
Bomb Blac0 Ex)ression6 de&a5lt7:+ 9 (blac"+alencePB)
5
)essae&IP scorin
Domain >ey Veri&ication &ailed6 de&a5lt7;= 9 (d"im+alencePB)
15
)essae&IP scorin
Domain >ey Veri&ication ?>6 de&a5lt7+ (d"imO"+alencePB)
-15
)essae (corin Bonus
Em)ty 2eci)ients6 de&a5lt7= 9 (er+alencePB)
30
)essae&IP scorin
Early "al0er Scoring6 de&a5lt7:= 9 (et+alencePB)
25
)essae&IP scorin for clients who talk before server's reetin is sent. +n value of 5ero will disable this check 4 otherwise assp
scores the IP and droppes the connection.
$orged HEL?6 de&a5lt7;=+ 9 (,h+alencePB)
200
)essae&IP scorin
S5s)icio5s HEL?@ IP in HEL?6 de&a5lt7A- 9 (,iph+alencePB)
10
)essae&IP scorin
S5s)icio5s HEL?@ IP in HEL? mismatch6 de&a5lt78+ 9 (,iphm+alencePB)
10
)essae&IP scorin
12.05.2014 Seite 39 von 134
In1alid Local Sender6 de&a5lt7:+ 9 (,l+alencePB)
10
)essae&IP scorin
Blac0listed!Bood HEL?6 de&a5lt7:+ 9 (hl+alencePB)
5
)essae&IP scorin
Internal ?nly ddress6 de&a5lt7:= 9 (ia+alencePB)
25
)essae&IP scorin
Domain #hanging IP $reC5ency6 de&a5lt7;=+ 9 (id+alencePB)
150
)essae&IP scorin
IP $reC5ency6 de&a5lt7;=+ 9 (i,+alencePB)
150
)essae&IP scorin
"imeo5t Score (idle+alencePB)
0
-or IP scorin with smt)Idle"imeo5t.
IP Parallel Sessions6 de&a5lt7= 9 (ipl+alencePB)
5
)essae&IP scorin
In1alid HEL?6 de&a5lt7;+ 9 (ih+alencePB)
15
)essae&IP scorin
In1alid 2eci)ient6 de&a5lt7;+ 9 (ir+alencePB)
60
)essae&IP scorin
S5bDect $reC5ency6 de&a5lt7;=+ 9 (is+alencePB)
150
)essae&IP scorin
D5)licate 2eci)ient6 de&a5lt7;+ 9 (mdr+alencePB)
10
)essae&IP scorin
Missing Message-ID6 de&a5lt7;+ 9 (midm+alencePB)
15
)essae&IP scorin
S5s)icio5s Message-ID6 de&a5lt7;+ 9 (mids+alencePB)
25
)essae&IP scorin
In1alid Message-ID6 de&a5lt7;+ 9 (midi+alencePB)
25
)essae&IP scorin
In1alid $BM"V chec06 de&a5lt7:= 9 (,bmt$+alencePB)
25
)essae&IP scorin
In1alid B"V chec06 de&a5lt7:= 9 (bat$+alencePB)
25
)essae&IP scorin
Max Errors Exceeded6 de&a5lt7;+ 9 (me+alencePB)
12.05.2014 Seite 40 von 134
15
Message/IP scoring
Message Scoring Limit Exceeded, default=10 + (msValencePB)
25
IP scoring
Missing MX, default=10 + (mxValencePB)
10
Message/IP scoring
Missing MX & A Record, default=1 + (mxaValencePB)
10
Message/IP scoring
!o "rom Score, default=0 + (nofromValencePB)
50
For Message/IP scoring in #o!o"rom.
Extreme $ad %& 'istor(, )otalScore larger t*an &enalt(Extreme, default=+ (pbeValencePB)
40
Message Scoring
$ad %& 'istor(, )otalScore larger t*an &enalt(Limit, default=1 (pbValencePB)
20
Message Scoring
,ood %& 'istor( -%& in &$ .*ite$ox/, default=01 (pbwValencePB)
-15
Message Scoring Bonus
,R%& 1alue -+ if 2 034,0 if 5 031/, default= (gripValencePB)
20
Message scoring
Message 67, default=0+ (okValencePB)
-25
IP Bonus
Missing &)R Record, default=10 + (ptmValencePB)
10
Message/IP scoring
%n1alid &)R Record, default=1 + (ptiValencePB)
15
Message/IP scoring
#!S$L !eutral, default=8 + (rblnValencePB)
25
Message/IP scoring
#!S$L "ailed, default=100 + (rblValencePB)
100
Message/IP scoring
"ailed Rela( Attem9t, default=10 + (rlValencePB)
150
Message/IP scoring
S9am :ollect Address, default=+ (saValencePB)
25
IP scoring
Scri9t Ex9ression, default=+ + (scriptValencePB)
25
Message/IP scoring
12.05.2014 Seite 41 von 134
!o 6rgani;ation and !o :ountr(:ode, default=10 + (sbnValencePB)
10
For Message/IP scoring in DoOrgBlocking/DoCountryBlocking
.*ite 6rgani;ations Score, default=0+ (sworgValencePB)
-25
Bonus for Message/IP scoring in DoOrgWhiting
Sus9icious :ountr( :ode, default=10 (sbsccValencePB)
10
Message scoring
$loc<ed :ountr( :ode Score, default=+ + (bccValencePB)
50
For Message/IP scoring in PenaltyBox ( #o&enalt(
"oreign :ountr( :ode Score, default=10 + (sbfccValencePB)
10
!essage scoring in PenaltyBox ( #o&enalt(Message
'ome :ountr( :ode Score, default=010 + (sbhccValencePB)
-10
Bonus for Message/IP Scoring in PenaltyBox ( #o&enalt(
$loc<ed 6rgani;ations Score, default=+ + (sborgValencePB)
25
For Message/IP scoring in PenaltyBox ( #o&enalt(
S&" &ass Score, default=010 (spfpValencePB)
-10
Bonus for Message/IP scoring "ith SPF
S&" !eutral, default= + (spfnValencePB)
0
Message/IP scoring
S&" Softfailed, default= + (spfsValencePB)
0
Message/IP scoring
S&" !one, default=0 + (spfnonValencePB)
0
Message/IP scoring
S&" =n<no>n, default=0 + (spfuValencePB)
0
Message/IP scoring
S&" Error, default= + (spfeValencePB)
5
Message/IP scoring
S&" "ailed, default=10 + (spfValencePB)
0
Message/IP scoring
SRS ?alidate $ounce "ailed Score, default=10 + (srsValencePB)
10
For Message/IP scoring in SRS?alidate$ounce
&enalt( )ra9 Address, default=0 + (stValencePB)
25
For Message/IP scoring
67, %s a SSL@)LS connection, default=010 + (tlsValencePB)
12.05.2014 Seite 42 von 134
-10
Message Scoring/IP scoring Bonus for SS#/$#S connections
=R%$L !eutral, default=+0 + (uriblnValencePB)
20
Message/IP scoring
=R%$L "ailed, default=+ + (uriblValencePB)
20
Message/IP scoring
?irus sus9icious, default=+ (vsValencePB)
25
Message scoring
?irus detected, default=0 + (vdValencePB)
15
Message/IP scoring
)estRe ?alence, default=+0 + (teValencePB)
20
%alence for testing test&e
'otes On Penalty Box
Notes
12.05.2014 Seite 43 von 134
#ela(ing@,re(listing
EnaAle #ela(ing@,re(listing (EnableDelaying)

(na)le *reylisting as +escri)e+ at ,re(listing0>*ite9a9er.
It,s a ne" !etho+ of )locking significant a!ounts of s-a! at the !ailser.er le.el/ )ut "ithout resorting to hea.y"eight statistical
analysis or other heuristical a--roaches.
.*itelisted ,re(listing (DelayW)
(na)le *reylisting for "hiteliste+ !ails. $his also ena)les *eylisting for SPF0Cache0O1 liste+ IP,s an+ !ails fro! "hite
organi2ations/ "hich are nor!aly not greyliste+.
!o&rocessing ,re(listing (Delay!P)
(na)le *reylisting for no-rocessing !ails.
S9am0Lo1ers ,re(listing (Delay")
(na)le *reylisting for S-a!0#o.ers.
Add X0Ass90#ela(ed 'eader (Delay#dd$eader)

3++ 403ss-0Delaye+ hea+er to hea+er of all +elaye+ or "hiteliste+ !ails.
EmAargo )ime (DelayEmbargo%ime)
2
(nter the nu!)er of !inutes for "hich +eli.ery/ relate+ "ith ne" ,tri-let, (IP a++ress of the sen+ing
host 5 !ail fro! 5 rc-t to/ is refuse+ "ith a te!-orary failure. Default is 6 !inutes.
.ait )ime (DelayWait%ime)
28
(nter the nu!)er of hours to "ait for +eli.ery atte!-ts relate+ "ith recognise+ ,tri-let,7 +eli.ery is acce-te+
i!!e+iately an+ the ,tu-let, (IP a++ress of the sen+ing host 5 sen+er,s +o!ain is safeliste+. Default is 89 hours.
Ex9ir( )ime (DelayExpiry%ime)
360
(nter the nu!)er of +ays for "hich "hiteliste+ ,tu-let, is consi+ere+ .ali+. Default is :; +ays.
=se %& !etAloc<s (Delay&se!etblocks)

Perfor! the IP a++ress checks of the sen+ing host )ase+ on the /8< su)net it is at rather than the s-ecific IP.
$his feature !ay )e useful for legiti!ate !ail syste!s that shuffle !essages a!ong SM$P clients )et"een retrans!issions.
!ormali;e ?ER& Addresses (Delay!ormali'eVE(Ps)

So!e !ailing lists (such as (2!l! try to track )ounces to in+i.i+ual !ails/ rather than =ust in+i.i+ual reci-ients/ "hich creates a
.ariation on the %(&P !etho+ "here each e!ail has its o"n uni>ue en.elo-e sen+er. Since the auto!atic "hitelisting (calle+
sa.elisting to !ake a +ifference to the stan+ar+ "hitelisting that is )uilt into *reylisting +e-en+s on the en.elo-e a++resses for
su)se>uent !ails )eing the sa!e/ the greylisting filter "ill atte!-t to nor!ali2e the uni>ue sen+er a++resses/ "hen this o-tion is
checke+.
Add m(!ame to )ri9lets (DelayWith)y!ame)
If set/ m(!ame is a++e+ to e.ery +elay tri-let (not to tu-lets. $his is useful an+ reco!!en+e+/ if you are using !ore than one
3SSP host "ith share+ +ata)ases for dela(dA. $his o-tion !akes the tri-lets uni>ue to e.ery 3SSP host/ )ecause it is allo"e+ for
SM$P0hosts/ to re>uest a )acku- M4 i!!e+iately after the -ri!ary M4/ "ithout "aiting 6 !inutes (#ela(EmAargo)ime
)et"een the t"o re>uests.
=se M# for #ela(#$ (Delay)D*)

Message0Digest algorith! 6 is a cry-togra-hic hash function an+ a++s so!e le.el of security to the +elay +ata)ase. Must )e set to
off if you "ant to list the +ata)ase "ith DelaySho"DB/DelaySho"DB"hite. $his re>uires an installe+ #igestBBM# !o+ule in
P(&#.
S*o> #ela(@,re(listing #ataAase (Delay"howDB)
file:delaydb Show file
$he +irectory/file "ith the +elay +ata)ase file. If you change the filena!e in section File-ath ( dela(dA you !ust change it here
too.
S*o> #ela(@,re(listing Sa1e #ataAase (Delay"howDBwhite)
file:delaydb.white Show file
$he +irectory/file "ith the sa.e +elay +ata)ase file. If you change the filena!e in section File-ath ( dela(dA you !ust change it
here too.
Ex9ire S9amming Safelisted )u9lets (DelayExpire+n"pam)

12.05.2014 Seite 44 von 134
If a safeliste+ ,tu-let, is e.er associate+ "ith s-a!/ .iri/ faile+ r)l/ s-f etc/ it is +elete+ fro! the safelist.
$his rene"s the te!-orary e!)argo for su)se>uent !ail in.ol.ing the tu-let.
:lean =9 #ela(ing #ataAase
s
(,leanDelayDB-nterval)
10800
Delete out+ate+ entries fro! tri-lets an+ safeliste+ tu-lets +ata)ases e.ery this !any secon+s.
Defaults to : hour.
#onCt #ela( t*ese %&sD (noDelay)
file:files/nodelay.txt Edit file
(nter IP a++resses that you +on,t "ant to )e +elaye+/ se-arate+ )y -i-es (?. $here are !is)eha.ing M$3s that "ill not )e a)le to
get a legiti!ate e!ail through a *reylisting ser.er )ecause they +o not try again later. 3n I'COMP#($( list of such !ailers is
a.aila)le at c1s39uremagic3com@1ie>c1s@,re(listing@sc*ema@>*itelistEi93txt.
When using !entione+ list re!e!)er to a++ trailing +ots in IP a++resses "hich s-ecify su)nets (eg. @A8.@;9 0B @A8.@;9. .
For exa!-leC @8D.E.E.@?@D8.@;..
$o +efine IP,s only for s-ecific e!ail a++resses or +o!ains (reci-ients you !ust use the fileC... o-tion
3n entry (line !ay look as follo"sC
@<6.@<;.E.E/@;FBGHlocal.+o!ain?userH!y+o!ain?user8HG.!y+o!ain I co!!ent
It is -ossi)le to +efine a -re+efine+ grou- on any or )oth si+es of the ,FB, se-arator/ likeC
Ji-grou-KFBJusergrou-K?userH!y+o!ain
'O$IC(C the follo"ing co!)ination of t"o entries/ "ill lea+ in to a user/+o!ain )ase+ !atching 0 the glo)al entry "ill )e ignore+L
@<6.@<;.E.E/@; I co!!ent
@<6.@<;.E.E/@;FBGHlocal.+o!ain?userH!y+o!ain?user8HG.!y+o!ain I co!!ent
If !ulti-le user/+o!ain )ase+ entries are +efine+ for the sa!e IP/ only the last one "ill )e use+L
#o not #ela( t*ese AddressesD (noDelay#ddresses)
(nter sen+ers e!ail a++resses that you +on,t "ant to )e +elaye+/ se-arate+ )y -i-es (?. Mou can list s-ecific a++resses
(userHany+o!ain.co!/ a++resses at any +o!ain (user/ or entire +o!ains (Hany+o!ain.co!. Wil+car+s are su--orte+
(fri)oGH+o!ain.co!. (?.
For exa!-leC fri)oHany+o!ain.co!?=hanna?Hsillyguys.org or -lace the! in a -lain 3SCII file one a++ress -er
lineCfileCfiles/no+elayuser.txt.
#o not #ela( local AddressesD (localnoDelay#ddresses)
Ski- +elaying if the reci-ient !atches ,no#ela(Addresses, (inco!ing !ail only.
Re9l( :ode to Refuse #ela(ed Messages (DelayError)
451 4.7.1 Please try again later
SM$P re-ly co+e to refuse +elaye+ !essages. DefaultC <6@ <.D.@ Please try again later
'otes On Delaying
Notes
12.05.2014 Seite 45 von 134
SPF/DMARC/SRS
Enable SPF Validation (ValidateSPF)
disabled
Enable Sender Policy Framework Validation as described at openspf and Domain-based Message Authentication, Reorting !
"on#ormance - described in DMARC $DMAR" re%uires also DoDKIM to be enabled&'
(his re%uires an installed Mail::SPF module in PER)' (estmode is set with spfTestMode, scoring is set with spfValencePB' *#
you need more in#ormation about the synta+ o# SPF records, ,isit SPFReco!dS"nta#'
Do SPF Ve!sion $ Validation (SPF2)
Enable Sender Policy Framework Validation Version -'
(his re%uires an installed Mail::SPF ob.ect-oriented Perl module that suersedes the old Mail//SPF//0uery module'
%&itelisted SPF Validation (SPFWL)
Enable Sender Policy Framework Validation #or whitelisted users also'
noP!ocessin' SPF Validation (SPFNP)
Enable Sender Policy Framework Validation #or nonrocessed messages also'
(ocal and o)t'oin' *ail SPF Validation (SPFLocal)
Enable Sender Policy Framework Validation #or local and outgoing messages also' Don1t #orget to con#igure your D2S-ser,er #or
SPF and3or to con#igure SPFo+e!!ide 3 SPFfallbac, 3 SPFlocalReco!d, i# you enable this otion'
Enable SPF Bac,'!o)nd C&ec, (enableSPFbackground)

SPF background checks are initiated by some #eatures $#or e+amle DoDo*ainIP& to #illu the SPF"ache' (he collected results
are later used to re,ent blocking good mails'
Add Recei+ed-SPF .eade! (AddSPFHeader)

Add Recei,ed-SPF header to header o# all mails rocessed by SPF'
SPF Failed Repl" (SPFError)
554 5.7.1 failed SPF: SPFRESULT
SM(P rely #or SPF #ailed messages' De#ault/ 1445 4'6'7 #ailed SPF/ SPFRES8)(1
(he literal SPFRES8)( $case sensiti,e& is relaced by the actual result'
S,ip SPF P!ocessin'/ (noSPFRe)
10.|194.25.134.
Put anything here to identi#y these messages in mail#rom or header
0+e!!ide Do*ains/ (SPFoverride)
Set o,erride to de#ine SPF records #or domains that do ublish but which you want to o,erride anyway' *# you seci#y only domains
the )ocal SPF Record $ SPFlocalReco!d & below will be used as de#ault' 9ildcards are suorted' For e+amle/ abc'com:;,:s#7
a3-5 m+3-5 tr -all<cello'ch:;,:s#7 i5/-7='5>'-5='?3-> @all<abc'com<A'de#'com '
(o generate a SPF record #or a domain/
- go to &ttp://1112sende!base2o!'
- looku the domain in#ormation in B)ook u your networkB
- right beside BAddresses in domain used to send emailB click on e+ort, and e+ort the list in to lain te+t
- coy and ast the list in to an editor and generate a comma searated *P list
- go to an online SPF record generator - #or e+amle/ &ttp://1112!o"&oc&stenbac&2co*/p!o3ects/spf'ene!ato! and
generate the SPF record
- ut Bdomain:;SPF-recordB in any o# SPFo+e!!ide or SPF#allback
- de#ine the olicy as strict as ossible
Fallbac, Do*ains/ (SPFfallback)
Set #allback to de#ine BretendB SPF records #or domains that don1t ublish them yet' *# you seci#y only domains the )ocal SPF
Record $ SPFlocalReco!d & below will be used as de#ault' 9ildcards are suorted' For e+amle/ abc'com:;,:s#7 a3-5 m+3-5
tr -all<cello'ch:;,:s#7 i5/-7='5>'-5='?3-> @all<abc'com<A'de#'com
(ocal SPF Polic" (LocalPolicySPF)
v=spf1 10! a24 "#24 $all
*# the sending domain does not ublish its own SPF Records this will be used'
(he de#ault is ,:s#7 a3-5 m+3-5 tr @all
(his otion alies to Mail//SPF//0uery module only'
Fallbac,/0+e!!ide SPF Reco!d (SPFlocalRecord)
v=spf1 a24 "#24 p%& 'all
8sed in Fallback3C,erride Domains
(he de#ault is ,:s#7 a3-5 m+3-5 tr -all
12.05.2014 Seite 46 von 134
St!ict SPF P!ocessin' Re'e#/ (trictSPFRe)
@gmail.com|@hotmail.com|@msn.com|@live.com|@aol.com|@ebay.com|@ebay.nl|@bbt.com|@paypal.com|@einsundeins.de|@microsoft.com|rr.com|veritate.com
So#t#ail32eutral will be #ailed #or these sending addresses' Put anything here to identi#y the addresses
Bloc, SPF P!ocessin' Re'e#/ (blocktrictSPFRe)
@ebay.com|@paypal.com
All #ailed messages will be blocked #or these sending addresses' Put anything here to identi#y the addresses'
Additional SPF C&ec, on t&e .eade! f!o* (!oSPFinHeader)
Do an additional SPF check on the header #rom/ address i# it is in bloc,st!ictSPFRe AAA this check breakes RF" rules AAA'
Fail SPF Softfail Validations (SPFoftfail)
*ntentionally #ail SPF so#t#ail status resonses' (he ossible results o# a %uery are/
ass/(he client *P address is an authoriDed mailer #or the sender' (he mail should be acceted sub.ect to local olicy regarding the
sender'
#ail/(he client *P address is not an authoriDed mailer, and the sender wants you to re.ect the transaction #or #ear o# #orgery'
so#t#ail/(he client *P address is not an authoriDed mailer, but the sender re#ers that you accet the transaction because it isn1t
absolutely sure all its users are mailing through aro,ed ser,ers' (he so#t#ail status is o#ten used during initial deloyment o# SPF
records by a domain'
neutral/(he sender makes no assertion about the status o# the client *P'
none/(here is no SPF record #or this domain'
ermerror ! temerror/(he D2S looku encountered an error during rocessing'
unknown/(he domain has a con#iguration error in the ublished data or de#ines a mechanism that this library does not understand'
Fail SPF 4e)t!al Validations (SPFneutral)
*ntentionally #ail SPF neutral status resonses
Fail SPF E!!o! Responses (SPF"ueryerror)
*ntentionally #ail SPF 1error1 status resonses
Fail SPF 4one and 5n,no1n Responses (SPFnone)
*ntentionally #ail SPF 1none1 and 1unknown1 status resonses
Fail SPF 5n,no1n Responses (SPFunkno#n)
*ntentionally #ail SPF 1unknown1 status resonses
SPF Cac&e Ref!es& Inte!+al (SPF$ac%e&nterval)
7
SPF records in cache will be remo,ed a#ter this inter,al in days' ? will disable the cache' Show SPF Cache
Enable SPF/D4S Deb)' o)tp)t to ASSP (o'file (!ebugSPF)
Enables ,erbose debugging o# SPF3D2S39hois3Senderbase %ueries within the Mail//SPF and 2et//D2S modules'
2otes Cn SPF
Notes
F!o* Add!ess fo! DMARC Repo!ts (!'AR$Re(ortFro))
(he email address to be used as FRCM/ address to send DMARC reorts' *# blank, no DMAR" reorts will be sentE *# only the user
name is de#ined, ass will add the domain name that belongs to the reort'
Don6t send DMARC !epo!ts to t&ese Add!esses/Do*ains/ (no!'AR$Re(ort!o)ain)
Put any DMAR" reort reciient domain or address $ru#3rua& in to this list - #or e+amle i# DMAR" reorts could be ne,er deli,ered
#or any reason'
Accets seci#ic addresses $userFe+amle'com&, user arts $user& or entire domains $Fe+amle'com&' 9ildcards are suorted
$#riboAFe+amle'com&'
Enable Sende! Re1!itin' Sc&e*e (EnableSRS)
Enable Sender Rewriting Scheme as described at 1112openspf2o!'/SRS'
(his re%uires an installed Mail::SRS module in PER)'
Gou should use SRS i# your message handling system #orwards email #or domains with ublished s# records and there SPF record
not includes your MH'
2C(*"E/ *n case your local users are #orwarding mails $e'g' #rom e+ternal domains& to e+ternal domains $e+ternal mail accounts&
and these #oreign domains bounces back $e'g' outIo#Io##ice 3 ,acation&, your M(A $s*tpDestination& will ossibly get mails #rom
e+ternal domains to be deli,erd to e+ternal domainsE
2ote that you ha,e to setu the outgoing ath $Relay Jost and Port& to let ASSP see and rewrite your outgoing tra##ic'
(estmode is set with s!sTestMode'
Alias Do*ain (SRSAlia!o)ain)
12.05.2014 Seite 47 von 134
thisdomain.com
SPF re%uires the SM(P client *P to match the en,eloe sender $return-ath&' 9hen a message is #orwarded through
an intermediate ser,er, that intermediate ser,er may need to rewrite the return-ath to remain SPF comliant'
For e+amle/ thisdomain'com
Sec!et Ke" (SRSSecret*ey)
A key #or the crytograhic algorithms -- Must be at least 4 characters long'
Ma#i*)* Ti*esta*p A'e (SRS+i)eta)('a,Age)
21
Enter the ma+imum number o# days #or which a timestam is considered ,alid' De#ault is - days' A#ter this number o# days a SRS
bounce is no longer ,alidE
.as& (en't& (SRSHa%Lengt%)
4
(he number o# bytes o# base>5 encoded data to use #or the crytograhic hash'
More is better, but makes #or longer addresses which might e+ceed the >5 character length suggested by RF"-K-7'
(his de#aults to >, which gi,es > + > : => bits o# crytograhic in#ormation, which means that a sammer will ha,e
to make -L=> attemts to guarantee #orging an SRS address'
Enable Bo)nce Recipient Validation (SRSValidate-ounce)
block
Mounce messages that #ail re,erse SRS ,alidation $but not a ,alid SM(P robe&
will recei,e a 445 4'6'4 NMounce address not SRS signedO SM(P error code'
(estmode is set with s!sTestMode, scoring is set with s!sValencePB'
Don6t Re1!ite T&ese Add!esses/ (SRSno)
Don1t rewrite addresses when messages come #rom these addresses' Accets seci#ic addresses $userFdomain'com&, user arts
$user& or entire domains $Fdomain'com&'
For e+amle/ #riboFthisdomain'com<.hanna<Fsillyguys'org
Don6t Validate Bo)nces F!o* t&ese IPs/ (noSRS)
Enter *P addresses that you don1t want to ,alidate bounces #rom, searated by ies $<&' For e+amle/ 7-6'?'?'7<76-'7>''
2otes Cn SRS
Notes
12.05.2014 Seite 48 von 134
D4SB(
Enable D4S Blac,list Validation (ValidateR-L)
disabled
(his re%uires an installed 4et::D4S module in PER)'
Ea!l" D4SB( Cac&e Bloc,in' (ForceR-L$ac%e)

*# set, ASSP will use cached D2SM) hits to block messages be#ore other tests' test*ode will o,erride this' spa*lo+e! settin's
will be ignored'
Don6t do D4SB( fo! t&ese IPs/ (noR-L)
10.
Enter *P addresses that you don1t want to be D2SM) ,alidated, searated by ies $<&' For e+amle/ 7-6'?'?'7<76-'7>''
%&itelisted D4SB( Validation (R-LWL)
Enable D2SM) #or whitelisted users also
Add 7-Assp-D4SB( .eade! (AddR-LHeader)

Add H-Ass-D2SM) header to messages with ositi,e rely #rom D2SM)'
D4SB( Failed Repl" (R-LError)
550 5.7.1 Blacklisted by RBLLISTED
SM(P rely #or D2SM) #ailed messages' De#ault/ 1445 4'6'7 D2S Mlacklisted by RM))*S(ED1
(he literal RM))*S(ED $case sensiti,e& is relaced by the actual ser,icero,iders$s&'
RB( Se!+ice P!o+ide!s/ (R-LServiceProvider)
bl.spamcop.net|cbl.abuseat.o!|sbl"#bl.spam$aus.o!|dnsbl.n%abl.o!|list.dsbl.o!|dnsbl.sobs.net|opm.blit&ed.o!|dynablock.n%abl.o!
2ames o# D2SM)s to use searated by B<B' Gou may set #or e,ery ro,ider a weight like
Den'samhaus'org:;4?<bl'samco'net:;-4'
De#aults are/
Den'samhaus'org:;7<bl'samco'net:;7<sbl'surriel'com:;-<i+'dnsbl'manitu'net:;-<
l-'aews'org:;=<combined'n.abl'org:;7<sa#e'dnsbl'sorbs'net:;7<dnsbl-7'ucerotect'net:;-<
dnsbl--'ucerotect'net:;-<dnsbl-='ucerotect'net:;-<blackholes'#i,e-ten-sg'com:;=B'
D2SM) ro,iders can get a BweightB like bl'samco'net:;7'
(he ,alue o# the weight can be set directly like:;54 or as a di,isor o# RB(*a#1ei'&t' )ow numbers P > are di,isors ' So i#
RB(*a#1ei'&t : 4? $de#ault& bl'samco'net:;4? would be the same as bl'samco'net:;7, bl'samco'net:;- would be the
same as bl'samco'net:;-4'
*# the sum o# weights surasses RB(*a#1ei'&t, the D2SM) check #ails' *# not, the D2SM) check is scored as BneutralB e,en with
RB(*a#&its reached' Setting S&o1*a#!eplies will allow A)) relies to contribute to the total weight regardless o# RM)ma+hits'
Some RM) Ser,ice Pro,iders, like blackholes'#i,e-ten-sg'com, ro,ides di##erent return codes in a single D2S-Done/ like 7-6'a'b'c -
where a,b,c are used to identi#y a weight or tye $or what e,er& o# the returned entry' *# you want to care about secial return
codes, or i# you want to use di##erent weights #or di##erent return codes, you should use the #ollowing enhanced entry synta+/
RM)-Ser,ice-Pro,ider:;result-to-watch:;weight $like/&
blackholes'#i,e-ten-sg'com:;7-6'?'?'-:;=
blackholes'#i,e-ten-sg'com:;7-6'?'?'4:;5
blackholes'#i,e-ten-sg'com:;7-6'?'Q'A:;4
Gou can see, the wildcards A $multile character& and Q $single character& are ossible to use in the second arameter' 2e,er mi+
the three ossible synta+ tyes #or the same RM) Ser,ice Pro,ider' An search #or a match inside such a de#inition is done in
re,erse AS"** order, so the wildcards are used as last'
Some RM) Ser,ice Pro,iders, ro,ides di##erent return codes using a bitmask in any art o# the rely' (o de#ine weights #or
bitmasks, lace a single 1M1 in #ront o# the mask number, like
s'com:;7-6'?'?'M-:;-4
s'com:;7-6'?'?'M5:;57
s'com:;7-6'?'M7'4:;4>
s'com:;7-6'?'M>5'A:;77
s'com:;7-6'?'?'-:;--
s'com:;7-6'?'A'A:;7
Valid bitmasks are 7,-,5,K,7>,=-,>5 and 7-K' (he resulting weight will be the weight sum o# all matching bitmasks $i# no #ull
%uali#ied de#inition is #ound&' For e+amle/ a return code o# 7-6'?'?'> #or s'com will result in a weight o# >> $-4R57&, a rely o#
7-6'?'?'- will result in --
Mecause each single bitmask indicates a set o# 7-K numbers you should re,ent the usage o# something like 7-6'?'M7>'M7 - this
will lead in to a set o# $7-KA7-K& 7>=K5 addresses, which is really too muchE
For the same ser,ice ro,ider, #irst de#ine all bitmask de#initions, a#ter that all #ull %uali#ied de#initions and than all de#initions with
wildcards, like in the e+amle abo,eE *# your de#inition order is wrong, the resulting weights will be une+ectedE
Ma#i*)* Replies (R-L)a,re(lie)
'
A rely is a##irmati,e or negati,e rely #rom a D2SM)'
(he D2SM) module will wait #or this number o# relies $negati,e or ositi,e& #rom the D2SM)s listed under Ser,ice Pro,ider #or u
to the Ma+imum (ime$ RB(*a#ti*e &'
(his number should be e%ual to or less than the number o# D2SM) Ser,ice Pro,iders listed to allow #or randomly una,ailable
D2SM)s'
12.05.2014 Seite 49 von 134
Ma#i*)* .its (R-L)a,%it)
1
A hit is an a##irmati,e resonse #rom a D2SM)'
(he D2SM) module will check all o# the D2SM)s listed under Ser,ice Pro,ider' *# the number o# hits is greater or e%ual Ma+imum
Jits, the email is #lagged Failed'
*# the number o# hits is greater ? and less Ma+imum Jits, the email is #lagged 4e)t!al
RB( Ma#i*)* %ei'&t (R-L)a,#eig%t)
50
A weight is a number reresenting the trust we ut into a D2SM)'
(he D2SM) module will check all o# the D2SM)s listed under Ser,ice Pro,ider' *# the total o# weights is greater or e%ual Ma+imum
9eight, the email is #lagged Failed'
*# the total o# weights is greater ? and less Ma+imum 9eight, the email is #lagged 4e)t!al
Ma#i*)* Ti*e (R-L)a,ti)e)
10
(his sets the ma+imum time in seconds to send on each message er#orming D2SM) checks' De#ault is 74'
Soc,et Ti*eo)t (R-Lockti)e)
1
(his sets the D2SM) socket read timeout in seconds'
D4SB( E#pi!ation Ti*e (R-L$ac%eE,()
()
*P1s in cache will be remo,ed a#ter this inter,al in hours' ? will disable the cache' S$o* D+SBL ,ac$e
2otes Cn D2SM)
+otes
12.05.2014 Seite 50 von 134
URIBL
Enable URI Blocklist Validation (ValidateURIBL)
disabled
Enable URI Blocklist. Messages that fail URIBL validation will receive URIBLError SMTP error code. This reqires an installed
Net::DNS !odle and an installed Email::MIME !odle in PERL.
" # disabled$ % # block$ & # !onitor$ ' # !essagescore .
Do URI Blocklist Validation for Whitelisted (URIBLWL)
URIBL check is done ignoring all s(a!lovers and test!odes)
Do URI Blocklist Validation for Norocessin! (URIBLNP)
URIBL check is done ignoring all s(a!lovers and test!odes)
Do URI Blocklist Validation for Local Mails (URIBLLocal)
Do URI Blocklist Validation for IS"Secondar# (URIBLISP)
URIBL Ser$ice ro$iders% (URIBLServiceProvider)
multi.uribl.com|sc.surbl.org|ws.surbl.org|ob.surbl.org|ab.surbl.org|ph.surbl.org|jp.surbl.org
*o!ain +a!es of URIBLs to se se(arated b, -.-. /o !a, set for ever, (rovider a weight like
!lti.srbl.org#01".black.ribl.co!#0&1.
The vale of the weight can be set directl, like#021 or as a divisor of URIBLma&'ei!ht . Low n!bers 3 4 are divisors . So if
URIBLma&'ei!ht # 1" 5defalt6 !lti.srbl.org#01" wold be the sa!e as !lti.srbl.org#0%$ !lti.srbl.org#0& wold be
the sa!e as !lti.srbl.org#0&1.
If the s! of weights sr(asses URIBLma&'ei!ht$ the URIBL check fails. If not$ the URIBL check is scored as -netral- even
with URIBLma&hits reached. Setting Sho'ma&re(lies will allow 7LL re(lies to contribte to the total weight regardless of
URIBL!a8hits.
So!e URIBL Service Providers$ like !lti.srbl.org and black.ribl.co! $ (rovides different retrn codes in a single *+S9:one; like
%&<.a.b.c 9 where a$b$c are sed to identif, a weight or t,(e 5or what ever6 of the retrned entr,. If ,o want to care abot
s(ecial retrn codes$ or if ,o want to se different weights for different retrn codes$ ,o shold se the following enhanced
entr, s,nta8;
URIBL9Service9Provider#0reslt9to9watch#0weight 5like;6
!lti.srbl.org#0%&<.".".&#0&
!lti.srbl.org#0%&<.".".2#0'
!lti.srbl.org#0%&<.".".=#02
!lti.srbl.org#0%&<.".".>#01
/o can see$ the wildcards > 5!lti(le character6 and = 5single character6 are (ossible to se in the second (ara!eter. +ever !i8
the three (ossible s,nta8 t,(es for the sa!e URIBL Service Provider. 7n search for a !atch inside sch a definition is done in
reverse 7S?II order$ so the wildcards are sed as last.
So!e URIBL Service Providers$ (rovides different retrn codes sing a bit!ask in an, (art of the re(l,. To define weights for
bit!asks$ (lace a single @M@ in front of the !ask n!ber$ like
s(.co!#0%&<.".".M&#0&1
s(.co!#0%&<.".".M2#02%
s(.co!#0%&<.".M%.1#014
s(.co!#0%&<.".M42.>#0%%
s(.co!#0%&<.".".&#0&&
s(.co!#0%&<.".>.>#0%
Aalid bit!asks are %$&$2$B$%4$'&$42 and %&B. The reslting weight will be the weight s! of all !atching bit!asks 5if no fll
qalified definition is fond6. Cor e8a!(le; a retrn code of %&<.".".4 for s(.co! will reslt in a weight of 44 5&1D2%6$ a re(l, of
%&<.".".& will reslt in &&
Becase each single bit!ask indicates a set of %&B n!bers ,o shold (revent the sage of so!ething like %&<.".M%4.M% 9 this
will lead in to a set of 5%&B>%&B6 %4'B2 addresses$ which is reall, too !ch)
Cor the sa!e service (rovider$ first define all bit!ask definitions$ after that all fll qalified definitions and than all definitions with
wildcards$ like in the e8a!(le above) If ,or definition order is wrong$ the reslting weights will be ne8(ected) *efalt is;
!lti.srbl.org.black.ribl.co!
URIBL )o*ntr# )ode +LDs% (URIBLCCTLDS)
file:files/URIBLCCTLDS.txt Edit file
List of t'o le$el co*ntr# code +LDs and three le$el co*ntr# code +LDs sed to deter!ine the base do!ain of the ri. Two
level TL*s will be checked on third level$ third level TL*s will be checked on forth level. 7n, not listed do!ain will be checked in
level two.
Ma&im*m URIs (URIBLmaxuris)
250
More than this n!ber of URIs in the bod, will increase s(a! (robabilit,. Enter " to disable featre.
Ma&im*m Uni,*e Domain URIs (URIBLmaxdomains)
10
More than this n!ber of niqe do!ain URIs in the bod, will increase s(a! (robabilit,. Enter " to disable featre.
12.05.2014 Seite 51 von 134
Disallo' -bf*scated URIs (URIBLNoO!uscated)

Ehen enabled$ !essages with obfscated URIs of t,(es FintegerGoctalGhe8 IP$ other things)H in the bod, will get increased s(a!
(robabilit, and if weights are sed$ the doble weight will be sed.
)heck for .D-+. in URI (URIBLc"ec#DOTinURI)
Ehen enabled$ ass( will also check for the sed word @*IT@ instead of a @.@ in URI@s like @e8a!(ledotco! or e8a!(le/d o0t1co!@ .
Enable this featre onl,$ if ,o don@t e8(ect an, (roble!s in ,or national langage 5sing @dot@ D a to(level do!ain in an,
words6.
Ma&im*m Re(lies (URIBLmaxre$lies)
1
7 re(l, is affir!ative or negative re(l, fro! a URIBL.
The URIBL !odle will wait for this n!ber of re(lies 5negative or (ositive6 fro! the URIBLs listed nder Service Provider
for ( to the Ma8i!! Ti!e below. This n!ber shold be eqal to or less than the n!ber of URIBL Service Providers
listed to allow for rando!l, navailable URIBLs.
Ma&im*m 2its (URIBLmax"its)
1
7 hit is an affir!ative res(onse fro! a URIBL.
The URIBL !odle will check all of the URIBLs listed nder Service Provider$
and flag the e!ail with a URIBL failre flag if !ore than this n!ber of URIBLs retrn a (ostive blacklisted res(onse.
This n!ber shold be less than or eqal to Ma8i!! Re(lies above and greater than ". If the n!ber of hits is greater or eqal
Ma8i!! Jits$ the e!ail is flagged failed in ever, case) If the n!ber of hits is greater " and less Ma8i!! Jits$ the e!ail is
flagged ne*tral.
This behavior cold be changed to ,or needs b, sing weighted vales for the URIBLSer$icero$ider .
URIBL Ma&im*m Wei!ht (URIBLmax%ei&"t)
50
7 weight is a n!ber re(resenting the trst we (t into a URIBL.
The URIBL !odle will check all of the URIBLs listed nder URIBLSer$icero$ider for ever, URI fond in an e!ail. If the total of
weights for an URI is greater or eqal this Ma8i!! Eeight$ the e!ail is flagged 3ailed.
If the total of weights is greater " and less Ma8i!! Eeight$ the e!ail is flagged Ne*tral . If not defined or set to :ero onl, the
hit cont will sed to detect a fail or netral state.
Ma&im*m +ime (URIBLmaxtime)
10
This sets the !a8i!! ti!e in seconds to s(end on each !essage (erfor!ing URIBL checks.
Socket +imeo*t (URIBLsoc#time)
5
This sets the URIBL socket read ti!eot in seconds.
Whitelisted URIBL Domains% (URIBL%"itelist)
doubleclick.net|conrad.de
This (revents s(ecific do!ains fro! being checked b, URIBL !odle. Cor e8a!(le; dobleclick.net or file;filesGURIBLwhitelist.t8t.
*o!ains alread, listed in norocessin!Domains and 'hiteListedDomains will be honored.
Don.t )heck Messa!es from these 4ddresses% (noURIBL)
*on@t validate URIBL when !essages co!e fro! these addresses. 7cce(ts s(ecific addresses 5serKdo!ain.co!6$ ser (arts
5ser6 or entire do!ains 5Kdo!ain.co!6.
Cor e8a!(le; friboKthisdo!ain.co!.Lhanna.Ksill,g,s.org
Bad URI I.s% (URIBLIPRe)
Ever, IP in an URI and ever, IP resolved for a hostna!e in an URI is checked against this list of IP@s or networks. Cor
e8a!(le;%21.%21.%21.%21.%21.%24..%.&."."G%4
This high secrit, featre will follow the rles in URIBLWL$ URIBLN$ URIBLLocal and URIBLIS 9 bt if a !atch is fond$ it
will block the e!ail 5 ignores scoring$ !onitoring$ test!odes and s(a!lover 6.
4dd 504ss(0Recei$ed0URIBL 2eader ('ddURIBL(eader)

7dd M97ss(9Received9URIBL header to !essages with (ositive re(l, fro! URIBL.
4dd 504ss(0Detected0URI 2eader ('ddURIS)*+(eader)
URI@s detected with URIBLIN are added to or header lines 5M97ss(9*etected9URI;6.
URIBL )ache Refresh Inter$al for 2its (URIBLCac"eInterval)
7
*o!ains in cache will be re!oved after this interval in da,s. E!(t, or " will disable the cache. Show URIBL Cache
12.05.2014 Seite 52 von 134
URIBL )ache Refresh Inter$al for Misses (URIBLCac"eInterval*iss)
0.5
*o!ains in cache with stats#& 5!iss6 will be re!oved after this interval in da,s. E!(t, or " will (revent caching of non9hits.
Re(l# )ode to Ref*se 3ailed URIBL Messa!e (URIBL,rror)
554 5.7.1 Blacklisted by URIBLNAME Contact the ost!aste" o# this do!ain #o" "esol$tion. %his atte!t has been lo&&ed.
SMTP re(l, code to refse failed URIBL !essage. The literal URIBL+7ME 5case sensitive6 is re(laced b, the na!es of URIBLs with
negative res(onse. If this field is e!(t,$ client connection is si!(l, dro((ed.
+otes In URIBL
Notes
12.05.2014 Seite 53 von 134
4ttachment Blockin!
E&ternal 4ttachment Blockin! (DoBloc#,xes)
block
This reqires an installed Email::MIME !odle in PERL.
E&ternal 4ttachment Blockin! Le$el (Bloc#,xes)
Level 1
Set the level of 7ttach!ent Blocking to %9' for attach!ents that shold be blocked$ set level to 2 for attach!ents that shold be
allowed. ?hoose " for no attach!ent blocking.
Whitelisted 6 Local 4ttachment Blockin! (Bloc#WL,xes)
Level 0
Set the level of 7ttach!ent Blocking to "92 for whitelisted O local senders. ?hoose " for no attach!ent blocking.
Norocessin! 4ttachment Blockin! (Bloc#NP,xes)
Level 0
Set the level of 7ttach!ent Blocking to "92 for no (rocessing senders. ?hoose " for no attach!ent blocking.
Le$el 7 re8ected 3ile E&tensions (Bad'ttac"L-)
exe|scr|pif|vb[es]|js|jse|ws[fh]|sh[sb]|lnk|bat|cmd|com|ht[ab]
This reglar e8(ression is sed to identif, Level % attach!ents that shold be blocked.
Se(arate entries with a (i(e .. The dot . is ass!ed to (recede these$ so don@t inclde it.
Cor e8a!(le;
adFe(H.as8.baFstH.ch!.c!d.co!.c(l.crt.db8.e8e.e8eP9bin.hl(.htFabH.inFfsH.is(.Ls.Lse.lnk.!dFabe:H.!ht.!sFci(tH
.nch.(cd.(if.(rf.(s%=.reg.scFfrtH.shFbsH.vb.vbFesH.w!s.wsFcfhH
If ,o@ve installed the 7SSPQ7C? Plgin 5at least version &.%"6 and @e8e9bin@ is defined 5on an, level6$ the Plgin will detect
e8ectable files based on there binar, content. *etected will be all e8ectables$ libraries and scri(ts for *IS and Eindows
5e8ce(t .co! files6$ M7?9IS and lin8 ELC 5for all (rocessor architectres6.
Le$el 9 re8ected 3ile E&tensions (Bad'ttac"L))
This reglar e8(ression is sed to identif, Level & attach!ents that shold be blocked.
Level & alread, incldes all reLected e8tensions fro! Level %.
Cor e8a!(le;
5adFe(H.as8.baFstH.ch!.c!d.co!.c(l.crt.db8.e8e.hl(.htFabH.inFfsH.is(.Ls.Lse.lnk.!dFabe:H.!ht.!sFci(tH.nch.(cd.(if.(rf.reg.sc
FfrtH.shFbsH.vb.vbFesH.w!s.wsFcfhH6.:i(
Le$el : re8ected 3ile E&tensions (Bad'ttac"L.)
This reglar e8(ression is sed to identif, Level ' attach!ents that shold be blocked.
Level ' incldes Level & and Level %.
Cor e8a!(le;
:i(.rl
Le$el ; 4llo'ed 3ile E&tensions (/ood'ttac")
This reglar e8(ression is sed to identif, attach!ents that shold be allowed. 7ll others are blocked. Se(arate entries with a (i(e
.. The dot . is ass!ed to (recede these$ so don@t inclde it.
Cor e8a!(le;
ai.asc.bh8.dat.doc8=.e(s.gif.ht!.ht!l.ics.L(g.L(eg.hq8.odFts(H.(df.((t.rar.r(t.rtf.sn(.t8t.8ls.:i(.<:
User based <ood and Bad 4ttachments% (User'ttac")
This set of reglar e8(ression is sed to identif, attach!ents that shold be allowed or blocked for s(ecified sers andGor do!ains.
Se(arate entries with a an, of @#0 $ R s(ace@. Se(arate !lti(le rege8 entries with (i(e @.@. The dot . is ass!ed to (recede the
rege8$ so don@t inclde it an,where 5e8ce(t the ser na!e6.
To define entries ,o have to se the @file;...@ o(tion. *efine one entr, (er line 9 co!!ents are not allowed in a definition line.
The s,nta8 of an entr, is as follows;
serna!e #0 good #0 good7ttachRege8 $ good9ot #0 goodotRege8 $ good9in #0 goodinRege8 $ block #0 block7ttachRege8 $
block9ot #0 blockotRege8 $ block9in #0 blockinRege8
serna!e 9 Mail solel, to or fro! an, of these addresses. 7cce(ts s(ecific addresses 5serKdo!ain.co!6$ ser (arts 5ser6 or
entire do!ains 5Kdo!ain.co!6 or a Sro( definition FSRIUPH. Eildcards are s((orted 5fribo>Kdo!ain.co!6.
good #0 good7ttachRege8 9 good attach!ent for inco!ing and otgoing !ails
good9ot #0 goodotRege8 9 good attach!ent for otgoing !ails
good9in #0 goodinRege8 9 good attach!ent for inco!ing !ails
block #0 block7ttachRege8 9 bad attach!ent for inco!ing and otgoing !ails
block9ot #0 blockotRege8 9 bad attach!ent for otgoing !ails
block9in #0 blockinRege8 9 bad attach!ent for inco!ing !ails
Cor e8a!(le;
serKdo!ain.tld #0 good #0 ai.asc.bh8.dat.doc.e(s.gif.ht!.ht!l.ics.L(g.L(eg.hq8.odFts(H.(df.((t.rar.r(t.rtf.sn(.t8t.8ls.:i(
>Kdo!ain.tld #0 good #0 ai.asc.bh8 $ good9ot #0 e(s.gif $ good9in #0 ht!.ht!l $ block #0 (df.((t $ block9ot #0 rar.r(t $
block9in #0 8ls.e8eP9bin
12.05.2014 Seite 54 von 134
7t least one of the above o(tion !st be defined in a line 9 a !a8i!! of all 5si86 cold be defined$ if this !akes sense.
If the ser na!e !atches for a sender or reci(ient and a 5inGot6 rege8 definition is fond in this file$ all level definition are
overwritten for this !ail.
good$ good9ot and good9in 9 and also 9 block$ block9ot and block9in 9 will be logical IR co!bined according to the !ail flow.
+otice; if a bad attach!ent is fond on a ser based attach!ent check$ the (enalt, bo8 IP address scoring is ski((ed.
Re(l# )ode to Ref*se Re8ected 4ttachments ('ttac"ment,rror)
554 Executable attachments are not allowed -- Compress before mailing.
The literal @CILE+7ME@ will be re(laced with the na!e of the blocked attach!ent)
Ref*se U*encoded Mails (Bloc#Uuencoded)

Re(l# to Ref*se U*encoded Mails (Uuencoded,rror)
554 5.7.1 This mail is uuencoded and will be blocked.
Cor e8a!(le; 112 1.<.% This !ail is encoded and will be blocked
+otes In 7ttach!ent Blocking
otes
12.05.2014 Seite 55 von 134
ClamAV and FileScan
Do Not Scan Messages from/to these Addresses* (noScan)
file:files/noScanAddresses.txt Edit file
Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com).
Do Not Scan Messages from these IP's* (noScanIP)
file:files/noScanIPs.txt Edit file
Enter IP addresses that you don't want to be scanned for virus , separated by pipes (|). or e!amp"e# $%&.$%&.$%&.$%&|$%&.$%'.
Ski Vir!s "eg#$* (NoScanRe)
Put anythin( here to identify messa(es which shou"d not be chec)ed for viruses.
No%&locking Vir!s Scan Scoring "ege$** (SuspiciousVirus)
If a *"amA+ or i"e,can resu"t matches this e!pression it wi"" be scored with the suspicious virus score ( 'sValenceP& ) and the
messa(e wi"" not be b"oc)ed.
It is possib"e to wei(ht such resu"ts. Every wei(hted re(e! that contains at "east one '|' has to be(in and end with a '-' . inside
such re(e!es it is not a""owed to use a '-', even it is escaped . for e!amp"e# -abc/-|def-0123 or -abc-|def-0123 . instead use
the octa" (/$2') or he! (/!4E) notation , for e!amp"e -abc/$2'|def-0123 or -abc/!4E|def-0123 . Every wei(hted re(e! has to
be fo""owed by '01' and the wei(ht va"ue. or e!amp"e#
Phishin(/.01$.%&|-5euristics|Emai"-01&6
or
-(Emai"|5789|,anesecurity)/.(Phishin(|,pear|(,pam|,cam):a.;6.<=>)/.-01%.'|,pam01$.$|-,pear|,cam-012.$ .
7he mu"tip"ication resu"t of the wei(ht and the pena"tybo! va"ence va"ue wi"" be used for scorin(, if the abso"ute va"ue of wei(ht is
"ess or e?ua" '. @therwise the va"ue of wei(ht is used for scorin(.
Scan (hitelisted Senders (ScanWL)
Scan No Processing Senders (ScanNP)
Scan )ocal Senders (ScanLocal)
Scan Coied Sam Mails (ScanCC)
"el* Code to "ef!se Infected Messages (AvError)
554 5.7.1 Mail appears infected with 'infection' !! disinfect and resend.
Aep"y code to refuse infected messa(es. 7he strin( Binfection is rep"aced with the name of the detected virus.
or e!amp"e# &&% &.4.$ 8ai" appears infected with /:Binfection/= .. disinfect and resend.
Send Vir!s "eort +o +his Address (EmailVirusReportsTo)
"ho#as.Ec$ardt%thoc$ar.co#
If set an emai" containin( the 8essa(e IC, Aemote IP, 8essa(e ,ubDect, ,ender emai" address, Aecipient emai" address, and the
virus detected wi"" be sent to this address. or e!amp"e# admin@domain.com
Add F!ll ,eader +o Vir!s "eort +o Mail Address A-o'e (EmailVirusReportsHeader)

If set the fu"" messa(e headers wi"" a"so be added to +irus Aeports.
Send Vir!s "eort +o "eciient (EmailVirusReportsToRCPT)
If set the intended recipient of the messa(e wi"" be sent a copy of the +irus Aeport.
.se File S*stem Vir!s Scanner (DoileScan)
disa&led
If activated, the messa(e is written to a fi"e inside the 'FileScanDir' with an e!tension of 'maillog#$t'. After that A,,P wi"" ca""
'FileScanCMD' to detect if the temporary fi"e is infected or not. 7he temporary created fi"e(s) wi"" be removed.
7he viruses wi"" be stored in a specia" fo"der if the SamVir!s)og is set to '?uarantine' and the fi"epath to the 'ir!slog is set.
File Scan Director* (ileScanDir)
c:'assp/(ir)sscan
Cefine the fu"" path to the directory where the messa(es are temporary stored for the fi"e system virus scanner. 7his cou"d be any
directory inside your fi"e system. 7he runnin( A,,P process must have fu"" permission to this directory and the fi"es insideE
File Scan Command (ileScanC!D)
A,,P wi"" ca"" this system command and e!pects a returned strin( from this command. 7his returned strin( is chec)ed a(ainst
'FileScan&ad' andFor 'FileScan/ood' to detect if the messa(e is @G or notE If the fi"e does not e!ists after the command ca"", the
12.05.2014 Seite 56 von 134
messa(e is consider infected. A,,P e!pects, that the fi"e scan is finished when the command returnsE
7he "itera" 'I9EHA8E' wi"" be rep"aced by the fu"" ?ua"ified fi"e name of the temporary fi"e.
7he "itera" 'HI8JEA' wi"" be rep"aced by the threadnumber and cou"d be used to name "o(fi"es and to redirect them to ,7C@I7.
7he "itera" 'I9E,*AHCIA' wi"" be rep"aced with the va"ue of i"e,canCir.
Any case sensitive "itera" startin( and endin( with an asteri! (K) "i)e 'KrcptK' or 'Kmai"fromK' wi"" be rep"aced by the ?uoted
runtime connection variab"e of *onLfhM.1L"itera"M (this.1L"itera"M). Nou need to )now the assp interna"sE
If a code reference is defined for the interna" variab"e Bmain##i"e,can*8Cbui"dOAPI in "ibF*orrectA,,Pcf(.pm , assp wi"" ca""
'Bi"e,can*8Cbui"dOAPI.1(/Bcmd,Bthis)' before runnin( the command. 7he first parameter, the command (FileScanCMD), is
submitted as a reference to a sca"ar, which must be modified in p"ace. If you want assp not to scan the messa(e, set this variab"e
to undef. 7he second submitted parameter is the reference to the c"ient connection parameter 5A,5 . B*onLfhM (e(. Bthis)
A"" outputs of this command to ,7CEAA are automatic redirected to ,7C@I7.
i"e,can wi"" not run, if FileScanCMD is not specified.
If you have your on"ineFautoprotect fi"e scanner confi(ured to de"ete infected fi"es inside the 'FileScanDir', define 'H@AIH' in this
fie"dE In this case FileScan/ood and FileScan&ad are i(nored. If there is a need to wait some time for the autoprotect scanner,
write 'H@AIH.dddd', where dddd are the mi""iseconds to waitE
Cependin( on your operatin( system it may possib"e that you have to ?uote (' or P) the command, if it contains whitespaces. 7he
rep"aced fi"e name wi"" be ?uoted by A,,P if needed.
"eg#$ to Detect '&AD' in "et!rned String* (ileScan"ad)
Put anythin( here to identify bad messa(es by the strin( returned from the FileScanCMD. If defined and this re(u"ar e!pression
matches, the messa(e is consider infected.
"eg#$ to Detect '/00D' in "et!rned String* (ileScan#ood)
Put anythin( here to identify (ood messa(es by the strin( returned from the FileScanCMD. If defined and this re(u"ar e!pression
matches and 'FileScan&ad' does not, the messa(e is consider not infected.
If both FileScan&ad and FileScan/ood are defined, FileScan&ad has not to match and FileScan/ood has to match, to
consider a mai" not infectedE
FileScan "eonds "ege$* (ileScanRespRe)
A re(u"ar e!pression that wi"" be used over the te!t returned from the FileScanCMD. 7he resu"t of this re(e! is used as virus
name (Binfection) in A'#rror. or e!amp"e# infected by .Q> /./Rhr /F/1
.se ClamAV ($seAvClamd)

If activated, the messa(e is chec)ed by *"amA+, this re?uires an insta""ed i"e##,can##*"amA+ Per" modu"e and a runnin( *"amd .
It is not recommended to use *"amA+ on heavy."oad systems, because of resu"tin( system over"oad, stuc)in( wor)ers or
timeouts.
7he viruses wi"" be stored in a specia" fo"der if the SamVir!s)og is set to '?uarantine' and the fi"epath to the 'ir!slog is set.
Port or file socket for ClamAV (AvClamdPort)
3310
A soc)et specified in the c"amav.conf fi"e . 9oca",oc)et. or e!amp"e FtmpFc"amd. If the soc)et has been setup as a 7*PFIP soc)et
(see the 7*P,oc)et option in the c"amav.conf fi"e), then specify the 7*P soc)et. or e!amp"e# 33$6
ClamAV &*tes (ClamAV"%tes)
1000000
7he number of bytes per messa(e that wi"" be submited to *"amA+ and i"e,can for virus scannin(. +a"ues of $66666 or "ar(er are
not recommended, because whi"e a thread is waitin( for the scanner resu"t, it cou"d not (et new connections.
ClamAV +imeo!t (ClamAVtimeout)
10
*"amA+ wi"" timeout after this many seconds.
defau"t# $6 seconds.
Hotes @n +irus *ontro"
Notes
12.05.2014 Seite 57 von 134
"ege$ Filter / Sam-om-
Allo1 Internal Varia-les in "ege$ (Allo&InternalsInRe'e()
A""ow interna" variab"es to be used in re(u"ar e!pressions . rep"aces somethin( "i)e /BLBEmai"ComainAeM with the va"ue of (>Su#
(>#:a.;A.T6.<O=:a.;A.T6.<O/.=K(>#/.:a.;A.T6.<O=:a.;A.T6.<O/.=K)K/.(>#!n..:a.;A.T6.</.=Q|:a.;A.T6.<O=:a.;A.T6.<O=Q)|/::6.<=
:6.</.=K/.:6.<=Q/=))
"eg!lar #$ression to earl* Identif* Sam in ,andshake and ,eader Part* (preHeaderRe)
file:files/preheaderre.txt Edit file
Inti" the comp"ete mai" header is received, assp is processin( the handsha)e and header content "ine per "ine, but the first mai"
content chec) is done after the comp"ete mai" header is received.
It is possib"e, that some content (ma"formed headers, forbidden characters or character combinations) cou"d cause assp to die or
to run in to a unrecoverab"e e!ception.
Ise this re(u"ar e!pression to identify such incomin( mai"s based on a "ine per "ine chec), at the moment where a sin("e "ine is
received.
7his settin( does not affect any other and is not affected by any other confi(uration settin(, e!cept that this chec) is on"y done for
incomin( mai"s.
If a match is found, assp wi"" immediate"y send a '%2$ Rm*Name1 c"osin( transmission' rep"y to the c"ient and wi"" immediate"y
terminate the connection.
Cefau"t settin( is fi"e#fi"esFpreheaderre.t!t
Do &om-/Scrit "eg!lar #$ressions Checks for (hitelisted ()om)ReWL)
Do &om-/Scrit "eg!lar #$ressions Checks for NoProcessing ()om)ReNP)
Do &om-/Scrit "eg!lar #$ressions Checks for )ocal Messages ()om)ReLocal)
Do &om-/Scrit "eg!lar #$ressions Checks for ISPIP ()om)ReISPIP)

Ma$im!m Penalt* on &om-s er Mail er Check ()om)!a(Penalt%Val)
70
Cependin( on the confi(uration, it cou"d be possib"e that a messa(e (ets a very hi(h pena"ty va"ue on a bomb.chec). 7his va"ue
"imits the ma!imum pena"ty per mai" for every sin("e bomb.chec) that is enab"ed.
Ma$im!m time send on &om- Search (ma("om)Searc*Time)
5
8a!imum time in seconds that is spend on every confi(ured bomb chec). 7his time chec) is done, after every found bomb. ,o it is
possib"e that the bomb search ta)es "on(er as the defined va"ue, if no bomb is found or a sin("e search ta)es more time. Cefau"t is
&.
Even if any of the fo""owin( bomb parameters is set to Pb"oc)P, but the sum of the resu"tin( wei(hted pena"ty va"ue is "ess than the
correspondin( PPena"ty Jo! +a"ence +a"ueP (because of "ower wei(hts) . on"y scorin( wi"" be doneE
A description of how of wei(htin( re(u"ar e!pressions is done and wor)in(, cou"d be found at the bottom this web pa(e.
+ransliterate non%"oman characters in to "oman (DoTransliterate)
If enab"ed, A,,P tries to trans"iterate non.Aoman characters in an emai" it to Aoman characters. 7hese trans"iterations are than
additiona"y used in the bomb chec)s.
or e!amp"e . the (character) se?uence '' wi"" be trans"iterated to 'Hian Uuan( 7on( Vin *han Ne 5ui
5ui Uui Uao Ten( *han( Uui Cao' .
7o trans"iterate somethin(, use the '8ai" Ana"y;er'.
7o ma)e this feature wor)in(, the Per" modu"e +e$t22.nidecode must be insta""ed.
.se &om-,eader "eg!lar #$ressions on ,eader Part (Do"om)HeaderRe)
block
If activated, each messa(e.header is chec)ed a(ainst -om-Sender"e, -om-,eader"e, -om-S!-3ect"e and -om-CharSets
Ae(u"ar E!pressions. If you use sendAllSam, be aware that on"y the header wi"" be shown in the spamcopy.
7he scorin( va"ue is the sum of a"" va"ences(wei(hts) of a"" found bombs . -om-ValenceP& .
#n'eloe &locking "eg!lar #$ression ** ()om)SenderRe)
\d\d\d\d\d\d@tom.com
Part of Do&om-,eader"e# e!pression to identify sender (mai"from,ip,he"o).
"eg!lar #$ression to Identif* Sam in ,eader Part** ()om)HeaderRe)
\d\s+(Jan!eb"ar#pr"a$J%nJ%l#%&'ep(ct)o*+ec,\s+\d\d\d\d\s+\d\d:\d\d(:\d\d,-\s+.+\/0\d\d.1/20\d
Part of Do&om-,eader"e# header wi"" be chec)ed a(ainst this Ae(e! if Do&om-,eader"e is enab"ed. or e!amp"e
fi"e#fi"esFbombheaderre.t!t
"eg!lar #$ression to Identif* Sam in S!-3ect** ()om)Su)+ectRe)
Part of Do&om-,eader"e # the mai" header wi"" be chec)ed a(ainst this Ae(e! if Do&om-,eader"e is enab"ed.
12.05.2014 Seite 58 von 134
Ma$im!m allo1ed S!-3ect )ength (ma(Su)+ectLen't*)
200=>100
If set to a va"ue (reater than 6, assp wi"" chec) the "en(th of the ,ubDect of the mai". If the ,ubDect "en(th e!ceeds this va"ue, the
messa(e score wi"" be increased by '-om-ValenceP&' and the strin( that is chec)ed in '-om-S!-3ect"e' wi"" be trun)ed to this
"en(th. It is possib"e to define a specia" wei(ht usin( the synta! '"en(th01va"ue', in this case the defined abso"ute va"ue wi"" be
used instead of '-om-ValenceP&' to increase the messa(e score. If the subDect is too "on( and this wei(ht is e?ua" or hi(her than
'-om-Ma$Penalt*Val' no further bomb chec)s wi"" be done on the subDect.
"eg!lar #$ression to Identif* Foreign Charsets** ()om)C*arSets)
BIG5|CHINESEBIG|GB2312|KS_C_5601|KOI8-R|EUC-KR|ISO-2022-JP|ISO-2022-KR|ISO-2022-CN|CP1251
Part of Do&om-,eader"e# header wi"" be chec)ed a(ainst this Ae(e! if Do&om-,eader"e is enab"ed.
Part of Do&om-"e # every 8I8E.part header wi"" be chec)ed a(ainst this Ae(e! if Do&om-"e is enab"ed.
or e!amp"e#
charset0(>#JIU&|*5IHE,EJIU|UJ23$2|G,O*O&'6$|G@IW.A|EI*.GA|I,@.2622.XP|I,@.2622.GA|I,@.2622.*H|*P$2&$).
Ma$im!m ,its for &om-s in ,eader and Sender ()om)HeaderRe!a(Hits)
1
A hit is a found Jomb in header and sender . -om-Sender"e , -om-,eader"e , -om-S!-3ect"e , -om-CharSets .
If the number of hits is (reater or e?ua" 8a!imum 5its, the emai" is f"a((ed Failed (possib"y b"oc)ed andFor scored).
If the number of hits is (reater 6 and "ess 8a!imum 5its, the emai" is f"a((ed Ne!tral (possib"y scored)
.se &om- "eg!lar #$ressions (Do"om)Re)
block
If activated, each messa(e is chec)ed a(ainst -om-"e and JombCata Ae(u"ar E!pressions.
7he scorin( va"ue is the sum of a"" va"ences(wei(hts) of a"" found bombs . -om-ValenceP& .
"eg!lar #$ression for ,eader and Data Part** ()om)Re)
!l"#!l"$%bo&b'"()*) E,!) !l"
5eader and Cata wi"" be chec)ed a(ainst this Ae(u"ar E!pression if Do&om-"e is enab"ed. or e!amp"e#
I8U :S1=Ksrc0:'P=cid|RJ@CN:S1=K1(R:S1=Q1|/n|/r)KRI8U:S1=Q1(R:S1=Q1|/n|/r)KRFJ@CN1
If you want to search for attachment names, define a "ine with 'attachment#theOattachmentOname'.
"eg!lar #$ression to Identif* skied +ags in ,eader Part* ()om)S,ipHeaderTa'Re)
!l"#!l"$%bo&b$k!-."/,"')/0'"()*) E,!) !l"
Ae(u"ar E!pression to define header ta(s, that wi"" be s)ipped for -om-S!sicio!s"e, -om-,eader"e, -om-"e and -lack"e .
"i)e 'CGI8.,i(nature|Comain)ey.,i(nature' . the a"ways fo""owed co""on (#) is added by assp. or e!amp"e
fi"e#fi"esFbombs)ipheaderta(re.t!t
Ma$im!m ,its for &om-s in ,eader and Data ()om)Re!a(Hits)
1
A hit is a found Jomb in header and data . -om-"e .
&om-Data "eg!lar #$ression for Data Part** ()om)DataRe)
!l"#!l"$%bo&b,/)/'"()*) E,!) !l"
Cata part wi"" be chec)ed a(ainst the Ae(u"ar E!pression if Do&om-"e is enab"ed. or e!amp"e#
I8U :S1=Ksrc0:'P=cid|RJ@CN:S1=K1(R:S1=Q1|/n|/r)KRI8U:S1=Q1(R:S1=Q1|/n|/r)KRFJ@CN1
If you want to search for attachment names, define a "ine with 'attachment#theOattachmentOname'.
Ma$im!m ,its for &om-s in Data ()om)DataRe!a(Hits)
1
A hit is a found Jomb in data . -om-Data"e .
S!sicio!s #$ression for Scoring 0nl*** ()om)SuspiciousRe)
!l"#!l"$%bo&b$1$-()*) E,!) !l"
,ender, 5eader and Cata wi"" be chec)ed for scorin( on"y. Put here anythin( which mi(ht be suspicious.
-om-S!sicio!sValenceP& wi"" be used to increase the score. or e!amp"e#
unsubscribe
Don't Check Messages from these Addresses* (no"om)Script)
Con't detect spam bombs or scripts in messa(es from these addresses. Accepts specific addresses (user@domain.com), user parts
(user) or entire domains (@domain.com).
12.05.2014 Seite 59 von 134
Do +est "eg!lar #$ression (DoTestRe)

If activated, each messa(e is chec)ed a(ainst the 7est Ae(u"ar E!pression be"ow. 7his provides a way to test re(e! strin(s on "ive
mai".
+est "eg!lar #$ression** (testRe)
file:files/testre.txt Edit file
Edit included file files/testre_i1.txt
Edit included file files/testre_i2.txt
Ise this to test your re(u"ar e!pressions. 7est va"ence is teValenceP& .
Sam &om- #rror ()om)Error)
554 5.7.1 Delivery not authorized, essa!e refused "ecause it a##ears to "e #art of a s#a "o" $$ re#hrase your essa!e and try sendin! it a!ain. see : htt#://thoc%ar.dyndns.or!/ailhel#/error
,87P error messa(e to reDect spam bombs. or e!amp"e# &&% &.4.$ Ce"ivery not authori;ed, messa(e refused .. send report to
mai"to#postmaster@mydomain.t"d or ca"" Q$2.3%.&'.4W.<6
Add "eason ()om)ErrorReason)

Add matchin( e!pression to ,pam Jomb Error
.se &lack "eg!lar #$ression to Identif* Sam Strictl* (Do"lac,Re)
"loc%
Each incomin( messa(e is chec)ed a(ainst the J"ac)Ae to Identify ,pams. Ho @ptout.
7he scorin( va"ue is the sum of a"" va"ences(wei(hts) of a"" found bombs . -lackValenceP& .
&lack"e % "eg!lar #$ression to Identif* Sam Strictl*** ()lac,Re)
htt#://&'('.)*+,'(-&a$z.$/)*&a"cdf!h0%ln#1rstuv(xyz.$/)243&a$z.$/)45,su"0ect: &6'n)4 '7,789:,s#a,7 8 9 :
If an incomin( emai" matches this Per" re(u"ar e!pression it wi"" be strict"y considered spam . or e!amp"e# /brep"ica
watches/b|/b8e(aCi)/b|/bcoc)/b|/bpenis/b|/bpi""s/b|/b@ri(ina" +ia(ra/b|/bbetter se! "ife/b|/bavera(e
penis/b|/ben"ar(ement/b|/bor(asm/b|/berections/b|/b+ia(ra/b|/bbi(
dic)/b|/bsperma/b|/b,e!ua"/b|/bErections)/b|/b,tamina/b|/bsi"denafi"/b|/bcitrate/b|/bErecti"e/b
Ma$im!m ,its for Identif* Sam Strictl* ()lac,Re!a(Hits)
1
A hit is a found Jomb for Identify ,pam ,trict"y. . -lack"e
.se "eg!lar #$ression to Identif* Mo-ile Scrits (DoScriptRe)
"loc%
Each messa(e is chec)ed a(ainst the E!pression to Identify 8obi"e ,cripts.
7he scorin( va"ue is the sum of a"" va"ences(wei(hts) of a"" found bombs . scritValenceP& .
"eg!lar #$ression to Identif* Mo-ile Scrits** (scriptRe)
'-a##let,'-e"ed,'-ifrae,'-o"0ect,'-scri#t,onouseover,0avascri#t:
,pam mai"s may contain mobi"e scriptin( code, e( active! and Dava or php. Nou can use this feature to b"oc) those messa(es.
9eave this b"an) to disab"e the feature. or e!amp"e#
/Rapp"et|/Rembed|/Riframe|/RobDect|/Rscript|/R>php|onmouseover|on"oad|onfocus|onb"ure|onc"ic)|Davascript#
Ma$im!m ,its for Identif* Mo-ile Scrits (scriptRe!a(Hits)
1
A hit is a found mobi"e scriptin( code for Identify 8obi"e ,cripts . scrit"e .
Scrit #rror (scriptError)
554 5.7.1 ;our eail contains scri#tin! code $$ #lease resend as #lain text.
,87P error messa(e to reDect scripts. or e!amp"e# &&% &.4.$ Nour emai" appears to be spam .. send an error report to
mai"to#postmaster@mydomain.t"d or ca"" Q$2.3%.&'.4W.<6
Hotes @n Jomb Ae(e!
<otes
12.05.2014 Seite 60 von 134
Bayesian and Hidden Markov Model (HMM) Options
Bayesian Check (DoBayesian)
block
If activated, the message is checked based on Bayesian factors in spamdb for global and private entries. Private spamdb entries
have a five times higher weight than global entries. This needs a fully functional spamdb built by rebuildspamdb. For starters it is
best practice to put this inactiv and built the spamdb collection with the help of D!B" ,#$IB" and spamaddresses. coring is
done with baysValencePB for e%ternal mails, bays&alencePB'local is used for outgoing and internal mails ( both values are
multiplied with the detected baysProbability .
Both, the Bayesian(check and the )idden(*arkov(*odel(check +below,, are using Perl version depending +Perl -../ and higher,
Unicode features to recogni0e any possible character. )ow ever, some east asian languages +and some others, have graphemes,
that contains multiple unicode code points. If you need +or want, assp to process all te%t as a se1uence of U! "#$ %rapheme
Clusters, the Perl module Unicode&&'ineBreak is re1uired.
Hidden Markov Model Check (DoHMM)
block
If activated, the message is checked based on a Hidden Markov Model for global and private entries. Private )** entries have a
five times higher weight than global entries. This needs a fully functional )**db database built by rebuildspamdb. For starters it is
best practice to put this in monitoring mode and built the )** collection with the help of D!B" ,#$IB" and spamaddresses.
coring is done with HMMValencePB for e%ternal mails, )**&alencePB'local is used for outgoing and internal mails.
The perl module Berkeley(B version 2.34 or higher and BerkeleyDB version 4.- or higher is re1uired +to store temporary data, to
use this feature and 5useBerkeley(B5 must be set to 6!.
If this option is disabled, the rebuildspamdb task will )O* build a valid )** database7
8ompared to the Bayesian option, the )idden *arkov *odel will produce results that are much more e%act. )ow ever, it is
possible, that )** gets no result on very small messages, for this reason it is recommended to use both Bayesian and )**. If
you enable both checks, check your settings for baysValencePB, HMMValencePB, bayslocalValencePB and
HMMlocalValencePB ( eg. divide them by /. or set the bayes values to .93 and the )** values to /93.
!6TI8: that using this option re1uires a very +ast database server behind, if HMMusesB(B is set to 6FF. The Bayesian( and
)** check together can produce ,--- and much more ./' 0uerys per second.
;eep in mind, that all backups and e%ports of the )** database could re1uire several .22*B of diskspace, if the file count in the
corpus is very large.
(o Bayesian depends on HMM results (BayesAfterHMM)
This value is ignored if (oHMM is not enabled or set to monitor. The Bayesian check will only run, if the spam9ham probability of
the )** check is in a given value range or the )** check has given too few results.
"eave this blank to run the Bayesian check every time, independend from any )** result +default,.
To set this value, define a probability value range like 2.3(2.< +eg.,.
12nore a database version missmatch (ignoreDBVersionMissMatch)
Spam and HMMDB
The status of assp is changed to =not healthy= if the current version of any of pamdb or )**db is not e1ual to the re1uired
database version. uch a missmatch is automaticaly corrected with the ne%t successfull rebuildspamdb. )ow ever, if you are
unable to solve this problem for any reason, you should set this value to keep the status of assp =healthy=.
Use Berkeley(B +or the Hidden Markov Model database (HMMusesBDB)

If enabled +default,, the )idden *arkov *odel database uses BerkeleyDB ( notice> in this case no database import, backup or
e%port are provided for the )**db. This value is completely ignored, if (Bdriver is set to 5BerkeleyDB5 and spamdb is set to
5DB>5. witch this parameter to 6FF, if you want to use the same database engine for the )**db like spamdb is configured.
8hanging this value re1uires a restart of assp. Possibly a forced rebuildspamdb is re1uired after the restart.
Use also private entries +or the Bayesian .pamdb and Hidden Markov Model databases (DoPrivatSpamdb)
for users and domains
If enabled, private entries +based on the local recipient and9or the report sender email address, will be added to the Bayesian and
)** databases. These private entries have a three times higher priority for users +full email address, and two times higher
priority for domains +domain part of the email address, than global entries. To enable this option =spamdb= must be set to use a
database =DB>= first7
.ettin2 this option to O)3 4ill increase the record count +or the spamdb and the HMM databases dramaticaly5
Bayesian and HMM Check *imeout (BayesMaxProcessTime)
15
The Bayesian( and )** 8hecks are the most memory and 8P# consuming tasks that ?P is doing on a message. If such tasks
running to long on one message, other messages could run in to *TPIdleTimeout. Define here the ma%imum time in seconds that
?P should spend on Bayesian 8hecks for one message. Default is @2.
Bayesian6HMM Check on 7hitelisted .enders6Messa2es (Bayes!)
Bayesian6HMM Check on )oProcessin2 Messa2es (Bayes"P)
.kip Bayesian and HMM Check8 (noBayesian)
*ail from9to any of these addresses are ignored by Bayesian( and )** check, mails will not be stored in spam9notspam collection.
?ccepts specific addresses +userAdomain.com,, user parts +user, or entire domains +Adomain.com,
12.05.2014 Seite 61 von 134
.kip Bayesian and HMM Check +or this local senders8 (noBayesian#$oca$)
*ail from any of these local addresses are ignored by Bayesian( and )** checks, mails will not be stored in spam9notspam
collection. ?ccepts specific addresses +userAdomain.com,, user parts +user, or entire domains +Adomain.com,
(o Bayesian and HMM Check O)'9 +or this local senders8 (Bayesian#$oca$%n$y)
6nly mail from any of these local addresses are processed by the Bayesian( and )** checks, e%cept they are also defined in
noBayesian:local . ?ccepts specific addresses +userAdomain.com,, user parts +user, or entire domains +Adomain.com,
Ma;imum most si2ni+icant results used per mail to calculate Bayesian< and HMM<Probability (maxBayesVa$ues)
60
*a%imum count of most significant values used to calculate the Bayesian9)**(pam(Probability and the confidence of that
probability.
The Bayesian9)** pam Probability will be fine with 32 and will get more e%act, than higher this value is ( until a value of @2.
The confidence of the Bayesian9)** pam Probability will get better, than higher this value is.
&alues above @2 are possible, but could lead in to a performance penalty, without getting a better spam detection. Default is 5@25,
minimum is 5325.
Bayesian and HMM Probability *hreshold (baysProbabi$ity)
0.6
*essages with spam(probability below or e1ual this threshold are considered )am. $ecommended 52.@5.
?n resulting pam(Probability above this value is multiplied with bays&alencePB'local or baysValencePB to get the penaltybo%
scoring value for the IP( and message score. In other words, the penaltybo% scoring value is weighted by the pam(Probability in
case pam is detected.
?n resulting pam(Probability below this value but higher than + . ( baysProbability , is stated as 5#!#$:5 . In this case the
half score will be added to the message score but not to the IP score and the message will not be blocked.
The following default Bayesian math +prob B p. 9 +p. C p/,, is used to calculate the pamProb value for 5n5 found Bayesian(Dord(
Pairs or )**(e1uences, each with a spam(weight 5p5 ( where 2EpE. >
5pamProb5 B +p. F p/ F ... F pn, 9 + p. F p/ F ... F pn C +. ( p., F +. ( p/ , F ... F +. ( pn,,
Bayesian and HMM Con+idence *hreshold (bays&onf)
0
pam(*ails having a confidence below this threshold are passed in Test*ode . pam(*ails having a confidence above this
threshold are blocked. et this only above 2 if you are familiar with the bayesian statistics used in ?P.
*essages that are processed by the bayesian and )** check get a spam(probability score and a confidence score. The confidence
score in assp is a 1uality indicator. ? confidence near 2 would mean the probability score is like a wild guess. ? confidence score
near . would mean that it5s pretty sure that the bayesian analysis result is correct. The confidence threshold is an allowance to
process a Bayesian9)** pam as(if in Bayesian Test*ode, if the message5s FconfidenceF score is lower than the confidence
threshold. et this level to a specfic value, let5s say .22. +which is a good one for starting,, then>
( messages with spam(probability higher than 2.@ and a confidence of less than .22. would come through as in test mode
( messages with spam(probability higher than 2.@ and a confidence of more than .22. would be blocked
( messages with spam(probability less than 2.@ would pass
The 2.@ threshold can be set in baysProbability .
8arefully set this parameter above 2, if the bayesian corpus norm +shown by the rebuildspamdb log, is less than 2.@ or higher
than ..4 .
The following math is used to calculate the pamProb8onfidence value for 5n5 found Bayesian(Dord(Pairs or )**(e1uences, each
with a spam(weight 5p5 ( where 2EpE. >
e%treme'confidence'count B G+2 E p....n E 2.2.,G ( G+2.HH E p....n E .,G
e%treme'confidence'count B 2 ( if + e%treme'confidence'count E 2 and pamProb I 2.-, or + e%treme'confidence'count I 2 and
pamProb EB 2.-, BB T$#:J
e%treme'confidence'count B abs+ e%treme'confidence'count ,
mail'confidence B abs++P. F P/ F ... F Pk, ( ++. ( P., F +. ( P/ , F ... F +. ( Pk,,, ( for all elements P....k in +2.2. E p....n E 2.HH,
corpus'confidence B . 9 ++abs+. ( corpus'norm, C .,
int+abs+. ( corpus'norm, F .2,
, ( the e%ponent is limited to a ma%imum of 4
pamProb8onfidence B 2.2.
e%treme'confidence'count
F mail'confidence F corpus'confidence F +n 9 ma%Bayes&alues,
/
The pamProb8onfidence is limited to a ma%imum of ..2 .
?ll e%treme values 5p5 having a spam weight less than 2.2. or higher than 2.HH with a corresponding e%treme value like +2.22H
E(I 2.HHH, are ignored for the mail'confidence calculation.
empty or 0ero B disabled.
=educe .corin2 +or 'o4 Con+idence (bays&onfidenceHa$fScore)

pam(*ails having a confidence below the threshold, will get half of the normal penalty score for Bayesian and )** hits.
dd Bayes and HMM Probability Header (AddSpamProbHeader)

?dds a line to the email header =K(?ssp(pam(Prob> 2.2./3= and9or =K(?ssp()**(pam(Prob> 2.2./3= Probability ranges from 2
to C. where I 2.@ B spam.
dd Bayes and HMM Con+idence Header (Add&onfidenceHeader)
?dds a line to the email header =K(?ssp(Bayes(8onfidence> 2.2./3= and9or =K(?ssp()**(8onfidence> 2.2./3=.
12.05.2014 Seite 62 von 134
!otes 6n Bayesian
Notes
12.05.2014 Seite 63 von 134
Backscatter (etection
(o Messa2e<1( ta22in2 and validatin2 (>BM*V) (DoMS'(Dsig)
disabled
If activated, the message(ID of each outgoing message will be signed with a uni1ue Tag and every incoming mail from null sender,
bounced or postmaster will be checked against this Tag. This tagging mode is called FB*T& =Forwarder+s, Bounce *essage(ID Tag
&alidation= and it is worldwide uni1ue to ?P. This Tag is build nearly the same way, as B?T&Tag is build for the sender address.
This Tag will be removed from any incoming email, to recover the original references in the mail header7 If anything is changed on
this option inside the mail, no D;I*(check will be done7 Before activating (oM.%1(si2, please configure M.%1(pre*a2 and
*LIDsec7
This check re1uires an installed (i2est&&.H? module in Perl.
Messa2e<1( pre<*a2 +or M.%1(<*%<2eneration (MS'(DpreTag)
sig
To use *essage(ID signing and to create the *LID(Tags, a pre(Tag is needed. This Tag must be /(- characters Ma(0,?(N,2(HO
long. Default is 5sig5.
Messa2e<1( .ecrets +or M.%1(<*%<2eneration8 (MS'(DSec)
0=key0|1=key1|2=key2|3=key3|4=key4|5=key5|6=key6|7=key7|8=key8|9=key9
To use *essage(ID signing and to generate the *LID(Tags, at leased one secret key is needed, up to ten keys are possible.
The notation is > generationnumberM2(HOBsecret;ey. For e%ample+do not use7,> 2BPk2HNG.BoP"mn4gG.... . *ultiple paires are
separated by pipes +G,. Default is 2Bkey2G.Bkey.G/Bkey/G3Bkey3G4Bkey4G-Bkey-G@Bkey@G<Bkey<GQBkeyQGHBkeyH . Do not
defines spaces, tabs and 5B5 as part of the keys+secrets,7
&alues that contains any default are not valid, please change them, to prevent detecting strange ?P(signatures as valid local
signatures7
For this reason, please define your secrets as uni1ue as possible7 The secrets are used randomly to build the *essage(ID(Tags.
(o >BM*V >or *hese ddresses Only8 (MS'(DsigAddresses)
*ail to any of these addresses will be tagged and checked by FB*T&. ?ccepts specific addresses +userAdomain.com,, user parts
+user, or entire domains +Adomain.com,. If empty, FB*T& is done for all addresses.
.kip Messa2e<1( si2nin23 mail content dependend8 (noMS'(Dsig)e)
#se this to skip the *essage(ID tagging depending on the content of the email. If the content of the email matches this regular
e%pression +checking Ma;Bytes only,, FB*T& will not be done. For e%ample> 5I am out of office5 .
.kip Messa2e<1( si2nin2 +or =edlisted mails (no)edMS'(Dsig)
If selected, FB*T& will not be done for redlisted emails7
(o B*V ta2in2 and validatin2 (DoBATV)
disabled
If enabled any sender address of outgoing mails is mangled with a B*V<*a2. ?ny incoming bounced mail is checked for a valid
B?T&(Tag. ?ll valid +local, B?T&(Tags will be removed from incoming mails ( so whitelisting, delaying an all other recipient and
sender based checks will use the normal addresses. If the B?T&(check is successful, no *LID(signing(check and D!(
Backscatter(check will be done7 If any B?T&Tag was removed, no D;I*(check will be done7 B?T&(address(replacement is done,
before the recipient replacement rules are processed7
This check re1uires an installed (i2est&&.H? module in Perl.
B*V .ecrets +or B*V<*%<2eneration8 (BATVSec)
0=key0|1=key1|2=key2|3=key3|4=key4|5=key5|6=key6|7=key7|8=key8|9=key9
To use B*V and to create the B?T&(Tags, at leased one secret key is needed, up to ten keys are possible.
The notation is > generationnumberM2(HOBsecret;ey. For e%ample> 2Bkey2G.B;:RK4-rtG.... . *ultiple paires are separated by
pipes +G,. Default is 2Bkey2G.Bkey.G/Bkey/G3Bkey3G4Bkey4G-Bkey-G@Bkey@G<Bkey<GQBkeyQGHBkeyH . Do not defines spaces,
tabs and 5B5 as part of the keys+secrets,7 The secrets are use randomly to build the B?T&(Tags.
remove stran2e B*V<*a2s +rom incomin2 mails (removeBATVTag)
?ny strange B?T&(signature will be removed from the sender address and the real sender address will be used7 #sing this together
with remindB*V*a2 keeps your clients addressbooks +also whitelist, delaydb ..., clean from B?T&(Tags. This will also work, if
(oB*V is disabled. If you do not use remindB*V*a2 and the *T? behind ?P sends a bounced mail back ( this mail will fail
on B?T& on the recipients site. If any B?T&Tag was removed, no D;I*(check will be done7
store incomin2 stran2e B*V<*a2s to remind them +or out2oin2 bounce mails (remindBATVTag)
If defined, any incoming stange B?T&(signature will be stored and any recipient of outgoing bounce mails will be checked against
this list. If there is found a valid +not older than < days, B?T&(Tag for that recipient, it will be mangled in to the recipient address.
This will also work, if (oB*V is disabled.
(o ().<Backscatter (etection (DoBac*Sctr)
block
If activated, the IP(address of each message received for null sender,bounced or postmaster will be checked against the list below.
D! base checks re1uires an installed )et&&(). module in Perl.
For more information about backscatter detection please read http&66444@backscatterer@or26Atar2etBusa2e.
12.05.2014 Seite 64 von 134
Backscatter<(). Cache =e+resh 1nterval (Bac*D"S(nterva$)
7
IP5s in cache will be removed after this interval in days. 2 will disable the cache and the usage of do4nloadBack().>ile and
localBack().>ile. Show Backscatter-DNS Cache
.erviceProvider +or Backscatterer (etection8 (Bac*SctrServiceProvider)
ips.backscatterer.org
erviceProvider for D! check on Backscatterer. Possible value is ips.backscatterer.org for D! check.
(o4nload the Backscatterer ().<1P<'ist (do+n$oadBac*D"S,i$e)

If selected, the complete IP(list is downloaded to a local file. If use(B,1ntCache is set, the list is stored in a BerkeleyDB
database +BackD!/,. 6therwise the records will be stored in the pbdb cache BackD! . The download will be skipped, if
use(B,1ntCache is not set and mys0l.laveMode is set. IP5s are checked on this file first, if the IP is not found on this list, a
D! 1uery is done. It is recommended to use this option for IP5s and users with more than .222 bounced mails a day. ee wget(
mirrors.uceprotect.net9rbldnsd(all9ips.backscatterer.org.g0
'ocal >ile +or the Backscatterer ().<1P<'ist ($oca$Bac*D"S,i$e)
file:files/backdnslist.txt Edit file
The name of the local file that is used for this IP(list. The content of this file is filled in to the 5Backscatter(D!
8ache5 + Back().1nterval ,. IP5s from this list will be removed after one day from the cache.
The following configurations are valid for all Backscatter Detection 6ptions7
.end #C- OD to 1.P i+ any Backscatter (etection +ails (Bac*-./%0(SP)
If any Backscatter check fails for a bounced mail that is coming from an IPIP, ?P will send =/-2 6;= to the IP, but will discard
the mail, if the check is configured to block7
(o Backscatter (etection checks +or 7hitelisted mail (Bac*!)
Tagging will be always done, if not e%cluded by address or domain7
(o Backscatter (etection checks +or )o Processin2 mail (Bac*"P)
Tagging will be always done, if not e%cluded by address or domain7
=e2ular E;pression to .kip all Back.catter Checks8 (noBac*Sctr)e)
If the contents of a mail matches these regular e%pressions, all Backcatter checks will be skipped.
(o not any Backscatter detection +or this ddresses 8 (noBac*SctrAddresses)
*ail to and from any of these addresses will not be tagged and checked by any backscatter option. ?ccepts specific addresses
+userAdomain.com,, user parts +user, or entire domains +Adomain.com,.
E;clude these 1PFs +rom any Backscatter detection8 (noBac*Sctr(P)
:nter IP5s that you want to e%clude from FB*T& and Backscatter check, separated by pipes +G,.
!otes 6n Backscatter Detection
Notes
12.05.2014 Seite 65 von 134
TestModes
Prepend Spam Subject (spamSubject)
Setting a filter to testmode will tell ASSP not to reject the mail but rather build up the whitelist and spam and notspam collections.
This can go on for some time without disturbing normal operation. After this very important phase TestMode can be used to tag
the message: if TestMode and the message is spam Spam Subject gets prepended to the subject of the email. For eample:
!SPAM"
Prepend Spam Tag (spamTag)
ASSP uses many methods. The method which caught the spam will be prepended to the subject of the email. For eample#
!$%S&'"
All Test Mode ON (allTestMode)
Turn all of the individual testmodes on ( regardless of the individual test mode settings.
Bayesian/Hidden-Maro!-Model Test Mode (baysTestMode)

Bayesian Test Mode "ser Addresses# (baysTestModeUserAddresses)
These users are in test mode ) mar* subject only for bayesian spam+ even with test mode above off
Blac$omain Test Mode (blTestMode)
Helo Blaclist Test Mode (hlTestMode)
%orged &ocal $omain Test Mode (flsTestMode)
(, $oNo'alid&ocalSender
SP% Test Mode (spfTestMode)
$NSB& Test Mode (rblTestMode)
Bad Attac(ment Test Mode (attachTestMode)
")*B& Test Mode (uriblTestMode)
S)S Test Mode (srsTestMode)

Bomb )ege+ Test Mode (bombTestMode)
Script )ege+ Test Mode (scriptTestMode)
Missing M, )ecord Test Mode (mxaTestMode)
)e!ersed &ooup Test Mode (ptrTestMode)
*n!alid Helo Test Mode (ihTestMode)
%orged Helo Test Mode (fhTestMode)
Message Scoring Test Mode (msTestMode)
$-*M Test Mode (dkimTestMode)
Penalty Bo+ Test Mode (pbTestMode)
S.itc( Testmode to Message Scoring (switchTestToScoring)
Put the filter automatically in -Message Scoring- when $oPenaltyMessage is set .instead of stopping spam processing
altogether/.
%otes 0n Testmode
Notes
12.05.2014 Seite 66 von 134
/mail *nter0ace
/nable /mail *nter0ace (Emailnterface!k)

1hec*ed means that you want ASSP to intercept and parse mail to the following usernames at any localdomains. The domain
23assp.local2 is automatically a local domain and can be used for the email(interface.
NOT*1/2 4t is possible to define any M4M5(header lines in any report file after the first .subject/ line. This ma*es it possible to
define M4M5 encoding and)or charset settings.
4f a definition of M4M5 encoding and)or charset is found in a report file+ assp converts the report from 6TF(7 in to the defined
encodings. $on3t 0orget to terminate your M*M/-(eader .it( an empty line4
4t is also possible to include files at any line of such a file+ using the following directive
8 include filename
where filename is the relative path .from c:)assp/ to the included file li*e reports)mime(header.tt .one file per line/. The line will
be internaly replaced by the contents of the included file9
Admin Mail Address (EmailAdmin"eportsTo)
Thomas.Eckardt@thockar.com
4f set internal warnings)infos will be sent to this address. For eample: admin3domain.com
/mail *nter0ace )eports $estination (Email"eport#estination)
Port to connect to when 5mail 4nterface or &loc* reports are send. 4f blan* they go to the main smtp$estination.
4f you need to connect to the /mail)eport$estination host using native SS'+ write 2SS':2 in front of the 4P)host definition. 4n
this case the Perl module *O22Socet22SS& must be installed and enabled . use*OSocetSS& /.
eg :;.;.:.<::;=> SS'::;.;.:.<:?@>+ etc.
Help Address (Email$elp)
assphelp Edit report file: reports/helpreport.txt
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest for help. $o not put the full address
here+ just the user part. For eample: assphelp
Aut(ori5ed Addresses# (EmailAdmins)
Mail from any of these addresses can add)remove to)from redlist+ spamlovers+ noprocessing+ blac*list. May reAuest an
/mailBloc)eport for a list of users. Accepts specific addresses .user3eample.com/+ user parts .user/ or entire domains
.3eample.com/
Accept Mails 6)eports7 0rom t(ese e+ternal addresses# (EmailSender!%)
Allow these eternal domains)addresses to report to the email interface .%0T B510MM5%$5$/. The reply address for the reports
must be set to a local one. &y default+ ASSP only accepts reports from local or authenticated users. Accepts specific addresses
.user3domain.com/+ user parts .user/ or entire domains .3domain.com/
Not Aut(ori5ed Addresses# (EmailSender&ot!%)
Edit report file: reports/denied.txt
Mail from any of these addresses are not accepted from 5mail 4nterface+ ecept -Celp Beport-+ -AnalyDe Beport- and -&loc*
Beport)Besend-. Accepts specific addresses .user3eample.com/+ user parts .user/ or entire domains .3eample.com/. The user
will get informed about the denied reAuest.
*gnore Not Aut(ori5ed Addresses# (EmailSendergnore)
Mail from any of these addresses are not accepted from 5mail 4nterface+ ecept -Celp Beport-+ -AnalyDe Beport- and -&loc*
Beport)Besend-. Accepts specific addresses .user3eample.com/+ user parts .user/ or entire domains .3eample.com/. The user
will get not informed about the denied reAuest.
)eport Spam Address (EmailSpam)
assp-spam Edit report file: reports/spamreport.txt
Any mail sent or forwarded by local)authenticated users to this username will be interpreted as a spam report. Multiple
attachments get truncated to Ma+Bytes)eports. $o not put the full address here+ just the user part.
For eample: asspspam . 6se a fa*e domain li*e 3assp.local when you send the email( so the full address would be then
asspspam3assp.local.
Eou can sent multiple mails as attachments and)or Dipped file.s/. 5ach attached email(file must have the etension defined in
-maillog/+t-. 4n this case only the attachments will be processed. To use this multi(attachment(feature an installed /mail22M*M/
module in P5B' is needed. 4t is also possible to send MS(outloo* 2.msg2 files .possibly Dipped/. To use this MS(outloo*(feature in
addition an installed /mail22Outloo22Message module in P5B' is needed.
)eport Ham 6Not-Spam7 Address (Email$am)
assp-notspam Edit report file: reports/notspamreport.txt
Any mail sent or forwarded by local)authenticated users to this username will be interpreted as a false(positive report. Multiple
12.05.2014 Seite 67 von 134
attachments get truncated to Ma+Bytes)eports. $o not put the full address here+ just the user part.
For eample: asspnotspam . 6se a fa*e domain li*e 3assp.local when you send the email( so the full address would be then
asspspam3assp.local.
/mail *nter0ace %or.ard )eports $estination (Email'orward"eportedTo)
Cost and Port to forward /mailSpam and /mailHam reports to ( eg -:;.;.:.<::;=>-.
4f you use more than one assp instance and your users are reporting spam and ham mails to multiple or all of them+ but only one
.but not this instance/ is doing the rebuildspamdb and the corpus folders are not shared between the instances+
define the -host:port- of the central assp .rebuild(/ instance here. 5very report to /mailSpam and /mailHam .but only these9/
will be forwarded to the defined host.s/ and %0 other local action will be ta*en. 4f the forwarding to all defined hosts failes+ the
reAuest will be processed localy. To define multiple hosts for failover+ separte them by pipe .F/.
)eply to Spam/Not-Spam )eports (EmailErrors"eply)
REPLY TO SENDER
Send 1opy o0 Spam/Ham-)eports TO (EmailErrorsTo)
5mail sent from ASSP ac*nowledging your submissions will be sent to this address. For eample: admin3domain.com
1ombined Spam/Ham )eport 8 9(itelist 1(ec (EmailErrorsModify(hite)
disabled
4f set to 2modify whitelist2 Cam Beports will add email addresses to the Ghitelist+ Spam Beports will remove addresses from the
Ghitelist+ also a copy of a file in the H64 to correctedspam .remove/ and correctednotspam .add/ will modify the Ghitelist for
the found addresses. 4f set to 2show whitelist2 Spam Beports will show if addresses are whitelisted.
1ombined Spam )eport and NoProcessing $eletion (EmailErrorsModify&o))
modify noprocessin
4f set to 2modify noProcessing2 Spam Beports will remove email addresses from noProcessing list. 4f set to 2show
noProcessing2 Spam Beports will show if addresses are on noProcessing list+ also a copy of a file in the H64 to correctedspam
.remove/ and correctednotspam .show/ will modify the noProcessing list for the found addresses.
Add to 9(itelist Address (Email(hitelistAdd)
assp!"hite Edit report file# reports$"hitereport.t%t
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to add addresses to the whitelist. $o
not put the full address here+ just the user part.
For eample: asspwhite
4f an address is added to whitelist+ it will be removed from the Personal &lac*list of the sending user.
)emo!e 0rom 9(itelist Address (Email(hitelist"emo*e)
asspnot"hite Edit report file# reports$"hiteremo&ereport.t%t
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to remove addresses from the
whitelist. $o not put the full address here+ just the user part.
For eample: asspnotwhite
)eply to Add to/)emo!e 0rom 9(itelist (Email(hitelist"eply)
REPLY TO SENDER
Send 1opy o0 9(itelist-)eports TO (Email(hitelistTo)
Add to )edlist Address (Email"edlistAdd)
asspred Edit report file# reports$redreport.t%t
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to add the sender address to the
redlist. 0nly the users defined in /mail)edlistTo+ /mailAdmins and /mailAdmin)eportsTo are able to define a list of email
addresses in the mail body. $o not put the full address here+ just the user part.
For eample: asspred.
)emo!e 0rom )edlist Addresses (Email"edlist"emo*e)
asspnotred Edit report file# reports$redremo&ereport.t%t
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to remove the sender address from
the redlist. 0nly the users defined in /mail)edlistTo+ /mailAdmins and /mailAdmin)eportsTo are able to define a list of
email addresses in the mail body.
12.05.2014 Seite 68 von 134
$o not put the full address here+ just the user part.
For eample: asspnotred
)eply to Add to/)emo!e 0rom )edlist (Email"edlist"eply)
REPLY TO SENDER
Send 1opy o0 )edlist-)eports TO (Email"edlistTo)
Add to Spam&o!er Addresses (EmailSpam+o*erAdd)
asspspamlo&er Edit report file# reports$slreport.t%t
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to add the sender address to
spam&o!ers. 0nly the users defined in /mailSpam&o!erTo+ /mailAdmins and /mailAdmin)eportsTo are able to define a list
of email addresses in the mail body. $o not put the full address here+ just the user part.
For eample: asspspamlover. To use this option+ you have to configure spam&o!ers with -file:...- for eample
-file:files)spamlovers.tt- 9
)emo!e 0rom Spam&o!er Addresses (EmailSpam+o*er"emo*e)
asspnotspamlo&er Edit report file# reports$slremo&ereport.t%t
spam&o!ers. 0nly the users defined in /mailSpam&o!erTo+ /mailAdmins and /mailAdmin)eportsTo are able to define a list
of email addresses in the mail body.
For eample: asspnotspamlover
)eply to Add to/)emo!e 0rom Spam&o!ers (EmailSpam+o*er"eply)
REPLY TO SENDER
Send 1opy o0 Spamlo!er-)eports TO (EmailSpam+o*erTo)
Add to NoProcessing Addresses (Email&o)rocessingAdd)
asspof Edit report file# reports$npreport.t%t
noProcessing addresses. 0nly the users defined in /mailNoProcessingTo+ /mailAdmins and /mailAdmin)eportsTo are able
to define a list of email addresses in the mail body. $o not put the full address here+ just the user part.
For eample: asspnpadd. To use this option+ you have to configure noProcessing with -file:...- for eample
-file:files)noprocessing.tt- 9
)emo!e 0rom noProcessing Addresses (Email&o)rocessing"emo*e)
asspon Edit report file# reports$npremo&ereport.t%t
noProcessing .
$o not put the full address here+ just the user part. 0nly the users defined in /mailNoProcessingTo+ /mailAdmins and
/mailAdmin)eportsTo are able to define a list of email addresses in the mail body.
For eample: asspnprem. To use this option+ you have to configure noProcessing with -file:...- for eample
-file:files)noprocessing.tt- 9
)eply to Add to/)emo!e 0rom noProcessing (Email&o)rocessing"eply)
REPLY TO SENDER
Send 1opy o0 NoProcessing-)eports TO (Email&o)rocessingTo)
Add to Blac&isted Addresses (Email,lackAdd)
assp!black Edit report file# reports$blackreport.t%t
blac&isted$omains addresses. 0nly the users defined in /mailAdmins and /mailAdmin)eportsTo are able to reAuest an
addition. $o not put the full address here+ just the user part.
For eample: assp(blac*. To use this option+ you have to configure blac&isted$omains with -file:...- for eample
-file:files)blac*listed.tt- 9
)emo!e 0rom Blac&isted Addresses (Email,lack"emo*e)
12.05.2014 Seite 69 von 134
assp-notblack Edit report file: reports/blackremovereport.txt
blac&isted$omains .
$o not put the full address here+ just the user part. 0nly the users defined in /mailAdmins and /mailAdmin)eportsTo are able
to reAuest an addition.
For eample: assp(notblac*. To use this option+ you have to configure blac&isted$omains with -file:...- for eample
-file:files)blac*listed.tt- 9
Spam/NotSpam )eport .ill modi0y Personal Blaclist # (EmailErrorsModify)ers,lack)
*@*
Spam Beports will add email addresses to the Personal &lac*list+ %otSpam Beports will remove addresses from the Personal
&lac*list+ if the report senders address matches.
Accepts specific addresses .user3domain.com/+ user parts .user/ or entire domains .3domain.com/. Gildcards are supported
.friboI3domain.com/.
$efault is I3I + which matches all addresses.
Add to Personal Blac&isted Addresses (Email)ers,lackAdd)
assp-persblack Edit report file: reports/persblackreport.txt
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to add the listed address.es/ to the
personal blac*'isted addresses. $o not put the full address here+ just the user part.
For eample: assp(persblac*.
The add and remove is done via email(interface+ by sending specific email addresses to 2/mailPersBlacAdd2 and
2/mailPersBlac)emo!e2. A local user can force a complete report about all his personal blac* list entries by defining an email
address that begins with 2reportpersblac*2 in a remove or add reAuest : eg: reportpersblac*3anydomain.com or by sending an
empty body.
Any mail address sent to this username will be removed from the whitelist if possible.
HlobaliDed adding an address to all local users is not supported ( use /mailBlacAdd instead.
The following wildcard combinations are allowed for an email address to support personal blac*listing of domains:
fullJsenderJaddress
I3senderJdomain or 3senderJdomain
3IsenderJdomain or I3IsenderJdomain
3I.senderJdomain or I3I.senderJdomain
)emo!e 0rom Personal Blac&isted Addresses (Email)ers,lack"emo*e)
assp-persnotblack Edit report file: reports/persblackremovereport.txt
Any mail sent by local)authenticated users to this username will be interpreted as a reAuest to remove the listed address.es/ from
the personal blac*'isted addresses .
For eample: assp(persnotblac*.
The add and remove is done via email(interface+ by sending specific email addresses to 2/mailPersBlacAdd2 and
2/mailPersBlac)emo!e2. A local user can force a complete report about all his personal blac* list entries by defining an email
address that begins with 2reportpersblac*2 in a remove or add reAuest : eg: reportpersblac*3anydomain.com or by sending an
empty body.
0nly an admin can force a complete cleanup of all personal blac* entries for a specific email address for all local users ( sending an
email to 2/mailPersBlac)emo!e2 with the address followed by 2+I2 in the body eg: addressJtoJremove3theJdomain.foo+I ( be
carefull modifying personal entries of other users9
The same wildcard combinations li*e in /mailPersBlacAdd are supported.
Notice2 a remo!ement re:uest 0or a speci0ic email address .ill remo!e A&& entries 0rom t(e users personal blaclist;
t(at .ould bloc t(is email address 6also all matc(ing .ildcard entries74
)eply to Add to/)emo!e 0rom Blac&isted (Email,lack"eply)
REPLY T !E"#ER
Send 1opy o0 Blac-1(ange-)eports TO (Email,lackTo)
)e:uest Analy5e )eport (EmailAnaly-e)
asspanal$%e Edit report file: reports/anal$%ereport.txt
Any mail sent or forwarded by local)authenticated users to this username will be interpreted as a reAuest for analyDing the mail.
$o not put the full address here+ just the user part. For eample: asspanalyDe
6se a fa*e domain li*e 3assp.local when you send the email( so the full address would be then asspanalyDe3assp.local.
)eply to Analy5e )e:uest (EmailAnaly-e"eply)
!E"# T !E"#ER
12.05.2014 Seite 70 von 134
Send Copy of Analyze-Reports (EmailAnalyzeTo)
A copy of the Analyze-Report will be sent to this address. For example: admin@domain.com
Spam and Ham Reports will trigger an additional Analyze Report (DoAdditionalAnalyze)
NO ADDITIONAL REPORT
Additional Analyze Report will be generated for Spam and Ham Reports. Setting the ! Address accordingly and choosing
EmailAnalyzeTo will send the Analyze Report to the admin only.
From Address for Reports (EmailFrom)
"mail sent from ASS# ac$nowledging yo%r s%bmissions will be sent from this address.
Allow '=' in Addresses (EmailAllowEqual)

Allow &'& in addresses to be whitelisted or redlisted.
Do ot Reply To T!ese Addresses" (EmailSenderNoReply)
"mail sent from ASS# ac$nowledging yo%r s%bmissions will not be sent to these addresses. Accepts specific addresses
(%ser@example.com)* %ser parts (%ser) or entire domains (@example.com).
Analyze-* #ersonal+lac$,ist- and all -ir%s related reports are ignored by this feat%re (are sent e-en a %ser is listed here).
An Report copy to EmailAnalyzeTo* Email#la$%To* Emailo&ro$essingTo* EmailSpam'o(erTo* EmailRedlistTo*
Email)!itelistTo and EmailErrorsTo is also ignored by this feat%re.
.otes !n "mail /nterface
Notes
12.05.2014 Seite 71 von 134
File &at!s and Data*ase
Dire$tory #ase (base)
c:/assp
All paths are relati-e to this folder.
ote+ Display only,
Spam Colle$tion (spamlog)
spam
he folder to sa-e the collection of spam mails. his directory will be %sed in b%ilding the spamd* . For example: spam
ot-spam Colle$tion (notspamlog)
notspam
he folder to sa-e the collection of not-spam mails. his directory will be %sed in b%ilding the spamd* . For example: notspam
-. /ail (incomingO!ail)
mailok
he folder to sa-e non-spam (message o$). hese are messages which are considered as HA0* b%t are not stored in the standard
HA0 folder beca%se of o%r policy to %se only confirmed HA0 messages (whitelisted or local) for spamd* . /f yo% want to $eep
copies of o$ mail then p%t in a directory name. his directory will not be %sed in b%ilding the spamd* . 1efa%lt: o$mail
Dis$arded Spam (discarded)
discarded
he folder to sa-e dis$arded spam-messages. hese are Spam messages which are not stored for b%ilding the spamd* b%t for
resending with an Email#lo$%Report. /f yo% want to $eep copies of dis$arded Spam then p%t in a directory name. 1efa%lt:
dis$arded
Atta$!ment01ir2s Colle$tion ("iruslog)
virus
he folder to sa-e re2ected attachments and -irii. ,ea-e this blan$ to not sa-e these files (defa%lt). /f yo% want to $eep copies of
re2ected content then p%t in a directory name. .ote: yo% m%st create the directory. his directory will not be %sed in b%ilding the
spamd* . For example: 3%arantine
False-negati(e Colle$tion (correctedspam)
errors/spam
Spam that got thro%gh -- co%nts do%ble. his directory will be %sed in b%ilding the spamd* . For example: errors4spam
False-positi(e Colle$tion (correctednotspam)
errors/notspam
5ood mail that was listed as spam* co%nt 6x. his directory will be %sed in b%ilding the spamd* . For example: errors4notspam
try to resend t!is files (resendmail)
resendmail
ASS# will try to resend the files in this directory to the original recipient. he files m%st ha-e the 7maillogE3t7 extension and m%st
ha-e the S0#-format. For example: resendmail. his re3%ires an installed Email++Send mod%le in #"R,.
E3tension for /ail Files (maillogE#t)
.eml
"nter the file extension (incl%de the period) yo% want appended to the mail files in the mail collections.
,ea-e it blan$ for no extension - this setting will pre-ent se-eral feat%res from wor$ing. .e-er %se &.msg& - this is an extension
%sed by 0S-o%tloo$8 For "xample: .eml
Spam0H// #ayesian Data*ase Files (spamdb)
DB: Edit list
he o%tp%t file from reb%ildspamdb. 9rite only 71+:7 to %se a database table instead of a local file* in this case yo% need to edit
the database parameters below. he Hidden 0a$o- 0odel is only a-ailable if this parameter is set to 1+: .
/t is recommended to %se a database for all possible lists and caches for best performance* less memory%sage and stability8 /f yo%
do not want to install a database engine li$e 0yS3l or !racle* %se +er$eley1+8 #lease read the section D#dri(er 8
,ast R%n Reb%ildspamdb
Last Run Rebuildspamdb
Email )!itelist Data*ase File (w$itelistdb)
DB: Edit list
he file with the whitelist.
9rite only 71+:7 to %se a database table instead of a local file* in this case yo% need to edit the database parameters below.
Email Redlist Data*ase File (redlistdb)
12.05.2014 Seite 72 von 134
DB: Edit list
he file with the redlist.
&ersonal #la$%list Data*ase File (persblacdb)
persblack
he file with the personal blac$list. he chec$ of the personal blac$ list is done shortly after the R:# !: command. his
command will be re2ected if an entry is fo%nd - any other setting except send456-. and send456-.7S& will be ignored.
"ach entry is represented by two comma separated -al%es !*FR!0 (and an expiration date).
! co%ld be any of : email address* ;s%bdomain.<domain.tld* @;s%bdomain.<domain.tld* =@;s%bdomain.<domain.tld - the last
three entry options co%ld be only added and remo-ed by editing the list in the 5>/ 8
FR!0 co%ld be any of : email address or any ;@<;s%bdomain.<;domain.<,1 -ariant (wildcards are allowed). All -al%es are
s%pported by the email interface for all local %sers.
8rey7&list Data*ase (griplist)
griplist Show file
he file with the c%rrent 5rey-/#-,ist database -- ma$e this blan$ if yo% don&t %se it.
9se #er%eleyD# for 8riplist (useD%&griplist)
/f selected ASS# %ses &+er$eley1+& instead of &orderedtie& for griplist. 1epending on yo%r settings for -rderedTieHas!Ta*leSize
this co%ld spend some memory and4or res%lt in better performance. he perl mod%le #er%eleyD# -ersion ?.@6 or higher and
+er$eley1+ -ersion 6.A or higher is re3%ired to %se this feat%re.
Drop also Conne$tions from t!ese 7&'s" (droplist)
file:files/droplist.txt Edit file
A%tomatically downloaded (http:44www.spamha%s.org4drop4drop.lasso) list of /#&s which sho%ld be bloc$ed right away. his list
co%ld be %sed in addition to denyS/T&Conne$tionsFrom and4or denyS/T&Conne$tionsFromAlways8
Delaying Data*ase (delaydb)
DB: Edit list
he file with the delay database.
'DA& Data*ase (ldaplistdb)
DB: Edit list
he file with the ,1A#-cache database.
Admin 9sers Data*ase (adminusersdb)
adminusers
he file with the 5>/-Admin->sers database - defa%lt to set is &admin%sers&.
+efore setting this parameter* please set admin2sersd*pass to a -al%e of yo%r choice8
o %se this database shared between m%ltiple ASS#&s* set all ASS# to mys:lSla(e/ode (except the master) and the
admin2sersd*pass m%st be the same on all installations8 /f yo% want to change the admin2sersd*pass* first change it on the
master.
Admin 9sers Data*ase 2ses no #inary Data ;ASC77 only< (adminusersdbNo%'N)

Select this* if admin2sersd* is set to 71+:7 and yo%r database engine does not accept or has problems with binary data (eg.
#ostgres). /f yo% change this -al%e* yo% ha-e to stop all assp and to clean%p both tables (admin%sers and admin%sersright)
*efore restarting assp8. o $eep yo%r data do the following: do an E3port/ys:lD# - change this -al%e - stop assp - drop or clean
both tables - start assp - do an 7mport/ys:lD# .
Admin 9sers Data*ase &ass&!rase (adminusersdbpass)
boss73!
he passphrase that is %sed to encrypt the admin2sersd*. his has to be the same on all ASS# installations that are sharing the
admin2sersd*. /f yo% want to change it* first change it on the master installation and than on the sla-es. 1o not forget to
config%re &mys:lSla(e/ode& first. An empty -al%e is not -alid8
data*ase !ostname or 7& (my$ost)
localhost
Bo% need Tie++RD#/ to %se a database instead of local files.
his way yo% can share whitelist* delayd** redlist and penaltybox between ser-ers
data*ase dri(er name (D%dri"er)
12.05.2014 Seite 73 von 134
BerkeleyDB
he database dri-er %sed to access yo%r database - 1+1-dri-er. he following dri-ers are a-ailable on yo%r system:
+er$eley1+* A1!* Any1ata* :SC* 1+0* "xample#* File* 5ofer* ,1A#* ,og* 0CSDF#SE,* 0oc$* 0%ltiplex* !1+:* !racle* !-rimos*
#g* #g##* #roxy* SE,ite* Sponge* Sprite* emplate* emplateSS* mys3l* mys3l##
/f yo% can not find the dri-er for yo%r database in this list* yo% sho%ld install it -ia cpan or ppm8
- or if yo% ha-e installed an !1+:-dri-er for yo%r database and 1+1-!1+:* 2%st create a 1S. and %se !1+:.
/f assp is r%nning on windows and yo% want to %se a 0SSE, ser-er as bac$end* don&t %se the !1+: dri-er - %se the A1! dri-er
with the 1S. definition8
>sef%l are A1!F1+GF/nformixF!1+:F!racleF#gFSybaseFmys3l - b%t any other SE, compatible database sho%ld also wor$.
syntax examples: dri-er*optionH*optionG*...*...
A1!;*1S.'mydsn;I#ro-ider's3loledb<<
1+G
/nformix
!1+:*1S.'mydsnFdri-er'JKSE, Ser-erJL*Ser-er'ser-erDname
!racle*S/1'HF/.SA.:"D.A0"'myinstanceFS"RC"R'myser-erFS"RC/:"D.A0"'myser-iceDname*;#!R'myport<
#g;*#!R'myport<
Sybase*S"RC"R'myser-er*;#!R'myport<
mys3l;*#!R'myport<;*mys3lDsoc$et'4path4to4mys3l.soc$<;*A%to:ommit'H<;*mys3lDa%toDreconnect'H<
/nstead %sing local files for hashes and lists -ia shared memory* it is recommended to %se #er%eleyD# (#erl-mod%le) -ersion
?.@6 or higher for highest performance and less memory %sage. he +er$eley1+ (engine) -ersion 6.A or higher is re3%ired to %se
+er$eley1+.
/f yo% specify +er$eley1+ here* the -al%es for my!ost* myd** my2ser and mypassword will be ignored. All possible +er$eley1+
option m%st be defined here - the option for &-Filename& is already set by ASS#8 !ptions co%ld be defined for example:
+er$eley1+*-#agesize'Mn%mber*-"n-'M;-:achesize'Mn%mber*-0ode'Mmode*...*...<*...*...
/f &-"n-'M;-:achesize'Mn%mber<& (n%mber in bytes) is specified* this cache size will be %sed at minim%m for e-ery single list. his
is not recommended* beca%se ASS# does a%tomaticly calc%late the right cache for e-ery list. Bo% may set%p config%ration -al%es
for any +er$eley1+* creating a file D#=C-F78 (case sensiti-e) in the corresponding directory .4tmp1+4;list<. #lease %se the
+er$eley1+ doc%mentation if yo% don&t $now the syntax of this file. Any -al%e defined in that file will o-erwrite the corresponding
internal ASS# config%ration for this 1+.
he options for all dri-ers and their possible or re3%ired order depends on the 1+1 dri-er %sed* please read the dri-er&s
doc%mentation* if yo% do not $now the needed option.
he %sername* password* host and databasename are always %sed from this config%ration page.
data*ase name (mydb)
his database m%st exist before starting ASS#* necessary tables will be created a%tomatically into this database.
T!is is a sla(e of more t!en one assp-$omp2ters a$$essing t!e same data*ase (mysqlSla"e!ode)
/f yo% are r%nning more then one assp-comp%ters accessing the same or ;*etter *e$a2se of S&-F< a bidirectional replicated
database
this is a sla-e-assp and no database maintenance will be done by this one8
0aintenance sho%ld only be done by the first assp - the master8
0aintenance for file based caches and lists will always be done8
data*ase 2sername (myuser)
his %ser m%st ha-e :R"A" pri-ilege on database to create tables a%tomatically
data*ase password (mypassword)
Data*ase /a3im2m Ca$!e Age (D%(ac$e!a#Age)
0
Setting this -al%e abo-e zero* enables an internal database cache for e-ery defined table to red%ce the conc%rrent database
3%eries and to pre-ent possible record access collisions* which co%ld ca%se st%c$ing wor$ers on some systems
he -al%e defines the maxim%m age in seconds a record will exists %nto%ched in the table cache.
+e caref%ll* setting this -al%e too high in a database replication en-irionment co%ld ca%se %nexpected 3%ery res%lts* beca%se this
cache is .! shared between m%ltiple assp instances.
/f set* a -al%e of H? seems to be pop%lar in any case. An too less -al%e* will prod%ce o-erhead witho%t any ad-antage. An too high
setting co%ld ca%se the described database consistency problems.
import dire$tory (importD%Dir)
mysql/dbimport
he folder to import the %sed tables of the database from.
he schema of the files m%st be the assp-schema.
Files can be:
- pbdb.bac$.db.(addFrpl)
- pbdb.bat-.db.(addFrpl)
- pbdb.blac$.db.(addFrpl)
- pbdb.d$im.db.(addFrpl)
- pbdb.mxa.db.(addFrpl)
- pbdb.ptr.db(addFrpl)
- pbdb.rbl.db.(addFrpl)
- pbdb.rwl.db.(addFrpl)
12.05.2014 Seite 74 von 134
- pbdb.sb.db.(addFrpl)
- pbdb.spf.db.(addFrpl)
- pbdb.trap.db.(addFrpl)
- pbdb.%ribl.db.(addFrpl)
- pbdb.white.db.(addFrpl)
- ldaplist.(addFrpl)
- redlist.(addFrpl)
- whitelist.(addFrpl)
- persblac$db.(addFrpl)
- spamdb.(addFrpl)
- spamdb.helo.(addFrpl)
- delaydb.(addFrpl)
- delaydb.white.(addFrpl)
- admin%sers.(addFrpl)
- admin%sersright.(addFrpl)
>se the extension 7add7 or 7rpl7 to add or replace the records to the tables.
!nly files for database-enabled tables will be imported 8 he import will be done at ASS# start or if the option below is %sed.
/mported files will be renamed to =.!N 8
For example: mys3l4dbimport
/f yo% plan to import in to +er$eley1+ - do the following:
- set Disa*leS/T&etwor%ing to on - set all needed 1+ parameters - collect yo%r import files - restart assp and wait %ntil all
imports are finished - restart assp - set Disa*leS/T&etwor%ing to off
&re(ent #2l% 7mport (pre"ent%ul'mport)
1o not select* if yo% are %sing 0ySE,8 1oing a +%l$-/mport of data* ASS# modifies the properties of table col%mnes. his co%ld
res%lt in brea$ing some config%red 1+ feat%res li$e 1+-replication in 0SSE,. /f selected* ASS# will do a line per line insert4%pdate
(which ta$es m%ch more time) witho%t modifying the tables properties.
Fill t!e 7mport Folder ()ill*p'mportD%Dir)
/f set to a -al%e between H and O* the corresponding bac$%p file for any list4hash that config%red to %se a database will be copied
from the *a$%2pD#Dir to the importD#Dir. he res%lting file name will has an extension of 7.rpl7* so a possible import will
replace the c%rrent table content. /f a -al%e of 7,7 is defined* the last bac$%p will be %sed. #ossible -al%es are , or H - O or blan$.
Any config%red -al%e will be reset to blan$ after the copy is finished.
import all files from t!e importD#Dir Dire$tory in to t!e data*ase - now, ('mport!ysqlD%)
All files from the 7importD#Dir7 will be imported in to database . #lease define the directory abo-e* before %sing the import8
Run Now! Refresh Browser
e3port dire$tory (e#portD%Dir)
mysql/dbexport
he folder to export the %sed tables of the database.
he schema of the files is the assp-schema.
en -ersions of exports are a-ailable8
For example: mys3l4dbexport
e3port all ta*les from t!e data*ase (E#port!ysqlD%)
All table of the database will be exported to the 7e3portD#Dir7 1irectory. #lease define the 1irectory abo-e* before %sing the
export8
*a$%2p dire$tory (bacupD%Dir)
mysql/dbbackup
he folder to bac$%p the %sed tables of the database.
he schema of the files is the assp-schema.
en -ersions of bac$%ps are a-ailable8
For example: mys3l4dbbac$%p
*a$%2p data*ase 7nter(al
s
(bacupD%'nter"al)
2
bac$%p the database (all tables %sed by assp at the time) e-ery this ho%rs.
1efa%lts to G ho%rs.
$opy t!e last D#-*a$%2p to t!e original lo$ation (copyD%ToOrg+oc)

/f 1+-bac$%p is enabled* the last bac$%p-ersion is also copied to the original location.
/f database connections are failed* while ASS# is r%nning* ASS# will switch o-er to %se these files instead of 1+-tables.
1+-tables will not be imported from here* this m%st be done from the importD#Dir8
ASS& 'ogfile (log)ile)
logs/maillog.txt
+lan$ if yo% don&t want a log file. :hange it to maillog.log if yo% don&t want a%to rollo-er. .!": :hanging this field re3%ires
restarting ASS# before changes ta$e effect.
/a3 Age of 'ogfiles (!a#+ogAge)
12.05.2014 Seite 75 von 134
0
The maximum file age in days of logfiles. If a logfile is older than this number in days, the file will be deleted. Default is 0 -
recommended is 30. A value of 0 disables this feature and no logfile will be deleted because of its age.
Runtime MaxLogAge (MaxLogAgeSchedule)
1
untime hour for deleting old logfiles. !et a number between 0 and "3. 0 means midnight, # is default.
PID File (pidfile)
pid
$lan% is not a valid value&
'ou have to restart A!!( before you get a )id file in the new location.
This file is used to detect a clean shutdown of A!!( - in this case it does not exist at startu)&
*otes +n ,ile (ath
Notes
12.05.2014 Seite 76 von 134
Collecting
Spam Collect Addresses* (spamaddresses)
put|your@spambucket.com|addresses|@here.org
-ail to any of these addresses are always s)am and will contribute to the s)am-collection unless from someone on the whitelist.
Acce)ts s)ecific addresses .user/domain.com0, user )arts .user0 or entire domains ./domain.com0. The addresses are not
validated, they are readdressed to ccalls)am, however you can su)ersede this by )utting a valid address into sendAllCollect
below.
Catchall Address for Collect Addresses (sendAllCollect)
A!!( will readdress messages addressed to 1ollect Addresses to this address.
,or exam)le2 collect/mydomain.com
se Collect Addresses for !esting "our #n$ironment (DoNotBlockCollect)
If set A!!( will bloc% messages from 1ollect Addresses after other chec%s are )erformed. That may hel) to test and control
activated filters.
se Penalt% !rap Addresses !o Collect (UseTrapToCollect)
If set A!!( will use addresses from DoPenalt%Ma&e!raps and spamtrapaddresses to collect s)ams.
Do 'ot Collect Messages from(to these Addresses* (noCollecting)
Acce)ts s)ecific addresses .user/domain.com0, user )arts .user0 or entire domains ./domain.com0.
Do 'ot Collect Messages ) Content *ased* (noCollecte)
If the content of a collected file .incl. 3-A!!(-... headers0 matches this regular ex)ression, it will be deleted from the collection
after the mail is com)letely )rocessed.
If the A!!(4A1 )lugin is used, the file will be deleted from the collection after it was archived. This is the only 5no collect5 o)tion
which removes an already collected file, all other o)tions will )revent ass) from creating a collection file - if set to 5no collection5.
The chec% is limited to Max*%tes or at max #00000 $ytes.
Do 'ot Collect RedRe Matching Mails (DoNotCollectede)

-ails .!)am67am0 matching ed egex .redRe0 will not be stored in the collection folders.
Do 'ot Collect Redlisted Mails (DoNotCollectedList)
-ails .!)am67am0 matching edlist will not be stored in the collection folders.
Do 'ot Collect *ounced Mails (DoNotCollectBounces)

-ails matching 8$ounce !enders9 will not be collected.
Don+t Collect Mail (NoMaillog)
1hec% this if you:re using ;hitelist-+nly and don:t care to save mail to build the $ayesian database.
Max Files (Max!iles)
14009
If you:re not using sub<ects as file names . seSu,-ectsAsMaillog'ames 0, this is the maximum number of files to %ee) in each
collection .s)am = nons)am0
It:s actually less than this -- files get a random number between # and MaxFiles.
Files Distri,ution (!ilesDistri"ution)
0.5
This defines how file names are chosen in each collection. If set to #, names are uniformly distributed. If set between 0.0# and
0.>>, names distribution is ex)onential -- files get lower numbers more fre?uently. This )revents from cor)us being refreshed too
?uic%ly, es)ecially when MaxFiles is set to low value .ex. 30000
ecommended2 0.@, Default2 #
se Su,-ect as Maillog 'ames (UseSu"#ectsAsMaillogNames)

'ou can turn this on to hel) you manually identify mail in your s)am and non-s)am collections. This will )revent A!!( from
controlling the number of files in your collections.-9 MaxFiles 0. It is recommended to switch on Maint*a%esCollection and to
setu) Max'o*a%esFileAge to your needs, if you have switched on this o)tion.
Max 'um,er of Duplicate File 'ames (MaxAllo$edDups)
100
The maximum number of logged files with the same filename .sub<ect0 that are stored in the s)am folder .spamlog0, if
seSu,-ectsAsMaillog'ames is selected. Default is 0. A low value reduces the number of )ossibly du)licate mails, assuming
that mails with the same sub<ect will have the same content. A value of 0 disables this feature. If this number of files with the
same filename is reached, the oldest file with the same sub<ect will be moved to the discarded folder, which has to be defined . in
addition to spamlog 0 for this feature to wor%.
12.05.2014 Seite 77 von 134
Regular #xpression to Identif% allo.ed duplicate Su,-ects* (Allo$edDupSu"#ecte)
-essages their sub<ect matches this regular ex)ression will be collected regardless the setting in MaxAllo.edDups .
se nicode to ,uild Maillog 'ames (UseUnicode%MaillogNames)
If you have switched on seSu,-ectsAsMaillog'ames and your default .local language0 characterset .)lease setu)
ConsoleCharset0 needs A $it li%e 5B+IA-r5,51(-ACC5,5;indows-#"@#5,5;indows-#"@"5,5I!+-AA@>-35,53--ac-
1yrillic5,5DI!430"0#5 or any other .or is ET,-A0 - and you want to have readable filenames in the maillog and on the console
screen, you can switch on this o)tion. The resolution of some characters written to the console could be incorrect de)ending on
your o)erating system. This re?uires an installed #mail//MIM# module in (FG.
If in addition the module 0in12//nicode is installed on windows )lattforms, ass) will generate unicode filenames for the
collected cor)us files .already on nix systems0.
se nicode to ,uild Su,-ects in Maillog (UseUnicode%Su"#ectLogging)
If you have switched on senicode3Su,-ectLogging and your default .local language0 characterset .)lease setu)
ConsoleCharset0 needs A $it li%e 5B+IA-r5,51(-ACC5,5;indows-#"@#5,5;indows-#"@"5,5I!+-AA@>-35,53--ac-
1yrillic5,5DI!430"0#5 or any other .or is ET,-A0 - and you want to have a readable sub<ect in the maillog and on the console
screen, you can switch on this o)tion. The resolution of some characters written to the console could be incorrect de)ending on
your o)erating system. This re?uires an installed #mail//MIM# module in (FG.
Max Length of File 'ames (Max!ileNameLength)
50
The maximum character count that is used from the mail sub<ect to build the file name of the logged file, if
seSu,-ectsAsMaillog'ames is selected. This could be useful, if your mail clients having trouble to build the resend file name
.right button - EG0 correctly in bloc% re)orts. Fvery non )rintable character will be re)laced by a H byte string in this lin%.
Maintenance for *a%esian Collection (MaintBa&esCollection)
!et this to on, if you want A!!( to run a maintenance tas%s on the bayesian collection folders . spamlog , notspamlog ,
correctedspam , correctednotspam 0. A!!( will delete the oldest files until the number of files )er folder reaches MaxFiles. If
you want A!!( to delete files because of their age instead of the number of files . MaxFiles 0, setu) Max*a%esFileAge and6or
MaxCorrectedDa%s to your needs.
Maint*a%esCollection is useful, if seSu,-ectsAsMaillog'ames is set to on and doMo$e2'um is set to off, because in this
case the number of files in every collection folder will grow infinite. If set to +n, the rebuilds)amdb tas% will also do the cleanu).
Max Age of *a%es Files (MaxBa&es!ileAge)
0
The maximum file age in days of every file in every bayesian collection folder . spamlog , notspamlog 0. If
Maint*a%esCollection is set to on and a file is older than this number in days, the file will be deleted. Default is 3#. A value of 0
disables this feature and no file will be deleted because of its age. To use different values for spamlog and notspamlog, define
two s)ace se)arated values - the first for spamlog and the second for notspamlog, li%e :30 C0:. The rebuilds)amdb tas% will
ignore files older than this days .if not Iero0.
It is not recommended to enable this o)tion, if you use the bayesian engine of A!!( and doMo$e2'um is set to +*. A better
solution in this case is, to have Maint*a%esCollection ta%e care of deletions .by date0 and change this setting to 0.
Max Corrected File Age (MaxCorrectedDa&s)
1000
This is the number of days a error re)ort will be %e)t in the correctedspam and correctednotspam folders. These folders are
the longterm memory of A!!(, therefore the default is #0000 days .more than "J years0. To use different values for
correctedspam and correctednotspam, define two s)ace se)arated values - the first for correctedspam and the second for
correctednotspam, li%e :#000 #@00:. The rebuilds)amdb tas% will ignore files older than this days .if not set to Iero0.
Max Age of non *a%es Files (MaxNoBa&es!ileAge)
0
The maximum file age in days of every file in every non bayesian collection folder . incoming4&Mail , discarded , $iruslog 0. If
defined and a file is older than this number in days, the file will be deleted. Default is 3#. A value of 0 disables this feature and no
file will be deleted because of its age. To use different values for incoming4&Mail and discarded and $iruslog, define three
s)ace se)arated values - the first for incoming4&Mail and the second for discarded and the third for $iruslog, li%e :3# H@ C0:
Runtime for Maint*a%esCollection and Max'o*a%esFileAge
s
(Max!ileAgeSchedule)
0 1 * * *
untime hour for deleting old collected files .bayes and non bayes0. !et a number between 0 and "3. 0 means midnight, # is
default. If em)ty a cleanu) will not be scheduled. This could be fine, if a rebuilds)amdb is scheduled, which will also do the
cleanu) based on the settings of Maint*a%esCollection , Max*a%esFileAge and MaxCorrectedDa%s - but it will not maintain
incoming4&Mail , discarded and $iruslog based on Max'o*a%esFileAge &
Max *%tes (MaxB&tes)
20000
7ow many bytes of the message body will A!!( loo% at - the message header is always included in all chec%sK -ails stored in the
collecting folders will be truncated to this siIe. The average of 7am messages .message body0 is CB, the average of !)am
messages is 3B. Esually the s)am folder will be filled ?uic%er than the nots)am folder, therefore set this value to H000 to get more
word)airs )er 7am -essage. ;hen both folders are close to the maxfiles limit, reduce it to 3000.
Store the Complete Mail (StoreCompleteMail)
12.05.2014 Seite 78 von 134
no limit
If set, A!!( will loo% at Max*%tes, but if )ossible it will store the com)lete mail u) to the number of bytes configured. This could
be useful for exam)le, if you want resend bloc%ed messages. $e carefull using this o)tion, your dis% could be filled u) very fast&
#rror Max *%tes (MaxB&teseports)
10000
7ow many bytes of an error re)ort message will A!!( loo% at. ,or exam)le2 #0000. !et this to Iero for no limit.
'on Spam (NonSpamLog)
notspam folder
;here to store whitelisted6local non s)am messages. Default2 nots)am folder . notspamlog 0.
45 Mail ("a&sNonSpamLog)
notspam folder
;here to store non s)am .message o%0 messages. These are messages which are considered as 7A-, but should not stored in the
standard 7A- folder because of our )olicy to use only confirmed 7A- messages .whitelisted or local0 for !)amD$. !et
incoming4&Mail accordingly if you choose :o%mail folder:. Default2 no collection
Store Spam (SpamLog)
enabled
!et this to :disabled: if you do not want to store any !)am regardless of settings in. Default2 enabled .store in folder spamlog 0.
'oProcessing 45 Mails (no'rocessingLog)
no collection
;here to store no)rocessing +B mails.
'oProcessing re-ected Attachments (npAttachLog)
attachment folder
;here to store no)rocessing re<ected mailLattachments. ecommended2 discard folder . discarded 0 = sendAllSpam
0hitelisted re-ected Attachments ($lAttachLog)
attachment folder
;here to store whitelisted re<ected mailLattachments. ecommended2 discard folder . discarded 0 = sendAllSpam
#xternal re-ected Attachments (extAttachLog)
attachment folder
;here to store external re<ected mailLattachments. ecommended2 discard folder . discarded 0 = sendAllSpam
6irus Infected (Spam(irusLog)
no collection
;here to store virus infected messages. ecommended2 ?uarantine . ?uarantine 0
Spam *om,s (spamBom"Log)
discard folder
;here to store s)am bombs. ecommended2 discard folder . discarded 0
Scripts (scriptLog)
spam folder & sendAllSpam
;here to store scri)ted messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
*lac&listed Domains ("lDomainLog)
;here to store blac%listed domain messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
*lac&listed 7elos (spam)eloLog)
;here to store s)am helo messages. ecommended2 discard folder . discarded 0 = sendAllSpam
Forged 7elos (forged)eloLog)
discard folder
;here to store forged helo messages. ecommended2 no collection
In$alid 7elos (in*alid)eloLog)
discard folder
;here to store invalid helo messages. ecommended2 discard folder . discarded 0
Spam Collect Addresses (spamBucketLog)
;here to store mails addressed to !)am 1ollect Addresses. ecommended2 s)am folder . spamlog 0
12.05.2014 Seite 79 von 134
*a%esian Spams ("a&sSpamLog)
;here to store $ayesian s)am messages. ecommended2 discard folder . discarded 0 = sendAllSpam
SPF Failures (S'!!ailLog)
;here to store !(, ,ailure s)am messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
D'S*L Failures (BL!ailLog)
;here to store D*!$G ,ailure s)am messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
RI*L Failures (U+BL!ailLog)
;here to store EI$G ,ailure s)am messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
SRS Failures (SS!ailLog)
;here to store !! ,ailure .not signed bounces0 s)am messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
Missing(In$alid Pointer (spam'TLog)
;here to store -issing6Invalid (ointer re<ected messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
Missing M8 Record (spamM,ALog)
;here to store -issing -3 record re<ected messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
In$alid Local Sender (spam+SLog)
discard folder
;here to store messages from a local domain with an un%nown user)art. ecommended2 no collection
*loc&ed Countr% (spamSBLog)
;here to store messages from a bloc%ed country. ecommended2 s)am folder . spamlog 0 = sendAllSpam
Message Limit *loc&s (spamMSLog)
;here to store -essage !coring Gimit re<ected messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
Penalt%*ox *loc&s (spam'BLog)
discard folder
;here to store ($ re<ected messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
D5IM failed (D-+MLog)
discard folder
;here to store DBI- re<ected messages. ecommended2 s)am folder . spamlog 0 = sendAllSpam
*ac&scatter chec& failed (BackLog)
discard folder
;here to store bac%scatter .-!MID-signing, $ATN, D*!-$ac%scatter0 re<ected messages. ecommended2 no collection
'on Spam Collection Fre9uenc% (fre.NonSpam)
1
!tore every n:th non s)am message. If you set the value to #0 then every #0th message is logged. These fre?uency settings are
for A!!( users with a mature installation who ex)erience heavy mail or s)am volumes. Fnter a larger value if the non s)am
cor)us is being refreshed too ?uic%ly. Default Nalue O #, log every message. Geave it at the default value #, if you use
$loc%e)orts.
Spam Collection Fre9uenc% (fre.Spam)
1
!tore every n:th s)am message. The same as for non s)am but hel)s )revent s)am cor)uses being s%ewed by flooding. It is
recommended that this be set de)ending on s)am volume. Default value O #, log every message. Geave it at the default value #, if
you use $loc%e)orts.
*otes +n 1ollecting
Notes
12.05.2014 Seite 80 von 134
Logging
Notification Email To (Notify)
Email address(es) to which you want ASSP to send a notification email per default, if a matching log entry ( NotifyRe ,
NoNotifyRe ) is found. Separate multiple entries by "|".
Do Notify, if log entry matches* (NotifyRe)
file:files/NotifyRe.txt Edit file
egular E!pression to identify loglines for which a notification message should be send.
useful entries are"
#nfo" new assp $ersion % to get informed about new a$ailable assp $ersions
info" autoupdate" new assp $ersion % to get informed about an autoupdate of the running script
adminupdate" % for config changes
admininfo" % for admin information
option list file" % for option file reload
error" % for any error
warning" % for any warning
restart % to detect a ASSP restart
notification" too many recipients % for local fre&uency abuse once per day and sender
warning" too many recipients % for e$ery local fre&uency abuse
'ain(hread started % to detect a start of ASSP
Admin connection % for )*# logon
+ou may define a comma separated list (after ,-.,) of recipients in e$ery line, this will o$erride the default recipient defined in
,/otify,.
for e!ample" adminupdate"-.user01yourdomain.com,user21yourdomain.com.
As third parameter after a second (,-.,) you can define the sub3ect line for the notification message.
for e!ample" adminupdate"-.user01yourdomain.com,user21yourdomain.com-.configuration was changed
or" adminupdate"-.-.configuration was changed.
Do NOT Notify, if log entry matches* (NoNotifyRe)
egular E!pression to identify loglines for which no notification message should be send.
for e!ample"
user root % if root does anything
45root.6748 % if root changes the config
File name logging (fileLogging)

Show file names of collected spam9notspam in log. :ill be automaticly set to on, if inclResendLink is not set to disabled.
Su!ect logging (subjectLogging)

Show sub3ect of mail in log
Su!ect Start Delimiter (subjectStart)
[
Start delimiter of sub3ect in log
Su!ect End Delimiter (subjectEnd)
]
End delimiter of sub3ect in log
Rege" #atch logging (regexLogging)

Show matching rege! in log, note that all lists (li;e eg. noprocessing%list) are used as rege!.
$orker logging (WorkerLogging)

Show :or;ername in <og.
%& #atches Logging (ipmatchLogging)

Enables logging of #P addresses matches in the maillog. :ill show a comment instead of the range if there is te!t after the #P
ranges (and before any numbersign) eg. 0=2.=2.0>.>92? A@<
Logging 'ddress #atches (slmatchLogging)

Enables logging of address matches in the maillog.
'dd RegE" #atch (eader (AddRegexeader)
)ni*ue %D logging (uni!e"#Logging)

Add uni&ue string to log
&re+end )ni*ue %D logging (uni!ue"#$refix)
12.05.2014 Seite 81 von 134
m1
Prepend #A. Bor e!ample" m0%
S+am Tag Logging (tagLogging)

Add spam tag to log.
S#T& Status ,ode Re+ly Logging (replyLogging)
enabled - exclude [123]XX
Logging Records include %& - #ailFrom (expandedLogging)
S.SLO/ ,entrali0ed Logging (sysLog)

Enables logging to */#C or /etwor; Syslog.
/eeds the Perl module Sys""Syslog for local */#C9<#/*C or :indows E$entlog logging.
#f enabled and useSysSyslog is enabled and any of sysLog%+ or sysLog&ort is not set, local */#C9<#/*C or :indows E$entlog
logging is used. #t is not recommended to log to the :indows E$entlogD
Syslog &ort 1)D&2 (sysLog$ort)
514
Port for /etwor; Syslog logging.
Syslog Facility (SysLog%ac)
mail
Syslog Bacility. Ealid are ;ern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpri$, ftp, local>, local0, local2, localF,
local?, localG, localH
Syslog %& (sysLog"p)
127.0.0.1
#P Address or hostname of your /etwor; Syslog Aaemon for Syslog logging.
'SS& local logging (asspLog)

ASSP manages local logging. (he logs (logfile) are stored inside the directory where ASSP is installed.
Roll the Logfile (o3 Often4 (LogRoll#ays)
14
ASSP closes and renames the log file after this number of days. <ea$e this at the default $alue 0, if you use Iloc;eporting.
LogName Date Format (LogName#ate)
YY-MM-DD
(he standard name for the logfile is ++%''%AA.maillog.t!t, use this option to set it to your needs.
possible $alues are"
++%''%AA (default)
++++%''%AA
''%AA
Date5Time Format in LogDate (Log#ate%ormat)
MMM-DD-YY hh:mm:ss
*se this option to set the logdate. (he default $alue is ,'''%AA%++ hh"mm"ss,. (he following (case sensiti$e D) replacements will
be done"
++++ % year four digits
++ % year two digits
''' % month (three charactes) alpha numeric % li;e @ct /o$ Aec
'' % month numeric two digits
AAA % day (three charactes) alpha numeric % li;e 'on (ue Bri
AA % day numeric two digits
hh % hour two digits
mm % minute two digits
ss % second two digits
NOT%,E6 %f you change this 7alue, 8lockRe+orts and /ri+list9u+loads 3ill not 3ork for log entries in the +ast 1from
no32:
A $alue has to be defined for e$ery part of the date9time, the date must be the first part. Allowed separators in date part are ,J %.9,
% in time part ,%J.", .
Date5Time Language (Log#ateLang)
Deutsch
Select the language for the day and month if LogDateFormat contains AAA and9or '''.
NOT%,E6 %f you change this 7alue, 8lockRe+orts and /ri+list9u+loads 3ill not 3ork for log entries in the +ast 1from
no32:
12.05.2014 Seite 82 von 134
Silent #ode (silent)
Khec;ed means don,t print log messages to the console. 's'Daemon o$errides this.
/eneral Deug #ode (debug)
Khec;ed sends debugging info to a .dbg file. Aebug is enabled for all (hreads, all the timeD deug%& and debugE will be ignoredD
<ea$e this unchec;ed unless there is a program error you are trying to trac; down.
Deug these %&s* (debug"$)
Enter #P addresses that you want to be debugged, separated by pipes (|). (he local and the remote #P of the connection will be
chec;edD
/ot blan; sends debugging info to a .dbg file. <ea$e this blan; unless there is a program error you are trying to trac; down.
(his can be #P address of the S'(P ser$ice monitoring agent. Bor e!ample" 02L.>.>.0|0L2.0H.
Regular E"+ression to %dentify Deug9#essages* (debugRe)
Put anything here to identify messages that you want to be debugged. /ot blan; sends debugging info to a .dbg file. <ea$e this
blan; unless there is a program error you are trying to trac; down.
Run this ,ode to s3itch on Deug (debug&ode)
Put a code line here, to detect messages that you want to deug. (he code line has to return > or 0. A return of 0 will switch on
debug.
for e!ample"
MKonNMfhO%.NisbounceO
(his code line will switch on deug for all bounce messages.
(MKonNMfhO%.Nrelayo;O PP MKonNMfhO%.NisbounceO)
(his code line will switch on deug for all outgoing bounce messages.
(MKonNMfhO%.NispipO PP MKonNMfhO%.NcipO -Q 9R0SF4.24.04.9)
(his code line will switch on deug if the messages is from #SP and the #P of the ser$er that was connected to the #SP begins with
0SF.2.0. .
(o use this option, you need to ;now the internal ASSP $ariables and their usageD
Do not 3rite 8ody to Deug (debugNoWrite'ody)
#f selected, the sent message body data will not be written to the deug file.
Dataase ,onnection Deug #ode (#ata'ase#ebug)
Select to deug the database connectionsD
,onnection Timeout Deug #ode (&on(ime)ut#ebug)
Select to deug S'(P connections that are running in to timeoutD
%gnore #%#E Errors ("gnore*"*EErrors)

#f selected % Errors, based on wrong email '#'E contents, will not be written to logD
Don;t Log these %&s* (noLog)
Enter #P addresses that you don,t want to be logged, separated by pipes (|). (he local and the remote #P of the connection will be
chec;edD
(his can be #P address of the S'(P ser$ice monitoring agent. Bor e!ample" 02L.>.>.0|0L2.0H.
Regular E"+ression to %dentify NoLog9#essages* (noLogRe)
Put anything here to identify messages that you don,t want to be logged.
Regular E"+ression to %dentify #essages from5to &rolematic 'ddresses * (allLogRe)
eckardt
Put anything here to identify messages from9to addresses you want to loo; at for problem sol$ing. 'essages identified will also be
set to Store,om+lete#ail.
Regular E"+ression to %dentify ski++ed Log Lines* (noLogLineRe)
Put anything here to identify log <ines that you don,t want to be logged.
,onnections Logging (&onnectionLog)
verbose
12.05.2014 Seite 83 von 134
Session Limit Logging (SessionLog)
verbose
Enales Logging for ;Deny S#T& ,onnections From; (denyS*($Log)
verbose
Enale R$L logging (RWLLog)
verbose
Enale LD'& logging (L#A$Log)
verbose
A((E/(#@/" diagnostic will possibly write credital information in clear te!t to the logD
Enale <RF. logging (+R%,Log)
standard
Enale )ser <alidation logging (+alidate-serLog)
diagnostic
Enale &enalty8o" logging ($enaltyLog)
verbose
Enale &enalty8o" logging ($enaltyExtremeLog)
verbose
Enale #essage Scoring logging (*essageLog)
verbose
Enale #essage9%D signing logging (*S."#sigLog)
standard
Enale DNS98ackscatter detection logging ('acksctrLog)
standard
Enale 8'T< logging ('A(+Log)
standard
Enale <alidate Sender Logging (+alidateSenderLog)
verbose
Enale Sender8ase Logging (Sender'aseLog)
verbose
Enale /reylisting5Delaying logging (#elayLog)
verbose
Enale 8om logging ('ombLog)
verbose
#f set to $erbose, the reporting to the logfile and the C%ASSP% scoring header will show the complete list of all hits. @therwise only
the highest match will be shown.
Enale 'ttachment logging (AttachmentLog)
standard
Enale S&F logging (S$%Log)
verbose
Enale DNS8L logging (R'LLog)
verbose
Enale )R%8L logging (-R"'LLog)
verbose
Enale ,lam'< logging (ScanLog)
12.05.2014 Seite 84 von 134
verbose
Enale D=%# logging (#/"*logging)
standard
Enale thread action logging (WorkerLog)
verbose
Enale central &erl9signal logging (SignalLog)
standard
nolog will handle the Perl signals without any output (this should be ne$er setDDD), standard will write a message to log, $erbose
will write a message to log and to file debugSignal.t!t
Enale 8ayesian Logging ('ayesianLog)
verbose
Enables $erbose logging of Iayesian chec;s in the maillog.
Enale ,on7ersion logging (&on0Log)
standard
Enale #aintenance logging (*aintenanceLog)
diagnostic
Enale &erformance logging ($erformanceLog)
standard
Enale Re+ort logging (ReportLog)
standard
Enale Scheduler logging (ScheduleLog)
standard
Enale SN#& logging (SN*$Log)
diagnostic
Sho3 'll &ossile (its (Sho1maxreplies)

Show hits until ma!replies instead of stopping at ma!hits (I<,*#I<,:<).
RegE" Length in Log (RegExLength)
32
Aefines how many bytes of a matching egular E!pression will be shown in the log
Some matching egular E!pressions are too long for one line. Aefault" F2
Send NOO& %nfo (sendNoop"nfo)

Khec;ed means you want ASSP to send a "/@@P Konnection from #P" message to your S'(P ser$er.
/otes @n <ogging
Notes
12.05.2014 Seite 85 von 134
LDAP Setup
LDAP Host(s) (LDAPHost)
10.69.1.50
Enter the DNS-name(s) or IP address(es) of the server(s) that run(s) the LDAP database. Second entry is backup. For eamp!e"
!oca!host. Separate entries #ith pipes" $D%P-&.domain.com'$D%P-(.domain.com . )o use a different than the defau!t $D%P port*
define host"port.
Use SSL with LDAP (ldaps) (DoLDAPSSL)
no
%SSP #i!! use +!daps (SS$ port ,-,)+ instead of !dap (port -./) or +!daps ()$S over port -./)+. )he Per! modu!e IO::Socket::SSL
must be insta!!ed to use SS$ or )$S0
LDAP Query i!eout (LDAPtimeout)
15
timeout #hen connectin1 to the remote server. )he defau!t is &2 seconds.
LDAP Lo"i# (LDAPLogin)
cn=admin,dc=zentrale
3ost $D%P servers re4uire a !o1in and pass#ord before they a!!o# 4ueries.
Enter the DN specification for a user #ith sufficient permissions here.
For eamp!e" cn5%dministrator*cn56sers*D75yourcompany*D75com
LDAP Password (LDAPPassword)
boss7306
Enter the pass#ord for the specified $D%P !o1in here.
LDAP $ersio# (LDAPVersion)
3
Enter the version for the specified $D%P here.
LDAP %oot co#tai#er &or Local Do!ai#s (ldLDAPRoot)
dc=zentrale
)he $D%P !ookup #i!! use this container and a!! sub-containers to match the !oca! domain 4uery.
)he !itera! D83%IN is rep!aced by the domain part of S3)P recipient (e1. domain.com) durin1 the search.
For eamp!e" D75yourcompany*D75com.
If you use D83%IN here* you must check 9$D%P fai!ures return fa!se9 be!o# or non !oca! domains #i!! be treated as !oca!. If not
defined* LDAP%oot #i!! be used.
LDAP 'ilter &or Local Do!ai#s (ldLDAPFilter)
)his fi!ter is used to 4uery the $D%P database. )his stron1!y depends on the $D%P structure.
)he fi!ter must return an entry if the domain must be re!ayed.
)he !itera! D83%IN is rep!aced by the domain name durin1 the search.
for eamp!e" (:('('('('(:(ob;ectc!ass5user)(ob;ectcate1ory5person))(ob;ectcate1ory51roup))(ob;ectc!ass5pub!icfo!der))(0
(ob;ectc!ass5contact)))(ob;ectc!ass5msEchDynamicDistribution$ist))(proyaddresses5smtp"<=D83%IN))
LDAP %oot co#tai#er &or Local Addresses (LDAPRoot)
)he $D%P !ookup #i!! use this container and a!! sub-containers to match the !oca! emai! address 4uery.
For eamp!e" D75yourcompany*D75com.
If you use D83%IN here* you must check 9$D%P fai!ures return fa!se9 be!o# or non !oca! domains #i!! be treated as !oca!.
LDAP 'ilter &or Local Addresses (LDAPFilter)
(|(mail=EMAILA!E""#(mailaddress=EMAILA!E""##
)his fi!ter is used to 4uery the $D%P database. )his stron1!y depends on the $D%P structure.
)he fi!ter must return an entry if the recipient address matches #ith that of any user.
)he !itera! E3%I$%DD>ESS is rep!aced by the fu!!y 4ua!ified S3)P recipient (e1. user=domain.com) durin1 the search.
)he !itera! 6SE>N%3E is rep!aced by the user part of S3)P recipient (e1. user) durin1 the search.
For eamp!e" (proyaddresses5smtp"E3%I$%DD>ESS) or ('(mai!5E3%I$%DD>ESS)(mai!address5E3%I$%DD>ESS)) or
(:('('('('(:(ob;ectc!ass5user)(ob;ectcate1ory5person))(ob;ectcate1ory51roup))(ob;ectc!ass5pub!icfo!der))(0
(ob;ectc!ass5contact)))(ob;ectc!ass5msEchDynamicDistribution$ist))(proyaddresses5smtp"E3%I$%DD>ESS))
(lea# Up local LDAP)$%'* Data+ase
s
(LDAPcrossCheckInterval)
$%
De!ete outdated entries from the $D%P?@>FA cache. 7heck the $D%P cache to the $D%P server and?or @>FA-3)% and de!ete not
eistin1 entries.
Defau!ts to &( hours. Is on!y used* if ldaplistd+ is defined in the database section0
Show local LDAP Data+ase (LDAPShowD)
12.05.2014 Seite 86 von 134
file:ldaplist Show file
)he directory?fi!e #ith the $D%P cache database fi!e. If you chan1e ldaplistd+ in section Fi!epath you must chan1e it here too.
&orce to ru# LDAP)$%'*,(ross(heck , #ow- (!orceLDAPcrossCheck)
%SSP #i!! force to run a $D%P?@>FA-7ross7heck no#0
.a/ LDAP)$%'* cache Days ("a#LDAPlistDa$s)
30
)his is the number of days an address #i!! be kept on the !oca! $D%P?@>FA cache #ithout any emai! to this address.
LDAP)$%'* &ailures retur# &alse (LDAPFail)
If checked* #hen an error occurs in $D%P or @>FA !ookups* the test fai!s.
Notes 8n $D%P
Notes
12.05.2014 Seite 87 von 134
D0S Setup
Use Local D0S (%seLocalD&S)

6se system defau!t !oca! DNS Name Servers. )o use system defau!t !oca! DNS Servers and the confi1ured D0SSer1ers (be!o#)*
unse!ect this option and define the system defau!t !oca! DNS Servers in addition be!o#0
)o de+u" the DNS 4ueries* s#itch on De+u"SP'* even you don+t use the SFF-check.
%!! confi1ured or !oca! DNS Name Servers #i!! be checked this may take some time if the servers are respondin1 s!o#- p!ease #ait
after app!y chan1es0
%euse D0S UDP Sockets (D&SReuseSocket)

If se!ected* assp #i!! try to reuse DNS-6DP sockets as !on1 as this is possib!e. 8ther#ise each DNS-4uery #i!! create a ne# 6DP
socket for each DNS-Server. It is recommended to set this to on* because assp cou!d use DNS-4ueries very etensive* #hich
possib!y forces the assp system and?or your DNS-servers to run out of avai!ab!e 6DP sockets.
Show D0S 0a!e Ser1ers %espo#se i!e i# Lo" (D&SRes'onseLog)
Aou can use this to arran1e D0SSer1ers for better performance. Put the fastest first.
D0S 0a!e Ser1ers2 (D&SServers)
208.67.222.222|208.67.220.220
DNS Name Servers IP+s to use for DNSB$(>B$)* >C$* 6>IB$* P)>* SP'3* NS* and D3%>7 !ookups. Separate mu!tip!e entries by 9'9
or !eave b!ank to use system defau!ts. %t !east )C8 DNS-servers shou!d be definedor used by the system0
For eamp!e" (D..,E.(((.((('(D..,E.((D.((D (Ope#D0S).
%n DNS-4uery for the domain +sourcefor1e.net+ is used per defau!t to measure the speed of the used DNS-servers. If you #ant
assp to use another domain or hostname for this* append +5Fdomain.t!d+ at the end of the !ine - !ike"
(D..,E.(((.((('(D..,E.((D.((D5Fmyhost.com
)o define the domain if you use the !oca! DNS-servers +UseLocalD0S+ #ithout definin1 any DNS-servers here* simp!y #rite
+5Fmyhost.com+.
)o de+u" the DNS 4ueries* s#itch on De+u"SP'* even you don+t use the SFF-check.
%!! confi1ured or !oca! DNS Name Servers #i!! be checked this may take some time if the servers are respondin1 s!o# - p!ease #ait
after app!y chan1es0
.a/i!u! D0S %espo#sti!e cha#"e (ma#D&SRes'Dist)
50
3aimum DNS Server responstime chan1e in mi!!iseconds before the 4uery order of the name servers shou!d be chan1ed.
D0S Query i!eout (D&Stimeout)
5
G!oba! DNS Huery )imeout for DNSB$* >C$* 6>IB$* P)>* SPF* 3I and % record !ookups. )he defau!t is 2 seconds.
D0S Query %etry (D&Sretr$)
1
G!oba! DNS Huery >etry. Set the number of times to try the 4uery. )he defau!t is &.
D0S Query %etra#s (D&Sretrans)
3
G!oba! DNS Huery >etransmission Interva!. Set the retransmission interva!. )he defau!t is (.
Notes 8n DNS Setup
Notes
12.05.2014 Seite 88 von 134
Ser1er Setup
(harset &or SDOU a#d SD4%% (ConsoleCharset)
System Default
Set the characterset?codepa1e for the conso!e output to your !oca! needs. Defau!t is 9System Defau!t9 - defau!t conversion. )o
disp!ay non%S7II characters on the conso!e screen* setup UseU#icode5.aillo"0a!es . >estart is re4uired0
Se#d 367 O8 (send()*+,)
Set this checkbo if you #ant %SSP to rep!y #ith +(2D 8J+ instead of S3)P error code +22K 2.E.&+. )his #i!! turn %SSP in some form
of tarpit.
%u# ASSP as a Dae!o# (AsADaemon)
No
In $inu?BSD?6ni?8SI fork and c!ose fi!e hand!es.
Simi!ar to the command 9per! assp.p! :9* but better.
If 9eterna!y contro!!ed9 is se!ected* %SSP simp!y ends and you have to restart assp from your daemon or #atchdo1 script
If 9run Auto%estart(!d on restart and #ait9 is se!ected* assp starts the 8S command defined in Auto%estart(!d - assp #i!!
0O 9 automatica!y terminate - the started command has to terminate?ki!! and to (re)start assp - !ike 9service assp restart90
If 9run Auto%estart(!d on restart and eit9 is se!ected* assp starts the 8S command defined in Auto%estart(!d and
terminates immediat!y0
re4uires %SSP restart
%u# as UID (runAs%ser)
)he <ni user name to assume after startup (<ni on!y). use the autorestart features carefu!!* because any restart from inside
%SSP #i!! be done #ith the permission of this user0
Examples: assp* nobody
%u# as :ID (runAs-rou')
)he <ni 1roup to assume after startup (<ni on!y).
Examples: assp* nobody
(ha#"e %oot (ChangeRoot)
)he ne# root directory to #hich %SSP shou!d chroot (<ni on!y). If b!ank* no chroot ;ai! #i!! be used. Note" if you use this feature*
be sure to copy or !ink the etc?protoco!s fi!e in your chroot ;ai!.
Set ASSP 'ile Per!issio# o# Startup (setFilePerm+nStart)
If set* %SSP sets the permission of a!! %SSP- fi!es and directories at startup to fu!! (DEEE) - #ithout any function on #indo#s
systems0
(heck ASSP 'ile Per!issio# o# Startup (checkFilePerm+nStart)
If set* %SSP checks the permission of a!! %SSP- fi!es and directories at startup - a!! fi!es must be #ritab!e for the runnin1 ;ob - the
minimum permission is D,DD - #ithout any function on #indo#s systems0
Auto!atic %estart a&ter 4/ceptio# (AutoRestart)
If %SSP detects a main eception and it runs not as service or daemon* it #i!! try to restart it se!f automatic!y0 If runnin1 as
daemon on ni?3%7 * %SSP uses the action defined in AsADae!o# to restart.
Auto!atic %estart ASSP o# #ew or cha#"ed Script (AutoRestartA!terCodeChange)
If se!ected* %SSP #i!! restart it se!f* if it detects a ne# or chan1ed runnin1 script. %n automatic restart #i!! not be done* if %SSP is
not runnin1 as a service on #indo#s or as daemon on !inu?3%7* and Auto%estart(!d is not confi1ured. If runnin1 as daemon
on !inu?3%7 ( AsADae!o# ) %SSP simp!y ends - you have to restart assp from your daemon script. $eave this fie!d empty to
disab!e the feature. Possib!e va!ues are +immed and &...(-+ . If set to +immed+* assp #i!! restart #ithin some seconds after a
detected code chan1e. If set to +&...(-+ the restart #i!! be schedu!ed to that hour. % restart at DD"DD is not supported.
Auto Update the %u##i#" Script (assp-pl) (Auto%'dateASSP)
no auto update
No action #i!! be done if +no auto update+ is se!ected. Aou+!! 1et a hint in the G6I (top) and a !o1 !ine #i!! be #ritten* if a ne#
version is avai!abe at the do#n!oad !ocation.
If +do#n!oad on!y+ is se!ected and a ne# assp version is avai!ab!e* this ne# version #i!! be do#n!oaded to the directory
c"?assp?do#n!oad (assp.p!) and the synta #i!! be checked. )he sti!! runnin1 script #i!! be saved version numbered to the do#n!oad
directory.
If +do#n!oad and insta!!+ is se!ected* in addition the sti!! runnin1 script #i!! be rep!aced by the ne# version.
7onfi1ure ( Auto%estartA&ter(ode(ha#"e )* if you #ant the ne# version to become the active runnin1 script.
If this va!ue is chan1ed to +do#n!oad and insta!!+* the autoupdate procedure #i!! be schedu!ed immediat!y.
If set* %SSP (on #indo#s systems #ith %ctivePer! insta!!ations) #i!! search for updated Per! modu!es in a!! re1istered PP3
respositories new available perl modules
12.05.2014 Seite 89 von 134
)he insta!!ation of some modu!es cou!d re4uire manua! confi1uration and the insta!!ation fai!es or an up1rade is not recommended.
In this case put the case sensitive modu!e names (one per !ine) in the fo!!o#o1 fi!e. never upgrade these modules
If this va!ue is set to +do#n!oad and insta!!+* %SSP #i!! try an autoupdate of the ne# avai!ab!e modu!es. It is possib!e* that some
modu!es cou!d not be insta!!ed* because the IS modu!e parts are sti!! in use. In this case fo!!o# the instruction - c!ick the 9ne#
avai!ab!e per! modu!es9 button above. )o disab!e the automatic Per! modu!e update - set 9#o.oduleAutoUpdate9 be!o#.
7!ick this button to see the !o1 fi!e for the updated modu!es module upgrade log
)he per! modu!e (o!press::;li+ is re4uired to use this feature.
0o Auto!atic Perl .odule update (no"oduleAuto%'date)
If set* %SSP #i!! skip the automatic Per! modu!e update.
OS,shell co!!a#d &or Auto%estart (AutoRestartCmd)
)he 8S !eve! she!!-command that is used to autorestart %SSP* if it runs not as a service or daemon0 % possib!e va!ue for your
system is"
cmd.ee ?7 start 9%SSPS3)P restarted9 97"LPer!LbinLper!.ee9 9c"LasspLassp.p!9 9c"?assp9
$eave this fie!d b!ank* if %SSP runs inside an eterna! !oop (inside the 8S !ike assp.sh or assp.cmd). If runnin1 on NII systems and
ru#AsUser and?or ru#As:roup is used* don+t for1et to s#itch back to root permissions in the script0
%estart i!eout (Restart.ver$)
0
%SSP #i!! automatica!!y terminate and restart after this many seconds. 6se this settin1 to periodica!!y re!oad confi1uration data*
combat potentia! memory !eaks* or perform shutdo#n?startup processes. )his #i!! on!y #ork proper!y if %SSP runs as a Cindo#s
service or in a script that restarts it after it stops or Auto%estart(!d is confi1ured. %!ternative to this fie!d you can use
%eStartSchedule* to schedu!e restarts.
Schedule (ro# ti!e &or ASSP %estart (ReStartSchedule)
noschedule
If #ot set to 9noschedu!e9 (noschedu!e is defau!t)* %SSP uses schedu!ed times to shutdo#n or restart ( Auto%estart(!d )0 )he
synta is the same !ike in <$i/ie< cro#0 )o disab!e this Schedu!er !eave this fie!d b!ank0 0e1er write =uotes i# to this &ield9
)his re4uires an insta!!ed Schedule::(ro# modu!e in PE>$.
i!e a#d Date speci&icatio#
Entry is the specification of the schedu!ed time in crontab format* #hich contains five mandatory time and date fie!ds. Entry can be
either a p!ain strin1* #hich contains a #hitespace separated time and date specification.
)he time and date fie!ds are (taken most!y from 9@iie9 cron)"
&ield 1alues
minute D-2/
hour D-(-
day of
month
&--&
month &-&( (or as names)
day of #eek D-E (D or E is Sunday* or as names )
seconds
D-2/ (optiona!) #ot supported i#side
ASSP 999
% fie!d may be an asterisk (<)* #hich a!#ays stands for 9first-!ast9.
>an1es of numbers are a!!o#ed. >an1es are t#o numbers separated #ith a hyphen. )he specified ran1e is inc!usive. For eamp!e*
.-&& for an 9hours9 entry specifies eecution at hours .* /* &D and &&.
$ists are a!!o#ed. % !ist is a set of numbers (or ran1es) separated by commas. Eamp!es" 9&*(*2*/9* 9D-K*.-&(9.
Step va!ues can be used in con;unction #ith ran1es. Fo!!o#in1 a ran1e #ith 9?9 specifies skips of the numbers va!ue throu1h the
ran1e. For eamp!e* 9D-(-?(9 can be used in the hours fie!d to specify command eecution every other hour (the a!ternative in the
@E standard is 9D*(*K*,*.*&D*&(*&K*&,*&.*(D*((9). Steps are a!so permitted after an asterisk* so if you #ant to say 9every t#o
hours9* ;ust use 9<?(9.
Names can a!so be used for the 9month9 and 9day of #eek9 fie!ds. 6se the first three !etters of the particu!ar day or month (case
doesn+t matter).
Note"
)he day of a command+s eecution can be specified by t#o fie!ds -- day of month* and day of #eek. If both fie!ds are restricted (ie*
aren+t <)* the command #i!! be run #hen either fie!d matches the current time. For eamp!e* 9-D K &*&2 < 29 #ou!d cause a
command to be run at K"-D am on the &st and &2th of each month* p!us every Friday
Eamp!es"
. D < < < 55F . minutes after midni1ht* every day
2 && < < Sat*Sun 55F at &&"D2 on each Saturday and Sunday
D-2/?2 < < < < 55F every five minutes
K( &( - Feb Sat 55F at &("K( on -rd of February and on each Saturday in February
12.05.2014 Seite 90 von 134
32 11 * * * 0-30/2 ==> 11:32:00, 11:32:02, ... 11:32:30 every day
In addition, ranges or lists of names are allowed.
If you want to define multile entries searate t!em "y #$#
Memory Limit in MB that ASSP could use (MemoryUsageLimit)
%!e memory limit in mega"yte t!e ass ro&ess &ould use at ma'imum on your system. (et t!is to emty or )ero to disa"le t!e
feature. %!e &!e&* is done using t!e s&!edule defined in MemoryUsageCheckSchedule . If t!e ass ro&ess uses more memory
t!an t!e limit at a s&!eduled time and ass is a"le to restart it self - a restart will "e done wit!in 1+ se&onds. %!e user running
ass must !ave read a&&ess to /ro& on ni' systems or must !ave read a&&ess to t!e ,-I rovider on windows systems.
Schedule(s) to check the ASSP process memory usage
s
(MemoryUsageCheckSchedule)
0-59/10 * * * *
%!e s&!edule/s0 t!at is used to &!e&* t!e &urrent memory usage of t!e ass ro&ess &omared to t!e MemoryUsageLimit.
1efault value is /0-+2/10 * * * *0, w!i&! means every 10 minutes. %!is re3uires an installed Schedule::Cron module in 4567.
My ame (myName)
thockar.dyndns.org
8((4 will identify itself "y t!is name in t!e email #6e&eived:# !eader and in t!e !elo w!en sending reort-relies. 9sually t!e fully
3ualified domain name of t!e !ost.
Examples: ass.mydomain.&om, 8((4.nosam
Additional My!ame!"e#initions (myNameAlso)
mail.hen-sch.de
If myame was &!anged or you use s!ared folders /multile 8((40 for t!e &orus files, define t!e old or ot!er !ost names !ere -
searate multile entries "y ie, sa&e or &omma. 8((4 will use t!is !ost names in addition to myame, to dete&t t!e re&eived
!eaderlines w!ile t!e re"uildsamd" is running and in t!e mail analy)er.
My $elo (myHelo)
transparent
:ow 8((4 will identify itself w!en &onne&ting to t!e target -%8.
transarent - t!e :elo of t!e sender will "e used
use myame - myame will "e used
use ;<1= - fully 3ualified domain name of t!e !ost ass is running on
$ide %P and&or $elo (HideIPandHelo)
6ela&e any of t!ese information / i=12>.0.0.1 !elo=any!ost.lo&al 0 in our re&eived !eader for outgoing mails. use t!e synta'
i=12>.0.0.1 and/or !elo=any!ost.lo&al .
'(erride the Ser(er SM)P *reeting (myGreeting)
(end t!is (-%4 greeting /eg. 220 -?=8-5 is ready - using 8((4 @56(IA=0 instead of your -%8Bs (-%4 greeting to t!e &lient. If
not defined /default0, t!e -%8Bs greeting will "e sent to t!e &lient. %!e literal -?=8-5 will "e rela&ed wit! myame and t!e
literal @56(IA= will "e rela&ed "y t!e full version string of ass. If t!e starting B220 B is not defined, ass will add it to t!e
greeting.
assp+c#g, (asspCg)
file:assp.cfg Edit file
;or internal use only - it is ass.&fg file. 1o not &!ange t!is value.
Automatic -eload Con#ig.ile (Auto!eloadCg)
If sele&ted and t!e ass.&fg file is &!anged e'ternaly, 8((4 will reload t!e &onfiguration from t!e file automati&ly.
assp+c#g (ersion (asspCg"ersion)
2.4.1(14132)
8((4 will identify t!e ass.&fg file. 1o not &!ange t!is.
Schedule Con#iguration Changes, (ConigChangeSchedule)
file:files/configchangeschedule.txt Edit file
9se t!is otion to s&!edule &onfiguration &!anges. ?ou must use t!e file otion li*e Bfile:files/&onfig&!anges&!edule.t'tB to define
s&!edules - an emty value disa"les t!is feature.
1efine one s&!edule er line - &omments are not allowed in a s&!edule definition line.
%!e line !as to start wit! t!e s&!edule string / see -eStartSchedule 0 followed "y t!e varia"le /or !idden varia"le 0 name to
&!ange, followed "y B:=B, followed "y t!e value to &!ange t!e varia"le to - li*e:
C 0 * * * my=ame8lso:=ot!er!ost1.mydomain.tld
0 D * * *$0 10 * * * my=ame8lso:=ot!er!ost2.mydomain.tld
0 1 * * * de"ug:=1
0 2 * * * de"ug:=
12.05.2014 Seite 91 von 134
%!e s&!edule string &an &ontain multile s&!edule definitions searated "y ieB$B. ?ou will get errors if:
- t!e s&!edule definiton is wrong
- t!e varia"le name is wrong /does not e'ists0
- t!e synta' of t!e value is wrong
=oti&e - ass will only &!e&* t!e synta' at definition time - t!e logi&al &orre&tness of t!e value will "e &!e&*ed at t!e s&!eduled
time. (o, ass will /for e'amle0 not &!e&* any deenden&ies at definition time - if a deenden&y is wrong, t!e &!ange re3uest at
t!e s&!eduled time will fail.
=oti&e - all &onfiguration &!anges are done wit! BrootB ermission. ;or t!is reason, t!is &onfiguration arameter is only visa"le to
root and it is stored en&ryted.
;or advan&ed users A=7?:
9sing t!e following e'tension, re3uires a dee internal *nowledge of t!e ass &ode.
It is also ossi"le to s&!edule a &all to an internal ass su"routine. %!e name of t!e su"routine !as to "egin wit! a BEB, t!e
arameters t!at s!ould assed to t!e su"routine must "e in B/0B - li*e:
0 D * * * Esu"name/var1,var2,..,...0
0 > * * * Esu"name/0
=oti&e: t!e su"routine will "e &alled in t!e -ain%!read and synta' &!e&* will "e done at run time - ossi"le errors are s!own in t!e
log.
Pro/y Ser(er (pro#yser$er)
%!e 4ro'y (erver to use w!en uloading glo"al statisti&s and downloading t!e greylist.
Examples: 122.1DC.0.1:C0C0, 122.1DC.0.1
Pro/y User (pro#yuser)
%!e 4ro'y-9ser=ame t!at is used to aut!enti&ate to t!e ro'y.
Pro/y Pass0ord (pro#ypass)
%!e assword for 4ro'y-9ser=ame t!at is used to aut!enti&ate to t!e ro'y.
1e2 Admin Port (%e&AdminPort)
55555
%!e ort on w!i&! 8((4 will listen for !tt &onne&tions to t!e we" administration interfa&e. If you &!ange t!is, after you &li&* 8ly
you must &!ange t!e 967 on your "rowser to re&onne&t. ?ou may also suly an I4 address or !ostname to limit &onne&tions to a
se&ifi& interfa&e. (earate multile entries "y ie #$#.
Examples: +++++, 122.1DC.0.+:123F+, my!ost:123F+, 122.1DC.0.+:223F+$my!ost:123F+
Use https instead o# http (ena&le'e&AdminSSL)
If sele&ted t!e we" admin interfa&e will "e only a&&essa"le via !tts. If you &!ange t!is, after you &li&* 8ly you must &!ange t!e
967 on your "rowser to re&onne&t. %!is re3uires an installed %'::Socket::SSL module in 4567.
8 server-&ertifi&ate-file #&erts/server-&ert.em# and a server-*ey-file #&erts/server-*ey.em# must e'ist and must "e valid.
If you do not !ave valid &ertifi&ates, you may generate "ot! files online wit! 000+mo2ile#ish+com or you may use Aen((7 to
generate Sel#!signed SSL certi#icates. -ore &onfiguration otions are 0e2SSL-e3uireCientCert, SSL14BCert5eri#yCB and
SSL14BCon#igure .
1e2 Admin Pass0ord ! Masterpass0ord (root) (%e&AdminPass%ord)
45N3XtSleAg..
%!e assword for t!e we" administration interfa&e for user root/minimum of + &!ara&ters0. If root is logged on, no ot!er logins are
allowed. 8lways use t!e #logoff#-"utton as root to terminate t!e session - &losing t!e "rowser wit!out logoff &ould &ause ot!er
session to "e disallowed.
'nly Allo0 Admin Connections .rom, (allo%AdminConnections(rom)
8n otional list of I4 addresses and/or !ostnames from w!i&! you will a&&et we" admin &onne&tions. Glan* means a&&et
&onne&tions from any I4 address.
=ote: if you ma*e a mista*e !ere, you may disa"le your we" administration interfa&e and "e for&ed to manually edit your
&onfiguration file to fi' it.
Examples:
12>.0.0.1$1>2.1D.
$))P and $))PS re3uire ena2led 2ro0ser cookies (http!e)uireCookies)

Hoo*ie "ased !tt session I1Bs are used "y ass to !andle different re3uests from t!e same I4 /eg "e!ind =8%0. (wit&! t!is off, if
you are una"le to use &oo*ies in your "rowser. If swit&!ed off, a se&urity !ole is oened for &onne&tion t!at are using =8% - it
&ould "e ossi"le t!at a se&ond wor*station /"e!ind =8%0 is a"le to login to t!e I9I, wit!out user &redentials if t!e same A( and
"rowser version is used.
Status -esponse Literal #or a $ealty State o# ASSP (%e&StatHealthy!esp)
good
%!is otion must "e set and it must "e different to 0e2Statot$ealthy-esp. %!is literal will "e given "a&* in stat re3uests, if
8((4 is wor*ing !ealty.
12.05.2014 Seite 92 von 134
Status -esponse Literal #or a ot $ealty State o# ASSP (%e&StatNotHealthy!esp)
sick
%!is otion must "e set and it must "e different to 0e2Stat$ealthy-esp. %!is literal will "e given "a&* in stat re3uests, if 8((4
is wor*ing not !ealty.
-a0 Statistics Port (%e&StatPort)
55553
%!e ort on w!i&! 8((4 will listen for !tt or telnet &onne&tions to t!e statisti&s interfa&e. ?ou may also suly an I4 address to
limit &onne&tions to a se&ifi& interfa&e. Anly one value is suorted.
%!e stats are availa"le via "rowser or telnet /or telnet similar so&*et0. 9sing telnet, ress 5=%56 two times to get t!e !ealt!y state
/Bgood JH67;KB or Bsi&* JH67;KB in a single line0, t!is is t!e re&ommended met!ode to get t!e B94B-state of ass from nagios or any
ot!er e'ternal s&rit.
%ye BstatJ5=%56KJ5=%56KB to get t!e (%8%( in raw te't w!ere ea&! line is terminated wit! BJH6K7;B /H6 is send in any &ase, if t!e
re3uest &ontains H60.
%!e :%-7 outut are 7; terminated (%8% lines.
Examples: ++++3, 122.1DC.0.+:123F+
Use https instead o# http (ena&le'e&StatSSL)

%!e we" stat interfa&e will "e only a&&essa"le via !tts. %!is re3uires an installed %'::Socket::SSL module in 4567.
8 server-&ertifi&ate-file #&erts/server-&ert.em# and a server-*ey-file #&erts/server-*ey.em# must e'its and must "e valid. -ore
&onfiguration otions are statSSL-e3uireClientCert, SSLS)A)Cert5eri#yCB and SSLS)A)Con#igure .
'nly Allo0 -a0 Statistics Connections .rom, (allo%StatConnections(rom)
127.0.0.1|10.
8n otional list of I4 addresses from w!i&! you will a&&et raw statisti&al &onne&tions. Glan* means a&&et &onne&tions from any I4
address.
Examples:
12>.0.0.1$1>2.1D.
4na2le $))P Compression in *U% (*na&leH++PCompression)

5na"le :%%4 Homression for faster we" administration interfa&e loading. %!e erl module Compress::6li2 is re3uired to use t!is
feature.
4na2le .loating Menu Panel in *U% (*na&le(loatingMenu)
8llow t!e menu anel on t!e we" administration interfa&e to float /floating 1iv &ode ta*en from 000+7a(ascript!#/+com0.
$ide the Alpha %nde/ Menu Panel in *U% (hideAlphaInde#)
6emoves t!e inde' anel on t!e left side in t!e I9I, "ut t!e inde' is a&&essa"le "y &li&*ing on #(orted#.
Sliding Speed o# the Alpha %nde/ Menu Panel in *U% (Inde#SlideSpeed)
no slide
8dLust t!e sliding seed of t!e 8l!a Inde' -enu 4anel in I9I to your needs.
-emem2er the last *U% position (!emem&erGUIPos)

If sele&ted, t!e I9I will remem"er t!e last toi& of t!e main menu, t!at !ad t!e fo&us, was &!anged, t!at were Lumed to or t!at
were &li&*ed to.
Sho0 %nternal ames in the *U% (*na&leInternalNamesIn,esc)

(!ow t!e internal names in t!e we" interfa&e. %!e internal names are used in t!e &onfiguration file /ass.&fg0, in t!e ali&ation
&ode, and in t!e menu "ar on t!e left side of t!e I9I.
8ump to the 4nd o# the Maillog (Maillog+ail-ump)

Hauses t!e "rowser window to Lum to t!e "ottom of t!e maillog instead of sitting at t!e to of t!e dislay.
Maillog )ail Bytes (Maillog+ail.ytes)
10000
%!e num"er of "ytes t!at will "e s!own w!en t!e end of t!e maillog is viewed. %!e default value is 10000.
Cache Cleaning %nter(al
s
(CleanCache*$ery)
6
%!is eriod /in !ours0 determines !ow fre3uently 8((4 does &a&!e-!ouse*eeing.
Statistics Sa(e %nter(al
s
(Sa$eStats*$ery)
30
%!is eriod /in minutes0 determines !ow fre3uently 8((4 statisti&s are written to a lo&al file.
Upload Consolidated Spam Statistics (totali/eSpamStats)

8((4 will uload its statisti&s to "e &onsolidated wit! t!e glo2al ASSP totals. %!is is a great mar*eting tool for t!e 8((4 roLe&t
M lease do not disa"le it unless you !ave a good reason to do so. =o rivate information is "eing dis&losed "y t!is uload.
12.05.2014 Seite 93 von 134
4na2le *raphical Statistics Collection (ena&leGraphStats)
8((4 will &olle&t statisti&al data in files lo&ated in t!e B/logsB folder /s&oreIra!(tats-????---.t't , statIra!(tats-????---.t't0.
If data are &olle&ted and t!e module li"/8((4N(@I.m is installed and t!e files images/stat.glot, images/svgNstyle.&ss,
images/svgNdefs.svg and images/svg.Ls are installed and your "rowser suorts (@I, ass will s!ow gra!i&al statisti& data, if you
&li&* on a line in t!e BInfo and (tatsB view.
It is re&ommended to set BSa(eStats4(eryB to a value of + or 10 minutes, if t!is otion is ena"led.
Oee in mind t!at ass will =A% delete any of t!e B*Ira!(tats...t'tB-files. If you donBt need some of t!at files anymore, remove
t!em manualy.
-eload 'ption .iles %nter(al
s
(!eload0ption(iles)
300
If set not to )ero, 8((4 reloads &onfiguration otion files /file:.....0 every t!is many se&onds if t!ey !ave &!anged. It is not
re&ommended /and &ould ma*e 8((4 unavaila"le0 to use rsyn& or any e'ternal tool to syn&!ronise &a&!es and list ermanently. If
you need to syn&!ronise data "etween 8((4 installations, you "etter use a data"ase of your &!oi&e.
Minimum ))L used #or con#ig reload (host1IPmin++L)
300
-inimum %%7 used for &onfig reload otions, if !ostnames are defined for any I4 in regular e'ressions.
'rdered!)ie $ash )a2le Si9e (0rdered+ieHash+a&leSi/e)
10000
%!e num"er of entries allowed in t!e !as! ta"les used "y 8((4. %!is only "elongs to Irilist if use"B:%ntCache is not set. 7arger
num"ers re3uire more 68- "ut result in fewer dis* !its. %!e default value is 10000. 8dLust down to use less 68-.
Si9e o# )CP&%P Bu##er (0utgoing.uSi/eNe%)
10240000
%!e default is 102F0000. 5ven more is "etter...
Use Berkeley"B #or %nternal Caches (use,.2IntCache)
8((4 uses some internal &a&!es t!at &ould grow to a large num"er of entries. (wit&! t!is on, if you want 8((4 to use less
memory and "e a little slower. %!e erl module Berkeley"B version 0.3F or !ig!er and Ger*eley1G version F.+ or !ig!er is
re3uired to use t!is feature.
Module Call )imeout (ALA!Mtimeout)
10
Ilo"al %imeout for (4; &!e&*s. %!e default is 10 se&onds.
%!read Hontrol - "e &arefull &!anging t!e following green otions.
um2er o# SM)P!)hreads (NumCom'orkers)
5
=um"er of (-%4-%!reads to "e used. %yi&al and default is +. 10 s!ould "e enoug!t for 200.000 &onne&tions a day. 1+ s!ould "e
t!e a"solute ma'imium. @alues a"ove > will mostly not in&rease erforman&e. Honfigura"le values are "etween 2 and 22. 6estart
8((4 if you &!anged t!is and you are using any data"ase &onne&tion. 8n restart of ass is re3uired if tis value was in&reased.
-eser(ed um2er o# 'ut2ound!SM)P!)hreads on relayPort (!eser$ed0ut&ound'orkers)
0
=um"er of (-%4-%!reads to "e resevered for relayed /out"ound0 &onne&tions on relayPort . %!is num"er of %!reads will "e
e'&lusive reserved for &onne&tions on relayPort . ;or e'amle: =umHom,or*ers=> and 6eservedAut"ound,or*ers=2 - mails on
listenPort , listenPort; and listenPortSSL are using wor*er 1-+ and mails on relayPort using wor*er >-1 . If you are not using
t!e relayPort, do not reserve any wor*ers.
automaticly restart died threads (auto!estart,ied+hreads)

If defined, a /for any reason0 died t!read will "e automati&ly restarted.
Ma/imum time to 0ait #or SM)P!1orkers to #inish connections (Ma#(inCon'ait+ime)
45
%!e ma'imum time in se&onds to wait for (-%4-,or*ers to finis! &onne&tions, in &ase of a s!utdown or restart of 8((4. 1efault is
F+. Honfigura"le values are 10 to +22.
Monitor the Main)hread (MonitorMain+hread)

If defined, t!e -ain%!read will "e monitored for !ealt!y "y t!e -aint%!read /,or*er 100000.
4na2le $igher Per#ormance (*na&leHighPerormance)
off
If set, t!e (-%4-,or*er-%!reads will get new ending &onne&tions mu&! faster - using less wait states. %!e seed to interrut t!e
wor*ers "y t!e -ain%!read is in&reased. 9sing t!is feature will in&rease t!e H49 usage of t!e system.
12.05.2014 Seite 94 von 134
thread cycle time (+hreadCycle+ime)
3000
%ime in mi&rose&onds /for (-%4 wor*ers and -ain%!read0 to give ea&! ot!er t!read to run in !ig! H49-wor*load &onditions.
1efault value is 3000, tyi&al values are "etween 10 and 2000. ?ou &an set t!is to 0, if your A( !onors system-yield-&alls /0 is not
re&ommended on ,indows A(0. 8 !ig!er value will redu&e H49 usage "ut &ause 8((4 to run more slowly.
Maintenance)hread cycle time (Maint+hreadCycle+ime)
3000
%ime in mi&rose&onds /for -aint%!read0 to give ea&! ot!er t!read to run in !ig! H49-wor*load &onditions. 1efault value is 3000,
tyi&al values are "etween 10 and 2000. ?ou &an set t!is to 0, if your A( !onors system-yield-&alls /0 is not re&ommended on
,indows A(0. 8 !ig!er value will redu&e H49 usage "ut &ause 8((4 to run more slowly.
-e2uildSpam"B)hread cycle time (!e&uild+hreadCycle+ime)
50
%ime in mi&rose&onds /for 6e"uild(am1G%!read0 to give ea&! ot!er t!read to run in !ig! H49-wor*load &onditions. 1efault value
is 30, tyi&al values are "etween 10 and 1000. ?ou &an set t!is to 0, if your A( !onors system-yield-&alls /0 is not re&ommended
on ,indows A(0 and your system is fast enoug!. 8 !ig!er value will redu&e H49 usage "ut &ause 8((4 to run more slowly.
Stack Si9e use 2y e(ery )hread (+hreadStackSi/e)
32
%!e sta&* si)e in -G t!at is used "y every t!read. 1efault is 0, w!i&! meens to use t!e default system sta&* si)e. 1D -G is t!e
default system sta&* si)e on windows latforms. %!is system value may differ on different latforms. %o get t!e default sta&* si)e
on linu' use t!e s!ell &ommand #ulimit -a#. %ry to in&rease t!is value, if you get #out of memory# errors w!ile running ass.
H!anging t!is value re3uires an ass restart to ta*e effe&t.
Use )his %' 4ngine (I0*ngine)
IO::Poll
1eending on your oerating system and your 4erl version it &ould "e ne&essary to use t!e non default %'4ngine BIA::(ele&tB. %ry
t!is if you see une'e&ted early &losed &onne&tions in t!e log. ?ou !ave to restart 8((4, if you !ave &!anged t!is value.
Minimum Poll&Select 1ait )ime (MinPoll+ime)
2
%!e time in millise&onds t!at 8((4 will at least wait for IA::4oll/IA::(ele&t events. 8 !ig!er value will redu&e H49 usage "ut &ause
8((4 to run more slowly. 1efault is 2.
CPU priority #or SM)P!)hreads ('orkerCPUPriority)
0
(et t!e riority for t!e ,or*ers in relation to all ot!er ro&esses/t!reads on t!e system. %!an !ig!er t!e value - t!an lower t!e
riority. 1efault is 0 /system default is 00. 4ossi"le values are 0,1 and 2. %!is re3uires installed )hread::State module. It is
re&ommended to run t!e ,or*ers on lower riority, if 8((4 !as to ro&ess most of t!e time a large num"er of mails at one
moment / num"er of mails > umCom1orkers 0.
Cpu A##inity #or assp (asspCpuAinity)
-1
(et t!e Hu 8ffinity for all t!reads . 1efault is -1 /for use all H49Bs0. 4ossi"le values are &omma or sa&e searated H49 num"ers
starting wit! )ero /00 or -1 for all H49Bs. %!is re3uires installed Sys::CpuA##inity module. %!is feature will ossi"ly not wor* on
-a&A( and AenG(1 and on any A(, if t!e system &ontains more t!an 32 H49Bs.
pre allocate memory #or e(ery mail (PreAllocMem)
100000
8((4 re-allo&ates t!is num"er of "ytes in mainstorage two times /in/out0 for every mail to avoid memoryfra&mentation
/arti&ularly in 8((4 long run &onditions0. %!e memory will "e allo&ated, if t!e 18%8 &ommand is re&eived from t!e server. 1efault
is 100000 - t!is is enoug! for most of t!e mails. If 8((4 re&eives t!e (IP5 &ommand from t!e server, t!e re-allo&ation-memory
will "e &al&ulated on t!at value. <uestion: Is it "etter to in&rease t!is valueQ 8nswer: ?es, it is - "ut "e &areful, t!is may &ause
8((4 running in out of memory errors.
.reeup Memory *ar2age ((reeupMemoryGar&age)

If defined, all %!reads will try to re&over memory every five minutes.
Connection )rans#er )imeout (Connection+ranser+ime0ut)
30
Ilo"al %imeout for -ain%!read to transfer a &onne&tion to any ,or*er. If no ,or*er is a"le to ta*e t!e new (-%4-&onne&tion /for
any reason0, t!e new &onne&tion will "e droed. %!e default is 30 se&onds.
Sho0 Per#ormance "A)A in SM)P Connection screen (Sho%Perormance,ata)

If defined, erforman&e data will "e s!own in to of t!e (-%4 &onne&tion s&reen.
end of %!read Hontrol
Use Local )ime (UseLocal+ime)

12.05.2014 Seite 95 von 134
Use local time and timezone offset rather than UTC time in the mail headers.
Notes On Server Setup
Notes
12.05.2014 Seite 96 von 134
Rebuild Spamdb
Schedule Cron time for RebuildSpamdb (RebuildSchedule)
noschedule
If not set to "noschedule" (noschedule is default) , SS! uses scheduled times to run the "e#uildSpamd#$ The s%nta& is the same
li'e in "Vixie" cron$ To disa#le the Scheduler (rite "noschedule"$ Never write quotes in to this field!
This re)uires an installed Schedule::Cron module in !*"+.
It is possi#le to define more than one scheduled time per da% to 'eep the ,a%esian and -.. data#es up to date, #ut this is not
re)uired / use 0newReportedInterval0 instead.
If a file c12assp2re#uildde#u3.t&t e&ists, the re#uild tas' (ill (rite the debu output to this file.
!ime and "ate specification
*ntr% is the specification of the scheduled time in cronta# format, (hich contains five mandator% time and date fields. *ntr% can #e
either a plain strin3, (hich contains a (hitespace separated time and date specification.
The time and date fields are (ta'en mostl% from "4i&ie" cron)1
field values
minute 5/67
hour 5/89
da% of
month
:/9:
month :/:8 (or as names)
da% of (ee' 5/; (5 or ; is Sunda%, or as names )
seconds
5/67 (optional) not supported inside
#SS$ !!!
field ma% #e an asteris' (<), (hich al(a%s stands for "first/last".
"an3es of num#ers are allo(ed. "an3es are t(o num#ers separated (ith a h%phen. The specified ran3e is inclusive. =or e&ample,
>/:: for an "hours" entr% specifies e&ecution at hours >, 7, :5 and ::.
+ists are allo(ed. list is a set of num#ers (or ran3es) separated #% commas. *&amples1 ":,8,6,7", "5/?,>/:8".
Step values can #e used in con@unction (ith ran3es. =ollo(in3 a ran3e (ith "2" specifies s'ips of the num#ers value throu3h the
ran3e. =or e&ample, "5/8928" can #e used in the hours field to specif% command e&ecution ever% other hour (the alternative in the
4; standard is "5,8,?,A,>,:5,:8,:?,:A,:>,85,88"). Steps are also permitted after an asteris', so if %ou (ant to sa% "ever% t(o
hours", @ust use "<28".
Names can also #e used for the "month" and "da% of (ee'" fields. Use the first three letters of the particular da% or month (case
doesn0t matter).
Note1
The da% of a command0s e&ecution can #e specified #% t(o fields // da% of month, and da% of (ee'. If #oth fields are restricted (ie,
aren0t <), the command (ill #e run (hen either field matches the current time. =or e&ample, "95 ? :,:6 < 6" (ould cause a
command to #e run at ?195 am on the :st and :6th of each month, plus ever% =rida%
*&amples1
> 5 < < < BBC > minutes after midni3ht, ever% da%
6 :: < < Sat,Sun BBC at ::156 on each Saturda% and Sunda%
5/6726 < < < < BBC ever% five minutes
?8 :8 9 =e# Sat BBC at :81?8 on 9rd of =e#ruar% and on each Saturda% in =e#ruar%
98 :: < < < 5/9528 BBC ::198155, ::198158, ... ::198195 ever% da%
In addition, ran3es or lists of names are allo(ed.
If %ou (ant to define multiple entries separate them #% "D"
%se &er'ele("&)"&*+ile or orderedtie for the RebuildSpam"& Internal Caches (useDB4Rebuild) ,
The "e#uildSpamE, thread uses some internal caches that could 3ro( to a lar3e num#er of entries. S(itch this on, if %ou (ant
this thread to use less memor% and #e a little slo(er.
d@ust Rebuild!hreadC(cle!ime to a lo(er value (#et(een 5 and 95) to speed up the "e#uildSpamE, thread.
The perl module &er'ele("& version 5.9? or hi3her and ,er'ele%E, version ?.6 or hi3her is re)uired to use this feature. E,F=ile
(,er'ele% 4:) (ill #e used if ,er'ele%E, is not availa#le. If #oth ,er'ele%E, and E,F=ile are not availa#le, the re#uild thread (ill
use the internal 0orderedtie0 (hich is up to :555 times slo(er than ,er'ele%E,.
Replace the old Records in Spamdb and Spamdb-helo (ReplaceOldSpamdb)

If selected, the ne( created records for Spamd# and Spamd#.helo (ill replace the old (#elon3s not to -.., (hich is replaced
ever% time). If not seleted, the ne( records (ill #e added to Spamd# and Spamd#.helo . Eefault is on.
"o move.num &efore Rebuild (doMove2Num) ,
"enames files to num#ers #efore the re#uild is started. If this is done, some other features li'e 0.ail+o3Tail0 and 0,loc'/"eport0 (ill
#e una#le to find the files$
12.05.2014 Seite 97 von 134
Interval for processin new Reported /ails (newReportedInterval) ,
1 1
=ile count and interval definition (count minutes) for processin3 ne( reported mails (correctedspam , correctednotspam) /
process if at least 0first value0 mails are reported #ut ever% 0second value0 minutes. defaults to 0:5 60
Set the first value to zero to disa#le this feature.
If ena#led, ne( reported mails or files moved in to the corpus via GUI are used, to immediatl% update the Spamd# and -..d#
(ith the ne( information.
This (ill 'eep the data#ases continuousl% uptodate and the RebuildSchedule interval could #e increased, if there are enou3h files
in the corpus and %our corpus norm is fine.
If %ou need to cop%2move several files from outside assp in to the corpus and %ou (ant assp to process them immediatl%,
cop%2move the files in to the su#folder "error2...2ne(.anual%dded".
/ax "a(s of 0eep "eleted (MaxeepDeleted) ,
0
The ma&imum num#er in da%s deleted files in the #a%esian collection folders ( spamlo , notspamlo ) (ill #e 'ept. This is
necessar% (hen 1mail&loc'Report is used to handle the file and the file is mean(hile deleted. The list of files that are ma'ed for
deletion is stored in trashlist.d# .
#utomatic Corpus Correction (auto!orrect!orpus) ,
0.6-1.4-4000-14
(S%nta&1 a.aHaI/#.#H#I/cccc/dd or empt% / default is "5.A/:.?/?555/:?") If the corpus norm (the (ei3ht #et(een
spam(ords2ham(ords) is less than "a" (5.A / too much ham) or 3reater than "#" (:.? / too much spam), assp (ill delete the
e&cess (oldest) files from the correspondin3 folder ( spamlo , notspamlo ). SS! (ill 'eep a minimum of "c" (?555) files in
the folder and (ill never delete files that are %oun3er than "d" (:?) da%s. This cleanup (ill run at the end of the re#uildspamd#
tas'. So the corrected file corpus (ill ta'e effect at the ne&t re#uildspamd#$
If this value is defined, assp (ill use the middle value of "a" and "#" ((aJ#)28) as tar3et corpusnorm and (ill tr% to reach this
value, usin3 (as man% as possi#le) #ut onl% such a count of files in the folders spamlo and notspamlo as re)uired$
+ile $rocessin time 2imit (Rebuild"ile#ime$imit) ,
1 5
(S%nta&1 aH.aaI #H.##I / default is ": 6")
Eefine one, or t(o space or comma separated values.
If the first value is not zero and the processin3 time of a sin3le corpus file e&ceeds the first value in seconds, this (ill #e sho(n in
the re#uild lo3.
If the second value is not zero and the processin3 time of a sin3le corpus file e&ceeds the second value in seconds, the file (ill #e
moved to the folder "c12assp2re#uildFerror" to prevent future runtime penalties.
Notification 1mail !o (RebuildNoti%&) ,
*mail address(es) to (hich %ou (ant SS! to send a notification email after the re#uild tas' is finished. The file re#uildrun.t&t is
included in this notification. Separate multiple entries #% "D".
Run the Rebuild in !est /ode (Rebuild#estMode) ,
If selected, all re#uildspamd# tas's (ill not populate the spamdb and hmmd# / and no data (ill #e sent to the 3riplist/Server.
0eep rebuildspamdb-pm compatible to assp-pl (%orceRebuildDown'rade) ,

Keep re#uildspamd#.pm compati#le to assp.pl in case of an assp.pl version do(n3rade.
Run RebuildSpamdb now (RunRebuildNow)
If selected, "e#uildSpamd# (ill #e started immediatel%.
+ast "un "e#uildspamd#
Last Run Rebuildspamdb
"e#uildspamd#/de#u3/output
Rebuildspamdb-debug-output
Notes On "e#uildSpamd#
Notes
12.05.2014 Seite 98 von 134
Char Conversions ) !N1+
inbound charset conversion table3 (in!hrSet!onv) ,
If defined, characterset conversion for in#ound mails (ill #e done. =or e&ample1 if %our emailserver does not understand UT=/>,
SS! (ill convert the mail parts to the characterset of %our choice. The rules specified here are used to convert te&t parts of
in#ound mails from one to an other characterset.
Example:UT=/>BCISO/>>67/:DISO/>>67/:6BCISO/>>67/:
This re)uires an installed 1mail::/I/1 module in !*"+.
This conversions are done for all (in#ound,CC,report ..) mails e&cept rela%ed mails. The converted mail (ill #e not availa#le on dis'
e&cept E*,UG.
outbound charset conversion table3 (out!hrSet!onv) ,
If defined, characterset conversion for out#ound mails (ill #e done. =or e&ample1 if %our emailserver is una#le to send mails in
UT=/>, SS! (ill convert the mail parts to UT=/>. The rules specified here are used to convert te&t parts of out#ound mails from
one to an other characterset.
Example:ISO/>>67/:BCUT=/>DISO/>>67/8BCUT=/>D(indo(s/:865BCUT=/>
This re)uires an installed 1mail::/I/1 module in !*"+.
This conversions are done onl% for rela%ed mails$
convert inbound /S4!N1+ attachments to /I/1 (doIn"ix#N(") ,
convert in#ound .S/TN*= attachments li'e (inmail.dat to .I.* parts2attachments. If a TN*=/file is attached #% other than
*&chan3e (li'e application2octet/stream) no conversion (ill #e done.
In addition to 1mail::/I/1 this re)uires #oth installed Convert::!N1+ and /I/1::!(pes module in !*"+.
'eep the /S4!N1+ part in inbound mail ()eepIn#N(") ,

'eep in#ound .S/TN*= attachments li'e (inmail.dat in .I.* parts. If unchec'ed and the conversion is successfull, the ori3inal
attachment (ill #e removed from mail$
convert outbound /S4!N1+ attachments to /I/1 (doOut"ix#N(") ,
convert out#ound .S/TN*= attachments li'e (inmail.dat to .I.* parts2attachments. If a TN*=/file is attached #% other than
*&chan3e (li'e application2octet/stream) no conversion (ill #e done.
In addition to 1mail::/I/1 this re)uires #oth installed Convert::!N1+ and /I/1::!(pes module in !*"+.
'eep the /S4!N1+ part in outbound mail ()eepOut#N(") ,

'eep out#ound .S/TN*= attachments li'e (inmail.dat in .I.* parts. If unchec'ed and the conversion is successfull, the ori3inal
attachment (ill #e removed from mail$
convert No$rocessin mails (convertN*) ,
Set this to on, if noprocessin3 mails should #e converted, (hich is normal% not the case.
convert "0I/ mails (doDIM!onv) ,
EKI. messa3es could normal% not modified. If chec'ed, conversions (ill #e done on EKI. messa3es / %ou have to disa#le the
EKI. chec' on %our emailserver (.T)$
!N1+"1&%5 6onl( in dev7 (#N("D(B+,) ,
prints TN*= conversion debu info to screen.
Notes On Character Conversions 2 TN*=
Notes
12.05.2014 Seite 99 von 134
SS2 $rox( and !2S support
8ow to 8andle S!#R!!2S Requests (Do#$S) ,
do TLS
If set to "drop T+S", an% ST"TT+S re)uest (ill #e removed from the protocol stac' and no connection (ill ever 3o in to an% T+S
mode$
If set to "T+S to !ro&%" and #oth peers (client and server) supports T+S, #oth connection (ill #e moved in to a transparent !ro&%
mode. ll data (ill #e encr%pted and unreada#le to SS!.
If set to "do T+S", SS! (ill #e the "man in the middle". SS! (ill tr% to move #oth connections in to T+S. ll data (ill #e reada#le
to SS! / so all chec's could #e done. If an% of the peers does not support T+S, SS! (ill fa'e this (865/ST"TT+S) to the other
peer. So it could #e possi#le, that the connection to the client is 3oin3 in to T+S mode, even if T+S is not supported #% the server.
If a client does not re)uest T+S (ST"TT+S) even it has 3ot the (865/ST"TT+S), SS! tries to start a T+S session to server, if he
has sent (865/ST"TT+S)$ This #ehavior #elon3s to incomin3 and out3oin3 messa3es. This option re)uires the installed perl
module I9::Soc'et::SS2$
=or "do T+S" a server/certificate/file " SS2Cert+ile " and a server/'e%/file " SS20e(+ile " must e&ist and must #e valid$
If %ou do not have valid certificates, %ou ma% 3enerate #oth files online (ith www-mobilefish-com or %ou ma% use OpenSS+ to
3enerate Self4sined SS2 certificates$ If %ou have installed OpenSS+ (must #e in !T-) and installed and ena#led
IO11Soc'et11SS+ and SS! is una#le to find valid certificates / SS! (ill tr% to create them at startup$
SSLfailed Cache
SS2 version used for transmission (SS$-version) ,
SSLv2/3
Sets the version of the SS+ protocol used to transmit data. The default is SS+v829,
(hich auto/ne3otiates #et(een SS+v8 and SS+v9. Lou ma% specif% 0SS+v80, 0SS+v90, or 0T+Sv:0 (case/insensitive) com#ined (ith
010 and ne3ated (ith 0$0 (e&ample1 0SS+v8291$SS+v80) if %ou do not (ant this #ehavior.
SS2 'e( cipher list (SS$-cipher-list) ,
If this option is set, the cipher list for the connection (ill #e set to the 3iven value, e.3. somethin3 li'e 0++1$+OM1$*N!1$E-0.
+oo' into the OpenSS+ documentation (http:))www-openssl-or)docs)apps)ciphers-html:CI$81R*S!RIN5S) for more
details. Settin3 this value causes the 0SS+FhonorFcipherForder0 fla3 to #e s(itched on (,*ST vulnera#le)
If this option is not used (default) the openssl #uiltin default is used (hich is suita#le for most cases.
"isable SS2 support on listen$orts (No#$Slisten*orts) ,
This disa#les T+S2SS+ on the defined listen!orts, if "o!2S is set to "do T+S". ll other S.T! listeners (ill support T+S2SS+, if
"o!2S is set to "do T+S". This option (or's for listen$ort , listen$ort. and rela($ort . The listener definition here has to #e
the same li'e in the port definitions. Separate multiple entries #% "D".
Examples: 86, :8;.5.5.:186, :8;.5.5.:186D:8;.5.5.8186
+orce !2S to $rox( on this $orts (#$Sto*rox&$isten*orts) ,
If a ST"TT+S command is received on a port that is defined here, the connection (ill #e moved in to the transparent pro&% mode
ever% time / independend from the settin3 of "o!2S . This option (or's for listen$ort , listen$ort. and rela($ort . The listener
definition here has to #e the same li'e in the port definitions. Separate multiple entries #% "D".
Examples: 86, :8;.5.5.:186, :8;.5.5.:186D:8;.5.5.8186
SS2 Certificate +ile 6$1/ format7 (SS$!ert"ile) ,
c:/assp/certs/server-cert.pem
=ull path to the file containin3 the server0s SS+ certificate, for e&ample 1 2usr2local2etc2ssl2certs2assp/cert.pem or
c12assp2certs2server/cert.pem. 3eneral cert.pem file is alread% provided in 0assp2certs2server/cert.pem0
SS2 0e( +ile 6$1/ format7 (SS$e&"ile) ,
c:/assp/certs/server-key.pem
=ull path to the file containin3 the server0s SS+ private 'e%, for e&ample1 2usr2local2etc2ssl2certs2assp/'e%.pem or
c12assp2certs2server/'e%.pem. 3eneral 'e%.pem file is alread% provided in 0assp2certs2server/'e%.pem0
SS2 $rivate 0e( $assword (SS$**assword) ,
Optional parameter. If %our private 'e% 0 SS20e(+ile 0 is pass(ord protected, assp (ill need this pass(ord to decr%pt the server0s
SS+ private 'e% file.
SS2 Certificate #uthorit( +ile (SS$!a"ile) ,
Optional parameter to ena#le chained certificate validation at the client side. =ull path to the file containin3 the server0s SS+
certificate authorit%, for e&ample 1 2usr2local2etc2ssl2certs2assp/ca.crt or c12assp2certs2server/ca.crt. 3eneral ca.crt file is alread%
provided in 0c12assp2certs2server/ca.crt0. The default value is empt% and leave it empt% as lon3 as %ou don0t 'no(, ho( this
parameter (or's.
1xclude these I$;s from !2S3 (no#$SI*) ,
*nter I!0s that %ou (ant to e&clude from startin3 SS+2T+S, separated #% pipes (D). =or e&ample, put all I!0s here, that ma'in3
trou#le to s(itch to T+S ever% time, (hat (ill prevent SS! from 3ettin3 mails from this hosts.
12.05.2014 Seite 100 von 134
Ban Failed SSL IP (banFailedSSLIP)
both
If set (recommended is 'both'), an IP that failes to connect via SSL/TLS will be banned for 12 hour from usin SSL/TLS!
Privat IP's and IP addresses listed in 'acceptAllMail' will et one more tr" to correct the mista#e!
This is done $er default ('both'), to $revent $ossible %oS attac#s via SSL/TLS!
Those IP's are stored in the SSLfailed cache! This cache is cleaned u$ at startu$!
disable & disables this feature, which is hihl" '(T recommended
$rivat onl" & onl" $rivat IP's and IP's in acceptAllMail will be banned (the" have two tries)
$ublic onl" & onl" $ublic IP's will be banned
both & $rivat and $ublic IP's will be banned
edit SSLfailed Cache
Exclude these IP's from SSLfailed Cache* (noBanFailedSSLIP)
)nter IP's that "ou want to e*clude from bein added to the SSLfailed&+ache, se$arated b" $i$es (,)!
Send EL! (sendEHLO)

If selected, -SSP sends an ).L( even if the client has sent onl" a .)L(! This is useful to force the usae of TLS to the server or to
statisf" /+LI)'T//0(12-1% helo offers, because ).L( is needed before ST-1TTLS or /+LI)'T//0(12-1% could be used!
"etr# SSL on $SSL %ant a read first$ error (SSLRetryOnError)
If selected, -SSP retries one time to establish a SSL connection with one second dela", if the $eer was not read" after ST-1TTLS
because of a 3SSL want a read/write first3 error!
SSL &imeout '()***+ (SSLtimeout)
5
SSL/TLS neotiation will timeout after this man" seconds! default is 4 5 seconds!
,e-u. Le/el for SSL0&LS (SSLDEBUG)
level 3
Set the debu&level for SSL/TLS! Than hiher the level, than more information are written to ST%(6T7
Client re1uires /alid SSL Certificate for 23I "e1uests (webSSLRequireientert)
If enabled and ena-le4e-AdminSSL is set to (', each browser session is forced to $rovide a valid SSL client certificate! If no
certificate is $rovided b" the client, the connection will fail7 To e*tend the verification of the certificate, use
SSL4EBCert5erif#CB ! Per default are used 'SSL89)1I0:8P))1 , SSL89)1I0:80-IL8I08'(8P))18+)1T ,
SSL89)1I0:8+LI)'T8('+)'
To create a P;+S12 from the P)< formated cert& and #e" file "ou can use o$enssl, li#e 4
o$enssl $#cs12 &e*$ort &clcerts &in client!$em &in#e" client!#e" &out client!$12
The file client!$12 could now be im$orted in to "our browser!
666 Install a /alid certificate in to #our -ro%ser BEF!"E #ou ena-le this option ) other%ise the 23I %ill .et
inaccessa-le 666
7!&ICE8 &his option %ill not %or9 if #ou use an# self si.ned certificate6
CallBac9 to 5erif# Client Certificates for 23I Connections (SSL!EBert"eri#yB)
If used, ass$ will call the defined subroutine as SSL&=SSL8verif"8callbac# in an eval closure submittin the oriinal -11-: of
$arameters (see the I(44Soc#et44SSL documentation)!
The subroutine has to return 1 on certificate verification success & otherwise >!
:ou can use/modif" the module lib/+orrect-SSPcf!$m to im$lement "our code! 0or e*am$le
sub chec#2ebSSL+ert ?
m" (@($enSSLSa"s,@+ertStac#Ptr,@%',@($enSSL)rror, @+ert)AB8C
m" @subDect A 'et44SSLea"44/5>E8'-<)8oneline('et44SSLea"44/5>E8et8subDect8name(@+ert))C
m" @chain A 'et44SSLea"44P)<8et8strin8/5>E(@+ert)C
!!!an" code!!!C
m" @success A eval?verif"(@+ert)CFC
return @($enSSLSa"s if @BC
m" @user A eval?et8owner(@+ert)CFC
return @($enSSLSa"s if @BC
m" @$ass A et8$ass(@user)CFC
Bmain44)*t2eb-uth A (@user,@$ass)
return @successC
F
'ow, if "ou set this $arameter to '+orrect-SSPcf44chec#2ebSSL+ert' & ass$ will call
+orrect-SSPcf44chec#2ebSSL+ert&=(B8)C
The variable 'Bmain44)*t2eb-uth' could be used to authenticate the user to the G6I related to the used certificate! The username
must be $rovided as first element of the arra"! The $assword could be $rovided as second element of the arra" & this is not
recommended and it is not reHuired7 If the used certificate is valid and a #nown adminusername (root is $rovided) is stored as first
element in 'Bmain44)*t2eb-uth', the user will be automatical" loed on to the G6I!
Call to Confi.ure SSL)Listener)Parameters for 23I Connections (SSL!EBon#i$ure)
12.05.2014 Seite 101 von 134
If used, ass$ will call the defined subroutine in an eval closure submittin a reference to the ass$ $redefined SSL&Soc#et&
+onfiuration&.-S.!
The .-S. could be modified in $lace to "our needs & $lease read the documentation of I(44Soc#et44SSL, 'et44SSLea" and
($enSSL! 1eturn values are inored!
:ou can use/modif" the module lib/+orrect-SSPcf!$m to im$lement "our code! 0or e*am$le
sub confi2ebSSL ?
m" .-S.(>*IddJbI2K) A shiftC
@$arms&=?timeoutF A 1>C
@$arms&=?'SSL8chec#8crl'F A 1C
@$arms&=?'SSL8crl8file'F A '/ass$/certs/crl/crllist!$em'C
returnC
F
'ow, if "ou set this $arameter to '+orrect-SSPcf44confi2ebSSL' & ass$ will call
+orrect-SSPcf44confi2ebSSL&=(LMssl$arms)C
Client re1uires /alid SSL Certificate for S&A& "e1uests (statSSLRequirelientert)
If enabled and ena-le4e-StatSSL is set to (', each session is forced to $rovide a valid SSL client certificate! If no certificate is
$rovided b" the client, the connection will fail7 To e*tend the verification of the certificate, use SSLS&A&Cert5erif#CB ! Per
default are used 'SSL89)1I0:8P))1 , SSL89)1I0:80-IL8I08'(8P))18+)1T , SSL89)1I0:8+LI)'T8('+)'
CallBac9 to 5erif# Client Certificates for S&A& Connections (SSLS%&%ert"eri#yB)
Please read the descri$tion of SSL4EBCert5erif#CB !
Call to Confi.ure SSL)Listener)Parameters for S&A& Connections (SSLS%&%on#i$ure)
+onfiuration&.-S.!
Please follow the descri$tion for SSL4EBConfi.ure !
Client re1uires /alid SSL Certificate for SM&P SSL Connections (smt'SSLRequirelientert)
If enabled, each client or server reHuestin a connection at the listenPortSSL reHuires a valid SSL client certificate! If no
certificate is $rovided b" the client, the connection will fail7 To e*tend the verification of the certificate, use
SSLSM&PCert5erif#CB ! Per default are used 'SSL89)1I0:8P))1 , SSL89)1I0:80-IL8I08'(8P))18+)1T ,
SSL89)1I0:8+LI)'T8('+)'
CallBac9 to 5erif# Client Certificates for SM&P Connections (SSLS(%Pert"eri#yB)
Please read the descri$tion of SSL4EBCert5erif#CB !
Call to Confi.ure SSL)Listener)Parameters for SM&P Connections (SSLS(%Pon#i$ure)
+onfiuration&.-S.!
Please follow the descri$tion for SSL4EBConfi.ure !
&ransparent &CP Prox# &a-le* (Pro)yon#)
%efine trans$arent Port Pro*" here! -SSP will forward incomin $ac#ets to a s$ecific destination!
0or e*am$le4 if "ou want incomin connections on $ort KN5 (S<TP&SSL) to be forwarded to "our emailserver!
Example:>!>!>!>4KN5A=1E2!1NJ!1!254KN5OA12!1!1!I,IK!5!N!P,NP!2I!2!1,
1>!1!1!141KPPA=1E2!1NJ!1!2I425OA12>!5!1!I,1IK!5!1E!P,NP!12I!221!11
The s"nta* is4 localIP4localP(1TA=forwardIP4forwardP(1TOAallowfromIP1,allowfromIP2,!!!,ne*t Pro*" confiuration,!!!!
:ou have to confiure the IP&address and IP&$ort for both & local and forward values! -llowfromIP are comma se$arated values of
IP&addresses from where connections are allowed! If there is no allow value defined, all connections will be allowed7
SSL Pro*" and TLS su$$ort
Notes
12.05.2014 Seite 102 von 134
2lo-al Penalt#Box
client re.istration name ($loballient*ame)
The 'ame of this lobal&client for reistation on the lobal&server! This entr" has to be the full Hualified %'S&'ame of the IP&
address over which -SSP is doin .TTP&reHuests7 If "ou are usin a .TTP&Pro*", this should be the $ublic IP&address of the last
Pro*" in chain7 This %'S&'ame has to be resolveable worldwide and the resolved IP&address has to match the -SSP&.TTP&
connection&IP&address! It is not $ossible to use an IP&address in this field7 %"namic %'S&'ames li#e 3"ourdomain!d"ndns!or3 are
su$$orted7
To become a member of the e*clusive lobal&$enalt"&bo*&users, "ou will need a subscri$tion and "ou will have to $a" a "earl"
maintenance fee! To et reistered and/or to et more information, $lease send an email with "our $ersonal/com$an" details and
the .lo-alClient7ame to 3ass$!lobal$bBthoc#ar!com3!
The name of this client has to be #nown b" the lobal server before it could be reistered from here! Please wait until "ou've ot
an information, that "our client name is #nown b" the lobal server!
In addition to Compress88:li- this reHuires an installed L4P883serA.ent module in P)1L!
client re.istration pass%ord ($loballientPass)
If the lobal client is reistered on the lobal&server, "ou will see a number of 3Q3 in this field! This field is readonl"!
client su-scription expiration date ($loballientLi+Date)
The date of license/subscri$tion e*$iration for this lobal client! If this date is e*ceeded, no u$load and download of lobal PR will
be done7 This field is readonl"!
Ena-le the 2lo-al)Blac9)Penalt# (DoGlobalBla+,)
)nables the mere of the Rlac#&Penalt"&Ro*&)ntries, if the client is reistered on the lobal&PR&server! 6$load and download of the
blac# $enalt" entries are done inde$endend from this settin as lon as an" of 2PB,o%nloadLists or 2PBautoLi-3pdate is
activated!
5alue for 2lo-al)Blac9)PB Entries ; ($lobal"alen+ePB)
20
This $enalt"&value will be iven to downloaded Rlac#&Penalt"&Ro*&)ntries! -s lon as entries have the 3GL(R-LPR3 state, the" will
never become e*treme&Rlac#! It is recommended to set this value above Penalt#Limit7
Expiration for 2lo-al)PB)Blac9 "ecords ($lobalBla+,E)'iration)
48
Global&Rlac#&Penalties will e*$ire after this number of hours!
Ena-le the 2lo-al)4hite)Penalt# (DoGlobal!-ite)
)nables the mere of the 2hite&Penalt"&Ro*&)ntries, if the client is reistered on the lobal&PR&server! 6$load and download of
the white $enalt" entries are done inde$endend from this settin as lon as an" of 2PB,o%nloadLists or 2PBautoLi-3pdate is
activated!
Expiration for 2lo-al)PB)4hite "ecords'da#s+ ($lobal!-iteE)'iration)
7
Global&2hite&Penalties will e*$ire after this number of da"s!
,o%nload List and "e.ex 3pdates from 2PB)Ser/er (GPBDownloadLists)
download and install
Select, if ass$ should download u$dates for lists and reular e*$ressions from the lobal $enalt"bo* server! %ownloads will be
done to the 'download' folder! If install is selected, the downloaded lines will mered in to the defined files (file4!!!)! If "ou want to
disable a s$ecific line in an" of "our files, do not delete the line, instead commed it out & $uttin an 'S' or 'C' in front of the line! If
an" list is not confiured usin the 'file4!!!' o$tion, onl" the download will be done, even if install is selected! To disable a line that
was added b" the GPR&server to "our file & sim$l" commend the line out (S or C)! If "ou remove such a line, it could be $ossibl"
added aain b" the ne*t GPR chec#! To chane a line that was added b" the GPR&server to "our file & disable the line and
customiTe a co$ied line to "our needs!
,o%nload Plu.in and Li-rar# 3pdates from 2PB)Ser/er (GPBautoLibU'date)
download and install
Select, if ass$ should download u$dates for Pluins or Librar"&0iles (!!/lib) from the lobal $enalt"bo* server! %ownloads will be
done to the 'download' folder! If install is selected, the downloaded Pluins and/or modules will be installed in to there oriinal
location, if an older version of the file still e*ists! If an older version is not found, onl" the download will be done! To activate
u$dated Pluins or modules a restart of ass$ is reHuired! This feature will not force an automatic restart of ass$7!
'otes (n Global Penalt" Ro*
Notes
12.05.2014 Seite 103 von 134
Bloc9 "eportin.
Ena-le extra Lo..in. for Bloc9"eports (E)traBlo+,Re'ortLo$)

<aillos could row to a ver" lare siTe! )nable this feature to lo onl" lolines with bloc#in information to an e*tra file! These
files will be named as 3b3 U lo.file ! 6sin this o$tion will s$eed u$ Rloc# 1e$ortin! Refore "ou switch on this o$tion, "ou should
run 3re$3Vlinu*/<ac(SW or 3find3V2indowsW to create the 3b3 & file from the maillos!
linu*/<ac(S & re$ 3LVs$am foundLW3 Qmaillo!t*t = bmaillo!t*t
2indows & find 3Vs$am foundW3 Qmaillo!t*t = bmaillo!t*t
"e1uest Bloc9 "eport (EmailBlo+,Re'ort)
asspblock
-n" mail sent b" local/authenticated users to this username will be inter$reted as a reHuest to et a re$ort about bloc#ed emails!
%o not $ut the full address here, Dust the user $art! 0or e*am$le4 ass$bloc#
Leadin diits/numbers in the mail subDect will be inter$reted as 3re$ort reHuest for the last number of da"s3! If the number of
da"s is not s$ecified in the mail subDect, a default of 5 da"s will be used to build the re$ort!
-ll characters behind the 3number of da"s3 will be inter$reted as a reular e*$ression to overwrite the Bloc9"eportFilter &
leadin and trailin white s$aces will be inored!
6sers defined in EmailBloc9&o, EmailAdmins and EmailAdmin"eports&o are '-dmins' and can reHuest a re$ort for multi$le
users! The" have to use a s$ecial s"nta* with 'A=' in the bod" of the re$ort reHuest! The s"nta* is4
Xuer"-ddressA=1e$ort1eci$ientA=1e$ort%a"s & there are man" $ossible combinations of this three $arameters! 0or e*am$le4
userBdomain and userBdomainA=userBdomain & will send a re$ort for this user to this user
QBdomain (better use) QBdomainA=Q & will send a re$ort for ever" bloc#ed user in this domain to this user
userBdomainA=reci$ientBan"&domain & will send a re$ort for userBdomain to reci$ientBan"&domain
QBdomainA=reci$ientBan"&domain & will send a re$ort for ever" bloc#ed user in this domain to reci$ientBan"&domain
It is $ossible to define a rou$ ( 2roups ) in the first $arameter li#e4
VuserBdomainWA=reci$ientBan"&domain
The rou$ name must be a lower case email address of a local domain without an" wildcard! This will create a combined bloc#
re$ort for all email addresses defined in this rou$ & useful, if someone has multi$le email addresses and want's to et a sinle
re$ort!
If the rou$ name is eHual to a real e*istin email address of a user, and this user reHuests a bloc# re$ort usin this email address
(<-IL 01(<4), a combined bloc# re$ort for the rou$ will be enerated!
- third $arameter is $ossible to set, which defines the number of da"s for which the re$ort should be created! The default (if
em$t" or not defined) is one da"! This value is used to calculate the 'ne*t run date'! 0or e*am$le4
QBdomainA=reci$ientBan"&domainA=2 & creates a re$ort for two da"s!
QBdomainA=QA=1K & creates a re$ort for 1K da"s!
userBdomainA=A=I or userBdomainA=QA=I & creates a re$ort for three da"s! The second $arameter is here em$t" or Q!
To overwrite the defined Bloc9"eportFilter, "ou can define a fourth $arameter, which contains the reular e*$ression to use!
QBdomainA=QA=1KA=virus,newsletter & creates a re$ort for 1K da"s and s#i$s all lines that contains the words 'virus' or
'newsletter'!
If an admin emails a bloc# re$ort reHuest and s$ecifies a filter in the subDect of the email and a fourth $arameter in the bod", both
reular e*$ressions will be mered in to a sinle ree* for each line!
If "ou or a user want the default Bloc9"eportFilter to become $art of the overwrite ree*, the literal '@R10' should be inluded in
the ree* li#e4
QBdomainA=QA=1KA=virus,@R10,newsletter & or even in the subDect of the email
In this case the literal '@R10' will be re$laced b" the Rloc#1e$ort0ilter!
(nl" -dmins are able to reHuest bloc#re$orts for non local email addresses! 0or e*am$le4
userBnon8local8domainA=reci$ientBan"&domainA=K
QBnon8local8domainA=reci$ientBan"&domainA=K
This will result in an e*tended bloc#re$ort for the non local address(es)! 1e$lace 'non8local8domain' with the domain name "ou
want to Huer" for!
It is $ossible to chane the com$lete desin of the Rloc#1e$orts to "our needs, usin a html&css file! -n default css&file
'bloc#re$ort!css' is in the imae folder!
There "ou can also find a default icon file 'bloc#re$orticon!if' and a default header&imae&file 'bloc#re$ort!if' & which is the same
li#e 'loo!if'! There is no need to install that fles! If ass$ can not find this files in its imae folder, it will use default hardcoded css
and icon! If the file 'bloc#re$ort!if' is not found 'loo!if' will be used!
To chane an" contents, use the Rloc#re$ort44modif" module in the lib folder! :ou'll need some Perl s#ills to do that!
Edit blockreport_sub.txt file
Edit blockreport_html.txt file
Edit blockreport_text.txt file
"e1uest Bloc9ed Email ,omain (EmailBlo+,Re'ortDomain)
Set this to the domain to which the users can send a reHuest to receive bloc#ed messaes! 0or e*am$le4 Bass$!local! 'otice the
leadin reHuired 'B'7
"epl# to Bloc9)"eport "e1uest (EmailBlo+,Re'ly)
REPLY TO SENDER
<ueue 3ser Bloc9 "eport "e1uests (.ueueUserBlo+,Re'orts)
ru istatl!
.ow to $rocess bloc# re$ort reHuests for users ( not EmailBloc9&o, EmailAdmins, EmailAdmin"eports&o )!
'run instantl"' & the reHuest will be $rocessed instantl" (not stored)!
'store and run scheduled' & (de$recated) the reHuest will be stored/Hueued, runs $ermanentl" scheduled at
Bloc9"eportSchedule until it will be removed from Hueue & a 'U' in the subDect is not needed
To add a reHuest to Hueue, the user has to send an email to EmailBloc9"eport! Leadin diits/numbers in the mail subDect will
be inter$reted as 3re$ort reHuest for the last number of da"s3! If the number of da"s is not s$ecified in the mail subDect, a default
of 5 da"s will be used to build the re$ort!
If 'run instantl"' is selected, but a user wants to schedule a $ermanent reHuest, a leadin 'U' before the diits in subDect is
reHuired!
12.05.2014 Seite 104 von 134
To remove a reHuest from Hueue the user has to send an email to EmailBloc9"eport with a leadin '&' in the subDect!
Edit user report queue
"untime for <ueued "e1uests
s
(.ueueS+-edule)
0
1untime hour for re$orts in <ueue3serBloc9"eports! Set a number between > and 2I! > means midniht and is default
For%ard &he Bloc9reportre1uest to other ASSP (Blo+,Re'ForwHost)
If "ou are usin more than one -SSP (bac#u$ </), define the IP&address and rela#Port (*!*!*!*4$$$ & for SSL use
SSL4*!*!*!*4$$$) of the other -SSP here (se$arate multi$le entries b" 3,3)! The Rloc#re$ortreHuest will be forwarded to this -SSP
and the user will et a bloc#re$ort from ever" -SSP! The forwarded reHuest has the same sender and reci$ient li#e the oriinal
reHuest! So EmailBloc9"eport and EmailBloc9"eport,omain have to be confiured identic on all -SSP7777 1esend reHuests are
automatic forwarded to the riht (or ne*t) host, if -SSP finds the hostname in the subDect of the reHuest! If "ou have more than
two -SSP, the loical sendin structure must be a star! If -SSP(-) (the sun) is in the middle and "ou have also -SSP(R), -SSP(+)
and -SSP(%) (satelites), -SSP(-) should #now +,R and %, and R,+ and % should onl" #now -!
The $erl module 7et88SM&P is reHuired to use this feature (for SSL & 'et44S<TP44SSL is reHuired)!
Send Cop# of Bloc9)"eports &! (EmailBlo+,%o)
)mail sent from -SSP ac#nowledin "our submissions will be sent to this address! 0or e*am$le4 adminBdomain!com
"estrict Email Admins to ,omains* (Email&dminDomains)
6se this $arameter to restrict users reistered in EmailAdmins, EmailAdmin"eports&o and EmailBloc9&o to a list of domains
or users, for which the" can reHuest Rloc#1e$orts!
It is $ossible to use defined G1(6PS on both sites! The file4 o$tion is reHuired! 6se the followin s"nta* to define an entr" (one
$er line)4
)mail-dmin-ddressA=QBdomain1,QBdomain2,userBdomainI,!!!
)mail-dmin-ddress1,)mail-dmin-ddress2A=QBdomain1,QBdomain2,userBdomainI,!!!
Vrou$8of8)mail-dmin-ddressesWA=QBdomain1,QBdomain2,userBdomainI,!!!
Vrou$8of8)mail-dmin-ddressesWA=Vrou$8of8domainsW,!!!
2ildcards are allowed to be used onl" in the domain definition & li#e QBQ!domain!tld & se$arate multi$le domains b" comma!
If an address of an )mail-dmin is defined multi$le times, all entries are used in an 3-'%3 loic!
If a Rloc#1e$ort is reHuested for a not allowed email address, the com$lete Rloc#1e$ort reHuest will be inored!
If an EmailAdmins address is not reistered in this $arameter, he/she is able to reHuest Rloc#1e$orts for all domains!
Bloc9ed Email "esend "e1uester* (EmailResendRequester)
- list of local addresses, which are allowed to reHuest a resend of bloc#ed emails for other users, even the" are not
EmailAdmins ! Leave this field blan# (default), to disable this feature!
This is usefull, if a user ets automatic enerated Rloc#1e$orts (e! via Bloc9"eportFile ) for a rou$ of users and should be able
to manae resends for them! -dded here, the user is not allowed to reHuest Rloc#1e$orts for other users & in this case use
EmailAdmins and EmailAdmin,omains instead!
The resend is done to the reci$ient stored in the /&-ss$&Intended&0or4 ( reHuires AddIntendedForeader ) header field and the
reHuester if the address was found in a T(4 header filed!
-cce$ts s$ecific addresses (userBdomain!com), user $arts (user)! 2ildcards are su$$orted (friboQBdomain!com)!
0or e*am$le4 friboQBthisdomain!com,Dhanna
File for Bloc9reportre1uest (Blo+,Re'ortFile)
file:files/blockreports.txt Edit file
- file with Rloc#1e$ort reHuests! -SSP will enerate a bloc# re$ort for ever" line in this file (file4files/bloc#re$ortlist!t*t & file4 is
reHuired if defined7) ever" da" at midniht for the last da"! The $erl modules 7et88SM&P and Email88MIME are reHuired to use
this feature! - re$ort will be onl" created, if there is at least one bloc#ed email found7 The s"nta* is4
Xuer"-ddressA=1e$ort1eci$ientA=1e$ort%a"s & there are man" $ossible combinations of this three $arameters! 0or e*am$le4
userBdomain and userBdomainA=userBdomain & will send a re$ort for this user to this user
QBdomain (better use) QBdomainA=Q & will send a re$ort for ever" bloc#ed user in this domain to this user
QBQ & creates a re$ort for all local users in all local domains
userBdomainA=reci$ientBan"&domain & will send a re$ort for userBdomain to reci$ientBan"&domain
QBdomainA=reci$ientBan"&domain & will send a re$ort for ever" bloc#ed user in this domain to reci$ientBan"&domain
It is $ossible to define a rou$ ( 2roups ) in the first $arameter li#e4
VuserBdomainWA=reci$ientBan"&domain
The rou$ name must be a lower case email address of a local domain without an" wildcard! This will create a combined bloc#
re$ort for all email addresses defined in this rou$ & useful, if someone has multi$le email addresses and want's to et a sinle
re$ort!
-n third $arameter is $ossible to set, which defines the number of da"s for which the re$ort should be created! The default (if
em$t" or not defined) is one da"! This value is used to calculate the 'ne*t run date'! 0or e*am$le4
QBdomainA=reci$ientBan"&domainA=2 & creates a re$ort for two da"s!
QBdomainA=QA=1K & creates a re$ort for 1K da"s!
userBdomainA=A=I or userBdomainA=QA=I & creates a re$ort for three da"s! The second $arameter is here em$t" or Q7
To overwrite the defined Bloc9"eportFilter, "ou can define a fourth $arameter, which contains the reular e*$ression to use!
QBdomainA=QA=1KA=virus,newsletter & creates a re$ort for 1K da"s and s#i$$es all lines that contains the words 'virus' or
'newsletter'!
-n fifth $arameter could be used to schedule (cron) a Rloc#1e$ort! If this $aramter is used, the line will be inored at
Bloc9"eportSchedule! 0or the s"nta* of the cron entr", $lease read "e-uildSchedule ! <ulti$le schedules in one line could be
se$arated b" $i$e (,)!
12.05.2014 Seite 105 von 134
*@domain=>it_dep@domain=>7=>virus|newsletter=>0 0 * * 0 - creates a report every Sunday at 00:00 for the last seven days
*@domain=>it_dep@domain=>=>virus|newsletter=>0 0 * * !"!#|0 $ * * $ - creates a report every
%uesday!%hursday!Saturday at 00:00 and at every &onday at $:00 for the last two days
'nly (dmins are a)le to re*uest )loc+reports for non local email addresses, -or e.ample:
user@non_local_domain=>recipient@any-domain=>"
*@non_local_domain=>recipient@any-domain=>"
%his will result in an e.tended )loc+report for the non local address/es0, 1eplace 2non_local_domain2 with the domain name you
want to *uery for,
Runtime BlockReportFile
s
(BlockReportSchedule)
0
1untime hour for reports in BlockReportFile, Set a num)er )etween 0 and 3, 0 means midni4ht and is default,
Generate a BlockReport from BlockReportFile Now (BlockReportNow)
5f selected! (SS6 will 4enerate a )loc+ report from BlockReportFile now, Run Now! Refresh Browser
Max Search time per log File (BlockMaxSearchTime)
0
%he ma.imum time in seconds! the 7loc+report feature spends on searchin4 in one lo4 file, 5f this value is reached! the ne.t lo4
file will )e processed, 8efault is 0, ( value of 0 disa)les this feature and all needed lo4 files will )e fully processed,
The format of the Report Email (BlockReportFormat)
text and html
7loc+ reports will )e sent as multipart9alternative &5&: messa4es, %hey normaly contains two parts! a plain te.t part and a html
part, Select ;te.t only; or ;html only; if you want to s+ip any of this parts,
%o ma+e it possi)le to detect a resent email! (SS6 will add a header line ;<-(ssp-1esend-7loc+ed: myName; to each email=
My TT! Name (BlockReportHTTPName)
%he hostname for >%%6/S0 lin+s in (dmin?sers 7loc+reports, 5f not defined the local hostname will )e used,
Regular Expression to Skip "og Recor#s$ (BlockReportFilter)
Virus|BlackDomain
6ut anythin4 here to identify messa4es which should not )e reported in any 7loc+ 1eport, -or e.ample: @irus|7lac+8omain,
-or individual filter settin4s! it is possi)le to overwrite this value in the BlockReportFile for every sin4le line and in every re*uest
per email usin4 the su)Aect line / read EmailBlockReport 0,
%ollect multiple TopTen Statistics (DoT10Stat)
ena)le the top ten statistic count /)loc+ed 562s! )loc+ed senders! )loc+ed recipients0 and the output in the B?5 and 7loc+1eports
for admins,
&nclu#e a Resen#'"ink for e(ery resen#a)le email (inclReend!ink)
in both
7loc+ reports will )e sent as multipart9alternative &5&: messa4es, %hey contains two parts! a plain te.t part and a html part, 5f a
)loc+ed email is stored in any folder! it is possi)le to include a lin+ for each email in to the report, 8efine here what you want
(SS6 to do, 8efault is ;in )oth;, 5f set to not to disa)led ; file"ogging ; will )e automaticly set to on,
*hich "ink Shoul# )e inclu#e# (BlockReend!ink)
both
5f >%&C is ena)led in inclResen#"ink! two lin+s /one on the left and one on the ri4ht site0 will )e included in the report email )y
default, 8ependin4 on the used email clients it could )e possi)le! that one of the two lin+s will not wor+ for you, %ry out what lin+
is wor+in4 and disa)le the other one! if you want,
+ser which get the "eft link only$ (BlockReend!ink!e"t)
Cist of users and domains that will 4et the left lin+ only, %he settin4 for BlockResen#"ink will )e i4nored for this entries=
+ser which get the right link only$ (BlockReend!inkRi#ht)
Cist of users and domains that will 4et the ri4ht lin+ only, %he settin4 for BlockResen#"ink will )e i4nored for this entries=
,elete Mails in Spam Fol#er (DelReendSpam)

5f selected! an user re*uest to resend a )loc+ed email will delete the file in the spamlog folder - an admin re*uest will move the
file to the correcte#notspam folder,
-utomatic a## Resen# Sen#ers to *hitelist (auto$ddReendTo%hite)
no
5f a 7loc+1eport resend re*uest is made )y any of the selected users! the ori4inal sender of the resent mail will )e added to
whitelist! also a copy file to the resend folder will do that,
Dotes 'n 7loc+ 1eportin4
12.05.2014 Seite 106 von 134
Notes
12.05.2014 Seite 107 von 134
SNM! %onfiguration
Ena)le the -SS!'SNM! &nterface (SNMP)
enable
%his ena)les the (4ent< re4istration of assp to a SNM! master-(4ent<, (SS6 will )e re4istered to the master-(4ent< as
2assp_myDame2! the possi)le confi4uration file name will )e assp_myDame,conf , %his option re*uires the installed perl module
NetSNM!..agent, %he product and needed li)rarys could )e downloaded at net'snmp/org,
(ll confi4uration values are accessed usin4 the SNM!+ser account, %he SD&6-permission and visi)ility is used from the
confi4ured user B?5-permissions,
%he followin4 '58s /relative to the SNM!Base0&,0 are availa)le for SD&6-*uerys, %he confi4uration values are chan4ea)le via
snmp, %he file mi)9(SS6-&57 could )e used in SNM! )rowsers to 4et a human reada)le view of the '582s /copy it to the net-
snmp &57 file location - e4: EF:G9usr9share9snmp9mi)s and the &57 location of your SNM! )rowser0, 6lease +eep in mind! that an
e.tensive usa4e of SNM! *uerys will slow down assp,
,$ - runtime information
,$,0 - assp healty status )oolean 09$
,$,$ - assp healty status te.t
,$, - (SS6 runtime status )oolean 09$ 0=shutdown in pro4ress - $=runnin4
,$,3 - (SS6 runtime status te.t
,$," - (SS6 version strin4
,$,H - (SS6 script name
,$,# - 6erl version strin4
,$,7 - 6erl e.ecuta)le name
,$,I - operatin4 system name
,$,J - hostname where (SS6 is runnin4 on
,$,$0 - 56-host where (SS6 is runnin4 on
,$,$$ - myDame
,$,$ - ?1C to new (SS6 version download
,$,$3 - currently runnin4 tas+s
,$,$" - current assp memory usa4e in &7
,$,0 - schedule information
,$,0,$ - ne.t 7er+eley87 sync
,$,0, - ne.t scheduled Fonfi4 reload
,$,0,3 - ne.t 7(%@%a4 cache cleanin4
,$,0," - ne.t 4eneral cache cleanin4
,$,0,H - ne.t 56-per-8omain cache cleanin4
,$,0,# - ne.t 8elay87 cache cleanin4
,$,0,7 - ne.t 6enalty)o. cache cleanin4
,$,0,I - ne.t 8ata)ase 7ac+up
,$,0,J - ne.t 8ata)ase Fonnection Fhec+
,$,0,$0 - ne.t 8DS Fonnection Fhec+
,$,0,$$ - ne.t hourly Ao) runs /at0
,$,0,$ - ne.t 8ata)ase :.port
,$,0,$3 - ne.t upload for Blo)al-7lac+
,$,0,$" - ne.t upload for Blo)al-Khite
,$,0,$H - ne.t >ash--ile-Fhec+ /option files0
,$,0,$# - ne.t C8(6-cross-Fhec+
,$,0,$7 - ne.t 1e)uildSpam87
,$,0,$I - ne.t 1esend&ail
,$,0,$J - ne.t (SS6-ile8ownload /assp,pl0
,$,0,0 - ne.t @ersion -ile 8ownload /version,t.t0
,$,0,$ - ne.t 7ac+8DS -ile 8ownload
,$,0, - ne.t Fode Fhan4e Fhec+
,$,0,3 - ne.t 8roplist 8ownload
,$,0," - ne.t Briplist 8ownload
,$,0,H - ne.t 6'63Follect
,$,0,# - ne.t Save Stats
,$,0,7 - ne.t %C8list 8ownload
,$,0,I - ne.t Sync Fonfi4
,$,0,J - ne.t Groups -ile 1eload
,$,0,30 - ne.t 7loc+1eport Schedule
,$,0,3$ - ne.t -ile (4e Schedule
,$,0,3 - ne.t 7loc+1epor Lueue Schedule
,$,30,< - wor+er status /)oolean0 < = wor+er
,$,30,<,$ - wor+er time since last loop /te.t0 < = wor+er
,$,30,<, - wor+er last action /te.t0 < = wor+er
,$,3$,0 - 4eneral data)ase status /)oolean0 09$
,$,3$,0,$ - 4eneral data)ase status /te.t0
,$,3$,< - data)ase ta)le status /)oolean0 09$ - < >= $
,$,3$,<,$ - data)ase ta)le name - < >= $ related to ,$,3$,<
, - Fonfi4uration - < is the internal value num)er adapted from the lan4ua4e files
,,> - headin4 description - > is the internal B?5 headin4 num)er
,,>,< - confi4 value
,3 - assp module information - < is a counter up from Mero
,3,< - module name
,3,<,$ - installed module version
,3,<, - re*uired module version
,3,<,3 - module installation status
,3,<," - download ?1C for the module
12.05.2014 Seite 108 von 134
," - assp runtime status
,",$ - current stat - < is a counted num)er
,",$,< - current stat value
,", - cumulative stat - < is a counted num)er
,",,< - cumulative stat value
,",3 - current total stat - < is a counted num)er
,",3,< - current total value
,"," - cumulative total stat - < is a counted num)er
,",",< - cumulative total stat value
,",H - current scorin4 stat - < is a counted num)er
,",H,< - current scorin4 stat value
,",# - cumulative scorin4 stat - < is a counted num)er
,",#,< - cumulative scorin4 stat value
,H,0 - SD&6-(65 : is writea)le - accepts internal su)routine command9call to )e e.ecuted
,H,$ - the result of the last SD&6-(65 call /success or error0
SNM! Base 0&, (SNMPBae&'D)
.1.3.6.1.4.1.37058.2
%he 7ase '58 that should )e used )y assp, %his '58 will )e re4istered to the master-(4ent<, %he master-(4ent< will then redirect
all re*uests for this '58 and su) '582s to assp= %he default settin4 ,$,3,#,$,",$,370HI, is needed to use the &57 file mi)9(SS6-
&57 in SNM! )rowsers,
ow to return Boolean 1alues (SNMPreturnB&&!)
ASN_OCTET_STR
>ow should assp return )oolen values for status '58s, ?se another settin4 than the default (SD_7''C:(D! if your SNM!
application or )rowser does not understand it=
-SS! +ser -ccount use# for SNM! Re2uests (SNMP(er)
root
%he (dmin ?sers account used for SNM! re*uests, 5f the user does no lon4er e.ists! the root account will )e used=
-llow %onfig %hanges (ia SNM! (SNMPwritea)le)
allow
(llow confi4uration chan4es via SNM!, 8o not for4et to setup your SNM! confi4uration file to secure the access to SNM!, (ll
confi4uration chan4es via SNM! are done usin4 the SNM!+ser account=
The Socket use to connect to the master'-gent3 (SNMP$#ent*Socket)
tcp:localhost:705
>ow to connect to the master-(4ent<, 6lease read the net'snmp documentation for more details,
Dotes 'n SD&6
Notes
12.05.2014 Seite 109 von 134
!0!4 %ollecting
!0!4 %onfiguration File$ (P&P+,on"i#File)
file:files/pop3cfg.txt Edit file
%he file with a valid 6'63 confi4uration, 'nly the file: option is allowed to use,
5f the file e.ists and contains at least one valid 6'63 confi4uration line and !0!4&nter(al is confi4ured! assp will collect the
messa4es from the confi4ured 6'63-servers,
:ach line in the confi4 file contains one confi4uration for one user,
(ll spaces will )e removed from each line,
(nythin4 )ehind a N or O is consider a comment,
5f the same 6'63-user-name is used mutiple times! put two an4les with a uni*ue num)er )ehind the user name, %he an4les and
the num)er will )e removed while processin4 the confi4uration,
e,4: pop3userP$> will result in pop3user - or - myDame@pop3,domainP$> will result in myDame@pop3,domain
5t is possi)le to define commonly used parameters in a separate line! which )e4ins with the case sensitive 6'63-username
;F'&&'D:=; - followed )y the parameters that should )e used for every confi4ured user,
( commonly set parameter could )e overwritten in every user definition,
:ach confi4uration line )e4ins with the 6'63-username followed )y ;:=; : e,4 my6'63userDame:=
%his statement has to followed )y pairs of parameter names and values which are separated )y commas - the pairs inside are
sepatated )y ;=;,
e,4,: 6'63usernamePnum>:=6'63password=pop3_pass!6'63server=mail,4mail,com!S&%6sendto=demo@demo_smtp,local!,,,,,,
%he followin4 case sensitive +eywords are supported in the confi4 file:
6'63password=pop3_password
6'63server=6'63-server or 56E:6ortG
S&%6sender=email_address
S&%6sendto=email_address or P%':> or P%':email_address>
S&%6server=S&%6-serverE:6ortG
S&%6>elo=myhelo
S&%6(?%>user=smtpuser
S&%6(?%>password=smtppass
6'63SSC=09$
6'63SSC! S&%6>elo! S&%6sender! S&%6(?%>user and S&%6(?%>password are optional,
5f 6'63SSC is set to $ - 6'63S will )e done= %he 6erl module &0..Socket..SS" is re*uired for 6'63S=
5f S&%6sender is not defined! the -1'&: address from the header line will )e used - if this is not found the 6'63username will )e
used,
5f the P%':> synta. is used for S&%6sendto! the mail will )e sent to any recipient that is found in the ;to: cc: )cc:; header lines if
it is a local one,
5f the P%':email_address> synta. is used for S&%6sendto! the literals D(&: and9or 8'&(5D will )e replaced )y the name part
and9or domain part of the addresses found in the ;to: cc: )cc:; header lines, %his ma+es it possi)le to collect 6'63 mails from a
6'63 account! which holds mails for multiple recipients,
-or e.ample: P%':D(&:@mydomain,com> or P%':D(&:@su)domain,8'&(5D> or P%':central-account@8'&(5D>
5f the P%':> or P%':email_address> synta. is used for S&%6sendto! ;local,omains; and9or ;local(ddresses_-lat; must )e
confi4ured to prevent too much error for wron4 recipients defined in the ;to: cc: )cc:; header lines, %he 6'63collector will not do
any C8(6 or @1-Q *uery=
5f you want assp to detect S6(&! use the listen!ort or listen!ort5 as S&%6-server,
%o use this feature! you have to install the perl script ;assp_pop3,pl; in the assp- )ase directory,
!0!4 %ollecting &nter(al
s
(P&P+'nter-al)
0
%he interval in minutes! assp should collect messa4es from the confi4ured 6'63-servers, ( value of Mero disa)les this feature,
!0!4 %ollector forks to a new !rocess (P&P+"ork)
5f selected! the 6'63 collection will )e started in a new process /for+0, %his prevents the &aint%hread from waitin4 until the 6'63
collection has finished, 8o not select this option! if you are testin4 the 6'63 collection - to 4et all output from the collector= 5t is
recommended to set this option after you2ve verified that the 6'63 collector is runnin4 well,
!0!4 6eep Re7ecte# Mails on !0!4 Ser(er (P&P+.eepRe/ected)
5f selected! any collected 6'63 mail that fails to )e sent via S&%6 /)ecause of )ein4 S6(& - in case reAected )y the S&%6 server0
will )e +eeped on the 6'63 server,
!0!4 #e)ug (P&P+de)u#)
5f selected! the 6'63 collection will write #e)ug output to the lo4 file, 8o not use it! unless you have pro)lems with the 6'63
collection=
Dotes 'n 6'63 collectin4
Notes
12.05.2014 Seite 110 von 134
Module Setup
Use Module ASSP_FC (useASSP_FC)

If selected, the perl module ASSP_FC will be loaded if it is installed. If not selected, ASSP will not load the perl module ASSP_FC
even it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused modules to
reduce the required memor. !equires ASSP restart!
Use Module ASSP_SVG (useASSP_SVG)

If selected, the perl module ASSP_S"# will be loaded if it is installed. If not selected, ASSP will not load the perl module
ASSP_S"# even it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused
modules to reduce the required memor. !equires ASSP restart!
$his module is possibl used for enableGraphStats and mabe some other features.
Use Module ASSP_WordStem (useASSP_WordStem)

If selected, the perl module ASSP_%ordStem will be loaded if it is installed. If not selected, ASSP will not load the perl module
ASSP_%ordStem even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
unused modules to reduce the required memor. !equires ASSP restart!
Use Module AsspSelfLoader (useAsspSelfLoader)

If selected, the perl module AsspSelf&oader will be loaded if it is installed. If not selected, ASSP will not load the perl module
AsspSelf&oader even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module Authen::SASL (useAuthenSASL)

If selected, the perl module Authen''SAS& will be loaded if it is installed. If not selected, ASSP will not load the perl module
Authen''SAS& even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for relayAuthUser and mabe some other features.
Use Module er!eley" (useBerkeleyDB)

If selected, the perl module (er)ele*( will be loaded if it is installed. If not selected, ASSP will not load the perl module
(er)ele*( even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for "o#MM #MMuses" do$nloada%!"&SF'le spamdb use"()r'pl'st "dr'*er
'mport""'r use"(+ntCa%he use"(,ebu'ld S&MP and mabe some other features.
Use Module Compress::-l'b (useCompressZl!)

If selected, the perl module Compress''+lib will be loaded if it is installed. If not selected, ASSP will not load the perl module
Compress''+lib even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for AutoUpdateASSP .nable#//PCompress'on )lobalCl'ent&ame and mabe some other
features.
Use Module Con*ert::/&.F (useCon"ert#$%F)

If selected, the perl module Convert''$,-F will be loaded if it is installed. If not selected, ASSP will not load the perl module
Convert''$,-F even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for do+nF'0/&.F do1utF'0/&.F and mabe some other features.
Use Module "_F'le (useDB_Fle)
If selected, the perl module *(_File will be loaded if it is installed. If not selected, ASSP will not load the perl module *(_File even
it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused modules to
$his module is possibl used for use"(,ebu'ld and mabe some other features.
Use Module "')est::M"2 (useD&est'D()

If selected, the perl module *i.est''/*0 will be loaded if it is installed. If not selected, ASSP will not load the perl module
*i.est''/*0 even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for "elayM"2 and mabe some other features.
Use Module "')est::S#A3 (useD&estS)A*)

If selected, the perl module *i.est''S1A2 will be loaded if it is installed. If not selected, ASSP will not load the perl module
*i.est''S1A2 even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for "oMSG+"s') "oA/V and mabe some other features.
Use Module .ma'l::M+M. (use%mal'+'%)

If selected, the perl module -mail''/I/- will be loaded if it is installed. If not selected, ASSP will not load the perl module
-mail''/I/- even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for Val'dateU,+L "olo%!.0es .ma'lSpam .ma'l#am .ma'lAnaly4e
UseUn'%ode(Ma'llo)&ames UseUn'%ode(Sub5e%tLo))'n) 'nChrSetCon* outChrSetCon* do+nF'0/&.F do1utF'0/&.F
lo%!,eportF'le and mabe some other features.
12.05.2014 Seite 111 von 134
Use Module .ma'l::Send (use%malSend)

If selected, the perl module -mail''Send will be loaded if it is installed. If not selected, ASSP will not load the perl module
-mail''Send even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for resendma'l and mabe some other features.
Use Module F'le::,eada%!$ards (useFle,eadBa-k.ards)

If selected, the perl module File''!ead(ac)wards will be loaded if it is installed. If not selected, ASSP will not load the perl module
File''!ead(ac)wards even it is installed and several features of ASSP will not be available! It is recommended to disable installed
but unused modules to reduce the required memor. !equires ASSP restart!
Use Module F'le::S%an::ClamAV (useFleS-anClamAV)

If selected, the perl module File''Scan''ClamA" will be loaded if it is installed. If not selected, ASSP will not load the perl module
File''Scan''ClamA" even it is installed and several features of ASSP will not be available! It is recommended to disable installed
$his module is possibl used for UseA*Clamd and mabe some other features.
Use Module +1::So%!et::+&./6 (use+/So-ket+$%#0)

If selected, the perl module I3''Soc)et''I,-$4 will be loaded if it is installed. If not selected, ASSP will not load the perl module
I3''Soc)et''I,-$4 even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for enable+&./6 and mabe some other features.
Use Module +1::So%!et::SSL (use+/So-ketSSL)

If selected, the perl module I3''Soc)et''SS& will be loaded if it is installed. If not selected, ASSP will not load the perl module
I3''Soc)et''SS& even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for syn%UsesSSL smtp"est'nat'on smtp"est'nat'onSSL smtpAuthSer*er relay#ost
.ma'l,eport"est'nat'on "oL"APSSL enableWebAdm'nSSL enableWebStatSSL "o/LS SSLW.CertVer'fyC
SSLW.Conf')ure P1P7Conf')F'le and mabe some other features.
Use Module LWP::S'mple (useLWPSmple)

If selected, the perl module &%P''Simple will be loaded if it is installed. If not selected, ASSP will not load the perl module
&%P''Simple even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module M+M.::/ypes (use'+'%#ypes)

If selected, the perl module /I/-''$pes will be loaded if it is installed. If not selected, ASSP will not load the perl module
/I/-''$pes even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for do+nF'0/&.F do1utF'0/&.F and mabe some other features.
Use Module Ma'l::"8+M::Ver'f'er (use'alD1+'Verfer)

If selected, the perl module /ail''*5I/''"erifier will be loaded if it is installed. If not selected, ASSP will not load the perl module
/ail''*5I/''"erifier even it is installed and several features of ASSP will not be available! It is recommended to disable installed
$his module is possibl used for "o"8+M and mabe some other features.
Use Module Ma'l::SPF (use'alSPF)

If selected, the perl module /ail''SPF will be loaded if it is installed. If not selected, ASSP will not load the perl module /ail''SPF
$his module is possibl used for Val'dateSPF SPF9 Lo%alPol'%ySPF "ebu)SPF and mabe some other features.
Use Module Ma'l::SPF:::uery (use'alSPF2uery)

If selected, the perl module /ail''SPF''6uer will be loaded if it is installed. If not selected, ASSP will not load the perl module
/ail''SPF''6uer even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for SPF9 Lo%alPol'%ySPF and mabe some other features.
Use Module Ma'l::S,S (use'alS,S)

If selected, the perl module /ail''S!S will be loaded if it is installed. If not selected, ASSP will not load the perl module /ail''S!S
$his module is possibl used for .nableS,S and mabe some other features.
Use Module &et::C+",::L'te (use$etC+D,Lte)

If selected, the perl module ,et''CI*!''&ite will be loaded if it is installed. If not selected, ASSP will not load the perl module
,et''CI*!''&ite even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module &et::"&S (use$etD$S)

12.05.2014 Seite 112 von 134
If selected, the perl module ,et''*,S will be loaded if it is installed. If not selected, ASSP will not load the perl module ,et''*,S
$his module is possibl used for Val'date,WL "o,e*ersed "o+n*al'dP/, "ebu)SPF Val'date,L Val'dateU,+L
"oa%!S%tr and mabe some other features.
Use Module &et::+P (use$et+P)

If selected, the perl module ,et''IP will be loaded if it is installed. If not selected, ASSP will not load the perl module ,et''IP even
it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused modules to
Use Module &et::L"AP (use$etLDAP)

If selected, the perl module ,et''&*AP will be loaded if it is installed. If not selected, ASSP will not load the perl module ,et''&*AP
$his module is possibl used for ldL"AP "oL"AP and mabe some other features.
Use Module &et::SM/P (use$etS'#P)

If selected, the perl module ,et''S/$P will be loaded if it is installed. If not selected, ASSP will not load the perl module
,et''S/$P even it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused
$his module is possibl used for enableCFGShare syn%UsesSSL lo%al"oma'ns lo%!,epFor$#ost lo%!,eportF'le and
mabe some other features.
Use Module &et::SM/P::SSL (use$etS'#PSSL)

If selected, the perl module ,et''S/$P''SS& will be loaded if it is installed. If not selected, ASSP will not load the perl module
,et''S/$P''SS& even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for syn%UsesSSL lo%!,epFor$#ost and mabe some other features.
Use Module &etAddr::+P::L'te (use$etAddr+PLte)

If selected, the perl module ,etAddr''IP''&ite will be loaded if it is installed. If not selected, ASSP will not load the perl module
,etAddr''IP''&ite even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module &etS&MP::a)ent (use$etS$'Pa&ent)

If selected, the perl module ,etS,/P''a.ent will be loaded if it is installed. If not selected, ASSP will not load the perl module
,etS,/P''a.ent even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for S&MP and mabe some other features.
Use Module Perl+1::s%alar (usePerl+/s-alar)

If selected, the perl module PerlI3''scalar will be loaded if it is installed. If not selected, ASSP will not load the perl module
PerlI3''scalar even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module ,e)e0p::1pt'm'4er (use,e&e3p/ptm4er)

If selected, the perl module !e.e7p''3ptimi8er will be loaded if it is installed. If not selected, ASSP will not load the perl module
!e.e7p''3ptimi8er even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module S%hedule::Cron (useS-heduleCron)

If selected, the perl module Schedule''Cron will be loaded if it is installed. If not selected, ASSP will not load the perl module
Schedule''Cron even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for ,eStartS%hedule MemoryUsa)eChe%!S%hedule ,ebu'ldS%hedule and mabe some other
features.
Use Module Sys::CpuAff'n'ty (useSysCpuAffnty)

If selected, the perl module Ss''CpuAffinit will be loaded if it is installed. If not selected, ASSP will not load the perl module
Ss''CpuAffinit even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for asspCpuAff'n'ty and mabe some other features.
Use Module Sys::Mem+nfo (useSys'em+nfo)

If selected, the perl module Ss''/emInfo will be loaded if it is installed. If not selected, ASSP will not load the perl module
Ss''/emInfo even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module Sys::Syslo) (useSysSyslo&)

If selected, the perl module Ss''Sslo. will be loaded if it is installed. If not selected, ASSP will not load the perl module
Ss''Sslo. even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
12.05.2014 Seite 113 von 134
$his module is possibl used for sysLo) and mabe some other features.
Use Module /e0t::Un'de%ode (use#e3t5nde-ode)

If selected, the perl module $e7t''9nidecode will be loaded if it is installed. If not selected, ASSP will not load the perl module
$e7t''9nidecode even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for "o/ransl'terate and mabe some other features.
Use Module /hread::State (use#hreadState)

If selected, the perl module $hread''State will be loaded if it is installed. If not selected, ASSP will not load the perl module
$hread''State even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for Wor!erCPUPr'or'ty and mabe some other features.
Use Module /'e::,"M (use#e,DB')

If selected, the perl module $ie''!*(/ will be loaded if it is installed. If not selected, ASSP will not load the perl module
$ie''!*(/ even it is installed and several features of ASSP will not be available! It is recommended to disable installed but unused
$his module is possibl used for myhost and mabe some other features.
Use Module Un'%ode::GCStr'n) (use5n-odeGCStrn&)

If selected, the perl module 9nicode''#CStrin. will be loaded if it is installed. If not selected, ASSP will not load the perl module
9nicode''#CStrin. even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module W'n79::AP+::1utput"ebu)Str'n) (useWn67AP+/utputDe!u&Strn&)

If selected, the perl module %in:;''API''3utput*ebu.Strin. will be loaded if it is installed. If not selected, ASSP will not load the
perl module %in:;''API''3utput*ebu.Strin. even it is installed and several features of ASSP will not be available! It is
recommended to disable installed but unused modules to reduce the required memor. !equires ASSP restart!
Use Module W'n79::"aemon (useWn67Daemon)

If selected, the perl module %in:;''*aemon will be loaded if it is installed. If not selected, ASSP will not load the perl module
%in:;''*aemon even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
Use Module W'n79::Un'%ode (useWn675n-ode)

If selected, the perl module %in:;''9nicode will be loaded if it is installed. If not selected, ASSP will not load the perl module
%in:;''9nicode even it is installed and several features of ASSP will not be available! It is recommended to disable installed but
$his module is possibl used for UseUn'%ode(Ma'llo)&ames and mabe some other features.
12.05.2014 Seite 114 von 134
ASSP_AFC;Plu)'n
"o the ASSP_AFC Plu)'n (DoASSP_AFC)
disabled
$his plu.in is an addon to the default attachment< and ClamA"< en.ine of ASSP. $he default en.ines onl scannes the first
/a7(tes=ClamA"(tes of an email. If ou enable this plu.in, the complete mail will be scanned for bad attachments and=or
viruses!
$he default en.ine>s? will be disabled b this enhanced version. (efore ou enable this plu.in, please .o to the confi.uration
section>s? and confi.ure the values for attachments and=or ClamA"! $his plu.in requires an installed .ma'l::M+M. module in
P-!&.
$his plu.in is desi.ned for< and runnin. in call=run level @complete mail@!
Sele%t the ASSP_AFC Plu)'n A%t'on (ASSP_AFCSele-t)
do both
If ou enable one or both options of this plu.in, the complete mail will be scanned for bad attachments and=or viruses!
the pr'or'ty of the Plu)'n (ASSP_AFCProrty)
6
Sets the priorit of this Plu.in within the call=run<level @complete mail@. $he Plu.in with the lowest priorit value is processed first!
lo%! .n%rypted Compressed Atta%hments (ASSP_AFC!lo-k%n-ryptedZ+P)
If set, encrpted or password protected compressed attachments will be bloc)ed or replaced accordin. to ASSP_AFCSele%t and
ASSP_AFC,epladAtta%h .
$o define a user based chec) of compressed attachments, confi.ure @UserAtta%h@. $his plu.in enhance the definiton options for
UserAtta%h. In addition to the e7istin. options, the followin. snta7 could be used'
For e7ample'
8ip'userAdomain.tld BC .ood BC aiDascDbh7DdatDdocDepsD8ip
8ip'EAdomain.tld BC .ood BC aiDascDbh7 , .ood<out BC epsD.if , .ood<in BC htmDhtml , bloc) BC pdfDppt , bloc)<out BC
rarDrpt , bloc)<in BC 7lsDe7eF<binDcrptF<8ipDencrpt
$hose definitions >leadin. 8ip'? are onl used inside compressed files.
$he e7tension @crpt<8ip@ could be used to allow or deni encrpted compressed attachments for users at an compression level.
$he e7tension @encrpt@ could be used to allow or deni encrpted >e.. aes? for users.
$he followin. compression formats=e7tensions are supported'
tar..8,t.8,.8,tar,8ip,Gar,ear,war,par,tb8,tb8;,tar.b8,tar.b8;,b8;,+,l8ma,t78,tar.78,78.
$he detection of compressed files is done content based not filename e7tension based.
*ependin. on our Perl distribution, it could be possible that ou must install additional @I3''Compress''...@ >for e7ample'
I3''Compress'&8ma? modules to support the compression methodes.
Ma0'mum "e%ompress'on Le*el (ASSP_AFC'a3Z+PLe"el)
10
$he ma7imum decompression ccles use on a compressed attachment >e.' 8ip in 8ip in 8ip ...?. *efault value is 2H < 8ero is not
allowed to be used!
,epla%e ad Atta%hments (ASSP_AFC,eplBadAtta-h)
If set and Attachment(loc)in. is set to bloc), the mail will not be bloc)ed but the bad attachment will be replaced with a te7t!
,epla%e ad Atta%hments /e0t (ASSP_AFC,eplBadAtta-h#e3t)
The attached file (FILENAME) was removed from this email by A! for "olicy reaso#s$
$he te7t which replaces the bad attachment. $he litteral FI&-,A/- will be replaced with the name of the bad attachment!
,epla%e V'rus Parts (ASSP_AFC,eplVrParts)
If set and virus scannin. >9seClamA"? is enabled, the mail will not be bloc)ed but the bad attachment or mail part will be replaced
with a te7t!
,epla%e V'rus Parts /e0t (ASSP_AFC,eplVrParts#e3t)
There was a vir%s removed from this email (attachme#t FILENAME) by A!$
$he te7t which replaces the bad mailparts that contains a virus. $he litteral FI&-,A/- will be replaced with the name of a bad
attachment!
+n%rease MSG;S%ore on MSG S'4e (ASSP_AFC'SGS+Z%s-ore)
Iou can increase the messa.e score of a mail because of its si8e >in bte?. *efine the si8e and scores in a comma separated list
usin. the snta7 @si8eBCscoreJ,othersi8eBCotherscoreK@. $he list will be processed in reversed numerical order of the si8e value. If
the si8e of a mail is equal or hi.her as the defined si8e, the associated messa.e score will be added. An possible definition could
be'
0HHHHHBC2H,2HHHHHHBC0,20HHHHHBCH
which meens' if the messa.e si8e is CB 20HHHHH bte no score will be added
if the messa.e si8e is CB 2HHHHHH bte and L 20HHHHH bte a score of 0 will be added
if the messa.e si8e is CB 0HHHHH bte and L 2HHHHHH bte a score of 2H will be added
if the messa.e si8e is L 0HHHHH bte no score will be added.
12.05.2014 Seite 115 von 134
This feature will not process incomming mails, whitelisted mails and mail that are noprocessing - except mails, that are
noprocessing only because of there message size (npSize).
Detect Spam Attachments* (ASSP_AFCDetectSpamAttachRe)
image\/
An regular expression used on the "ontent-Type" header tag to detect !"!# parts that should be chec$ed to be $nown spam or
not. The rebuildspamdb tas$ will build spamdb entries for these attachements and inlines (in assp build %&'&& and higher). The
plugin will bloc$ an email, if a bad attachment is found and was not remo(ed)replaced by any other rule in this plugin. *ea(e this
blan$ to disable the feature.
for example+
image,)
application,)pd-ft.
application,)zip
Script to move large attachments to a web server (ASSP_AFCWebScript)
"f the size of an undecoded attachment exceeds the ASSP_AFCinsize or ASSP_AFCoutsize parameter, assp will call this script
and will replace the attachment with the text returned by this script or executable.
"f no text is returned by the script (a warning is written to the maillog.txt) or the returned text begins with the word "error", the
attachment will not be replaced.
The script has to write the resulting text or error to /T012T.
The resulting text could be any of plain text or html code. The !"!#-enconding and the ontent-Type (alue of the resulting !"!#-
part will be set accordingly.
The text should contain the lin$ to download the attachment, possibly some explanation (eg. download life time), web login
information or a web-session-identifier - what e(er is needed to fit the re3uirements of your web ser(er.
4ou ha(e to define the full path to the script and all parameters that should be pass to the script. The literal 5"*#6A!# will be
replaced with the attachment filename (including the full path) that was stored in the )transfer folder. Any literal starting with an
787, will be replaced by the according connection hash (alue or the global (ariable with the name.
for example+
8relayo$ will be replaced by 8on-9:relayo$; - which identifies if it is an incoming (%) or outgoing)local (') mail
/o a possible definition of this parameter could be+
7)usr)bin)mo(e<attachment<to<web.sh 8relayo$ 5"*#6A!#7
or
7c+)assp)mo(e<attachment<to<web.cmd 8relayo$ 5"*#6A!#7
The file has to be remo(ed by the script. "f not, assp will warn about this and will remo(e the file in the )transfer folder.
To $eep the filenames uni3ue, the assp message identifier is placed in front of the filename - li$e+ !%-='>=?-
'&'&@<attachmentfilename. 6otice+ if the filename contains unicode characters, assp will pass this characters in 2T5-? to your
scriptA
Beep in mind, that if this script terminates it7s own process - A//C will dieA
Attachment size incoming (ASSP_AFCinsize)
1024
The size in BD of an attachment in incoming mails that must be reached, to call the ASSP_AFCWebScript. This parameter is
ignored if left blan$ or set to zero.
Attachment size outgoing/local (ASSP_AFCoutsize)
1024
The size in BD of an attachment in outgoing or local mails that must be reached, to call the ASSP_AFCWebScript. This parameter
is ignored if left blan$ or set to zero.
12.05.2014 Seite 116 von 134
ASSP_AC!Plugin
Do the ASSP_AC Plugin (DoASSP_ARC) "
disabled
#nable or disables the archi(ing of mails.
"f this plugin is installed 7 StoreComplete#ail 7 will be set to 7no limit7A
1nly collected mails could be archi(edA
This Clugin is designed for- and running in call)run le(el 7complete mail7 after the mail is collectedA
The archi(e re3uest is pushed by the /!TC-wor$ers in to the !aintThread, which will copy the collected file in to the archi(e
folder.
the priorit$ o% the Plugin (ASSP_ARCPriority) "
9
/ets the priority of this Clugin within the call)run-le(el 7complete mail7. The Clugin with the lowest priority (alue is processed firstA
Archive in PA&' (ASSP_ARCinPATH) "
Ehere to store the archi(ed files for incoming mails. 4ou can build a folder structure if you want. Fead below to get more details.
Archive out PA&' (ASSP_ARCoutPATH) "
Ehere to store the archi(ed files for outgoing mails. 4ou can build a folder structure if you want.
The following uppercase literals will be replaced by+
4#AF - year in format yyyy
!16TG - month in the format mm
0A4 - day in the format dd
*1H - the folder name defined by A//C. notspamlog is used if the mail is GA! in e(ery other case spamlog is used
FCT - the full mail address of the receipient
5F1! - the full mail address of the sender
F6A!# - the receipient name without Idomain
56A!# - the sender name without Idomain
F01!A"6 - the recipient domain without I
501!A"6 - the sender domain without I
The filename (without folders) build by assp will be added to the end of the resulting string. 6ot existing folders will be created by
the plugin.
26 pathes are supported. 5or example using a share on windows + ,,hostname-or "C.)share)-your path definition.. 1nly in this
case it is allowed to use bac$slashes in the path definition (only the two at start AAA).
un this Code to select #essages (ASSP_ARCSelectCode) "
Cut a code line here, to detect messages that you want to archi(e (or not). The code line has to return ' or %. A return of % will
start archi(ing.
for example+
return 8this-9:signed; J % + 'K
This code line will switch on archi(ing for all digital signed messages.
if (8this-9:relayo$; LL A 8this-9:isbounce;) :return %K; else :return 'K;
This code line will switch on archi(ing for all outgoing not bounce messages.
if (8this-9:ispip; LL 8this-9:cip; MN )O%P=,.&,.%,.)) :return %K; else :return 'K;
This code line will switch on archi(ing if the messages is from "/C and the "C of the ser(er that was connected to the "/C begins
with %P=.&.%. .
sample detection switches are+
- 8this-9:relayo$; - % M outgoing
- 8this-9:noprocessing; % M noprocessing
- 8this-9:whitelisted; % M whitelisted
- 8this-9:isbounce; % M bounced message
- 8this-9:signed; % M digital signed
- 8this-9:ispip; % M comes from an "/C
- 8this-9:spamfound; % M "/CA!-found" flag is set
- 8this-9:error; % M bloc$ed message
To use this option, you need to $now the internal A//C (ariables and there usageA
(nable Compression %or Archive Files (ASSP_ARCip) "
All archi(ed files will be compressed (zip) and will get an extension ".gz" to there name. This re3uires an installed Compress))*lib
module in C#F*.
(nable (nc$ption %or Archive Files (ASSP_ARCDo!ncrypt) "
All archi(ed files will be encrypted using A#/-&QR-D algorithm and will get an extension ".aes" to there name. The used
encryption-$ey is a(ailable in 8this-9:AFF4CTB#4; - see database section "0D field mapping file". 0o not use this option, if
your system has a high C2 wor$load, because the encryption of large files will use %''S of one C2-core for some seconds. This
re3uires an installed +penSS, and the 7openssl,bin7 directory must be in the systems CATG (ariable.
12.05.2014 Seite 117 von 134
To decrypt a archi(ed file use + openssl enc -d -aes-&QR-cbc -in the<achi(e<file<name -out the<target<file -pass
pass+the<$ey<from<the<database A
database hostname or -P (ASSP_ARCmyhost) "
The hostname or "C where a record is written for each archi(ed file. The database and the tables must be already created. The
type and length of each database field depends on your needs. !appings between archi(e (ariables and database fields are done
with the mapping file belowA *ea(e this blan$, if do not want to use a database.
database driver name (ASSP_ARCD"dri#er) "
The database dri(er used to access your database - 0D0-dri(er. The following dri(ers are a(ailable on your system+
Der$eley0D, A01, Any0ata, /T, 0D!, #xampleC, 5ile, Hofer, *0AC, *og, !T/<5TC/U*, !oc$, !ultiplex, 10D, 1racle, 1(rimos,
Cg, CgCC, Croxy, /U*ite, /ponge, /prite, Template, Template//, mys3l, mys3lCC
"f you can not find the dri(er for your database in this list, you should install it (ia cpan or ppmA
- or if you ha(e installed an 10D-dri(er for your database and 0D0-10D, Vust create a 0/6 and use 10D.
2sefull are A01W0D&W"nformixW10DW1racleWCgW/ybaseWmys3lWmys3lCC - but any other /U* compatible database should also
wor$.
syntax examples+ dri(er,option%,option&,...,...
A01,-0/6Mmydsn.
0D&
"nformix
10D,0/6MmydsnWdri(erM:/U* /er(er;,/er(erMser(er<name
1racle,/"0M%W"6/TA6#<6A!#MmyinstanceW/#FT#FMmyser(erW/#FT"#<6A!#Mmyser(ice<name,-C1FTMmyport.
Cg,-C1FTMmyport.
/ybase,/#FT#FMmyser(er,-C1FTMmyport.
mys3l,-C1FTMmyport.
mys3lCC,-C1FTMmyport.
The options for all dri(ers and there possible or re3uired order depending on the used 0D0-dri(er, please read the dri(ers
documentation, if you do not $now the needed option.
The username, password, host and databasename are always used from this configuration page.
*ea(e this blan$, if do not want to use a database.
database name (ASSP_ARCmydb) "
This database must exist before archi(ing is started. *ea(e this blan$, if do not want to use a database.
database table name (ASSP_ARCmytable) "
This table must exist before archi(ing is started. *ea(e this blan$, if do not want to use a database.
database username (ASSP_ARCmyuser) "
This user should ha(e F#AT# pri(ilege on the database. *ea(e this blan$, if do not want to use a database.
database password (ASSP_ARCmypass$ord) "
D. %ield mapping %ile* (ASSP_ARC%ield&ap) "
The file which contains the field mapping table 0D-field M9 Archi(eTariable . "f set, the (alue has to begin with file+ A *ea(e this
blan$, if do not want to use a database.
(nable Plugin logging (ASSP_ARC'o() "
standard
12.05.2014 Seite 118 von 134
ASSP_DCC!Plugin
Do the ASSP_DCC Plugin (DoASSP_DCC)
disabled
This Clugin uses a ser(ice pro(ided by www.rhyolite.com to detect spam on a statistical (chec$sum) base.
4ou ha(e to open 20C port R&@@ on your firewall for outgoing connections and dccifd must be installed an running. This port is
used by dccifd to connect to the 0-/er(ers.
Clease notice that dccifd is not a(ailable on windows systems. To use 0 on windows you must install the 0 components on a
second linux system and you ha(e to configure ASSP_DCCdcci%d to use an "C soc$et to connect to the dccifd. Clease follow the
installation instructions on http)//www/rh$olite/com/dcc/-0S&A,,/html
0 is a distributed, collaborati(e, spam detection and filtering networ$. Through user contribution, 0 establishes a distributed
and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out $nown spam. 0etection is
done with statistical signatures that efficiently spot mutating spam content. 2ser input is (alidated through reputation assignments
based on consensus on report and re(o$e assertions which in turn is used for computing confidence (alues associated with
indi(idual signatures.
This plugin is designed for- and running in call)run le(el 7complete mail7A
the priorit$ o% the Plugin (ASSP_DCCPriority)
8
Set the Plugin in &estmode (TestASSP_DCC)
/et this Clugin in to Testmode. The Clugin returns true in any caseA
(nable Plugin logging (ASSP_DCC'o()
standard
Penalt$.o1 valance %or ASSP_DCC Plugin 2 (ASSP_DCC)alenceP")
15
!essage scoring for A//C<0 Clugin
process whitlisted mails (procWhiteASSP_DCC)

Ehitelisted mails will be processed by this CluginA
location to log the %ailed mails (ASSP_DCC'o(To)
spamfolder & ccallspam
Ehere to store reVected mail for this Clugin. Fecommended+ spamfolder L ccallspam
% M spamfolder, & M notspam folder, = M spamfolder L ccallspam, > M mailo$ folder, Q M attachment folder, R M discard, @ M
discard L ccallspam.
'ome Director$ o% DCC on linu1 (ASSP_DCChomedir)
/var/dcc
The home 0irectory of 0 on linux systems. dccifd will listen on a unix soc$et in this folder. This parameter will be ignored if
ASSP_DCCdcci%d is configuredA
dcci%d -P/'ost -n%ormation (ASSP_DCCdcci%d)
"f you are running dccifd on a second system, define the "C address or hostname and port of that daemon here. 5or example+
%P&.%R?.'.%''+%%%%% or dccifd.mydomain.com+%%%%% . "f this parameter is configured, the setting of ASSP_DCChomedir will be
ignoredA
dcci%d Soc3et &imeout (ASSP_DCCTimeout)
16
0efine the maximum time in seconds, assp will wait for an Answer of the dccifd. Fecommended setting are between %' an %R -
default is %R seconds.
DCC Auth Client -P (ASSP_DCCClient*P)
0efine the "C address that is used to authenticate assp at the dccifd here.
DCC Auth Client 0ame (ASSP_DCCClient+ame)
0efine the hostname that is used to authenticate assp at the dccifd here.
eport to DCC!Server (ASSP_DCCReportToDCC)
query only
0efine how the reporting function of 0 should be used. "f set to "3uery only" - no reporting is be done. "f set to "report" of the
current 0 result will be reported to the 0 ser(ers. "f set to "report and $nown spam" the same beha(ior li$e "report" belongs
and additionaly - if the mail is still detected as /CA! by assp, this will be reported to the 0 ser(ers.
12.05.2014 Seite 119 von 134
ASSP_+C!Plugin
Do the ASSP_+C Plugin (DoASSP_,CR) "
monitor
This Clugin resol(es the A/"" part of attached images.
This Clugin is designed for- and running in call)run le(el 7complete mail7A
the priorit$ o% the Plugin (ASSP_,CRPriority) "
5
(nable Plugin logging (ASSP_,CR'o() "
standard
process whitelisted mails (procWhiteASSP_,CR) "

Ehitelisted mails will be processed by this CluginA
e1tract te1t %rom te1t %iles (DoSimpleTe-tASSP_,CR)

The text components of attached text)html or similar files will be extractedA
e1tract te1t %rom pd% %iles (DoPDFTe-tASSP_,CR) "

The text components of attached pdf files will be extractedA
e1tract te1t %rom images insite pd% %iles (DoPDF*ma(eASSP_,CR) "

The text components of images insite of attached pdf files will be extractedA
e1tract te1t %rom attached image %iles (Do*ma(eASSP_,CR) "

The text components of attached images be extractedA
Full Path to -mage#agic3 (1ecutable (ASSP_,CR!-ec) "
C:\Program Files\ImageMagick\convert
The full path to the "mage!agic$ executable (con(ert). 5or example+ c+)progams)"mage!agic$)con(ert
or )opt)"mage!agic$)con(ert .
"f not defined, A//C will search for this executable and set this (alue automaticly, if any of the both "mage options is set.
The path to "mage!agic must be defined in the systems CATG (ariableA
"f the executable was not found, this (alue will be set to "con(ert not found in path". "n this case set your systems CATG (ariable
correct, restart A//C and clear this (alue - A//C will then retry to find con(ertA
ma1size o% the converted images (ASSP_,CRocrma-size) "
1024000
The maximum size of the con(erted images to scan with tesseract - default is %'&>'''
ma1imum number o% allowed concurrent running image processing tas3s (ASSP_,CRocrma-processes)
3
The maximum number of concurrent running image processing tas$s (tesseract ) con(ert). This number should be less than the
number of a(ailable C2 cores - default is =. hanging this (alue re3uires an A//C restartA
12.05.2014 Seite 120 von 134
ASSP_Razor-Plugin
Do the ASSP_Razor Plugin (DoASSP_Razor)
disabled
This Plugin uses a service provided by www.cloudmark.com to detect spam on a statistical base.
You have to open port 2703 on your firewall for outgoing connections. This port is used by a!or to connect to the a!or"#ervers.
a!or is a distributed$ collaborative$ spam detection and filtering network. Through user contribution$ a!or establishes a
distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam.
%etection is done with statistical and randomi!ed signatures that efficiently spot mutating spam content. &ser input is validated
through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing
confidence values associated with individual signatures.
This plugin is designed for" and running in call'run level (complete mail()
the priority of the Plugin (ASSP_RazorPriority)
7
#ets the priority of this Plugin within the call'run"level (complete mail(. The Plugin with the lowest priority value is processed first)
Set the Plugin in Testmode (TestASSP_Razor)
#et this Plugin in to Testmode. The Plugin returns true in any case)
Enable Plugin logging (ASSP_RazorLog)
standard
Maximum onfiden!e by Razor for "#T SPAM (ASSP_RazorMaxNotSpamConf)
default
The a!or"#erver will return a confidence'spam level for each mail between 0 and *00$ where 0 meens no spam and *00 absolute
spam. &nder default conditions a!or uses a pre calculated default value$ but if you want$ you can set this to an absolute value
between 0 and ++ or a value relative to the default ,use -default"dd- or -default.dd- without /uotes " dd must be digits0. 1f the
a!or"score is higher than this value$ the mail will consider spam. To use the default value ,recommended0$ set the value to the
word -default-.
Penalty$ox %alen!e for ASSP_Razor Plugin & (ASSP_RazorValenceP)
15
2essage'1P scoring for 3##P4a!or Plugin
pro!ess 'hitlisted mails (proc!"iteASSP_Razor)

5hitelisted mails will be processed by this Plugin)
lo!ation to log the failed mails (ASSP_RazorLogTo)
spamfolder & ccallspam
5here to store re6ected mail for this Plugin. ecommended7 spamfolder 8 ccallspam
* 9 spamfolder$ 2 9 notspam folder$ 3 9 spamfolder 8 ccallspam$ : 9 mailok folder$ ; 9 attachment folder$ < 9 discard$ 7 9
discard 8 ccallspam.
sele!t a language file to !hange the display language
default edit
readme
=or defining any full filepathes$ always use slashes ,-'-0 not backslashes. =or e>ample7 c7'assp'certs'server"key.pem )
=ields marked with one small ,
s
0 " which are interval definitions " accept a single or a list of crontab entries separated by (?(.
#uch entries could be used to fle>ible schedule the configured task. 3n description of such crontab entries could be found in
(ebuild#chedule( and (estart#chedule(. @otice " this re/uires an installed S!hedule((ron module in PAB.
=ields marked with at least one asterisk ,C0 accept a list separated by (?( ,for e>ample7 abc?def?ghi0 or a file designated as
follows ,path relative to the 3##P directory07 (file7files'filename.t>t(. Putting in the file: will prompt 3##P to put up a button to
edit that file. files is the subdirectory for files. The file does not need to e>ist$ you can create it by saving it from the editor
within the &1. The file must have one entry per lineD anything on a line following a numbersign or a semicolon , E D0 is ignored
,a comment0.
1t is possible to include custom"designed files at any line of such a file$ using the following directive
E include filename
where filename is the relative path ,from c7'assp0 to the included file like files'inc*.t>t or inc*.t>t ,one file per line0. The line
will be internaly replaced by the contents of the included file)
=ields marked with two asterisk ,CC0 contains regular e>pressions ,rege>0 and accept a second weight value. Avery weighted
rege> that contains at least one (?( has to begin and end with a (F( " inside such rege>es it is not allowed to use a tilde (F($
even it is escaped " for e>ample7 Fabc)*?defF9G23 or Fabc*?defF9G23 " instead use the octal ,H*2<0 or he> ,H>7A0
notation $ for e>ample FabcH*2<?defF9G23 or FabcH>7A?defF9G23 . Avery weighted rege> has to be followed by (9G( and the
weight value. =or e>ample7 PhishingH.9G*.:;?FIeuristics?AmailF9G;0 or F,Amail?IT2B?#anesecurity0H.,Phishing?#pear?
,#pam?#cam0Ja"!0"+KL0H.F9G:.<?#pam9G*.*?F#pear?#camF9G2.* . The multiplication result of the weight and the
penaltybo> valence value will be used for scoring$ if the absolute value of weight is less or e/ual <. Mtherwise the value of
weight is used for scoring. 1t is possible to define negative values to reduce the resulting message score.
12.05.2014 Seite 121 von 134
=or all -bombC- regular e>pressions and -invalid=ormatIeloe-$ -invalidPTe- and -invalid2sg1%e- it is possible to define a
third parameter ,to overwrite the default options0 after the weight like7 PhishingH.9G*.:;?FIeuristics?AmailF9G;07G@J."K5
J."KBJ."K1J."K. The characters and the optional to use . and " have the following functions7
use this rege> ,. 9 only0," 9 never0 for7 @ 9 noprocessing $ 5 9 whitelisted $ B 9 local $ 1 9 1#P mails . #o the line
FIeuristics?AmailF9G;07G@"5"B1 could be read as7 take the rege> with a weight of ;0$ never scan noprocessing mails$ never
scan whitelisted mails$ scan local mails and mails from 1#P(s ,and all others0. The line FIeuristics?AmailF9G3.27G@"5.1 could
be read as7 take the rege> with a weight of 3.2 as factor$ never scan noprocessing mails$ scan only whitelisted mails even if
they are received from an 1#P .
1f the third parameter is not set or any of the @$5$B$1 is not set$ the default configuration for the option will be used unless a
default option string is defined anywhere in a single line in the file in the form )))@5B1))) ,with . or " is possible0.
1f any parameter that allowes the usage of weighted regular e>pressions is set to -block-$ but the sum of the resulting
weighted penalty value is less than the corresponding -Penalty No> Oalence Oalue- ,because of lower weights0 " only scoring
will be done)
1f the regular e>pression optimi!ation is used " ,-perl module ege>p77Mptimi!er- installed and enabled0 " and you want to
disable the optimi!ation for a special regular e>pression ,file based0$ set one line ,eg. the first one0 to a value of (assp"do"not"
optimi!e"rege>( or (a"d"n"o"r( ,without the /uotes0) To disable the optimi!ation for a specific line'rege>$ put PPP in front and
GGG at the end of the line'rege>. To weight such line'rege> write for e>ample7 PPPPhishingH.GGG9G*.:;9G@" or
FPPPIeuristics?AmailGGGF9G;0 or FPPP,Amail?IT2B?#anesecurity0H.,Phishing?#pear?,#pam?#cam0Ja"!0"+KL0
H.GGGF9G:.< .
The literal (#A##1M@1%( will be replaced by the uni/ue message logging 1% in every #2TP error reply.
The literal (2Y@32A( will be replaced by the configuration value defined in (my@ame( in every #2TP error reply.
1f the internal name is shown in light blue like ,uni/ue1%Prefi>0 $ this indicates that the configured value differs from the defaut
value. To show the default value$ move the mouse over the internal name. 3n click on the internal name will reset the value to
the default.
1P ranges are defined as for e>ample *Q2.Q2.*0. R1% notation is accepted ,*Q2.Q2.*0.0'2:0. Iyphenated ranges can be used
,*Q2.Q2.*0.0"*Q2.Q2.*0.2;;0.
Te>t after the range ,and before a numbersign0 will be accepted as comment to be shown in a match. =or e>ample7
*Q2.Q2.*0.0'2: Yahoo Ecomment to be removed
The short notation like *Q2.Q2.*0. is only allowed for 1Pv: addresses$ 1Pv< addresses must be fully defined as for e>ample
220*7*77* or 220*7*77'+<
You may define a hostname instead of an 1P$ in this case the hostname will be replaced by all %@#"resolved 1P"addresses$ each
with a '32 or '*2Q netmask. =or e>ample7
mta;.am0.yahoodns.net Yahoo Ecomment to be removed "G <<.+:.23Q.*:7'32 Yahoo?... Yahoo?... Yahoo
(kill "I&P 7<0( will load settings from disk. (kill "@&207 7<0( will suspend or resume assp. (kill "&#2 7<0( will save settings to
disk.
12.05.2014 Seite 122 von 134
glosar
A
accept3ll2ail " elaying
3ddRonfidenceIeader " Nayesian and Iidden 2arkov
2odel ,I220 Mptions
3ddRustomIeader " #P32 Rontrol 3dd%S12Ieader " Oalidate #ender
3dd1ntended=orIeader " #P32 Rontrol 3ddBevelIeader " #P32 Rontrol
3ddNBIeader " %@#NB 3ddege>Ieader " Bogging
3dd5BIeader " 5hitelisting 3dd#coringIeader " PenaltyNo>
3dd#pamIeader " #P32 Rontrol
3dd#pamProbIeader " Nayesian and Iidden 2arkov
2odel ,I220 Mptions
3dd#pameasonIeader " #P32 Rontrol 3dd#P=Ieader " #P='%23R'##
3dd#ub6ectIeader " #P32 Rontrol 3dd&1NBIeader " &1NB
3dd&1#22yIeader " &1NB adminusersdb " =ile Paths and %atabase
adminusersdb@oN1@ " =ile Paths and %atabase adminusersdbpass " =ile Paths and %atabase
3B32timeout " #erver #etup allBoge " Bogging
allow3dminRonnections=rom " #erver #etup 3llowed%up#ub6ecte " Rollecting
3llow1nternals1nege> " ege> =ilter ' #pambomb allowelayRon " elaying
allow#tatRonnections=rom " #erver #etup allTest2ode " Test2odes
3s3%aemon " #erver #etup 3##P43=RblockAncryptedT1P " 3##P43=R"Plugin
3##P43=R%etect#pam3ttache " 3##P43=R"Plugin 3##P43=Rinsi!e " 3##P43=R"Plugin
3##P43=R2a>T1PBevel " 3##P43=R"Plugin 3##P43=R2#U#1TAscore " 3##P43=R"Plugin
3##P43=Routsi!e " 3##P43=R"Plugin 3##P43=RPriority " 3##P43=R"Plugin
3##P43=ReplNad3ttach " 3##P43=R"Plugin 3##P43=ReplNad3ttachTe>t " 3##P43=R"Plugin
3##P43=ReplOiriParts " 3##P43=R"Plugin 3##P43=ReplOiriPartsTe>t " 3##P43=R"Plugin
3##P43=R#elect " 3##P43=R"Plugin 3##P43=R5eb#cript " 3##P43=R"Plugin
3##P43R%Ndriver " 3##P43R"Plugin 3##P43R%oAncrypt " 3##P43R"Plugin
3##P43Rfield2ap " 3##P43R"Plugin 3##P43RinP3TI " 3##P43R"Plugin
3##P43RBog " 3##P43R"Plugin 3##P43Rmydb " 3##P43R"Plugin
3##P43Rmyhost " 3##P43R"Plugin 3##P43Rmypassword " 3##P43R"Plugin
3##P43Rmytable " 3##P43R"Plugin 3##P43Rmyuser " 3##P43R"Plugin
3##P43RoutP3TI " 3##P43R"Plugin 3##P43RPriority " 3##P43R"Plugin
3##P43R#electRode " 3##P43R"Plugin 3##P43RTip " 3##P43R"Plugin
3##P4%RRRlient1P " 3##P4%RR"Plugin 3##P4%RRRlient@ame " 3##P4%RR"Plugin
3##P4%RRdccifd " 3##P4%RR"Plugin 3##P4%RRhomedir " 3##P4%RR"Plugin
3##P4%RRBog " 3##P4%RR"Plugin 3##P4%RRBogTo " 3##P4%RR"Plugin
3##P4%RRPriority " 3##P4%RR"Plugin 3##P4%RReportTo%RR " 3##P4%RR"Plugin
3##P4%RRTimeout " 3##P4%RR"Plugin 3##P4%RROalencePN " 3##P4%RR"Plugin
3##P4MRA>ec " 3##P4MR"Plugin 3##P4MRBog " 3##P4MR"Plugin
3##P4MRocrma>processes " 3##P4MR"Plugin 3##P4MRocrma>si!e " 3##P4MR"Plugin
3##P4MRPriority " 3##P4MR"Plugin 3##P4a!orBog " 3##P4a!or"Plugin
3##P4a!orBogTo " 3##P4a!or"Plugin 3##P4a!or2a>@ot#pamRonf " 3##P4a!or"Plugin
3##P4a!orPriority " 3##P4a!or"Plugin 3##P4a!orOalencePN " 3##P4a!or"Plugin
asspRfg " #erver #etup asspRfgOersion " #erver #etup
asspRpu3ffinity " #erver #etup asspBog " Bogging
at#pamBovers " #P32 Bover'Iater 3ttachmentArror " 3ttachment Nlocking
3ttachmentBog " Bogging attachTest2ode " Test2odes
auto3ddesendTo5hite " Nlock eporting autoRorrectRorpus " ebuild #pamdb
3utoeloadRfg " #erver #etup 3utoestart " #erver #etup
3utoestart3fterRodeRhange " #erver #etup 3utoestartRmd " #erver #etup
autoestart%iedThreads " #erver #etup 3uto&pdate3##P " #erver #etup
autOalencePN " PenaltyNo> 3vRlamdPort " Rlam3O and =ile#can
3vArror " Rlam3O and =ile#can
12.05.2014 Seite 123 von 134
$
Nack2;0MS1#P " Nackscatter %etection
Nack%@#1nterval " Nackscatter %etection NackBog " Rollecting
Nack@P " Nackscatter %etection NacksctrBog " Bogging
Nack#ctr#erviceProvider " Nackscatter %etection backsctrOalencePN " PenaltyNo>
backup%N%ir " =ile Paths and %atabase backup%N1nterval " =ile Paths and %atabase
Nack5B " Nackscatter %etection Nad3ttachB* " 3ttachment Nlocking
Nad3ttachB2 " 3ttachment Nlocking Nad3ttachB3 " 3ttachment Nlocking
ban=ailed##B1P " ##B Pro>y and TB# support base " =ile Paths and %atabase
N3TOBog " Bogging N3TO#ec " Nackscatter %etection
batvOalencePN " PenaltyNo> baOalencePN " PenaltyNo>
Nayes3fterI22 " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
Nayesian4localMnly " Nayesian and Iidden 2arkov 2odel
,I220 Mptions
NayesianBog " Bogging
Nayes2a>ProcessTime " Nayesian and Iidden 2arkov
2odel ,I220 Mptions
Nayes@P " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
Nayes5B " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
baysRonf " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
baysRonfidenceIalf#core " Nayesian and Iidden 2arkov
2odel ,I220 Mptions
bayslocalOalencePN " PenaltyNo> bays@on#pamBog " Rollecting
baysProbability " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
bays#pamIaters " #P32 Bover'Iater
bays#pamBog " Rollecting bays#pamBovers " #P32 Bover'Iater
bays#pamBoverse " #P32 Bover'Iater bays#pamBoversed " #P32 Bover'Iater
baysTest2ode " Test2odes baysTest2ode&ser3ddresses " Test2odes
baysOalencePN " PenaltyNo> bccOalencePN " PenaltyNo>
Nerkeley%N4%NAngine " blackBisted%omains " Oalidate #ender
blacke " ege> =ilter ' #pambomb blacke2a>Iits " ege> =ilter ' #pambomb
black#enderNase " #enderNase ' 5hois blackOalencePN " PenaltyNo>
bl%omainBog " Rollecting NlockA>es " 3ttachment Nlocking
Nlock2a>#earchTime " Nlock eporting Nlock@PA>es " 3ttachment Nlocking
Nlockep=orwIost " Nlock eporting Nlockeport=ile " Nlock eporting
Nlockeport=ilter " Nlock eporting Nlockeport=ormat " Nlock eporting
NlockeportITTP@ame " Nlock eporting Nlockeport@ow " Nlock eporting
Nlockeport#chedule " Nlock eporting NlockesendBink " Nlock eporting
NlockesendBinkBeft " Nlock eporting NlockesendBinkight " Nlock eporting
blockstrict#P=e " #P='%23R'## Nlock&uencoded " 3ttachment Nlocking
Nlock5BA>es " 3ttachment Nlocking bl#pamBovers " #P32 Bover'Iater
blTest2ode " Test2odes blOalencePN " PenaltyNo>
bombRhar#ets " ege> =ilter ' #pambomb bomb%atae " ege> =ilter ' #pambomb
bomb%atae2a>Iits " ege> =ilter ' #pambomb bombArror " ege> =ilter ' #pambomb
bombArroreason " ege> =ilter ' #pambomb bombIeadere " ege> =ilter ' #pambomb
bombIeadere2a>Iits " ege> =ilter ' #pambomb NombBog " Bogging
bomb2a>PenaltyOal " ege> =ilter ' #pambomb bombe " ege> =ilter ' #pambomb
bombe1#P1P " ege> =ilter ' #pambomb bombeBocal " ege> =ilter ' #pambomb
bombe2a>Iits " ege> =ilter ' #pambomb bombe@P " ege> =ilter ' #pambomb
bombe5B " ege> =ilter ' #pambomb bomb#endere " ege> =ilter ' #pambomb
bomb#kipIeaderTage " ege> =ilter ' #pambomb bomb#pamBovers " #P32 Bover'Iater
bomb#ub6ecte " ege> =ilter ' #pambomb bomb#uspiciouse " ege> =ilter ' #pambomb
bomb#uspiciousOalencePN " PenaltyNo> bombTest2ode " Test2odes
bombOalencePN " PenaltyNo> Nounce#enders " elaying
Ratch3ll " ecipients'Bocal %omains Ratch3ll3ll " ecipients'Bocal %omains

Ratchallall1#P2@&BB " ecipients'Bocal %omains ccIam=ilter " Ropy #pam 8 Iam
cc2aileplaceecpt " Ropy #pam 8 Iam cc2a>Nytes " Ropy #pam 8 Iam
12.05.2014 Seite 124 von 134
cc2a>#core " Ropy #pam 8 Iam ccnIam=ilter " Ropy #pam 8 Iam
cc#pam3lways " Ropy #pam 8 Iam cc#pam=ilter " Ropy #pam 8 Iam
cc#pam1n%omain " Ropy #pam 8 Iam cc#pam@evere " Ropy #pam 8 Iam
Rhangeoot " #erver #etup check=ilePermMn#tart " #erver #etup
Rlam3ONytes " Rlam3O and =ile#can Rlam3Otimeout " Rlam3O and =ile#can
RleanRacheAvery " #erver #etup Rlean%elay%N1nterval " %elaying'Ureylisting
RleanPN1nterval " PenaltyNo> RonfigRhange#chedule " #erver #etup
RonnectionBog " Bogging RonnectionTransferTimeMut " #erver #etup
RonsoleRharset " #erver #etup contentMnlye " elaying
RonTimeMut%ebug " Bogging convert@P " Rhar Ronversions ' T@A=
RonvBog " Bogging copy%NToMrgBoc " =ile Paths and %atabase
correctednotspam " =ile Paths and %atabase correctedspam " =ile Paths and %atabase
RountryRodeNlockede " #enderNase ' 5hois RountryRodee " #enderNase ' 5hois
D
%ataNase%ebug " Bogging %NRache2a>3ge " =ile Paths and %atabase
%Ndriver " =ile Paths and %atabase debug " Bogging
debugRode " Bogging debug1P " Bogging
debug@o5riteNody " Bogging debuge " Bogging
%ebug#P= " #P='%23R'## defaultBocalIost " elaying
%elay3ddIeader " %elaying'Ureylisting delaydb " =ile Paths and %atabase
%elayAmbargoTime " %elaying'Ureylisting %elayArror " %elaying'Ureylisting
%elayA>pireMn#pam " %elaying'Ureylisting %elayA>piryTime " %elaying'Ureylisting
%elay1P " 1P Nlocking %elay1PTime " 1P Nlocking
%elayBog " Bogging %elay2%; " %elaying'Ureylisting
%elay@ormali!eOAPs " %elaying'Ureylisting %elay@P " %elaying'Ureylisting
%elay#how%N " %elaying'Ureylisting %elay#how%Nwhite " %elaying'Ureylisting
%elay#B " %elaying'Ureylisting delay#pamBovers " #P32 Bover'Iater
%elay&se@etblocks " %elaying'Ureylisting %elay5aitTime " %elaying'Ureylisting
%elay5ith2y@ame " %elaying'Ureylisting %elay5B " %elaying'Ureylisting
%elesend#pam " Nlock eporting deny#2TPRonnections=rom " 1P Nlocking
deny#2TPRonnections=rom3lways " 1P Nlocking deny#2TPBog " Bogging
deny#2TPstrictAarly " 1P Nlocking detect2ailBoop " #2TP #ession Bimits
%isableA>t3&TI " @etwork #etup %isable#2TP@etworking " @etwork #etup
%isableO=Y " ecipients'Bocal %omains discarded " =ile Paths and %atabase
%S12Rache1nterval " Oalidate #ender %S12genRonfig " elaying
%S12Bog " Rollecting %S12logging " Bogging
dkimMkOalencePN " PenaltyNo> dkimTest2ode " Test2odes
dkimOalencePN " PenaltyNo> %23Report=rom " #P='%23R'##
%@#esponseBog " %@# #etup %@#retrans " %@# #etup
%@#retry " %@# #etup %@#euse#ocket " %@# #etup
%@##ervers " %@# #etup %@#timeout " %@# #etup
%o3dditional3naly!e " Amail 1nterface %o3##P43=R " 3##P43=R"Plugin
%o3##P43R " 3##P43R"Plugin %o3##P4%RR " 3##P4%RR"Plugin
%o3##P4MR " 3##P4MR"Plugin %o3##P4a!or " 3##P4a!or"Plugin
%oNack#ctr " Nackscatter %etection %oN3TO " Nackscatter %etection
%oNayesian " Nayesian and Iidden 2arkov 2odel ,I220
Mptions
%oNlack%omain " Oalidate #ender
%oNlack%omain@P " Oalidate #ender %oNlack%omain5B " Oalidate #ender
%oNlacke " ege> =ilter ' #pambomb %oNlockA>es " 3ttachment Nlocking
%oNombIeadere " ege> =ilter ' #pambomb %oNombe " ege> =ilter ' #pambomb
%oRountryNlocking " #enderNase ' 5hois %o%amping " PenaltyNo>
%o%eny#2TP " 1P Nlocking %o%eny#2TPstrict " 1P Nlocking
%o%S12 " Oalidate #ender do%S12Ronv " Rhar Ronversions ' T@A=
%o%omainRheck " Oalidate #ender %o%omain1P " 1P Nlocking
%o%ropBist " 1P Nlocking %oA>tremeA>port " PenaltyNo>
%oA>tremeA>port3ppend " PenaltyNo> %o=akedBocalIelo " Oalidate Ielo
12.05.2014 Seite 125 von 134
DoFakedNP - Validate Helo DoFakedUseLocalDomain - Validate Helo
DoFakedWL - Validate Helo DoFileScan - ClamAV and FileScan
DoFrequencyIP - IP lockin! Do"lo#allack - "lo#al Penaltyo$
Do"lo#alW%ite - "lo#al Penaltyo$ DoHeaderAddrC%eck - &eci'ients(Local Domains
DoHeloNP - Validate Helo DoHeloWL - Validate Helo
DoH)) - ayesian and Hidden )arko* )odel +H)),
-'tions
DoIma!eASSP.-C& - ASSP.-C&-Plu!in
doInFi$/N0F - C%ar Con*ersions ( /N0F DoIn*alidFormatHelo - Validate Helo
DoIn*alidP/& - Validate Sender DoIPinHelo - Validate Helo
DoLDAP - &eci'ients(Local Domains DoLDAPSSL - LDAP Setu'
DoLocalSenderAddress - &elayin! DoLocalSenderDomain - &elayin!
Do)a$Du'&c't - &eci'ients(Local Domains do)o*e1Num - &e#uild S'amd#
Do)s!ID - Validate Sender Do)S"IDsi! - ackscatter Detection
DoNoFrom - Validate Sender DoNoFromNP - Validate Sender
DoNoFromWL - Validate Sender DoNoS'oo2in! - Validate Sender
DoNoS'oo2in!3From - Validate Sender DoNotlockCollect - Collectin!
DoNotCollectounces - Collectin! DoNotCollect&edList - Collectin!
DoNotCollect&ed&e - Collectin! DoNotPenali4eNull - Penaltyo$
DoNotPenali4e&ed - Penaltyo$ DoNoValidLocalSender - Validate Sender
Do-r!lockin! - Senderase ( W%ois Do-r!W%itin! - Senderase ( W%ois
do-utFi$/N0F - C%ar Con*ersions ( /N0F DoPDFIma!eASSP.-C& - ASSP.-C&-Plu!in
DoPDF/e$tASSP.-C& - ASSP.-C&-Plu!in DoPenalty - Penaltyo$
DoPenalty0$treme - Penaltyo$ DoPenalty0$tremeS)/P - Penaltyo$
DoPenalty)ake/ra's - Penaltyo$ DoPenalty)essa!e - Penaltyo$
DoPri*atS'amd# - ayesian and Hidden )arko* )odel
+H)), -'tions
Do&e*ersed - Validate Sender
Do&e*ersedNP - Validate Sender Do&e*ersedWL - Validate Sender
Do&FC511 - &eci'ients(Local Domains DoSameSu#6ect - S)/P Session Limits
DoScri't&e - &e!e$ Filter ( S'am#om# DoSenderase - Senderase ( W%ois
DoSim'le/e$tASSP.-C& - ASSP.-C&-Plu!in DoSPFinHeader - SPF(D)A&C(S&S
DoStrictD7I) - Validate Sender Do/89Stat - lock &e'ortin!
Do/est&e - &e!e$ Filter ( S'am#om# Do/LS - SSL Pro$y and /LS su''ort
Do/ransliterate - &e!e$ Filter ( S'am#om# DoValidFormatHelo - Validate Helo
DoV&F: - &eci'ients(Local Domains do;nloadackDNSFile - ackscatter Detection
dro'list - File Pat%s and Data#ase
E
0mailAdminDomains - lock &e'ortin!
0mailAdmin&e'orts/o - 0mail Inter2ace 0mailAdmins - 0mail Inter2ace
0mailAllo;0qual - 0mail Inter2ace 0mailAnaly4e - 0mail Inter2ace
0mailAnaly4e&e'ly - 0mail Inter2ace 0mailAnaly4e/o - 0mail Inter2ace
0maillackAdd - 0mail Inter2ace 0maillack&emo*e - 0mail Inter2ace
0maillack&e'ly - 0mail Inter2ace 0maillack/o - 0mail Inter2ace
0maillock&e'ly - lock &e'ortin! 0maillock&e'ort - lock &e'ortin!
0maillock&e'ortDomain - lock &e'ortin! 0maillock/o - lock &e'ortin!
0mail0rrors)odi2yNoP - 0mail Inter2ace 0mail0rrors)odi2yPerslack - 0mail Inter2ace
0mail0rrors)odi2yW%ite - 0mail Inter2ace 0mail0rrors&e'ly - 0mail Inter2ace
0mail0rrors/o - 0mail Inter2ace 0mailFor;ard&e'orted/o - 0mail Inter2ace
0mailFrom - 0mail Inter2ace 0mailHam - 0mail Inter2ace
0mailHel' - 0mail Inter2ace 0mailInter2ace-k - 0mail Inter2ace
0mailNoProcessin!Add - 0mail Inter2ace 0mailNoProcessin!&emo*e - 0mail Inter2ace
0mailNoProcessin!&e'ly - 0mail Inter2ace 0mailNoProcessin!/o - 0mail Inter2ace
0mailPerslackAdd - 0mail Inter2ace 0mailPerslack&emo*e - 0mail Inter2ace
0mail&edlistAdd - 0mail Inter2ace 0mail&edlist&emo*e - 0mail Inter2ace
0mail&edlist&e'ly - 0mail Inter2ace 0mail&edlist/o - 0mail Inter2ace
0mail&e'ortDestination - 0mail Inter2ace 0mail&esend&equester - lock &e'ortin!
0mailSenderI!nore - 0mail Inter2ace 0mailSenderNo&e'ly - 0mail Inter2ace
0mailSenderNot-7 - 0mail Inter2ace 0mailSender-7 - 0mail Inter2ace
12.05.2014 Seite 126 von 134
0mailS'am - 0mail Inter2ace 0mailS'amLo*erAdd - 0mail Inter2ace
0mailS'amLo*er&emo*e - 0mail Inter2ace 0mailS'amLo*er&e'ly - 0mail Inter2ace
0mailS'amLo*er/o - 0mail Inter2ace 0mailVirus&e'ortsHeader - ClamAV and FileScan
0mailVirus&e'orts/o - ClamAV and FileScan 0mailVirus&e'orts/o&CP/ - ClamAV and FileScan
0mailW%itelistAdd - 0mail Inter2ace 0mailW%itelist&emo*e - 0mail Inter2ace
0mailW%itelist&e'ly - 0mail Inter2ace 0mailW%itelist/o - 0mail Inter2ace
0mailW%ite&emo*al/o&ed - SPA) Control 0na#lean!Pat% - &eci'ients(Local Domains
ena#leCF"S%are - Con2i!uration Sync%roni4ation and
S%arin!
0na#leDelayin! - Delayin!("reylistin!
0na#leFloatin!)enu - Ser*er Setu' ena#le"ra'%Stats - Ser*er Setu'
0na#leHi!%Per2ormance - Ser*er Setu' 0na#leH//PCom'ression - Ser*er Setu'
ena#leIN0/< - Net;ork Setu' 0na#leInternalNamesInDesc - Ser*er Setu'
ena#leSPF#ack!round - SPF(D)A&C(S&S 0na#leS&S - SPF(D)A&C(S&S
ena#leWe#AdminSSL - Ser*er Setu' ena#leWe#StatSSL - Ser*er Setu'
ena#leW%ois - Senderase ( W%ois 0n2orceAut% - Net;ork Setu'
en%anced-ri!inIPDetect - IP lockin! erValenceP - Penaltyo$
etValenceP - Penaltyo$ e$'andedLo!!in! - Lo!!in!
e$'ortDDir - File Pat%s and Data#ase e$'ort0$tremelack - Penaltyo$
e$'ortInter*al - Penaltyo$ 0$'ort)ysqlD - File Pat%s and Data#ase
e$tAttac%Lo! - Collectin! 0$tralock&e'ortLo! - lock &e'ortin!
0$treme0$'iration - Penaltyo$ 0$tremeNP - Penaltyo$
0$tremeWL - Penaltyo$
F
2#mt*ValenceP - Penaltyo$
2%/est)ode - /est)odes 2%ValenceP - Penaltyo$
2ileLo!!in! - Lo!!in! FileScanad - ClamAV and FileScan
FileScanC)D - ClamAV and FileScan FileScanDir - ClamAV and FileScan
FileScan"ood - ClamAV and FileScan FileScan&es'&e - ClamAV and FileScan
FilesDistri#ution - Collectin! 2illU'Im'ortDDir - File Pat%s and Data#ase
2i'%mValenceP - Penaltyo$ 2i'%ValenceP - Penaltyo$
2ls/est)ode - /est)odes 2lValenceP - Penaltyo$
ForceFakedLocalHelo - Validate Helo 2orceLDAPcrossC%eck - LDAP Setu'
ForceNoValidLocalSender - Validate Sender Force&LCac%e - DNSL
2orce&e#uildDo;n!rade - &e#uild S'amd# ForceValidateHelo - Validate Helo
2or!edHeloLo! - Collectin! Freeu')emory"ar#a!e - Ser*er Setu'
2reqNonS'am - Collectin! 2reqS'am - Collectin!
G
!enD7I) - &elayin! !lo#allack0$'iration - "lo#al Penaltyo$
!lo#alClientLicDate - "lo#al Penaltyo$ !lo#alClientName - "lo#al Penaltyo$
!lo#alClientPass - "lo#al Penaltyo$ !lo#al&e!isterU&L -
!lo#alU'loadU&L - !lo#alValenceP - "lo#al Penaltyo$
!lo#alW%ite0$'iration - "lo#al Penaltyo$ "oodAttac% - Attac%ment lockin!
"PautoLi#U'date - "lo#al Penaltyo$ "PDo;nloadLists - "lo#al Penaltyo$
"reedyW%itelistAdditions - W%itelistin! !ri'list - File Pat%s and Data#ase
!ri'ValenceP - Penaltyo$ "rou's - "rou' de2inition
!rou'S'amLo*ers - SPA) Lo*er(Hater "rou's&eload0*ery - "rou' de2inition
H
Header)a$Len!t% - S)/P Session Limits %elolacklistI!nore - Validate Helo
%ideAl'%aInde$ - Ser*er Setu' HideIPandHelo - Ser*er Setu'
%iS'amLo*ers - SPA) Lo*er(Hater %lS'amHaters - SPA) Lo*er(Hater
%lS'amLo*ers - SPA) Lo*er(Hater %l/est)ode - /est)odes
%lValenceP - Penaltyo$ H))localValenceP - Penaltyo$
12.05.2014 Seite 127 von 134
H))usesD - ayesian and Hidden )arko* )odel +H)),
-'tions
H))ValenceP - Penaltyo$
%ost1IPmin//L - Ser*er Setu' %tt'&equireCookies - Ser*er Setu'
I
iaValenceP - Penaltyo$ idleValenceP - Penaltyo$
idValenceP - Penaltyo$ i2ValenceP - Penaltyo$
i!noreDVersion)iss)atc% - ayesian and Hidden )arko*
)odel +H)), -'tions
I!nore)I)00rrors - Lo!!in!
i%/est)ode - /est)odes i%ValenceP - Penaltyo$
im'ortDDir - File Pat%s and Data#ase Im'ort)ysqlD - File Pat%s and Data#ase
inC%rSetCon* - C%ar Con*ersions ( /N0F incl&esendLink - lock &e'ortin!
incomin!-k)ail - File Pat%s and Data#ase Inde$SlideS'eed - Ser*er Setu'
InternalAddresses - &eci'ients(Local Domains InternalAndW%iteAddresses - &eci'ients(Local Domains
in*alidFormatHelo&e - Validate Helo in*alidHeloLo! - Collectin!
in*alid)s!ID&e - Validate Sender in*alidP/&&e - Validate Sender
I-0n!ine - Ser*er Setu' i'lValenceP - Penaltyo$
i'matc%Lo!!in! - Lo!!in! irValenceP - Penaltyo$
is'!ri'*alue - &elayin! is'Hostnames - &elayin!
is'i' - &elayin!
isS%are)aster - Con2i!uration Sync%roni4ation and
S%arin!
isS%areSla*e - Con2i!uration Sync%roni4ation and S%arin! isS'amLo*ers - SPA) Lo*er(Hater
isValenceP - Penaltyo$
K
kee'In/N0F - C%ar Con*ersions ( /N0F
kee'-ut/N0F - C%ar Con*ersions ( /N0F
L
LDAPcrossC%eckInter*al - LDAP Setu'
LDAPFail - LDAP Setu' LDAPFilter - LDAP Setu'
LDAPHost - LDAP Setu' lda'listd# - File Pat%s and Data#ase
LDAPLo! - Lo!!in! LDAPLo!in - LDAP Setu'
LDAPPass;ord - LDAP Setu' LDAP&oot - LDAP Setu'
LDAPS%o;D - LDAP Setu' LDAPtimeout - LDAP Setu'
LDAPVersion - LDAP Setu' ldLDAP - &elayin!
ldLDAPFilter - LDAP Setu' ldLDAP&oot - LDAP Setu'
listenPort - Net;ork Setu' listenPort1 - Net;ork Setu'
listenPortSSL - Net;ork Setu' LocalAddresses.Flat - &eci'ients(Local Domains
LocalAddresses.Flat.Domains - &eci'ients(Local Domains LocalAddressesNP - &eci'ients(Local Domains
localackDNSFile - ackscatter Detection localDomains - &eci'ients(Local Domains
LocalFrequencyInt - &elayin! LocalFrequencyNum&c't - &elayin!
LocalFrequency-nly - &elayin! localnoDelayAddresses - Delayin!("reylistin!
LocalPolicySPF - SPF(D)A&C(S&S Lo!DateFormat - Lo!!in!
Lo!DateLan! - Lo!!in! lo!2ile - File Pat%s and Data#ase
Lo!NameDate - Lo!!in! Lo!&ollDays - Lo!!in!
M
maillo!0$t - File Pat%s and Data#ase )aillo!/ailytes - Ser*er Setu'
)aillo!/ail=um' - Ser*er Setu' )aintayesCollection - Collectin!
)aintenanceLo! - Lo!!in! )aint/%readCycle/ime - Ser*er Setu'
)a$Allo;edDu's - Collectin! )a$AU/H0rrors - S)/P Session Limits
)a$ayesFileA!e - Collectin!
ma$ayesValues - ayesian and Hidden )arko* )odel
+H)), -'tions
ma$om#Searc%/ime - &e!e$ Filter ( S'am#om# )a$ytes - Collectin!
12.05.2014 Seite 128 von 134
)a$ytes&e'orts - Collectin! )a$CorrectedDays - Collectin!
ma$Dam'in!/ime - Penaltyo$ ma$DNS&es'Dist - DNS Setu'
)a$Du'&c't - &eci'ients(Local Domains )a$0qual>Header - S)/P Session Limits
)a$0rrors - S)/P Session Limits )a$FileA!eSc%edule - Collectin!
)a$FileNameLen!t% - Collectin! )a$Files - Collectin!
)a$FinConWait/ime - Ser*er Setu' )a$7ee'Deleted - &e#uild S'amd#
)a$LDAPlistDays - LDAP Setu' )a$Lo!A!e - File Pat%s and Data#ase
)a$Lo!A!eSc%edule - File Pat%s and Data#ase )a$NoayesFileA!e - Collectin!
ma$&ealSi4e - S)/P Session Limits )a$&ealSi4eAdr - S)/P Session Limits
ma$&ealSi4e0rror - S)/P Session Limits ma$&ealSi4e0$ternal - S)/P Session Limits
)a$&ealSi4e0$ternalAdr - S)/P Session Limits ma$Si4e - S)/P Session Limits
)a$Si4eAdr - S)/P Session Limits ma$Si4e0rror - S)/P Session Limits
ma$Si4e0$ternal - S)/P Session Limits )a$Si4e0$ternalAdr - S)/P Session Limits
ma$S)/PdomainIP - IP lockin! ma$S)/PdomainIP0$'iration - IP lockin!
ma$S)/PdomainIPWL - IP lockin! ma$S)/Pi'Connects - IP lockin!
ma$S)/Pi'Duration - IP lockin! ma$S)/Pi'0$'iration - IP lockin!
ma$S)/Pi'Sessions - S)/P Session Limits ma$S)/PSessions - S)/P Session Limits
ma$Su#6ectLen!t% - &e!e$ Filter ( S'am#om# )a$V&F:0rrors - &eci'ients(Local Domains
)a$W%itelistDays - W%itelistin! mdrValenceP - Penaltyo$
)emoryUsa!eC%eckSc%edule - Ser*er Setu' )emoryUsa!eLimit - Ser*er Setu'
)essa!eLo! - Lo!!in! meValenceP - Penaltyo$
midiValenceP - Penaltyo$ midmValenceP - Penaltyo$
midsValenceP - Penaltyo$ )inPoll/ime - Ser*er Setu'
)onitor)ain/%read - Ser*er Setu' )S"ID're/a! - ackscatter Detection
)S"IDSec - ackscatter Detection )S"IDsi!Addresses - ackscatter Detection
)S"IDsi!Lo! - Lo!!in! )s!Score-n0nd - Penaltyo$
ms/est)ode - /est)odes msValenceP - Penaltyo$
)>ACac%eInter*al - Validate Sender m$aS'amLo*ers - SPA) Lo*er(Hater
m$a/est)ode - /est)odes m$aValenceP - Penaltyo$
m$ValenceP - Penaltyo$ )yCountryCode&e - Senderase ( W%ois
myd# - File Pat%s and Data#ase my"reetin! - Ser*er Setu'
myHelo - Ser*er Setu' my%ost - File Pat%s and Data#ase
myName - Ser*er Setu' myNameAlso - Ser*er Setu'
my'ass;ord - File Pat%s and Data#ase mySer*er&e - Validate Helo
mysqlSla*e)ode - File Pat%s and Data#ase myuser - File Pat%s and Data#ase
N
ne;&e'ortedInter*al - &e#uild S'amd# NoAU/HlistenPorts - Net;ork Setu'
NoAutoW%ite - W%itelistin! NoAutoW%iteAdresses - W%itelistin!
noackSctrAddresses - ackscatter Detection noackSctrIP - ackscatter Detection
noackSctr&e - ackscatter Detection noanFailedSSLIP - SSL Pro$y and /LS su''ort
noayesian - ayesian and Hidden )arko* )odel +H)),
-'tions
noayesian.local - ayesian and Hidden )arko* )odel
+H)), -'tions
nolockin!IPs - IP lockin! noom#Scri't - &e!e$ Filter ( S'am#om#
noCollectin! - Collectin! noCollect&e - Collectin!
NoCountryCode&e - Senderase ( W%ois noDelay - Delayin!("reylistin!
noDelayAddresses - Delayin!("reylistin! noD7I)Addresses - Validate Sender
noD7I)IP - Validate Sender noD)A&C&e'ortDomain - SPF(D)A&C(S&S
No0$ternalS'amPro# - SPA) Control no0$tremeP - Penaltyo$
no0$tremePAddresses - Penaltyo$ no2romValenceP - Penaltyo$
no"ri'listDo;nload - SPA) Control no"ri'listU'load - SPA) Control
noHelo - Validate Helo nolocalDomains - &elayin!
NoLocalFrequency - &elayin! NoLocalFrequencyIP - &elayin!
noLo! - Lo!!in! noLo!Line&e - Lo!!in!
noLo!&e - Lo!!in! No)aillo! - Collectin!
no)a$AU/H0rrorIPs - S)/P Session Limits no)a$S)/PSessions - S)/P Session Limits
no)oduleAutoU'date - Ser*er Setu' no)s!ID - Validate Sender
12.05.2014 Seite 129 von 134
no)S"IDsi!&e - ackscatter Detection NoNoti2y&e - Lo!!in!
NonS'amLo! - Collectin! noP - Penaltyo$
noP;%ite - Penaltyo$ noPenalty)ake/ra's - Penaltyo$
noProcessin! - No Processin! noProcessin!Domains - No Processin!
noProcessin!From - No Processin! noProcessin!IPs - No Processin!
noProcessin!Lo! - Collectin! no&L - DNSL
no&ed)S"IDsi! - ackscatter Detection No&elayin! - &elayin!
no&WL - W%itelistin! noScan - ClamAV and FileScan
noScanIP - ClamAV and FileScan NoScan&e - ClamAV and FileScan
noSPF&e - SPF(D)A&C(S&S noS'oo2in!C%eckDomain - Validate Sender
noS'oo2in!C%eckIP - Validate Sender noS&S - SPF(D)A&C(S&S
NoSu#6ectFrequency - S)/P Session Limits NoSu#6ectFrequencyIP - S)/P Session Limits
Not"reedyW%itelist - W%itelistin! Noti2y - Lo!!in!
Noti2y&e - Lo!!in! no/LSIP - SSL Pro$y and /LS su''ort
No/LSlistenPorts - SSL Pro$y and /LS su''ort nots'amlo! - File Pat%s and Data#ase
noU&IL - U&IL NoValid&eci'ient - &eci'ients(Local Domains
n'Attac%Lo! - Collectin! n'&e - No Processin!
n'Si4e - No Processin! n'Si4e-ut - No Processin!
N'Wl/ime-ut - S)/P Session Limits NullAddresses - &eci'ients(Local Domains
NumComWorkers - Ser*er Setu'
O
okValenceP - Penaltyo$
onlyS'oo2in!C%eckDomain - Validate Sender onlyS'oo2in!C%eckIP - Validate Sender
-rdered/ieHas%/a#leSi4e - Ser*er Setu' outC%rSetCon* - C%ar Con*ersions ( /N0F
-ut!oin!u2Si4eNe; - Ser*er Setu'
P
'#d# - Penaltyo$
'#eValenceP - Penaltyo$ '#S'amLo*ers - SPA) Lo*er(Hater
'#/est)ode - /est)odes P/ra'Inter*al - Penaltyo$
'#ValenceP - Penaltyo$ '#;ValenceP - Penaltyo$
PenaltyDuration - Penaltyo$ Penalty0rror - Penaltyo$
Penalty0$'iration - Penaltyo$ Penalty0$treme - Penaltyo$
Penalty0$tremeLo! - Lo!!in! PenaltyLimit - Penaltyo$
PenaltyLo! - Lo!!in! Penalty)ake/ra's - Penaltyo$
Penalty)essa!eLimit - Penaltyo$ Penalty)essa!eLo; - Penaltyo$
Penalty/ra'Polite - Penaltyo$ PenaltyUseNet#locks - Penaltyo$
Per2ormanceLo! - Lo!!in! 'ers#lackd# - File Pat%s and Data#ase
'id2ile - File Pat%s and Data#ase P-P?Con2i!File - P-P? Collectin!
P-P?de#u! - P-P? Collectin! P-P?2ork - P-P? Collectin!
P-P?Inter*al - P-P? Collectin! P-P?7ee'&e6ected - P-P? Collectin!
Po'3S)/PFile - &elayin! Po'3S)/P)erak - &elayin!
'o/est)ode - No Processin! PreAlloc)em - Ser*er Setu'
'reHeader&e - &e!e$ Filter ( S'am#om# 're*entulkIm'ort - File Pat%s and Data#ase
'rocess-nlyAddresses - No Processin! 'rocW%iteASSP.DCC - ASSP.DCC-Plu!in
'rocW%iteASSP.-C& - ASSP.-C&-Plu!in 'rocW%iteASSP.&a4or - ASSP.&a4or-Plu!in
Pro$yCon2 - SSL Pro$y and /LS su''ort 'ro$y'ass - Ser*er Setu'
'ro$yser*er - Ser*er Setu' 'ro$yuser - Ser*er Setu'
'tiValenceP - Penaltyo$ 'tmValenceP - Penaltyo$
P/&Cac%eInter*al - Validate Sender 'trS'amLo*ers - SPA) Lo*er(Hater
'tr/est)ode - /est)odes
Q
@ueueSc%edule - lock &e'ortin!
@ueueUserlock&e'orts - lock &e'ortin!
12.05.2014 Seite 130 von 134
R
RBLCacheExp - DNSBL
RBLError - DNSBL RBLFailLog - Collecting
RBLLog - Logging RBLmaxhits - DNSBL
RBLmaxreplies - DNSBL RBLmaxtime - DNSBL
RBLmaxweight - DNSBL rblnValencePB - PenaltyBox
RBLSericeProi!er - DNSBL RBLsoc"time - DNSBL
rblSpam#aters - SP$% Loer&#ater rblSpamLoers - SP$% Loer&#ater
rbl'est%o!e - 'est%o!es rblValencePB - PenaltyBox
RBL(L - DNSBL Reb)il!File'imeLimit - Reb)il! Spam!b
Reb)il!Noti*y - Reb)il! Spam!b Reb)il!Sche!)le - Reb)il! Spam!b
Reb)il!'est%o!e - Reb)il! Spam!b Reb)il!'hrea!Cycle'ime - Serer Set)p
re!list!b - File Paths an! Database re!Re - SP$% Control
RegExLength - Logging regexLogging - Logging
Re+ect'heseLocal$!!resses - Recipients&Local Domains relay$)thPass - Relaying
relay$)th,ser - Relaying relay#ost - Relaying
relayPort - Relaying Reloa!-ptionFiles - Serer Set)p
Remember.,/Pos - Serer Set)p remin!B$'V'ag - Bac"scatter Detection
remoeB$'V'ag - Bac"scatter Detection remoeDispositionNoti*ication - Vali!ate Sen!er
remoeForeignBCC - Recipients&Local Domains Replace-l!Spam!b - Reb)il! Spam!b
ReplaceRecpt - Recipients&Local Domains replyLogging - Logging
ReportLog - Logging resen!mail - File Paths an! Database
Resere!-)tbo)n!(or"ers - Serer Set)p RestartEery - Serer Set)p
ReStartSche!)le - Serer Set)p rlValencePB - PenaltyBox
r)n$s.ro)p - Serer Set)p r)n$s,ser - Serer Set)p
R)nReb)il!Now - Reb)il! Spam!b R(LCache/nteral - (hitelisting
R(LLog - Logging R(Lmaxreplies - (hitelisting
R(Lmaxtime - (hitelisting R(Lminhits - (hitelisting
R(LSericeProi!er - (hitelisting R(Lwhitelisting - (hitelisting
S
saValencePB - PenaltyBox SaeStatsEery - Serer Set)p
SBCacheExp - Sen!erBase & (hois sb*ccValencePB - PenaltyBox
sbhccValencePB - PenaltyBox sbnValencePB - PenaltyBox
sborgValencePB - PenaltyBox sbsccValencePB - PenaltyBox
sbSpamLoers - SP$% Loer&#ater sb'est%o!e - Sen!erBase & (hois
ScanCC - Clam$V an! FileScan ScanLocal - Clam$V an! FileScan
ScanLog - Logging ScanNP - Clam$V an! FileScan
Scan(L - Clam$V an! FileScan Sche!)leLog - Logging
ScoreForeignCo)ntries - Sen!erBase & (hois scriptError - Regex Filter & Spambomb
scriptLog - Collecting scriptRe - Regex Filter & Spambomb
scriptRe%ax#its - Regex Filter & Spambomb script'est%o!e - 'est%o!es
scriptValencePB - PenaltyBox sen!012-3 - Serer Set)p
sen!012-3/SP - Relaying sen!$ll$b)se - Recipients&Local Domains
sen!$ll$b)seNP - Recipients&Local Domains sen!$llCollect - Collecting
sen!$llDestination - Copy Spam 4 #am sen!$ll#amDestination - Copy Spam 4 #am
sen!$llPostmaster - Recipients&Local Domains sen!$llPostmasterNP - Recipients&Local Domains
sen!$llSpam - Copy Spam 4 #am sen!E#L- - SSL Proxy an! 'LS s)pport
Sen!erBaseLog - Logging Sen!er/nali!Error - Vali!ate Sen!er
sen!#am/nbo)n! - Copy Spam 4 #am sen!#am-)tbo)n! - Copy Spam 4 #am
sen!Noop/n*o - Logging SepChar - Recipients&Local Domains
SessionLog - Logging setFilePerm-nStart - Serer Set)p
Showmaxreplies - Logging ShowPer*ormanceData - Serer Set)p
SignalLog - Logging silent - Logging
slmatchLogging - Logging smtp$)thSerer - Networ" Set)p
12.05.2014 Seite 131 von 134
smtpDestination - Networ" Set)p smtpDestinationR' - Networ" Set)p
smtpDestinationSSL - Networ" Set)p smtp/!le'imeo)t - S%'P Session Limits
smtpN--P/!le'imeo)t - S%'P Session Limits smtpN--P/!le'imeo)tCo)nt - S%'P Session Limits
smtpSSLRe5)ireClientCert - SSL Proxy an! 'LS s)pport SN%P - SN%P Con*ig)ration
SN%P$gent6Soc"et - SN%P Con*ig)ration SN%PBase-/D - SN%P Con*ig)ration
SN%PLog - Logging SN%Pret)rnB--L - SN%P Con*ig)ration
SN%P,ser - SN%P Con*ig)ration SN%Pwriteable - SN%P Con*ig)ration
spama!!resses - Collecting spamBombLog - Collecting
spamB)c"etLog - Collecting spam!b - File Paths an! Database
SpamError - SP$% Control spam#aters - SP$% Loer&#ater
spam#eloLog - Collecting spam/SLog - Collecting
SpamLog - Collecting spamLoers - SP$% Loer&#ater
SpamLoersRe - SP$% Loer&#ater spam%SLog - Collecting
spam%6$Log - Collecting spamPBLog - Collecting
spamP'RLog - Collecting spamSBLog - Collecting
spamS)b+ect - 'est%o!es spamS)b+ectCC - Copy Spam 4 #am
spamS)b+ectSL - SP$% Loer&#ater spam'ag - 'est%o!es
spam'agCC - Copy Spam 4 #am spam'agSL - SP$% Loer&#ater
spamtrapa!!resses - PenaltyBox SpamVir)sLog - Collecting
SPF0 - SPF&D%$RC&SRS SPFCache/nteral - SPF&D%$RC&SRS
SPFError - SPF&D%$RC&SRS sp*eValencePB - PenaltyBox
SPFFailLog - Collecting SPF*allbac" - SPF&D%$RC&SRS
SPFLocal - SPF&D%$RC&SRS SPFlocalRecor! - SPF&D%$RC&SRS
SPFLog - Logging SPFne)tral - SPF&D%$RC&SRS
SPFnone - SPF&D%$RC&SRS sp*nonValencePB - PenaltyBox
SPFNP - SPF&D%$RC&SRS sp*nValencePB - PenaltyBox
SPFoerri!e - SPF&D%$RC&SRS sp*pValencePB - PenaltyBox
SPF5)eryerror - SPF&D%$RC&SRS SPFso*t*ail - SPF&D%$RC&SRS
sp*SpamLoers - SP$% Loer&#ater sp*sValencePB - PenaltyBox
sp*'est%o!e - 'est%o!es SPF)n"nown - SPF&D%$RC&SRS
sp*)ValencePB - PenaltyBox sp*ValencePB - PenaltyBox
SPF(L - SPF&D%$RC&SRS SRS$liasDomain - SPF&D%$RC&SRS
SRSFailLog - Collecting SRS#ashLength - SPF&D%$RC&SRS
SRSno - SPF&D%$RC&SRS SRSSecret3ey - SPF&D%$RC&SRS
srsSpamLoers - SP$% Loer&#ater srs'est%o!e - 'est%o!es
SRS'imestamp%ax$ge - SPF&D%$RC&SRS srsValencePB - PenaltyBox
SRSVali!ateBo)nce - SPF&D%$RC&SRS SSL7cipher7list - SSL Proxy an! 'LS s)pport
SSL7ersion - SSL Proxy an! 'LS s)pport SSLCaFile - SSL Proxy an! 'LS s)pport
SSLCertFile - SSL Proxy an! 'LS s)pport SSLDEB,. - SSL Proxy an! 'LS s)pport
SSL3eyFile - SSL Proxy an! 'LS s)pport SSLP3Passwor! - SSL Proxy an! 'LS s)pport
SSLRetry-nError - SSL Proxy an! 'LS s)pport SSLS%'PCertVeri*yCB - SSL Proxy an! 'LS s)pport
SSLS%'PCon*ig)re - SSL Proxy an! 'LS s)pport SSLS'$'CertVeri*yCB - SSL Proxy an! 'LS s)pport
SSLS'$'Con*ig)re - SSL Proxy an! 'LS s)pport SSLtimeo)t - SSL Proxy an! 'LS s)pport
SSL(EBCertVeri*yCB - SSL Proxy an! 'LS s)pport SSL(EBCon*ig)re - SSL Proxy an! 'LS s)pport
statSSLRe5)ireClientCert - SSL Proxy an! 'LS s)pport Store$SSP#ea!er - SP$% Control
StoreComplete%ail - Collecting strictSPFRe - SPF&D%$RC&SRS
stValencePB - PenaltyBox s)b+ectEn! - Logging
s)b+ectFre5)ency/nt - S%'P Session Limits s)b+ectFre5)encyN)mS)b+ - S%'P Session Limits
s)b+ectFre5)ency-nly - S%'P Session Limits s)b+ectLogging - Logging
s)b+ectStart - Logging S)spicio)sVir)s - Clam$V an! FileScan
switchSpamLoer'oScoring - SP$% Loer&#ater switch'est'oScoring - 'est%o!es
sworgValencePB - PenaltyBox
syncCF.Pass - Con*ig)ration Synchroni8ation an!
Sharing
syncCon*igFile - Con*ig)ration Synchroni8ation an! Sharing syncSerer - Con*ig)ration Synchroni8ation an! Sharing
syncShow.,/Details - Con*ig)ration Synchroni8ation an!
Sharing
sync'est%o!e - Con*ig)ration Synchroni8ation an!
Sharing
sync,sesSSL - Con*ig)ration Synchroni8ation an! Sharing sysLog - Logging
SysLogFac - Logging sysLog/p - Logging
12.05.2014 Seite 132 von 134
sysLogPort - Logging
T
tagLogging - Logging
'est$SSP7DCC - $SSP7DCC-Pl)gin 'est$SSP7Ra8or - $SSP7Ra8or-Pl)gin
testRe - Regex Filter & Spambomb teValencePB - PenaltyBox
'hrea!Cycle'ime - Serer Set)p 'hrea!Stac"Si8e - Serer Set)p
'LDS - ,R/BL 'LStoProxyListenPorts - SSL Proxy an! 'LS s)pport
tlsValencePB - PenaltyBox 'NEFDEB,. - Char Conersions & 'NEF
totali8eSpamStats - Serer Set)p
U
)ni5e/DLogging - Logging
)ni5)e/DPre*ix - Logging )p!ateSRS$D -
)p!ateSRSS3 - ,p!ate(hitelist - (hitelisting
,R/BLCache/nteral - ,R/BL ,R/BLCache/nteral%iss - ,R/BL
,R/BLCC'LDS - ,R/BL ,R/BLchec"D-'in,R/ - ,R/BL
,R/BLError - ,R/BL ,R/BLFailLog - Collecting
,R/BL/PRe - ,R/BL ,R/BL/SP - ,R/BL
,R/BLLocal - ,R/BL ,R/BLLog - Logging
,R/BLmax!omains - ,R/BL ,R/BLmaxhits - ,R/BL
,R/BLmaxreplies - ,R/BL ,R/BLmaxtime - ,R/BL
,R/BLmax)ris - ,R/BL ,R/BLmaxweight - ,R/BL
,R/BLNo-b*)scate! - ,R/BL ,R/BLNP - ,R/BL
)riblnValencePB - PenaltyBox ,R/BLSericeProi!er - ,R/BL
,R/BLsoc"time - ,R/BL )riblSpamLoers - SP$% Loer&#ater
)ribl'est%o!e - 'est%o!es )riblValencePB - PenaltyBox
,R/BLwhitelist - ,R/BL ,R/BL(L - ,R/BL
)se$SSP7FC - %o!)le Set)p )se$SSP7SV. - %o!)le Set)p
)se$SSP7(or!Stem - %o!)le Set)p )se$sspSel*Loa!er - %o!)le Set)p
)se$)thenS$SL - %o!)le Set)p ,se$Clam! - Clam$V an! FileScan
)seBer"eleyDB - %o!)le Set)p )seCompress9lib - %o!)le Set)p
)seConert'NEF - %o!)le Set)p )seDB:griplist - File Paths an! Database
)seDB:/ntCache - Serer Set)p )seDB:Reb)il! - Reb)il! Spam!b
)seDB7File - %o!)le Set)p )seDigest%D1 - %o!)le Set)p
)seDigestS#$; - %o!)le Set)p )seEmail%/%E - %o!)le Set)p
)seEmailSen! - %o!)le Set)p )seFileRea!Bac"war!s - %o!)le Set)p
)seFileScanClam$V - %o!)le Set)p )se#eloBlac"list - Vali!ate #elo
)se#elo.oo!list - Vali!ate #elo )se/-Soc"et/NE'< - %o!)le Set)p
)se/-Soc"etSSL - %o!)le Set)p ,seLocalDNS - DNS Set)p
,seLocal'ime - Serer Set)p )seL(PSimple - %o!)le Set)p
)se%ailD3/%Veri*ier - %o!)le Set)p )se%ailSPF - %o!)le Set)p
)se%ailSPF=)ery - %o!)le Set)p )se%ailSRS - %o!)le Set)p
)se%/%E'ypes - %o!)le Set)p )seNet$!!r/PLite - %o!)le Set)p
)seNetC/DRLite - %o!)le Set)p )seNetDNS - %o!)le Set)p
)seNet/P - %o!)le Set)p )seNetLD$P - %o!)le Set)p
)seNetS%'P - %o!)le Set)p )seNetS%'PSSL - %o!)le Set)p
)seNetSN%Pagent - %o!)le Set)p )sePerl/-scalar - %o!)le Set)p
,ser$ttach - $ttachment Bloc"ing )seRegexp-ptimi8er - %o!)le Set)p
)seSche!)leCron - %o!)le Set)p ,seS)b+ects$s%aillogNames - Collecting
)seSysCp)$**inity - %o!)le Set)p )seSys%em/n*o - %o!)le Set)p
)seSysSyslog - %o!)le Set)p )se'ext,ni!eco!e - %o!)le Set)p
)se'hrea!State - %o!)le Set)p )se'ieRDB% - %o!)le Set)p
,se'rap'oCollect - Collecting ,se,nico!e:%aillogNames - Collecting
,se,nico!e:S)b+ectLogging - Collecting )se,nico!e.CString - %o!)le Set)p
)se(in>0$P/-)tp)tDeb)gString - %o!)le Set)p )se(in>0Daemon - %o!)le Set)p
)se(in>0,nico!e - %o!)le Set)p ,)enco!e!Error - $ttachment Bloc"ing
12.05.2014 Seite 133 von 134
V
Vali!ateRBL - DNSBL Vali!ateR(L - (hitelisting
Vali!ateSen!erLog - Logging Vali!ateSPF - SPF&D%$RC&SRS
Vali!ate,R/BL - ,R/BL Vali!ate,serLog - Logging
ali!Format#eloRe - Vali!ate #elo ali!%sg/DRe - Vali!ate Sen!er
ali!P'RRe - Vali!ate Sen!er !ValencePB - PenaltyBox
ir)slog - File Paths an! Database VRF?*orceRCP''- - Recipients&Local Domains
VRF?Log - Logging VRF?=)ery'ime-)t - Recipients&Local Domains
sValencePB - PenaltyBox
W
web$!minPasswor! - Serer Set)p
web$!minPort - Serer Set)p webSSLRe5)ireCientCert - SSL Proxy an! 'LS s)pport
webStat#ealthyResp - Serer Set)p webStatNot#ealthyResp - Serer Set)p
webStatPort - Serer Set)p (hiteExpiration - PenaltyBox
(hitelist$)th - (hitelisting whitelist!b - File Paths an! Database
whiteListe!Domains - (hitelisting whiteListe!/Ps - (hitelisting
(hitelistLocalFrom-nly - (hitelisting (hitelistLocal-nly - (hitelisting
(hitelist-nly - (hitelisting (hitelistPriacyLeel - (hitelisting
whiteRe - (hitelisting whiteSen!erBase - Sen!erBase & (hois
wil!car!,ser - (hitelisting wl$ttachLog - Collecting
(or"erCP,Priority - Serer Set)p (or"erLog - Logging
(or"erLogging - Logging
12.05.2014 Seite 134 von 134

ASSP 2.4.1 Version Manual

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASSP 2.4.1 Version Manual

Uploaded by

Copyright:

Available Formats

ASSP version 2.4.

7nable Configuration Sharing (enableCFGShare)

This is a Share Slave (isShareSlave)

Test &o!e for Config Sync (syncTestMode)

7nable 1Pv@ su%%ort (enableI"T#) ?

)lo(* +utgoing Spam%Pro, header (!oE"ternalSpamPro#)

Add Spam 'eader (AddSpamHeader)

Add Graphi(al /evel 'eader (Add%evelHeader)

Add Spam Reason 'eader (AddSpamReasonHeader)

Restri(t Copy Spam to Max)ytes (''(a")ytes)

Prepend Spam !ag to Copied Spam (spamTa*$$)

Suppress Spam!ags to Spam%/over%Messages (spamTa*S%)

%dd X-%ssp-Re!eived-R/L &eader (#ddR'LHeader)

Send ,-. O/ To %S!&Secondary M' Ser(ers (send25O!"SP)

Skip Spam Checks for A6"se Catchall (sendAllA1use.P)

3se Addresses +itho"t 494 as Domains (LocalAddresses3(lat3Domains)

Disa6le 1R#< and '!N for *ternal Clients (Disa1le5R(6)

Enforce +(eck of For,ed 'elos Before Dela&in, (ForceFakedLocalHelo)

%se Local Domain List for Blockin, For,ed 'elos (DoFakedseLocalDo!ain)

Do Valid2/nvalid2Black 'elo for -(itelisted (DoHelo"L)

Do Valid2/nvalid2Black 'elo for #oprocessin, (DoHeloNP)

Do Blacklistin, Addresses and Domains for -(ite (DoBlackDo!ain"L)

Do Blacklistin, Addresses and Domains for #oProcessin, (DoBlackDo!ainNP)

Earl& 3Remote *ender it( Local Domain Address3 +(eck (ForceNoValidLocal$ender)

Do Reversed Lookup for -(itelisted (DoRe%ersed"L)

Do Reversed Lookup for #oprocessin, (DoRe%ersedNP)

Do Do#oFrom for -(itelisted (DoNoFro!"L)

Do Do#oFrom for #oProcessin, (DoNoFro!NP)

Add &$Ass'$DKIM (eader (AddDKIMHeader)

Do an nhanced 0ri*in IP Address Detection in the Mail (eader (enhanced$riinIPDetect)

Score Forei*n Co"ntries (ScoreForeinCo&ntries)

dd IP!Message Scoring Header (AddScoringHeader)

/se IP 3etbloc0s (Penalty%se&etbloc"s)

Do Ex)ort Penalty Blac0Box Extreme (DoEtremeEport)

EnaAle #ela(ing@,re(listing (EnableDelaying)

Add X0Ass90#ela(ed 'eader (Delay#dd$eader)

=se %& !etAloc<s (Delay&se!etblocks)

!ormali;e ?ER& Addresses (Delay!ormali'eVE(Ps)

=se M# for #ela(#$ (Delay)D*)

Ex9ire S9amming Safelisted )u9lets (DelayExpire+n"pam)

Enable SPF Bac,'!o)nd C&ec, (enableSPFbackground)

Add Recei+ed-SPF .eade! (AddSPFHeader)

Ea!l" D4SB( Cac&e Bloc,in' (ForceR-L$ac%e)

Add 7-Assp-D4SB( .eade! (AddR-LHeader)

Disallo' -bf*scated URIs (URIBLNoO!uscated)

4dd 504ss(0Recei$ed0URIBL 2eader ('ddURIBL(eader)

Ref*se U*encoded Mails (Bloc#Uuencoded)

Add F!ll ,eader +o Vir!s "eort +o Mail Address A-o'e (EmailVirusReportsHeader)

.se ClamAV ($seAvClamd)

Do &om-/Scrit "eg!lar #$ressions Checks for ISPIP ()om)ReISPIP)

Do +est "eg!lar #$ression (DoTestRe)

Add "eason ()om)ErrorReason)

Use Berkeley(B +or the Hidden Markov Model database (HMMusesBDB)

=educe .corin2 +or 'o4 Con+idence (bays&onfidenceHa$fScore)

dd Bayes and HMM Probability Header (AddSpamProbHeader)

(o4nload the Backscatterer ().<1P<'ist (do+n$oadBac*D"S,i$e)

Bayesian/Hidden-Maro!-Model Test Mode (baysTestMode)

S)S Test Mode (srsTestMode)

/nable /mail *nter0ace (Emailnterface!k)

Allow '=' in Addresses (EmailAllowEqual)

Admin 9sers Data*ase 2ses no #inary Data ;ASC77 only< (adminusersdbNo%'N)

$opy t!e last D#-*a$%2p to t!e original lo$ation (copyD%ToOrg+oc)

Refse Uencoded Mails (Bloc#Uuencoded)

%gnore #%#E Errors ("gnore"EErrors)

4na2le $))P Compression in U% (na&leH++PCompression)

Sho0 %nternal ames in the U% (na&leInternalNamesIn,esc)