The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ASSP vs. Mailscanner

Discussion in 'cPanel Developers' started by BraveX, Oct 8, 2008.

  1. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    We currently use Mailscanner. We love the Mailwatch option and I think that's one of the main reasons we've stuck with it. We don't love the high server loads it sometimes causes.

    We are considering switching to ASSP and would love to hear from others who've made the switch and why you think it's better than Mailscanner. We're also wondering if there's anything like Mailwatch available for ASSP.

    Thanks,
    BX
     
  2. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    High BraveX

    I am using ASSP for just one day, thus first of all, let me ask excuses in advance if any of my comments bellow are not correct.

    I also appreciate very much MailScanner and MailWatch. I am using them for about 10 months.

    MailScanner, MailWatch and ConfigServer's "MailScanner Front End" are mature, well developed and professional products.

    I like them very much, but I do have some emails going trough and would like to increase its performance. That is why I installed ASSP.

    Problems with MSFE (Not MailScanner or MailWatch):
    • It has a license that has to be checked in ConfigServer's site. Thus you run the risk of problems if for some reason the ConfigServer validation server is down (This is what I could understand and remember from an issue we had a few months ago. If this is a mistake, please let me know, and again I ask excuses for my eventual mistakes in advance).
    • The per domain Black/White lists are limited to 200 per domain. This is just not enough for some of our customers. Yes, Sarah (MSFE) has informed me of server loads issues, but my server is not loaded and I can afford limitless black/white lists. I requested a change, but they denied. The only solution I have is to live with it.
    • The main (in WHM) black/white lists does not have limits, but the Way MSFE manipulates the White/black lists is tremendously limited. It does not accept many of the standard black/white list formats suported by MailScanner and Exim. It destroyed a few hundreds of my black/white list. Again I asked support on ConfigServer site, but as Sarah did not agree with me, nothing was done.
    • Chyrp (MSFE) does not like Greylisting. But I have heard so much about it that I just want at least to try it. You may greylist for a 5 minutes, and once approved, the sender could stay in the non-greying list for let's say a month or a year. The discussion regarding if greylisting is fair or not with the "innocent" servers is long, but it seems to be a very small price to pay for a lot less spam. It may also result in lower traffic and lower load to the servers.

    Now some words about ASSP:
    And again, I do not want to offend anyone and I ask excuses if my post has anything that is not 100% correct as perceived by someone else.

    • ASSP is not as mature as the MailScanner/MailWatch/MSFE solution.
    • The documentation of ASSP is not as good as MailScaner, and I have some difficulty to understand many points.
    • It does not have SSL / TLS (Ok, with some difficulty you may do something with stunnel or other solutions, but again it is not native). It also looks like version 2.0 that is about to be considered stable will have it (at least I understood so).
    • It uses the configuration trough a port 55555 and also uses port 55553 but no SSL security.
    • The administration Port 55555 accepts any name for the user. Invaders must just find the correct password. I do not like this. I fell insecure.
    • There are two different cpanel integration solutions: "ASSP X" (Free) and "ASSP De Luxe" (paid).
    • There is some misunderstanding between the guys who provides those solutions that is really causing trouble to them both as well as to ASSP cause if you do not feel comfortable, you may decide to not run any risks with your server and not install ASSP at all. I do hope they may become good friends, stop fighting cause the way I see, they both as well as the entire community will benefit from it. Again, I ask for excuses. I just want to help and not cause problems to anyone. If I am wrong in some way, just point it to me and I will correct my mistake.
    • "ASSP De Luxe" uses a licensing format that I believe is similar to the MSFE licensing. Thus, I decided to not buy it at this moment to minimize my risks.

    So, none of the products is perfect, but all of them (MailScanner/MSFE and ASSP and the Cpanel integrations) are actively being developed, and this is good. I showed only the problems cause the advantages of all those products are very well spread trough the forums and the respective websites.

    I decided to implement "ASSP X" not because I think it is better than "De Luxe", but because I felt more secure.

    The installation is easy. Just install "ASSP X", and the first time you use it in WHM, it will inform that you have not installed ASSP and will install it for you. Very good! I liked it (and I suppose "De luxe" may do the same).

    Finally, you do not have to uninstall MSFE at all !!!
    It is working in my box. ASSP is doing the greylist for me and after that MSFE does its job as always.

    If things are as advertised, the simple fact of having the greylist (as well as the other features of ASSP will really lower the load on the server as MSFE will have to deal just with emails that have passed trough ASSP.

    Another very good point of ASSP is the fact that users may just forward the spam that reach them to spam@theirdomain and ASSP will use that information for it blacklist, bayes etc. Very nice.

    So, for me the solution is not ASSP versus MailScanner/MailWatch, but ASSP WITH MailScanner/MailWatch.

    I will appreciate if someone can comment on the SSL security issues as well as previous experience using both together (with considerations regarding server load.

    Hope this helps.

    Regards
     
  3. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks so much for sharing this info, Hilário! Much appreciated.

    I did not realize that Mailscanner and ASSP could both be run on the same server together. If that is the case, that's great news.

    Please keep us posted on any issues you have running the two together and am also curious about your server loads.

    Thanks!
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Hello


    I will not discuss it which is better , however ..

    >
    ASSP is not as mature as the MailScanner/MailWatch/MSFE solution.
    >

    may I know why do you think it's not mature ? There over 1 thousand assp deluxe client using with great success. Over 5000 admin using it worlwide (without a cpanel). 1.3.5 5.0 and 1.3.9 was build especially for cpanel and I have still to receive an assp BUG since dec 2007 when was releases 1.3.5 5.0 .


    >
    The documentation of ASSP is not as good as MailScaner, and I have some difficulty to understand many points.
    >


    there is ton of documentation here
    http://www.asspsmtp.org/wiki/Welcome

    There is a very active forum
    http://www.asspsmtp.org/forums/

    There are 2 mailing list (very active)

    99% all possible problems using it with with cpanel are covered
    http://www.grscripts.com/howtofaq.html

    Which are the points you have difficult to understand ?

    >
    It does not have SSL / TLS (Ok, with some difficulty you may do something with stunnel or other solutions, but again it is not native). It also looks like version 2.0 that is about to be considered stable will have it (at least I understood so).
    >

    The ASSP deluxe frontend fully support it , the simple how to can be setup in 2 minutes

    >
    It uses the configuration trough a port 55555 and also uses port 55553 but no SSL security. The administration Port 55555 accepts any name for the user. Invaders must just find the correct password. I do not like this. I fell insecure.
    >

    In the ASSP history was never reported any security iussue related to the interface. Since 1.3.9 the assp password is also encrypted.
    Note that we are talking about spam settings , we are not trying to protect root login .


    >
    There are two different cpanel integration solutions: "ASSP X" (Free) and "ASSP De Luxe" (paid).
    >


    assp deluxe is officially supported by the ASSP developer . Latest 2 versions 1.3.5 5.0 and 1.3.9 was modified by Fritz upon my requests especially to be compatible with cpanel an the deluxe frontend .
    All the other assp deluxe clones are not supported at all by Fritz.

    ASSP deluxe is not only a frontend . It contains exclusive features which make ASSP better . Spambox (fully customizable), daily reports , spam/not spam analyzer , find_abusers.php (appreciated alternative to assp pb extreme) , possibility to check/detext spam exiting from your server are the most important .


    Which are the goals which are you serching on an antispam software ?. If you are searching these points

    - Blocking more spam and virus as possible , near 100%
    - Reducing near to zero false positives
    - Automate more tasks as possible
    - do all this using as low cpu as possible, much less than any other spam solution for cPanel.
    - Reducing at maximum administration work, relaying to the end user common antispam tasks (such as whitelisting, and spam/not spam reporting

    Well , if you configure ASSP correctly as recommended (http://www.grscripts.com/changelog.html#16), it can reaches these goals.

    >
    I did not realize that Mailscanner and ASSP could both be run on the same server together
    >

    they can, however is like having a car with 8 wheels . It's surely redundant and unseful.
    (If you configure ASSP correctly, mailscanner will be only redundant and will add extra work to your server , nothing else)
     
    #4 Radio_Head, Nov 9, 2008
    Last edited: Nov 9, 2008
  5. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    ASSP with Mailscanner is a WINNER solution

    After 100 days using ASSP in front of Mailscanner, I am extremely happy with the results !

    My server load is very low, (insignificant, I would say).
    ASSP stops many spam that routinely were able to pass Mailscanner.
    On the other hand, Mailscanner routinely stops emails that pass ASSP.

    Only 1 or 2 spams can reach end users per day.
    Till now I only noticed 1 false positive that has never entered by box (ASSP fault).
    Low scoring false positives (marked as low scoring spam by either ASSP or Mailscanner and delivered to special mailboxes for this purpose) are 1 or 2 per month.

    When you analise Spamassassin, or Mailscanner, or ASSP you notice that all of them employ a scoring system based on multiple tests and at the end make the decision based on the total score. It means there is no magic single solution to the spam problem.

    That said, it is now very easy to understand that the truth is that ASSP does not compete against Mailscanner, in fact, one complements the other !

    You may wonder if having 2 anti-spam systems would be twice the maintenance work. The answer is no, I have Mailscanner working for more than one year, and there is really not too much to tweak in it any more, thus it does not require attention. No maintenance at all. The same is happening with ASSP and now I have not too much work with it.

    All I do now is to check once every two weeks my low score false positive filters.

    So, if you are a happy Mailscanner user seeking for a way to improve your anti-spam system, think no more, just add ASSP to your server !!
     
  6. Serra

    Serra Well-Known Member

    Joined:
    Oct 27, 2005
    Messages:
    213
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Florida
    There really is no reason for a blacklist of over 200 addresses. You need to make sure that the customer understands what blacklisting does and does not do.

    On a normal system, there is really no need to blacklist anyone. Emails that arrive that are unwanted can be unsubscribed. If the sender doesn't allow unscubscribes, then they are a spammer. If they are a spammer, then blackisting them has no effect because they will use different email addresses all of the time.

    When blacklists are used correctly, there should only be a hand full of email addresses on the list.

    If for some reason that I can't understand, the customer actually does need to blacklist a huge number of addresses, then those can be moved to a spamassassin blacklist, but I'd bet that they are using blacklisting incorrectly.
     
  7. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    personally I think that running ASSP and Mailscanner (or any other antispam) is redundant. With ASSP there are countless possibilities . Using ASSP scoring you can go between , "I want receive really 0 spam and the risk to have some good email in spambox" , passing for "I want receive near to 0 spam and the risk to have low or nothing good email in spambox", till to "I want some rare spam however I want zero good email in spambox" .

    If some spam is passing , you can never stop to tweak a little more your ASSP to stop the spam , possibilities to stop a bad email are countless and under your command .
     
    #7 Radio_Head, Jan 22, 2009
    Last edited: Jan 22, 2009
  8. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    Blacklists

    Things can have a full shadow of colors, not only a gray scale, let alone black and white. I explain by example:
    • My own serverwide blacklist has about 360 entries collected during the last 2 or 3 years. It is not that much for a serverwide blacklist (at least IMHO). But I do appreciate not being limited to 200. I just do not want to see those in Mailwatch logs anymore. I waist less time while searching Mailwatch for false positives.
    • ASSP comes with a 3000 long default list. So, those guys also thinks blacklists are good. It is not cause they would not detect the spam from those spammer by other ways, but why spend CPU time if you can block or drop the connection from those spammers immediately with no risk of false positives?

    • In our company it is completely forbidden to click any unsubscribe link. Everyone here is advised that many of those links can be deceptive and install Trojan horses or at least confirm that the email is valid and receiving the spam.
    • Besides the sender blacklist, I use an IP blacklist that is very powerful. I use the IP blacklist in ASSP. Mailscanner does have this feature, but cPanel DOES!
      In WHM just go to Main >> Service Configuration >> Exim Configuration Editor >> Access Lists >> Blacklist: Drop connections from defined IP Blocks upon SMTP connection and click "Edit". cPanel will edit a plain text file with the IP Blocks to drop at SMTP connection time. Data is stored in /etc/spammeripblocks.
      I have some 200 IPs and IP ranges in this list.
      This feature blocks thousands of spam per day and you never see any reports in Mailwatch. After all you do not want to see them anymore and you already used Mailwatch to grab those spamer's IP.

    Hope this helps.
     
    #8 hilario, Feb 2, 2009
    Last edited: Feb 2, 2009
  9. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    ASSP works very well with MAILSCANNER !

    I agree! The tweaking possibilities of ASSP are endless... And so are the possibilities of Mailscanner. That gives me double of infinite possibilities.
    I then choose what is easier to tweak case by case, either in ASSP or Mailscanner. I get the best of both worlds, and supplement the weakness of both with the other.

    As I said before, and dully confirm again, I get better results with both than I can get with each of them alone. This is very easy to confirm just analyzing the Mailwatch fabulous report system. This is something non existent for ASSP. And even if it existed, it would not be able to check Mailscanner as mails pass trough ASSP before being delivered to Mailscanner, and thus would never know which emails passed trough ASSP and were caught by Mailscanner !
     
  10. Inetwork

    Inetwork Member

    Joined:
    Sep 21, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Best off all is to take out mail's from server

    I use MailScanner for 2 year's, mailwatch was great and Chirpy has a good time response. But it take too much resource

    Then I use ASSP de Luxe for Cpanel for 1 year, it handle less than the half of resource.
    Configuration is very confused, but the default work fine

    Best off all, the best solution is to use Google Apps !!
    No more traffic in server, no more resource, no more MailScanner/ASSP upgrades. Now it also can work "offline"
     
  11. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    To make everyone aware that might not be, MailScanner is not a Configserver product. The cPanel front-end is their product. Much like their CSF product is a front-end to the iptables firewall. An admin can install MailScanner and MailWatch independently of MSFE, and even without cPanel, and achieve great success. The MSFE is only a means to control and set up MailScanner through cPanel.

    I do wonder about setting up Mailwatch with ASSP. Basically Mailwatch is simply a script to display information from a database. If ASSP could log the same data to the Mailwatch database it would work in theory.
     
  12. d_t

    d_t Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bucharest
    A little offtopic, but CSF is a great product and is more that an iptables front-end. It also has many usefull features beside iptables (log, script, load, mail quee monitor). I'm planning to buy MSFE for the next server.
     
  13. anatolia

    anatolia Member

    Joined:
    May 9, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I do not use MailScanner/ASSP. I only have spamassassin and hardly ever gets spam.
     
  14. peonia

    peonia Registered

    Joined:
    Mar 12, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    There is a simple equation to solve all your doubts
    spamassasin : windows = assp : linux
     
  15. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    ASSP works very well with MAILSCANNER

    Follow-Up

    After many months working with both ASSP and MailScanner in tandem in the same server I am extremely happy with the solution.

    • MailScanner / Mailwatch let me know in a Graphical environment what ASSP or Mailscanner (or both) let in.
    • Based in MailWatch reports I now know many of the ASSP strenghts and weaknesses. For example: ASSP is not good to stop Nigerian Bank frauds while SpamAssassin stops them all.

    • During last 2 or 3 months, I am building a complex list of ASSP Regex expressions (Regex Filters / Spambomb) based on the Mailwatch reports. After sometime I noticed that those regex are becoming similar to the SpamAssassin rules regex. Wonderfull: It shows that SpamAssassin is really a good Idea !

    • I also made a long list of Blocked IP ranges because I noticed that there are thousands of companies selling email marketing. Those are well configured servers that continually send spam and thus they pass easily trough greylist, etc. The best way to stop them is the IP Blocklist. Mailwatch and Tail help you see who they are. Much easier with Mailwatch cause you may set filters and also check old emails for false positives etc. I keep three months of emails on the server.

    • In my server, the MailScanner/SpamAssasin Bayes filters are much more accurate than ASSP Bayes filter.


    From my point of view, SPAM is like AIDS: There is no single cure to it. You must use a mix of Solutions.
    - SpamAssassin itself is an enormous mix of regex and other tests.
    - MailScanner builds on SpamAssassin to make a better and easier to administrate solution with nice graphical reports
    (and a lot of aditional tests to the mix)
    - ASSP, also, is a bunch of different tests to stop SPAM
    - As ASSP and MailScanner are different in nature, they complement each other to make a better Anti-SPAM cocktail
     
    #15 hilario, Apr 14, 2009
    Last edited: Apr 14, 2009
  16. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    ASSP is not good to stop Nigerian Bank frauds
    >

    IMHO it depends on your ASSP settings; which ASSP version are you using ? Are you using scoring mode or per filter ? If you are using scoring , how did you configure your scores ? It's really really hard to believe you can't stop a single spam message using ASSP .
     
  17. hilario

    hilario Well-Known Member

    Joined:
    Jan 5, 2008
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sao Paulo, Brazil
    Many options are set to score (as it adds the scores, it is similar to spamassassin scoring system).

    with "per filter" do you mean Spambomb? If so, yes, I'm using Spambomb a lot
     
  18. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    if you are using almost all your ASSP filters to score , simply adjusts your filter scores if the spam is passing and it will be blocked by ASSP (analyze your ASSP maillog and check what scores should be raised a little) . Also report it to assp-spam@yorudomain.com so that next time it will not pass and if your ASSP bayesian db is old , increase the bayesian score near your score limit . Try also using this http://www.grscripts.com/tweaking.html#08 RBLs. If you configure ASSP correctly there is no reason to use it togheter with other antispam software (they are redundant and create confusion when someone of these software block a good email) . If spam is passing using ASSP it's time to reconfigure your ASSP web interface.
     
    #18 Radio_Head, Apr 15, 2009
    Last edited: Apr 15, 2009

Share This Page