Installing ASSP (Anti-Spam SMTP Proxy) On Ubuntu Server 10.04 / Debian 5.

0
This How-To document guides you through installing ASSP (Anti-Spam SMTP Proxy) on an Ubuntu 10.04 (LTS) Server or Debian 5.0 in the simplest way possible. It *may* work on later versions but I have no way of knowing how these instructions will work for you. Installing Ubuntu/Debian is beyond the scope of this document and it is assumed you already have the core Ubuntu/Debian OS with no predefined software collections installed. Even though these instructions will work on any server/computer, since I am working on VMware virtual machine installations myself, I wanted to focus this How-To with side notes of any extra steps you need to take if you're using an Ubuntu Minimal Virtual Machine installation. These will be marked "Minimal Virtual Machines Only". I've included notes on installing VMware tools if you're using VMware. *** Note: I do not use sudo in this document. Remember to use sudo where appropriate if your account is not a superuser. ***

Install A Minimal Virtual Machine (Optional)

Ubuntu Server's Minimal Virtual machine installation option is a very small installation of core Ubuntu software that installs only the absolutely necessary packages for it to run on a virtual machine. It is highly recommended to choose this option for an ASSP server since ASSP uses so little resources and disk space. My production ASSP server is installed on a VM with one processor core, 512 MB of RAM, and 4 GB of disk space; it is usually using about 6-11% CPU, half the RAM, and about half the disk space. It is merely a blip on the radar in virtual environment terms but it's FAST and its spam-stopping capabilities are excellent! This may or may not be your situation but it's definitely worth to give it a try since I have not found a single disadvantage, just a bunch of advantages. Just in case you're wondering how to install an Ubuntu Minimal Virtual Machine... when you boot the install CD, on the first install screen: press F4, select Install a minimal virtual machine, then select Install Ubuntu Server. If you're using VMware, you should always install VMware Tools. This is not a guide on how to install Ubuntu or configure it for VMware so I'm not going to go into much detail, but here's a quick run-down of how to install them: 1. Install VMware Tools dependencies: apt-get install build-essential linux-headers-$(uname -r) 2. Mount the VMware Tools volume by going into the VM menu and selecting Install/Upgrade VMware Tools 3. Copy the VMware Tools package to your home directory: * Version numbers used here are for example purposes only. mount /dev/cdrom /cdrom cp /cdrom/VMwareTools-3.5.0-238493.tar.gz ~ umount /dev/cdrom 4. Install VMware Tools: tar -xf VMwareTools-3.5.0-238493.tar.gz cd vmware-tools-distrib ./vmware-install.pl 5. Accept all defaults. If the install script is unable to locate the killall program, tell it that you want to specify its location and enter /sbin/killall5 when it asks.

Install General Dependencies

To get things started, we need a few packages installed that we will be using throughout the set up process and beyond. We will need ssh since this should be the way you connect to your server. We need the telnet client to perform a few tests. And we need wget and unzip to be able to download and uncompress ASSP and other programs. apt-get install ssh unzip Minimal Virtual Machines Only: apt-get install telnet wget

Install NTP
1. Make sure your time zone is set correctly. If it isn't, run this command and select the correct one: dpkg-reconfigure tzdata 2. When you're sure your time zone is correct, install the ntp package: apt-get install ntp

Install Postfix
1. Install the postfix package: apt-get install postfix 2. Select the default "Internet Site" configuration. 3. Back up the Postfix master config file /etc/postfix/master.cf : cp /etc/postfix/master.cf /etc/postfix/master.cf.orig 4. Edit the Postfix master config file /etc/postfix/master.cf : vi /etc/postfix/master.cf Look for this line near the beginning of the file...
smtp 125 inet inet n n smtpd smtpd

...and replace "smtp" with "125" so it looks like this: 5. Reload the Postfix configuration: postfix reload 6. Secure your Postfix server (optional but highly recommended): Since we want all mail to pass through ASSP before going to Postfix, we need to make sure that the Postfix server cannot be accessed from anywhere else other than the local host. Of course, we could achieve the same with a firewall (and you should!) but this is a doublecheck in case of an internal network spam-bot, virus, or worm infection that tries to use your server to relay. o First, edit your main.cf file: cd /etc/postfix vi main.cf o Locate the line that begins with mynetworks and add the ip address of the local server with a mask of /32:
mynetworks = 127.0.0.0/8 ###.###.###.###/32 [::ffff:127.0.0.0]/104 [::1]/128 o

Add these few lines to the end of the file:

smtpd_client_restrictions = permit_mynetworks, reject smtpd_delay_reject = no transport_maps = hash:/etc/postfix/transport

Create a new file called transport ... cd /etc/postfix vi transport ... and add the following line (put in your domain and the ip address of the server you want to send messages to after ASSP has processed them):

mydomain.tld o

smtp:###.###.###.###

o o

Run the postmap command on the transport file to map the file into a lookup table that Postfix can use (this will create a file called transport.db): cd /etc/postfix postmap transport Reload the Postfix configuration: postfix reload Now, test it out. Telnet to the Postfix port (i.e. 125) from the local host and then telnet it from anywhere else. The connections from the local host should be permitted but the others should be immediately rejected with 554 5.7.1 Client host rejected: Access denied.

Install Clam AntiVirus

1. Install ClamAV and the ClamAV Daemon: apt-get install clamav clamav-daemon 2. Run freshclam to update all ClamAV definitions. freshclam Don't worry if freshclam reports that ClamAV is outdated. What's important is that the definition files say 'up to date'.

REBOOT
1. You must reboot now to make sure all the newly installed Ubuntu/Debian software packages boot up cleanly.

Install ASSP
1. Go to your preferred download directory. If you don't have one, your home directory will be fine. 2. Download the ASSP program files. Go to its SourceForge project page (http://sourceforge.net/projects/assp/files/), copy the download link and paste it after a wget command. It should look something like this: * You should always download the latest stable version; version numbers used here are for example purposes only. wget http://sourceforge.net/projects/assp/files/ASSP%20Installation/ASSP%201.8.1.1/ASSP_1.8.1 .1-Install.zip 3. Unzip ASSP: unzip ASSP_1.8.1.1-Install.zip 4. Create a directory for the ASSP program files: mkdir /usr/share/assp 5. Copy ASSP to its new home directory: cd ASSP_1.8.1.1-Install cp -R ASSP/* /usr/share/assp 6. Install SSLeay dependencies (these will be needed for some perl modules in the next step): apt-get install libssl-dev libdb-dev 7. Install required perl modules by runing the mod_inst.pl script: cd /usr/share/assp perl mod_inst.pl 8. Accept all defaults when prompted. This will take a while... 9. When the script is done, all modules should say [OK]. 10. If any of the modules say [FAILED], try to re-run the mod_inst.pl script because sometimes a dependency may have gotten installed after that module tried to install. 11. In some cases the File::Scan::ClamAV perl module may fail to install. If this is the case, then just go into CPAN... perl -MCPAN -e shell ...and force the install at the CPAN prompt: force install File::Scan::ClamAV 12. Run the mod_inst.pl script again just to make sure everything is [OK]. If something isn't, check your perl dependencies. 13. Run ASSP for the first time. It should start without errors or significant warnings: perl assp.pl &

Configure ASSP
This is just a very basic configuration to get you started and get some options up and running. After you finish this How-To, you should go to the ASSP wiki or forums to find documentation on how to fully configure ASSP. 1. From any web browser in the network, go to http://<hostname or ip>:55555 (default password is nospam4me, leave username blank) and change the following settings: o Server Setup section: Enable "Run ASSP as a Daemon" (AsADaemon) Enable "Enable HTTP Compression in GUI" (EnableHTTPCompression) o ClamAV and FileScan section: Enable "Use ClamAV" (UseAvClamd) Change "Port or file socket for ClamAV" (AvClamdPort) to /var/run/clamav/clamd.ctl

2. 3.

4.

5.

6.

SSL/TLS section: If you wish to offer secure/encrypted mail, enable "Enable SSL/TLS support" (enableSSL) Stop ASSP and start it back up again. Check to see if all perl modules are correctly installed and configured. On the Info and Stats page, check the Perl Modules section: o All perl modules should be available (green). IPv6, SSL, and MySQL are optional. o Ignore IO::Socket::SSL if you're not going to use SSL. o Ignore IO::Socket::INET6 if you're not going to use IPv6. o Ignore Tie::RDBM if you're not going to use MySQL. Test the ASSP/Postfix server by telnetting to port 25. telnet localhost 25 You should be able to see your Postfix SMTP server welcome text. Enter the following HELO command: helo yourhostname.yourdomain.tld You should get a message similar to: 250 yourhostname.yourdomain.tld Exit the SMTP server: quit

Set Up A Startup Script For ASSP

1. Make sure that ASSP is not running. You might have to find and kill the running ASSP process if you left it running from a previous step: ps -A | grep perl Find the process id for the perl process (it should be the first number on the left). Kill the process: kill -9 <proc id> 2. Make the assp.pl script executable: cd /usr/share/assp chmod 755 assp.pl 3. Go to this forum thread and copy the init script in the original post: https://sourceforge.net/apps/phpbb/assp/viewtopic.php?f=5&t=980&sid=11242812618cab15 04a1258cb585bb0b 4. Save the script as /etc/init.d/assp 5. Make the assp init script executable: cd /etc/init.d chmod 755 assp 6. Register the init script to create links and so that ASSP will run automatically at boot time (you may have to change the '50' number depending on the startup order you want): update-rc.d assp defaults 50 7. Now you can start ASSP from the init script like this (the following commands are supported with this script: {start|stop|restart|reload|force-reload|status}): /etc/init.d/assp start 8. Set up the GUI restart command. In the ASSP management page: o Automatic Update / Restart section: Change "OS-shell command for AutoRestart" (AutoRestartCmd) to: /etc/init.d/assp restart

Install Webmin (Optional)

Install Webmin to help you look at system resources and access most server's settings and configuration from a Web GUI.

1. Go to your preferred download directory. If you don't have one, your home directory will be fine. 2. Install Webmin dependencies: apt-get install libnet-ssleay-perl libauthen-pam-perl libio-pty-perl apt-show-versions libaptpkg-perl 3. Go to www.webmin.com, copy the download link to the Debian package, and paste it after a wget command: * You should always download the latest stable version; version numbers used here are for example purposes only. wget https://downloads.sourceforge.net/project/webadmin/webmin/1.520/webmin_1.520_all.deb 4. Install the Webmin .deb package: dpkg -i webmin_1.520_all.deb 5. You can now logon to https://<hostname>:10000/ as root with your root password, or as any user who can use sudo to run commands as root.

Finished!

Now go read up on some of the ASSP configuration settings and have fun setting it up.