I’ve just implemented ASSP (which stands for Anti-Spam SMTP Proxy) on my Linux server. This replaces the custom spam rules I’d rolled using postfix host / sender / recipient checks, and procmail, along with SpamAssassin. All of that is now mostly ripped out, with ASSP in its place.

I’d originally become so fed up with spam and viruses that I decided I wanted to switch to a whitelist only scheme. Glen, however, indicated that he would not be interested in that and he pointed me in the direction of this alternative. (Which also does whitelisting only, if you configure it that way.) I was skeptical at first, but, after configuring it and seeing how well it works, I’m now a convert.

It’s much easier to use than SpamAssassin and, right off the bat, it’s shown itself to be far more accurate.

Right now it’s running in test mode. All messages detected as spam are being allowed through (although marked with “[spam]” in their Subject: line) but being shunted to a special spam account that I can check.

I need to get an equal number of spam messages to regular messages in order for the Bayesian learning algorithm to work. Since my server is inundated with spam (at least 80% of all messages) I need to wait until I get 14,000 (the optimum) of both types before reporting things. (I could just delete a ton of the spam messages at random until their number comes down to that of the legitimate messages – but I’m not going to find the time for that sort of thing for a while.)

I’m still using postfix to bounce “helpful” messages from virus checking programs – since these messages are all unrequested and mostly originate in response to bogus messages in the first place, I consider them to be spam also. (When I say “bounce” I don’t mean I send an actual email back, rather a simple “rejected” / 550 message to the originating SMTP server.)