ASSP Deluxe for cPanel : ASSP post installation and FAQs

ASSP Deluxe for cPanel : ASSP post installation steps

  1. ASSP stands for Anti-Spam SMTP Proxy. ASSP is a Perl based transparent SMTP proxy server and spam filter which sits on SMTP listen ports, in front of a SMTP server. ASSP relays the SMTP dialog between an incoming client and your SMTP server (EXIM), intercepting the dialog as needed. ASSP performs a number of configurable spam checks (scoring mode) and on detecting a spam message provides an immediate 5xx SMTP error code back to the client. Non-spam messages are passed to EXIM for further processing and delivery. Spam messages are blocked from delivery and collected in spambox.
    ASSP flow
  2. ASSP records every SMTP connection in following file log You can see the log in action using this or if you prefer to use the ASSP WHM INTERFACE you can click the LOG button .
    ASSP log file is flushed every 7 days and a backup is created in /usr/local/assp folder. ASSP log file could be useful for various purpouses. Some brief example; if you need to search all email sent by email@domain.com you can use If you need to search all email sent by email@domain.com and blocked If you need to search all email sent by email@domain.com and accepted If you need to search all email sent TO youruser@domain.com and blocked you may use and so on . You can search ips, email , domain and ASSP IDs too (such as the EXIM message id). ASSP set an ASSP ID for each SMTP connection and store it in the email header and in ASSP log. So if you get the ASSP ID (X-Assp-ID) in the email header as shown below       ASSP log example
    e.g. id-51826-08124 : you can search the ASSP ID in ASSP log in this way it will return all the log history for id-51826-08124. If you can't find the ASSP ID in current log, you can try searching the ASSP id in old ASSP logs using this way You can use the ASSP log to improve your ASSP antispam too, for example if you see that you have a lot of ASSP IDs passing because the Penalty limit is too low, you may increase the Penalty limit using ASSP WHM > Score Settings. Below you can see an example of email message blocked. Below you can see an example of email message not accepted because sent to a not existent email account (email dictionary spam) Below you can see an example of email message accepted.
  3. ASSP can learn day by day how to block SPAM and allow good email based on your user activity ( improving Bayesian and HMM spam filters ). Your users can correct ASSP errors forwarding as attachment the good email found in /spambox IMAP folder to assp-notspam@clientdomain.com and forwarding as attachment SPAM found in INBOX to assp-spam@clientdomain.com. When an email is forwarded to assp-spam@ the sender will be also added in a personal email blacklist.  As administrator you can correct spam/notspam errors using the ASSP WHM INTERFACE Bayesian and HMM collections
    ASSP spam and not spam analyzer
    and also using the ASSP WHM INTERFACE SPAM FINDER
    SPAM FINDER Your users can find detailed instructions to use the ASSP email interface reporting ( assp-spam@ , assp-notspam@, assp-white@ , assp-notwhite@ ) in their cPanel Email ASSP and clicking over the HELP and SPAMBOX button as shown below.
    SPAM SCORING
  4. Even if you can add email or domain in ASSP whitelist (using ASSP GUI WHITELIST whitedomains), using ASSP your users should not be worried by whitelist. Everytime an user send an email (send or reply) to someone the email contact will be automatically added in ASSP whitelist. An user can add an email in whitelist also by sending an email to assp-white@ , you can find a detailed explanation in user cPanel   Email  ASSP HELP . As alternative to /spambox IMAP, your users can receive a list of freshed blocked SPAM (anytime they want) by sending an email to asspblock@clientdomain.com (the received email includes possibilities to resend the blocked email too).
  5. ASSP never blocks a local sender ( a local email sent from your server ) . If it happens it means that the local sender is sending email incorrectly (as a relayer, spoofer e.g.) . To fix the "issue" simply be sure your customer is sending email correctly using
    SMTP mail.customerdomain.com (or the server hostname)
    and one the available SMTP ports ( by default 25, 26 ,587 STARTTLS or 465 SSL ).
  6. After the ASSP Deluxe for cPanel spam filter HOW TO installation, ASSP starts with pre-configured moderate antispam settings. These settings provide a good antispam performance and can reduce false positive (email blocked incorrectly) at the same time. If after some day of usage you need to increase antispam performance without changing your settings in ASSP GUI, simply go to ASSP WHM INTERFACE SCORE SETTINGS and decrease 1 max 2 steps the PenaltyMessageLimit . On the countrary if your users are reporting too much false positives (too much email good email blocked) increase some step the PenaltyMessageLimit . If your users want to have a custom relaxed or more aggressive anti SPAM setting restricted to their domain name, they can do it using the control panel as shown below by changing the SPAM Scoring threshold  (  spam threshold score ) from normal to high,very high,highest or from normal to low/very low/lowest.
    SPAM SCORING threshold
  7. After the ASSP cPanel spam filter installation HOW TO the NO LOCAL filter is enabled by default for all users . It blocks all email dictionary attacks. When the NO LOCAL filter is enabled ASSP accepts email only to existent email addresses on your server ( POP3 and email forwarders ) stopping every kind of email dictionary attack ( email sent to random_word@domain.com ). Who send an email to a not existent email on your account ( random_word@clientdomain.com ) will receive following bounce error and ASSP will log the block in this way
  8. All email blocked by ASSP are collected. Your users can check blocked SPAM in multiple ways (all these ways are explained to your customer here user cPanel   Email  ASSP HELP )
    • The main way to check for a blocked email is the IMAP /spambox folder. Using cPanel webmail (Horde,Roundcube) or any IMAP email client (as shown in the image below). Good email found in /spambox folder should be forwarded as attachment to assp-notspam@clientdomain.com, in this way ASSP will learn from error improving Bayesian and HMM filter performance ( and the sender will not be blocked again ). Spambox by default stores email for 7 days . If you want store SPAM for more or less days please read this . roundcube spambox folder
    • Any user email in the server can receive a list of all latest blocked email by sending an email to asspblock@clientdomain.com. The email must be sent from a @clientdomain.com email account using a correct SMTP authentication ( SMTP mail.clientdomain.com or the server hostname ) . The user will receive a response with a list of latest blocked emails. If there are good emails in this list the user can press the Resend link to receive/release the blocked email into his INBOX. The sender will be automatically whitelisted as well.
    • A similar asspblock@clientdomain.com email report with a list of last blocked email will be sent DAILY to all email in the server. roundcube spambox folderIf you want disable this feature globally for ALL your users go to ASSP WHM INTERFACE and click DAILY BLOCKED EMAIL to change the status from ENABLED to DISABLED . If you want disable this feature only for a specific user or domain go to ASSP WHM INTERFACE DAILY BLOCKED EMAIL and click over " Click HERE to exclude email or domain from the report".
    • Another way to collect and check for blocked email for the user is to create a spambox@customerdomain.com POP3 email account using cPanel. If ASSP Deluxe for cPanel will found the spambox@ POP3 account, all blocked email for @domain.com will be collected in spambox@customerdomain.com POP3 account too. This is altenative way to collect blocked email for users which cannot use IMAP protocol to check the /spambox folder. Such as with /spambox IMAP, it's a good user behavior if all good email found in spambox@customerdomain.com will be forwarded as attachment to assp-notspam@clientdomain.com; in this way ASSP will learn from error improving Bayesian and HMM filter performance ( and the sender will not be blocked again ).
    • Your customer can whitelist a blocked email using one of these ways
      • The user can simply fordward as attachment the email to assp-notspam@clientdomain.com; in this way ASSP will learn from error improving Bayesian and HMM filter performance and the sender will be whitelisted as well.
      • The user can simply replies to the (good) email sender. Every time you send an email to someone new their email address will be whitelisted automatically (personal whitelist). For this reason, you should never reply to any spam mails as this will whitelist their addresses.
      • The user can whitelist an email by sending an email to assp-white@customerdomain and adding the email in the email subject (ASSPv1) or email body (ASSPv2). The user can enter also a list of email in the email body (ASSP v2) . The user cannot whitelist a domain name. Domain name can be whitelisted only ASSP administrator using ASSP GUI WHITELISTING and add the domain in whiteListedDomains.
  9. If your user is not able to find an important blocked email using all the ways explained above at point .8 , you can support him as administrator using other solutions explained below.
    • Open ASSP WEB INTERFACE SPAM FINDER
      Using this tool you can search all blocked email for a customer email directly from his spambox IMAP . You can release the email , whitelist the email sender and/or domain name using a web interface.
    • As alternative you can search the customer email in spam collection . Open ASSP WHM INTERFACE SPAM ANALYZER , enter the blocked email and click SEARCH. If you find the emai in collection to you can release the email to your customer INBOX using the [R] link, and you can move the email from SPAM to NOTSPAM collection to correct ASSP and improve its perfomance . spam analyzer
    • As alternative if you prefer the console, you can search the blocked email in ASSP log (e.g.) or or if you do not find it in current log , grep it also in old ASSP logs
    • Using one of the command above you should have a result like this Now execute this to release the email to your customer (each 5 minutes ASSP checks for email in /resendmail and resend the email to your user INBOX ) .
  10. All email blocked by ASSP bounces to the sender with following error The random code ( TY67H78H ) applied to the bounce message ( NOTSPAMTAG ) offers at the sender a chance to resend the email and have the email accepted, if the email was blocked incorrectly. Only if you do not like this behavior open ASSP WHM INTERFACE AUTOMATION SETIINGS and set OFF SpamError and PenaltyError . Now open the ASSP WEB INTERFACE (GUI) and customize SpamError in SPAM Control menu , and PenaltyError in PenaltyBox menu . For example you may set SpamError and PenaltyError as follows (without the resend code NOTSPAMTAG ).
  11. After the installation HOW TO, ASSP is setup to listen and send email using following SMTP ports
    • 25 ( ASSP GUI :: Network Setup menu :: listenPort )
    • 26 and 587 ( ASSP GUI :: Network Setup menu :: listenPort2 )
    • 465 ( ASSP GUI :: Network Setup menu :: listenPortSSL )
    If you want add another SMTP port open the ASSP WEB INTERFACE (GUI) Network Setup and enter alternative SMTP ports separated by a pipe ( | ) in ListenPorts2. Be sure to apply and save ASSP settings.
  12. You should have already opened the ASSP WEB INTERFACE (GUI). As you can see there are various settings here, most of them are preconfigured and controlled by ASSP Deluxe for cPanel. You can find here ASSP core settings which are better you do not change ( for example SSL settings which are controlled using ASSP WHM INTERFACE ASSP SSL MENU, database settings controlled using ASSP WHM INTERFACE, Score/Penalty Box settings controlled by ASSP Deluxe for cPanel, and some other core settings) and ASSP antispam settings which probably you may use often . Most used administrative antispam settings can be found in following ASSP GUI menus :
    • Noprocessing : if you need to bypass ASSP for email or domain.
    • Whitelisting : if you need to whitelist domain,email,ips
    • Validate HELO : if you want setup advanced HELO filtering
    • Validate sender : if you want blacklist an email or domain ( blackListedDomains ) plus other actions
    • IP blocking : if you want block an ip
    • Senderbase : if you want activate Country checks for email
    • Validate SPF : strictSPFRe and blockstrictSPFRe
    • Perl Regular Expression Filter and Spambomb Detection : various ways to allow or block an email based on email content.
    All ASSP GUI settings are saved in /usr/local/assp/assp.cfg (ASSP configuration file) . You should never edit manually this file, this file contains also crypted data , so you may risk to mess up your ASSP, always use the ASSP Web interface if you want change an ASSP setting.  A backup of your configuration file /usr/local/assp/assp.cfg is saved daily in /usr/local/assp/backup_cfg , so if after doing some change in ASSP GUI your ASSP stops to work correctly , STOP your ASSP using the ASSP WHM INTERFACE , restore a working assp.cfg file from /usr/local/assp/backup_cfg to /usr/local/assp/assp.cfg and START ASSP again . You can also backup all the folder /usr/local/assp ( for example in  /usr/local/assp_backup) and restore it in case your ASSP stops to working correctly after making a wrong setting in ASSP GUI or other issues.
  13. If you need to disable temporarly ASSP fully and return to cPanel/EXIM only, you can do it instantly without uninstalling your ASSP, by following these simple automatic steps.
    • Open ASSP WHM INTERFACE and click STOP. After some seconds you will receive following message shown in the image below how to stop assp
    • Simply follow the instructions and click the link to fully disable ASSP. After pressing the link your ASSP will be fully stopped and disabled. ASSP fully stopped
    • If you need to start again ASSP , click the START button and ASSP should restart correctly.
  14. ASSP uses DNS very often to execute various SPAM filter checks (RBL, MX records, PTR and so on). After installation HOW TO, ASSP will be preconfigured with default DNS settings which should be good for everyone. However if you want set best DNS settings for your ASSP you may follow these steps . It will improve SMTP connection speed and will make SMTP connections faster.
    • First open your /etc/resolv.conf and check if you have a search command like this below Search process may be slow and generate a lot of network traffic. So it's better to comment or remove this row as follow Also be sure you do not have a DNS 127.0.0.1 and replace it with a DNS provided by your Datacenter or use a public DNS such as 8.8.4.4 . Now restart your DNS in this way .
    • Now install namebench . Namebench hunts down the fastest DNS servers available for your server to use. Open your console and execute this
      now run it and wait few minutes Now execute this to see the result You will receive a result like this, these are best DNS for your server and your ASSP. ok now execute this Now open ASSP WHM INTERFACE ASSP WEB INTERFACE (GUI) and open the DNS Client Setup and enter in DNS Name Servers* ( DNSServers ) the nameservers above separated by a pipe ( | ) SAVE/APPLY ASSP settings in your ASSP GUI.
  15. Whitelist server ips of all your servers. If you have more than one server whitelist the ips of all your other servers in your server running ASSP. Open ASSP WHM INTERFACE ASSP WEB INTERFACE (GUI) and open the Whitelisting menu and enter in Whitelisted IPs* ( whiteListedIPs )  all the ips of your other servers (one ip per row). Be sure you never enter a local ip in this list.
  16. ASSP deluxe for cPanel will send you various administrative email such as huge outgoing email notifications, daily spambox cleaning reports, ASSP restarts notifications, other. By default the email will be sent to the email(s) you set in WHM Server Configuration Basic WebHost Manager® Setup Email Contact Information . If you want use a different email open the file   /usr/local/assp/deluxe/email_warnings and enter one or more email addresses to contact you (if you enter more than one email separate each email with a "," ) in the cex= row . For example

ASSP Deluxe for cPanel : FAQs

Which are required cronjobs to run ASSP Deluxe for cPanel ?
After installation HOW TO you should already have following cronjobs setup.
rebuildspamdb.pl cron . It's required only in ASSP v1 installation. It rebuilds the spamDB database each 24 hours. ex_localdomains.php cron . It checks ASSP installation integrity and fix issues if required, generates local email and domains , update software if required, send the daily spam reports, plus various other minor tasks. It should run every 59 minutes. update_email.php cron . It applies ASSP WHM interface default settings and checks for new cPanel email or new domain and add them to /usr/local/assp/deluxe/assp_local_email and /usr/local/assp/deluxe/assp_local_domains. It also records ASSP status running values (cpu, RAM) and show them in ASSP WHM INTERFACE ASSP STATUS CHARTS , plus various other minor tasks. It should run every 3 minutes. status.php cron . It checks ASSP status and restart it automatically if an ASSP crash is detected.  It should run every 3 minutes. If you set a value under 3 minutes you may have ASSP false restarts. findabusers.php cron . It creates a list of bad ips and bad email which are sending continuos SPAM to your server . You can find more details related to findabusers.php at this link . It should run every 20~30 minutes signatures.php cron . It updates a list of clamAV Unofficial signatures plus grscripts YARA rules. It should run daily. You may read more details at this link . spam_cronjob.php. It's a required cron if you want use spambox IMAP. It checks ASSP SPAM and deliver them to user spambox IMAP (if the user activated IMAP spambox for his account). It executes each 4 minutes. clear_cronjob.php. It's a required cronjob if you want use spambox IMAP . It executes daily. It removes spambox email older than 7 days (default) from all your user accounts /spambox folder (and from spambox@domain.com POP3 if it's used). It executes daily. You (administrator) will receive an email notification reporting you the spambox email which were removed. At the end of the cleaning process the script will send also a DAILY SPAM REPORT if you enabled this feature in   ASSP WHM INTERFACE DAILY SPAM REPORTS.  
You can add following commands to the clear_spambox.php cronjob . Default cron
Following cron will remove spam older than 15 days and remove other 2 days of older SPAM if the spambox user is greater than 8000 Kb. Optional cronjob to restart automatically your ASSP every day at 03:15 AM . Following cron (single cronjob row) restarts your ASSP freeing up RAM resources every day at 03:15 AM . You should setup it if server RAM is low.
How to install and enable ASSP Deluxe for cPanel spambox IMAP ?
If you didn't installed the SPAMBOX plugin in the installation HOW TO you can do it now . By using the sendAllSpam ASSP feature, ASSP Deluxe for cPanel collects all SPAM in a spammaster email account and using a spambox cronjob delivers automatically all these spam to the email owner. Spambox plugin can be easily installed using following steps.

How to restart ASSP from console ?
You can STOP and START ASSP from console in this way or
How to reduce RAM used by ASSP ?
You can apply following steps to reduce ASSP RAM usage
My ASSP v2 using BerkeleyDB refuses to start or restarts very often. How to solve this issue ?
If your ASSP refuses to start or restarts very often and you are using BerkeleyDB try this
  1. Execute following commands to reinstall BerkeleyDB and restart your ASSP .
  2. If ASSP restarts correctly at step 1. open your ASSP WHM Interface and rebuild the ASSP database using Rebuild SPAM DB.
    If ASSP does not restart after step 1.  or if the restart issue problem continues execute this to reinstall ASSP Perl modules. Once completed try to start your ASSP using the ASSP WHM Interface or repeat the step               1.
  3. If your ASSP refuses to restart after the steps 1. and 2. restore an old backup ASSP installation of your /usr/local/assp folder (if you have a backup) or try restoring a working old assp.cfg from /usr/local/assp/backup_cfg in /usr/local/assp (overwriting current assp.cfg)  ; you should restore the assp.cfg file when ASSP is stopped . If also these steps does not solve the problem you should reinstall your ASSP or switch to MySQL here or click here to receive professional root support .
My ASSP v2 using MySQL refuses to start or restarts very often. How to solve this issue ?
If your ASSP refuses to start and you are using MySQL try this
  1. Open ASSP WHM Interface and STOP ASSP . Then open the MYSQL SETUP and clik the phpmyadmin link. Now click Empty in the hmmdb , spamdb and whitelist rows as shown below. reset EXIM to default After this step return to ASSP WHM Interface and START ASSP.
  2. If ASSP restarts correctly at step 1. open your ASSP WHM Interface and rebuild the ASSP database using Rebuild SPAM DB.
    If ASSP does not restart after step 1. execute this to reinstall ASSP Perl module. Once completed try to start your ASSP using the ASSP WHM Interface or repeat the 1.
  3. If your ASSP refuses to restart after the steps 1. and 2. restore an old backup ASSP installation of your /usr/local/assp folder (if you have a backup) or try restoring an working old assp.cfg from /usr/local/assp/backup_cfg . If also these steps does not solve the problem you should reinstall your ASSP or switch to BerkeleyDB  here or click here to receive professional root support .
How to fix ASSP Deluxe for cPanel license issues ?
Open your console and execute this If the problem does not fix contact support here and provide your server ip.
You can find your server ip in this way
Can I change my ASSP Deluxe for cPanel licensed ip ?
You can change your licensed ip anytime. If you want change your licensed server ip simply contact support via email here and provide your OLD server ip and your NEW server ip. If you need an extension time (max 30 days) for OLD server ip please specify it in your email.
I added a new /home2 location , should I do something in ASSP Deluxe ?
You must follow this setup guide here if you have more than one /home location for your hosting accounts.      
I have too much false positives (good email blocked), how to solve it ?
I have SPAMBOX enabled . Can I skip spambox collection for some sender ?
If you want drop an email without passing it to spambox , you can use ASSP WEB INTERFACE (GUI) Collecting SPAM and HAM menu and enter a regular expression in noCollectRe . If the content of a collected email (incl. X-ASSP-... headers) matches this regular expression, it will be deleted from the spambox collection .
For example if you enter All email coming from *@lop.ru will not be collected in spambox.
Another example, if you enter all email with chinese chars will not be collected in spambox.
As alternative you may use ASSP WEB INTERFACE (GUI) Copy Spam & Ham and enter a numeric value in ccMaxScore. All email whose score exceeds this ccMaxScore threshold will not be copied in spambox. For example: 90. The value must be much greater than the PenaltyMessageLimit (ASSP v2) set in A ASSP WHM INTERFACE SCORE SETTINGS page.
Some ASSP GUI fields allow to enter Regular Expressions, what do you recommend to validate Regular expressions ?
You can use https://regex101.com (e.g.) which is an excellent regex tester and debugger .     
How to migrate ASSP from old server A to new server B ? If you need to migrate ASSP from server A (old) to server B (old) , you should first ask a change of license from server ip A to server ip B . You should simply contact support via email here and provide your OLD server ip and your NEW server ip. If you need an extension time (max 30 days) for OLD server ip please specify it in your email.
  ASSP v1 data migration (ASSP v1 to ASSP v1) Once you have changed your ASSP Deluxe for cPanel licensed ip as explained above, install ASSP v1 in your new server using this HOW TO . At the end of your ASSP v1 installation go to console and in the new server execute this Now execute this in the old server replacing server_ip with the new server ip and ssh_port with the SSH port of new server ip . You can close your old server now . Open ASSP WHM INTERFACE in your new server and STOP ASSP . Now execute this in new server. Now you can return to ASSP WHM INTERFACE and START ASSP. All should run correctly, ASSP main settings ( /files ), whitelist, personal blacklist, and ASSP spam database have been migrated. If everything is working correctly you can remove the /old folder in this way
ASSP v1 data migration (ASSP v1 to ASSP v2) Once you have changed your ASSP Deluxe for cPanel licensed ip as explained above, install ASSP v2 in your new server using this HOW TO but do NOT setup the ASSP database (skip the database BerkeleyDB/MySQL setup) . At the end of your ASSP v2 installation go to console and in the new server execute this Now execute this in the old server replacing server_ip with the new server ip and ssh_port with the SSH port of new server ip . You can close your old server now . Open ASSP WHM INTERFACE in your new server and STOP ASSP . Now execute this in new server. Now you can return to ASSP WHM INTERFACE and START ASSP. All should run correctly, ASSP main settings ( /files ), whitelist, personal blacklist, and ASSP spam database have been migrated. If everything is working correctly you can remove the /old folder in this way Now you can setup an ASSP Database using the BerkeleyDB HOW TO OR  the MySQL HOW TO.
  ASSP v2 data migration (ASSP v2 MySQL to ASSP v2 MySQL) Once you have changed your ASSP Deluxe for cPanel licensed ip as explained above, install ASSP v2 in your new server using this HOW TO but do NOT setup the ASSP MySQL database (skip the database BerkeleyDB/MySQL setup) . At the end of your ASSP v2 installation go to console and in the new server execute this Now open ASSP WHM INTERFACE and open MYSQL SETUP . Click the lick to Disable MySQL then return to ASSP WHM INTERFACE and STOP AND START ASSP . Now execute this in the old server replacing server_ip with the new server ip and ssh_port with the SSH port of new server ip . You can close your old server now . Open ASSP WHM INTERFACE in your new server and STOP ASSP . Now execute this in new server. Now you can return to ASSP WHM INTERFACE and START ASSP. All should run correctly, ASSP main settings ( /files ), whitelist, personal blacklist, and ASSP spam database have been migrated. If everything is working correctly you can remove the /old folder in this way Now you can setup ASSP MySQL using this MySQL HOW TO.  
ASSP v2 data migration (ASSP v2 BerkeleyDB to ASSP v2 BerkeleyDB) Once you have changed your ASSP Deluxe for cPanel licensed ip as explained above, install ASSP v2 in your new server using this HOW TO but do NOT setup the ASSP BerkeleyDB database (skip the database BerkeleyDB/MySQL setup) . At the end of your ASSP v2 installation go to console and in the new server execute this Now execute this in the old server replacing server_ip with the new server ip and ssh_port with the SSH port of new server ip . You can close your old server now . Open ASSP WHM INTERFACE in your new server and STOP ASSP . Now execute this in new server. Now you can return to ASSP WHM INTERFACE and START ASSP. All should run correctly, ASSP main settings ( /files ), whitelist, personal blacklist, and ASSP spam database have been migrated. If everything is working correctly you can remove the /old folder in this way Now you can setup ASSP BerkeleyDB using this BerkeleyDB  HOW TO.  
How to backup and restore ASSP ? You can create a backup of your ASSP in this way If you need to restore your ASSP , you may follow the ASSP migration HOW TO and you should consider the /usr/local/assp_backup folder exactly as the  /usr/local/assp/old folder .  
I messed up ASSP configuration file, how to fix it now ? If you do not have an ASSP backup as explained here , try this :
Open your ASSP WHM interface and STOP ASSP . Now restore from /usr/local/assp/backup_cfg an old assp.cfg configuration file
and restore it in /usr/local/assp overwriting current assp.cfg.  Now START your ASSP . Your ASSP should restart correctly . If it does not restart it means you have other issues , not related with your ASSP configuration file.  
How can I whitelist email or domain using ASSP GUI ? Your users can whitelist email simply repling the sender email or sending an emal to assp-white@ as explained here .
As administrator you can whitelist email , domain , or ip addresses using the   ASSP WHM interface ASSP WEB Internface (ASSP GUI) Whitelisting menu . For example if you want whitelist all email sent by myoffice.net you should add in whiteListedDomains . You can whitelist ips using whiteListedIPs or you can whitelist email using a Regular Expression using whiteRe  
How to block an email based on email content or attachment binary content ?
You have countless ways to block or score email based on email text content using ASSP, for example you can use Regular Expressions in ASSP Web Interface GUI, you can score or block an email if a particular word or Regular Expression is used in subject and/or email header, and/or email body.  For example if you would block an email having the phrase " Brand World pharmaceuticals for Lovemaking" in the email body or email header open ASSP Web Interface GUI Perl Regular Expression Filter menu and add the following in bombRe It will score the email addictional 100 points ( weight =>100 ) so that will be surely blocked.  The addiction above will be case sensitive if you want case insensitive using Regular expression you may enter this On the countray you can use a negative score to allow an email . For example if you want allow an email with the subject " this is my important office email" you can add this in bombre or bombSubjectRe with a negative weight score These are only few examples, you have unlimited solutions using the Perl Regular Expression menu in ASSP.

User defined custom YARA rules are available too in ASSP Deluxe 10.x and above. YARA is a tool used mainly, but not exclusively, for identifying and classifying malware based on string or binary pattern matching. You can use YARA rules to manage and enhance detections, to stop latest threats.
You can introduce your own YARA rules to enhance your ASSP detection efficacy. Using YARA rule you can score and block email binary attachments too.  You can add your own clamAV YARA rules in the file You can find detailed info to start writing your own YARA rules here :
Briefly a YARA rule is a description based on textual or binary patterns. A rule’s description can be broken down into three sections: Together, these sections determine a rule’s logic. At a minimum, every rule must have a condition section. You may omit the meta or strings section if not needed.  After entering a YARA rule be sure to restart ClamAV in this way if clamAV restarts correctly (without errors) the YARA rule was accepted and it's correct.
ASSP Deluxe for cPanel includes an updated (updated daily using signatures.php cronjob) YARA rule file located here grscripts_spam.yara includes new SPAM patterns and it's continuosly updated with new rules by Grscripts.com . YARA rules can be used to detect and block various types of threats, and now with the capability available in ASSP Deluxe for cPanel, you can apply your own custom rules against attachments, email headers, and the body of emails to help detect threats. With this feature, you can  gain more control to manage email flow and detect threats in custom and creative ways.
 
Can I block or allow email from a domain extension ? One way to do this is using ASSP Web Interface GUI Perl Regular Expression Filter  bombSenderRe . For example if you add a +100 score points to .club domain name extension in this way all email coming from .club will be scored an additional 100 points (and should be surely blocked if you have the PenaltyMessageLimit set to default 53 points in ASSP WHM INTERFACE SCORE SETTINGS page ) .
On the countrary if you want be sure all the email coming from your country domain extension  .no (e.g.)  will not be blocked you can use this  
How to disable fully ASSP SPAM filtering for a single email or domain ? ASSP v1 Open ASSP Web Interface GUI Validate Sender menu and add the local email or local domain which should be excluded by ASSP in noProcessingFrom . Now open the Validater Recipient menu and add the local email or local domain which should be excluded by ASSP in noProcessingTo. After these steps ASSP will be fully bypassed for the domain (or email). ASSP v2 Open ASSP Web Interface GUI No Processing menu. Here you have various options to exclude ASSP for a domain or email or ip address too; the best way which works in all situations to bypass a local domain is by adding the email or domain in npRe using Regular Expression. For example if want fully disable ASSP for *@userdomain.com you can add in npRe . Or if you want disable ASSP antispam only for email  user@userdomain.com you may use this Do Blacklisting Addresses and Domains for NoProcessing (DoBlackDomainNP)
How ASSP filters email attachments ? After installation HOW TO ASSP is preconfigured to do following attachment checks ;  
Does ASSP check email size ? After installation HOW TO ASSP is preconfigured to do following email size checks which are all set in ASSP WEB interface SMTP Session limits (only ASSP v2)
How does work the ASSP Delaying filter ? If you followed the installation HOW TO ASSP should be configured with delaying filter disabled for all your domain names. Your users can enable (and disable) Delaying filter using the ASSP Deluxe for cPanel frontend. Delaying is a method of blocking big amounts of SPAM at the mailserver level. This method is also called "Greylisting". Delaying works on the idea that a good mailserver is always configured to attempt a re-delivery of an email message, if it gets a soft failure. How does it work exactly ? When someone send an email to your mailserver running ASSP and your user has the Delaying filter enabled, ASSP will return a 451 error (soft failure) to the sender . If the sender mailserver is configured correctly it will reattempt to deliver the email in X number of minutes (it depends upon its configuration).  If the sender mailserver waits and redelivers the email , the triplet (email address, domain,IP) gets whitelisted by ASSP (delaying whitelist) and the user receives the email . So your user receives the email after min 5 minutes (default embargo time) and max 28 hours (default wait time).   If the remote mailserver doesn't reattempt the deliver (and the spammers often do not reattempt the deliver) the email will not be accepted after the wait time (28 hours).  Can be lost valid good email ? Only if the good sender mailserver is not configured to reattempt the deliver.  
Does ASSP support SSL SNI ? ASSP v1 If you followed the ASSP v1 cpanel antispam installation HOW TO, and you enabled ASSP SSL your users can use SNI in their SMTP but using SMTP mail.userdomain.com with an SSL/TLS port they'll receive a "Domain warning" in the Certificate. ASSP v2After ASSP v2 cpanel antispam installation HOW TO ASSP SSL SNI is enabled and fully supported (without SSL warnings). You can enable SNI globally or per domain using ASSP WHM INTERFACE SSL MENU .  
How to allow an ip address to relay ? How to add a custom ip in ASSP ? Your server ip addresses are automatically added in ASSP ( myServerRe : /usr/local/assp/deluxe/assp_local_ips ) using the ASSP Deluxe ex_localdomains.php cronjob . If you want allow an ip address to relay which is not setup in your server you should follow these steps; Suppose you want add the ip address 130.10.10.10 , go to console and execute this
 
now execute 

Done, after this step the ip 130.10.10.10 should be listed in /etc/relayhosts and in /usr/local/assp/deluxe/assp_local_ips .

How to allow a custom domain to relay email ? Your server email and domain are automatically added in ASSP using the ASSP Deluxe ex_localdomains.php cronjob . If you want allow to relay a domain name which is not setup in your server you should follow these steps; Suppose you want add the domain  domain.com , go to console and execute this
 
now execute 

Done, after this step domain name domain.com should be listed in  /usr/local/assp/deluxe/assp_local_domains .

How to allow a custom email to relay ? Your server email and domain are automatically added in ASSP using the ASSP Deluxe ex_localdomains.php cronjob . If you want allow to relay an email name which is not setup in your server you should follow these steps; Suppose you want add the email  email@domain.com , go to console and execute this
 
now execute 

Done, after this step email  email@domain.com should be listed in  /usr/local/assp/deluxe/assp_local_email .

How to solve SSL and PCI issues ? ASSP handles SSL connections by using IO::Socket::SSL Perl module. Default cipher list and SSL version used by IO::Socket::SSL  are the following . SSL Version SSL Cipher list This applies to IO::Socket::SSL version 2.067 ; if you are using an older or newer IO::Socket::SSL download and decompress the IO-Socket-SSL Perl module package and check the SSL_cipher_list an SSL_version contained in SSL.pm file . These are secure values which are compatible with the rest of the world and exclude broken ciphers and SSL versions that are clearly broken and dangerous.   If your users are using an obsolete email client and you want offer them a wider SSL compatibility ( compatibility to most legacy/obsolete email clients ) be sure you have SSL Minimum Protocol set to TLSv1 (SSLv3 or below are not recommended!) in WHM Service Configuration Mailserver Configuration .   On the countrary if you want a strong SSL security ( and SSL PCI compliance ) and you want allow only newer and updated email client (updated to latest TLS protocols) be sure you have SSL Minimum Protocol set to TLSv1.2 in WHM Service Configuration Mailserver Configuration .  
How to monitor SPAM sent from my server ( outgoing SPAM ) ? How do I stop SPAM being sent from my server ? My server is sending spam. What do I do ? ASSP Deluxe for cPanel monitors outgoing email activity and send you an email notification if a condition is matched. If you take actions as soon you receive these email notifications you can avoid issues with outgoing SPAM blacklists. Currently ASSP Deluxe for cPanel can send three different email notifications : Or you can activate Outgoing ASSP SPAM checks for local users . Open ASSP WHM INTERFACE OUTGOING SPAM .
Outgoing email notifications : email sent using a script ASSP Deluxe for cPanel checks your EXIM log ( /var/log/exim_mainlog ) during each ex_localdomains.php cron execution (by default each 59 minutes) and send you an email notification if the condition below is matched :   If the condition will be matched the next check will run after 6 ex_localdomains.php executions.
The email notification will be sent to the email set here. You can customize top, qu and check_hours by editing the file /usr/local/assp/deluxe/email_warnings , for example  
Outgoing email notifications : email sent using script or SMTP authentication ASSP Deluxe for cPanel checks your EXIM log ( /var/log/exim_mainlog ) each 3 hours and send you an email notification if the condition below is matched :   If the email notification will be exactly the same in the next 3 hours check, the email notification will not be sent again even if the condition is matched.
The email notification will be sent to the email set here. You can customize top, qu and check_hours by editing the file /usr/local/assp/deluxe/email_warnings , for example If you want ignore one or more users in this script email notification you should add the username in this list (one username per row)  
Outgoing email notifications : email sent having same subject ASSP Deluxe for cPanel checks your EXIM log ( /var/log/exim_mainlog ) each 3 hours and send you an email notification if the condition below is matched :   If the email notification will be the same for the next five consecutive 3 hours checks, the email notification will not be sent again even if the condition is matched. The email notification will be sent to the email set here. You can customize limit_top and check_hours by editing the file /usr/local/assp/deluxe/email_warnings , for example If you want ignore one or more email subjects in your same subject email notifications you should add the email subjects in this list (one per row)
find_abusers.php If you followed the installation HOW TO you already have following cronjob setup This cron analyzes current ASSP log ( /usr/local/assp/maillog.txt ) and collects ips and email which were repetitively abusing your mailserver as follows; If you execute find_abusers.php from console you can receive various information collected from your current ASSP log or old ASSP logs. For example sw=10 will return all data with a value above 10. If you want analyze an old log , for example /usr/local/assp/20-03-12.maillog.txt you should execute this Data returned by find_abusers.php is listed below ;
How to have a better mailserver reputation
How to add alternative SMTP ports in ASSP ? By default at the end of your ASSP installation you should have following SMTP ports   If you want , you may add other SMTP ports by adding them in ASSP WEB INTERFACE (GUI) Network Setup listenPort2 . Be sure to separate each SMTP port with a pipe | , and be sure to allow each new SMTP port in your firewall.
How to skip/bypass one or more ASSP SMTP port(s)
You can skip one or more ASSP SMTP port(s) by adding each SMTP port in the file (one SMTP port per row) /usr/local/assp/deluxe/smtp_skip. Edit the file with your preferred editor (e.g. nano),   then add the SMTP port you want exclude from ASSP for example if you want exclude 26 and 465 SSL you should enter   Now save the file and open the  ASSP WHM INTERFACE : STOP fully your ASSP ( as explained here ) and START it again . After this step SMTP port 26 and 465 will run EXIM only and will not pass for ASSP.  
Where are the old ASSP Deluxe for cPanel FAQs and other pages ?
You can found it HERE however note that there could be obsolete FAQs. Old changelog is available HERE, while old Tweaking page is available HERE . Old instructions to create a language pack for Deluxe frontend are still available HERE.