|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 |
- # Setting up Message Sniffer with Postfix
-
- # You should already have an SNF license ID and authentication string. If
- # you don't then sign up for a free trial first and they will be provided:
- # http://www.armresearch.com/products/trial.jsp
-
- # This procedure assumes you're running Linux.
- # If you are using BSD please substitue the correct distribution directory.
-
- # Follow this procedure logged in as root!
- # Download and unpack the distribution files.
-
- wget http://www.armresearch.com/message-sniffer/download/SNFSourceClientServer.3.0.1.zip
- unzip SNFSourceClientServer.3.0.1.zip
-
- # Compile the SNFServer.exe, SNFClient.exe and snf2check.exe programs.
-
- cd SNF_Source_Distribution/SNF_Service
- . compile
- cd ../SNF_Client
- . compile
- cd ../SNF2Check
- . compile
- cd ..
-
- # Create the /var/spool/snfilter directory.
- # Copy the necessary files to the snfilter directory.
- # The Linux distribution is assumed below.
-
- mkdir /var/spool/snfilter
- mkdir /var/spool/snfilter/msg
- cp SNF_Service/SNFServer.exe /var/spool/snfilter
- cp SNF_Client/SNFClient.exe /var/spool/snfilter
- cp SNF2Check/SNF2Check.exe /var/spool/snfilter
- cp GBUdbIgnoreList.txt /var/spool/snfilter
- cp snf_engine.xml /var/spool/snfilter
- cp identity.xml /var/spool/snfilter
-
- # Copy the control and update scripts to the snfilter directory.
-
- cp scripts/* /var/spool/snfilter
-
- # Copy a couple of test files to the snfilter directory.
-
- cp cleanmsg.txt /var/spool/snfilter
- cp junkmsg.txt /var/spool/snfilter
-
- # Create an unprivleged user with no shell or home directory.
- # Set Permissions and ownership of the files and directory.
-
- groupadd -g 93 snfilter
- useradd -g 93 -u 93 -c "Spam Filter" -d /bin/false snfilter
- chown snfilter /var/spool/snfilter /var/spool/snfilter/msg
- cd /var/spool/snfilter
- chown snfilter *
- chmod 460 *
- chmod 770 msg
- chmod 500 SNFServer.exe
- chmod 570 SNFClient.exe SNF2Check.exe
- chmod 570 getRulebase snfscan-spamassasin snfscan-standalone
- chmod 070 snfctrl
-
- # Modify your getRulebase script (input your license information)
- # Simulate a ready rulebase update and download your .snf file.
-
- touch UpdateReady.txt
- chown snfilter UpdateReady.txt
- su snfilter -c "/var/spool/snfilter/getRulebase"
- ls *.snf
-
- # SNFServer_readme.txt will guide you through the next step:
- # Make the appropriate adjustments to your GBUdbIgnoreList.txt,
- # identity.xml, and snf_engine.xml files.
- # Test your SNFServer installation
-
- ./snfctrl start
- ./SNFClient.exe -status.second
-
- # If successful you should see XML data. If not, an error.
- # Upon success, set up SNFServer to run on startup. We will
- # test the link by shutting down snf from init.d.
-
- ln -s /var/spool/snfilter/snfctrl /etc/init.d/snf
- /etc/init.d/snf stop
-
- # Tell chkconfig that we want SNFServer turned on.
-
- chkconfig snf on
- chkconfig --list | grep snf
-
- # Congratulations!!
- # If you've gotten to this point then you have successfully installed
- # SNF on your server! The next set of instructions assumes you will
- # be using SNF with postfix and simply injecting headers that will be
- # used later to remove, quarantine, or otherwise redirect messages
- # detected as spam. There are as many ways to use SNF as there are
- # systems using it -- so the following is just a good starting place
- # for postfix users.
-
- # Be sure to restar SNFServer before trying to use it ;-)
-
- service snf start
-
- #------------------------------------------------------------------
-
- # Copy the snfscan-standalone script to sniffer and set the correct
- # access rights.
-
- cp snfscan-standalone sniffer
- chown snfilter sniffer
- chmod 570 sniffer
-
- # The snfscan-standalone version of the sniffer script creates a
- # temporary copy of the message, scans it with SNF, and then reinjects
- # the message. It is presumed that SNF is configured with x-header
- # injection turned on and that the x-headers have been customized
- # to suit your needs. Check the <xheaders/> section of your snf_engine.xml
- # file to verify that SNF is configured to do what you want.
-
- # Edit the sniffer shell script, and uncomment the action you want
- # the script to take. The default action will only to add a
- # "X-SortMonster-Msg-Sniffer-Match:" header to messages that
- # match the filter. This default action will not stop spam from
- # getting through.
-
-
- # Changes to /etc/postfix/master.cf
- # LEADING WHITE SPACES ARE IMPORTANT WHEN MAKING THIS CHANGE
-
- change:
-
- smtp inet n - n - - smtpd
-
- to:
-
- smtp inet n - y - - smtpd
- -o content_filter=snfilter
-
-
- also add:
-
- snfilter unix - n n - 10 pipe
- flags=q user=snfilter argv=/var/spool/snfilter/sniffer
- -f ${sender} ${recipient}
-
- to master.cf
-
-
- # At this point You could just restart postfix, and hope nothing
- # goes wrong. Instead, it would be smarter to first test the
- # installation from the command line by injecting a message directly
- # into the filter script "sniffer". We can issue a command like
-
- ./sniffer -f sender recipient <junkmsg.txt
-
- # Where junkmsg.txt is a spam test message. We should also test
- # a clean message to make sure that this script is working as we
- # expect it to. In this case we would issue a command like
-
- ./sniffer -f sender recipient <cleanmsg.txt
-
-
- # If you've done everything correctly then all you have to do
- # is reload postfix to start the content_filter working.
-
-
- postfix reload
-
-
- # If something goes wrong you need only comment out, or remove
- # the line
-
- -o content_filter=snfilter
-
- # in /etc/postfix/master.cf, then reload postfix as shown above.
|
