|
|
@@ -8,7 +8,7 @@ Installing SNFServer to filter email involves the following steps: |
|
|
|
|
|
|
|
1) Check prerequisites. |
|
|
|
|
|
|
|
2) Create the snfilter user and group. |
|
|
|
2) Create the snfuser user and group. |
|
|
|
|
|
|
|
3) Build and install the SNFServer package (using a tarball or a |
|
|
|
package). |
|
|
@@ -31,15 +31,15 @@ Before installing SNFServer, make sure that: |
|
|
|
|
|
|
|
1) The program curl must be installed. |
|
|
|
|
|
|
|
Creating the snfilter user and group |
|
|
|
************************************ |
|
|
|
Creating the snfuser user and group |
|
|
|
*********************************** |
|
|
|
|
|
|
|
Before installing, the snfilter user and group must be created. For |
|
|
|
increased security, snfilter user has no shell. |
|
|
|
Before installing, the snfuser user and group must be created. For |
|
|
|
increased security, snfuser user has no shell. |
|
|
|
|
|
|
|
OS-specific issues-- |
|
|
|
|
|
|
|
The commands to create the snfilter user and group are OS dependent. |
|
|
|
The commands to create the snfuser user and group are OS dependent. |
|
|
|
For your convenience, the commands for creating the user and group for |
|
|
|
varous OSes are listed here. However, no guarantee is made that these |
|
|
|
commands will work on your system; please refer to your system |
|
|
@@ -47,25 +47,25 @@ documentation. |
|
|
|
|
|
|
|
1) OpenBSD: |
|
|
|
|
|
|
|
a) 'useradd -g =uid -m -c "SNFServer Account" -s /bin/false snfilter'. |
|
|
|
a) 'useradd -g =uid -m -c "Sniffer Account" -s /bin/false snfuser'. |
|
|
|
|
|
|
|
2) Ubuntu: |
|
|
|
|
|
|
|
a) 'adduser --gecos "SNFServer Account" --no-create-home --shell /bin/false snfilter'. |
|
|
|
a) 'adduser --gecos "Sniffer Account" --no-create-home --shell /bin/false snfuser'. |
|
|
|
|
|
|
|
3) RedHat (and variants such as Fedora and CentOS): |
|
|
|
|
|
|
|
a) 'adduser --comment "SNFServer Account" -M --shell /bin/false snfilter' |
|
|
|
a) 'adduser --comment "Sniffer Account" -M --shell /bin/false snfuser' |
|
|
|
|
|
|
|
4) Suse: |
|
|
|
|
|
|
|
a) 'groupadd snfilter' |
|
|
|
a) 'groupadd snfuser' |
|
|
|
|
|
|
|
b) 'useradd -c "SNFServer Account" -s /bin/false -g snfilter snfilter' |
|
|
|
b) 'useradd -c "Sniffer Account" -s /bin/false -g snfuser snfuser' |
|
|
|
|
|
|
|
5) FreeBSD: |
|
|
|
|
|
|
|
a) 'pw user add -c "SNFServer Account" -n snfilter -w no -s /bin/false' |
|
|
|
a) 'pw user add -c "Sniffer Account" -n snfuser -w no -s /bin/false' |
|
|
|
|
|
|
|
Building and installing SNFServer |
|
|
|
********************************* |
|
|
@@ -181,7 +181,7 @@ To configure SNFServer, do the following: |
|
|
|
|
|
|
|
If desired for security purposes, restrict the permissions of |
|
|
|
SNFServer.xml. For example, to make SNFServer.xml readonly by |
|
|
|
only the snfilter user and snfilter group, enter the following: |
|
|
|
only the snfuser user and snfuser group, enter the following: |
|
|
|
|
|
|
|
chmod 440 SNFServer.xml |
|
|
|
|
|
|
@@ -189,7 +189,7 @@ To configure SNFServer, do the following: |
|
|
|
license ID and authentication attributes of the <identity> element. |
|
|
|
If desired for security purposes, restrict the permissions of |
|
|
|
identity.xml. For example, to make identity.xml readonly by only |
|
|
|
snfilter, enter the following: |
|
|
|
snfuser, enter the following: |
|
|
|
|
|
|
|
chmod 400 identity.xml |
|
|
|
|
|
|
@@ -219,30 +219,30 @@ To configure SNFServer, do the following: |
|
|
|
iii) Any other changes as necessary if the default directories |
|
|
|
are not used. |
|
|
|
|
|
|
|
b) Ensure that getRulebase is executable by the snfilter user. |
|
|
|
b) Ensure that getRulebase is executable by the snfuser user. |
|
|
|
This can be done with the command: |
|
|
|
|
|
|
|
chmod +x getRulebase |
|
|
|
|
|
|
|
5) Ensure that the snfilter user has read/write access to the files |
|
|
|
5) Ensure that the snfuser user has read/write access to the files |
|
|
|
in workspace (default: /usr/share/snf-server or |
|
|
|
/usr/local/share/snf-server) and configuration directory (default: |
|
|
|
/etc/snf-server). To grant this access, enter the following command, |
|
|
|
as the root user: |
|
|
|
/etc/snf-server). To grant this access, enter the following |
|
|
|
command, as the root user: |
|
|
|
|
|
|
|
chown -R snfilter:snfilter /usr/share/snf-server |
|
|
|
chown -R snfuser:snfuser /usr/share/snf-server |
|
|
|
|
|
|
|
chown -R snfilter:snfilter /etc/snf-server |
|
|
|
chown -R snfuser:snfuser /etc/snf-server |
|
|
|
|
|
|
|
As you modify files in these directories, please ensure that the |
|
|
|
read/write permissions for snfilter is maintained. |
|
|
|
read/write permissions for snfuser is maintained. |
|
|
|
|
|
|
|
6) Create the logfile directory, and ensure the snfilter user has |
|
|
|
6) Create the logfile directory, and ensure the snfuser user has |
|
|
|
read/write access to it: |
|
|
|
|
|
|
|
mkdir /var/log/snf-server |
|
|
|
|
|
|
|
chown snfilter:snfilter /var/log/snf-server |
|
|
|
chown snfuser:snfuser /var/log/snf-server |
|
|
|
|
|
|
|
chmod 755 /var/log/snf-server |
|
|
|
|
|
|
@@ -254,10 +254,10 @@ To configure SNFServer, do the following: |
|
|
|
|
|
|
|
b) 'touch UpdateReady.txt'. |
|
|
|
|
|
|
|
c) 'chown snfilter UpdateReady.txt'. |
|
|
|
c) 'chown snfuser UpdateReady.txt'. |
|
|
|
|
|
|
|
d) 'su -m snfilter -c "/usr/sbin/getRulebase"'. If getRulebase |
|
|
|
is in a different directory, this command should be changed |
|
|
|
d) 'su -m snfuser -c "/usr/sbin/getRulebase"'. If getRulebase is |
|
|
|
in a different directory, this command should be changed |
|
|
|
accordingly. |
|
|
|
|
|
|
|
OS-specific issues-- |
|
|
@@ -349,7 +349,7 @@ reinjects the message into the mail system. |
|
|
|
|
|
|
|
cp snfSniffer.sample snfSniffer |
|
|
|
|
|
|
|
chown snfilter snfSniffer |
|
|
|
chown snfuser snfSniffer |
|
|
|
|
|
|
|
chmod 550 snfSniffer |
|
|
|
|
|
|
@@ -373,7 +373,7 @@ scans it with SNFServer, and then reinjects the message. |
|
|
|
also add: |
|
|
|
|
|
|
|
'snfilter unix - n n - 10 pipe' |
|
|
|
' flags=Rq user=snfilter argv=/usr/sbin/snfSniffer' |
|
|
|
' flags=Rq user=snfuser argv=/usr/sbin/snfSniffer' |
|
|
|
' -f ${sender} -- ${recipient}' |
|
|
|
|
|
|
|
to master.cf. Specify the directory snfSniffer is in if not |
|
|
@@ -438,7 +438,7 @@ configuring procmail to use snfSnifferFilter as a filter. |
|
|
|
|
|
|
|
cp snfSnifferFilter.sample snfSnifferFilter |
|
|
|
|
|
|
|
chown snfilter snfSnifferFilter |
|
|
|
chown snfuser snfSnifferFilter |
|
|
|
|
|
|
|
chmod 550 snfSnifferFilter |
|
|
|
|