# Setting up Message Sniffer with Postfix

# You should already have an SNF license ID and authentication string. If
# you don't then sign up for a free trial first and they will be provided:
# http://www.armresearch.com/products/trial.jsp

# This procedure assumes you're running Linux.
# If you are using BSD please substitue the correct distribution directory.

# Follow this procedure logged in as root!
# Download and unpack the distribution files.

wget http://www.armresearch.com/message-sniffer/download/SNFSourceClientServer.3.0.1.zip
unzip SNFSourceClientServer.3.0.1.zip

# Compile the SNFServer.exe, SNFClient.exe and snf2check.exe programs.

cd SNF_Source_Distribution/SNF_Service
. compile
cd ../SNF_Client
. compile
cd ../SNF2Check
. compile
cd ..

# Create the /var/spool/snfilter directory.
# Copy the necessary files to the snfilter directory.
# The Linux distribution is assumed below.

mkdir /var/spool/snfilter
mkdir /var/spool/snfilter/msg
cp SNF_Service/SNFServer.exe /var/spool/snfilter
cp SNF_Client/SNFClient.exe /var/spool/snfilter
cp SNF2Check/SNF2Check.exe /var/spool/snfilter
cp GBUdbIgnoreList.txt /var/spool/snfilter
cp snf_engine.xml /var/spool/snfilter
cp identity.xml /var/spool/snfilter

# Copy the control and update scripts to the snfilter directory.

cp scripts/* /var/spool/snfilter

# Copy a couple of test files to the snfilter directory.

cp cleanmsg.txt /var/spool/snfilter
cp junkmsg.txt /var/spool/snfilter

# Create an unprivleged user with no shell or home directory.
# Set Permissions and ownership of the files and directory.

groupadd -g 93 snfilter
useradd -g 93 -u 93 -c "Spam Filter" -d /bin/false snfilter
chown snfilter /var/spool/snfilter /var/spool/snfilter/msg
cd /var/spool/snfilter
chown snfilter *
chmod 460 *
chmod 770 msg
chmod 500 SNFServer.exe
chmod 570 SNFClient.exe SNF2Check.exe
chmod 570 getRulebase snfscan-spamassasin snfscan-standalone
chmod 070 snfctrl

# Modify your getRulebase script (input your license information)
# Simulate a ready rulebase update and download your .snf file.

touch UpdateReady.txt
chown snfilter UpdateReady.txt
su snfilter -c "/var/spool/snfilter/getRulebase"
ls *.snf

# SNFServer_readme.txt will guide you through the next step:
# Make the appropriate adjustments to your GBUdbIgnoreList.txt, 
# identity.xml, and snf_engine.xml files.
# Test your SNFServer installation

./snfctrl start
./SNFClient.exe -status.second

# If successful you should see XML data. If not, an error.
# Upon success, set up SNFServer to run on startup. We will
# test the link by shutting down snf from init.d.

ln -s /var/spool/snfilter/snfctrl /etc/init.d/snf
/etc/init.d/snf stop

# Tell chkconfig that we want SNFServer turned on.

chkconfig snf on
chkconfig --list | grep snf

# Congratulations!!
# If you've gotten to this point then you have successfully installed
# SNF on your server! The next set of instructions assumes you will
# be using SNF with postfix and simply injecting headers that will be
# used later to remove, quarantine, or otherwise redirect messages
# detected as spam. There are as many ways to use SNF as there are
# systems using it -- so the following is just a good starting place
# for postfix users.

# Be sure to restar SNFServer before trying to use it ;-)

service snf start

#------------------------------------------------------------------

# Copy the snfscan-standalone script to sniffer and set the correct
# access rights.

cp snfscan-standalone sniffer
chown snfilter sniffer
chmod 570 sniffer

# The snfscan-standalone version of the sniffer script creates a
# temporary copy of the message, scans it with SNF, and then reinjects
# the message. It is presumed that SNF is configured with x-header
# injection turned on and that the x-headers have been customized
# to suit your needs. Check the <xheaders/> section of your snf_engine.xml
# file to verify that SNF is configured to do what you want.

# Edit the sniffer shell script, and uncomment the action you want
# the script to take. The default action will only to add a
# "X-SortMonster-Msg-Sniffer-Match:" header to messages that
# match the filter. This default action will not stop spam from
# getting through.


# Changes to /etc/postfix/master.cf
# LEADING WHITE SPACES ARE IMPORTANT WHEN MAKING THIS CHANGE

change:

smtp      inet  n       -       n       -       -       smtpd

to:

smtp      inet  n       -       y       -       -       smtpd
     -o content_filter=snfilter


also add:

snfilter  unix  -       n       n       -       10      pipe
     flags=q user=snfilter argv=/var/spool/snfilter/sniffer
     -f ${sender} ${recipient}

to master.cf


# At this point You could just restart postfix, and hope nothing
# goes wrong. Instead, it would be smarter to first test the
# installation from the command line by injecting a message directly
# into the filter script "sniffer".  We can issue a command like

./sniffer -f sender recipient <junkmsg.txt

# Where junkmsg.txt is a spam test message. We should also test
# a clean message to make sure that this script is working as we
# expect it to.  In this case we would issue a command like

./sniffer -f sender recipient <cleanmsg.txt


# If you've done everything correctly then all you have to do
# is reload postfix to start the content_filter working.


postfix reload


# If something goes wrong you need only comment out, or remove
# the line

     -o content_filter=snfilter

# in /etc/postfix/master.cf, then reload postfix as shown above.