MDaemon Plugin V2.9rc* (V3) installation instructions
------------------------------------------------------------------------------
1. Locate your \MDaemon directory (Usually c:\MDaemon)
2. Create the directory \MDaemon\SNF
3. Copy the distribution files to \MDaemon\SNF
4. Edit identity.xml in notepad.
4.1. Replace licensid with your SNF license ID.
4.2. Replace authenticationxx with your SNF authentication code.
5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat)
5.1. If you already have a Plugins.dat file
5.1.1. Copy the contents of the Plugins.dat file in the distribution
to the Plugins.dat file you have.
5.1.2. If you have a [Message Sniffer] section in your Plugins.dat
file then make a copy of it (for backup) then remove that
section. (This will disable your previous Message Sniffer
installation)
5.2. If you do not already have a Plugins.dat file
5.2.1. Copy the Plugins.dat file from the distribution to your
\MDaemon\App directory.
6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules
7. Download your SNF rulebase file and place it in your SNF directory.
7.1. Once you've signed up for a 30 Day free Trial or purchased a license for
SNF you will receive update notifications via email. These notifications
contain instructions on how to download your rulebase file. You can get
your 30 Day Free Trial started by visiting www.armresearch.com.
7.2. We have included an update script and utilities that you can use to
automate updates to your rulebase file. The SNFServer engine that runs
inside the plugin will produce an UpdateReady.txt file any time the local
rulbase file is older than the latest available update. The included
getRulebase.cmd script checks for this file and uses the open source
wget and gzip utilities to download, validate, and replace your rulebase
file automatically.
7.2.1. Edit the top of the getRulebase.cmd file to establish the correct
working directory, authentication string, and license ID for your
rulebase files.
7.2.2. Verify that the section of your snfmdplugin.xml file
points to the correct location of the getRulebase.cmd script. This new
feature will automatically run the getRulebase.cmd script whenever a
newer rulebase file is available on our servers.
8. Edit the GBUdbIgnoreList.txt file in notepad.
8.1 Add the IP of any gateways you have as well as any systems you
have that send mail through your mail server.
8.2 It is very important to populate your GBUdbIgnoreList if you have
gateways ahead of your mail server or else GBUdb will learn that
those systems are responsible for sending spam! The GBUdb engine
uses the ignore list to determine the actual source IP of the message.
The first IP it sees in the headers that is not on the ignore list
is determined to be the source IP for the message. Since most email
"in the wild" these days are spam, any gateways that are not listed
will be seen to be sending mostly spam - in error, of course.
8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If
you wish to ignore (mark as infrastructure) blocks of IPs then you should
use the section of the snfmdplugin.xml file to enter
patterns that match the network blocks you want to ignore. For example,
if you want to ignore servers in the 12.34.56.0/24 network block then
you would enter a drilldown rule like:
...
The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0)
received header if that header contains the string '[12.34.56.'. Of
course that string will match every IP in the 12.34.56.0/24 class C
block so any servers in that block which deliver mail to the SNF equiped
server will be learned as infrastructure (ignore flag set).
9. Review and adjust your snfmdplugin.xml file
9.1. Check the paths at the top of the file and make sure they are complete and
correct. In most cases the defaults will work, but if you've installed
MDaemon & SNF on a different drive or in a different directory it would
be best to update these paths:
9.1.1. Find/Check
9.1.2. Find/Check
9.1.3. Find/Check
9.1.4. Find/Check
9.2. If you have any addresses where people legitimately send spam such as an
abuse reporting address or support address then you should enter that
address into the section of the
snfmdplugin.xml file. For example an abuse reporting address might look
like this:
...
The rule tells GBUdb to bypass it's training mechanism if it finds a
'To:' header in a message that contains 'spam@example.com'. This should
prevent customer's IPs from being learned as spam sources when they send
messages to spam@example.com.
9.3. Your system practices and policies may require additional rules in order
to get the best performance from the GBUdb system. For more information
please check out www.armresearch.com, support@armresearch.com, and our
community list sniffer@sortmonster.com.
10. Restart MDaemon.
11. Verify the SNF plugin is installed
11.1. In the plug-ins log tab you should see:
Attempting to load 'SNF' plugin
* ConfigFunc: ConfigFunc@4 (Ok, ready to use)
* StartupFunc: Startup@4 (Ok, ready to use)
* ShutdownFunc: Shutdown@4 (Ok, ready to use)
* PreMessageFunc: (NULL)
* PostMessageFunc: MessageFunc@8 (Ok, ready to use)
* SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use)
* SMTPMessageFunc2: (NULL)
* SMTPMessageFunc3: (NULL)
* DomainPOPMessageFunc: (NULL)
* MultiPOPMessageFunc: (NULL)
* Result: success (plugin DLL loaded in slot 0)
----------
SNF plugin is starting up
SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30
SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20
SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml
----------
Note that the slot may be different if you have other plugins.
11.2. When your system processes a message you should see something like:
SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0
If you have a valid AntiVirus for MDaemon license you should also see
a line similar to this:
SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425, Normal} Allowed.
11.3. In your messages you should see some new headers similar to:
X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal
X-MessageSniffer-Scan-Result: 0
X-MessageSniffer-Patterns:
0-0-0-998-c