MDaemon Plugin V2.9rc* (V3) installation instructions ------------------------------------------------------------------------------ 1. Locate your \MDaemon directory (Usually c:\MDaemon) 2. Create the directory \MDaemon\SNF 3. Copy the distribution files to \MDaemon\SNF 4. Edit identity.xml in notepad. 4.1. Replace licensid with your SNF license ID. 4.2. Replace authenticationxx with your SNF authentication code. 5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat) 5.1. If you already have a Plugins.dat file 5.1.1. Copy the contents of the Plugins.dat file in the distribution to the Plugins.dat file you have. 5.1.2. If you have a [Message Sniffer] section in your Plugins.dat file then make a copy of it (for backup) then remove that section. (This will disable your previous Message Sniffer installation) 5.2. If you do not already have a Plugins.dat file 5.2.1. Copy the Plugins.dat file from the distribution to your \MDaemon\App directory. 6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules 7. Download your SNF rulebase file and place it in your SNF directory. 7.1. Once you've signed up for a 30 Day free Trial or purchased a license for SNF you will receive update notifications via email. These notifications contain instructions on how to download your rulebase file. You can get your 30 Day Free Trial started by visiting www.armresearch.com. 7.2. We have included an update script and utilities that you can use to automate updates to your rulebase file. The SNFServer engine that runs inside the plugin will produce an UpdateReady.txt file any time the local rulbase file is older than the latest available update. The included getRulebase.cmd script checks for this file and uses the open source wget and gzip utilities to download, validate, and replace your rulebase file automatically. 7.2.1. Edit the top of the getRulebase.cmd file to establish the correct working directory, authentication string, and license ID for your rulebase files. 7.2.2. Verify that the section of your snfmdplugin.xml file points to the correct location of the getRulebase.cmd script. This new feature will automatically run the getRulebase.cmd script whenever a newer rulebase file is available on our servers. 8. Edit the GBUdbIgnoreList.txt file in notepad. 8.1 Add the IP of any gateways you have as well as any systems you have that send mail through your mail server. 8.2 It is very important to populate your GBUdbIgnoreList if you have gateways ahead of your mail server or else GBUdb will learn that those systems are responsible for sending spam! The GBUdb engine uses the ignore list to determine the actual source IP of the message. The first IP it sees in the headers that is not on the ignore list is determined to be the source IP for the message. Since most email "in the wild" these days are spam, any gateways that are not listed will be seen to be sending mostly spam - in error, of course. 8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If you wish to ignore (mark as infrastructure) blocks of IPs then you should use the section of the snfmdplugin.xml file to enter patterns that match the network blocks you want to ignore. For example, if you want to ignore servers in the 12.34.56.0/24 network block then you would enter a drilldown rule like: ... The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0) received header if that header contains the string '[12.34.56.'. Of course that string will match every IP in the 12.34.56.0/24 class C block so any servers in that block which deliver mail to the SNF equiped server will be learned as infrastructure (ignore flag set). 9. Review and adjust your snfmdplugin.xml file 9.1. Check the paths at the top of the file and make sure they are complete and correct. In most cases the defaults will work, but if you've installed MDaemon & SNF on a different drive or in a different directory it would be best to update these paths: 9.1.1. Find/Check 9.1.2. Find/Check 9.1.3. Find/Check 9.1.4. Find/Check 9.2. If you have any addresses where people legitimately send spam such as an abuse reporting address or support address then you should enter that address into the section of the snfmdplugin.xml file. For example an abuse reporting address might look like this: ...
The rule tells GBUdb to bypass it's training mechanism if it finds a 'To:' header in a message that contains 'spam@example.com'. This should prevent customer's IPs from being learned as spam sources when they send messages to spam@example.com. 9.3. Your system practices and policies may require additional rules in order to get the best performance from the GBUdb system. For more information please check out www.armresearch.com, support@armresearch.com, and our community list sniffer@sortmonster.com. 10. Restart MDaemon. 11. Verify the SNF plugin is installed 11.1. In the plug-ins log tab you should see: Attempting to load 'SNF' plugin * ConfigFunc: ConfigFunc@4 (Ok, ready to use) * StartupFunc: Startup@4 (Ok, ready to use) * ShutdownFunc: Shutdown@4 (Ok, ready to use) * PreMessageFunc: (NULL) * PostMessageFunc: MessageFunc@8 (Ok, ready to use) * SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use) * SMTPMessageFunc2: (NULL) * SMTPMessageFunc3: (NULL) * DomainPOPMessageFunc: (NULL) * MultiPOPMessageFunc: (NULL) * Result: success (plugin DLL loaded in slot 0) ---------- SNF plugin is starting up SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30 SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20 SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml ---------- Note that the slot may be different if you have other plugins. 11.2. When your system processes a message you should see something like: SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0 If you have a valid AntiVirus for MDaemon license you should also see a line similar to this: SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425, Normal} Allowed. 11.3. In your messages you should see some new headers similar to: X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Patterns: 0-0-0-998-c