madscientist
/
SNFMDaemon


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							MDaemon Plugin V2.9rc* (V3) installation instructions
------------------------------------------------------------------------------

1. Locate your \MDaemon directory (Usually c:\MDaemon)

2. Create the directory \MDaemon\SNF

3. Copy the distribution files to \MDaemon\SNF

4. Edit identity.xml in notepad.
4.1. Replace licensid with your SNF license ID.
4.2. Replace authenticationxx with your SNF authentication code.

5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat)

5.1. If you already have a Plugins.dat file
5.1.1. Copy the contents of the Plugins.dat file in the distribution
       to the Plugins.dat file you have.
5.1.2. If you have a [Message Sniffer] section in your Plugins.dat
       file then make a copy of it (for backup) then remove that
       section. (This will disable your previous Message Sniffer
       installation)

5.2. If you do not already have a Plugins.dat file
5.2.1. Copy the Plugins.dat file from the distribution to your
       \MDaemon\App directory.

6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules

7. Download your SNF rulebase file and place it in your SNF directory.
7.1. Once you've signed up for a 30 Day free Trial or purchased a license for
     SNF you will receive update notifications via email. These notifications
     contain instructions on how to download your rulebase file. You can get
     your 30 Day Free Trial started by visiting www.armresearch.com.
7.2. We have included an update script and utilities that you can use to
     automate updates to your rulebase file. The SNFServer engine that runs
     inside the plugin will produce an UpdateReady.txt file any time the local
     rulbase file is older than the latest available update. The included
     getRulebase.cmd script checks for this file and uses the open source
     wget and gzip utilities to download, validate, and replace your rulebase
     file automatically.
7.2.1. Edit the top of the getRulebase.cmd file to establish the correct
       working directory, authentication string, and license ID for your
       rulebase files.
7.2.2. Verify that the <update-script/> section of your snfmdplugin.xml file
       points to the correct location of the getRulebase.cmd script. This new
       feature will automatically run the getRulebase.cmd script whenever a
       newer rulebase file is available on our servers.

8. Edit the GBUdbIgnoreList.txt file in notepad.
8.1 Add the IP of any gateways you have as well as any systems you
    have that send mail through your mail server.
8.2 It is very important to populate your GBUdbIgnoreList if you have
    gateways ahead of your mail server or else GBUdb will learn that
    those systems are responsible for sending spam! The GBUdb engine
    uses the ignore list to determine the actual source IP of the message.
    The first IP it sees in the headers that is not on the ignore list
    is determined to be the source IP for the message. Since most email
    "in the wild" these days are spam, any gateways that are not listed
    will be seen to be sending mostly spam - in error, of course.
8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If
    you wish to ignore (mark as infrastructure) blocks of IPs then you should
    use the <drilldown/> section of the snfmdplugin.xml file to enter
    patterns that match the network blocks you want to ignore. For example,
    if you want to ignore servers in the 12.34.56.0/24 network block then
    you would enter a drilldown rule like:

    <drilldown>
        ...
        <received ordinal='0' find='[12.34.56.'/>

    The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0)
    received header if that header contains the string '[12.34.56.'. Of
    course that string will match every IP in the 12.34.56.0/24 class C
    block so any servers in that block which deliver mail to the SNF equiped
    server will be learned as infrastructure (ignore flag set).

9. Review and adjust your snfmdplugin.xml file
9.1. Check the paths at the top of the file and make sure they are complete and
     correct. In most cases the defaults will work, but if you've installed
     MDaemon & SNF on a different drive or in a different directory it would
     be best to update these paths:
9.1.1. Find/Check <snf><node identity.../>
9.1.2. Find/Check <snf><node><paths><log path.../>
9.1.3. Find/Check <snf><node><paths><rulebase path.../>
9.1.4. Find/Check <snf><node><paths><workspace path.../>
9.2. If you have any addresses where people legitimately send spam such as an
     abuse reporting address or support address then you should enter that
     address into the <snf><node><gbudb><training><bypass/> section of the
     snfmdplugin.xml file. For example an abuse reporting address might look
     like this:

     <bypass>
         ...
         <header name='To:' find='spam@example.com'/>

     The rule tells GBUdb to bypass it's training mechanism if it finds a
     'To:' header in a message that contains 'spam@example.com'. This should
     prevent customer's IPs from being learned as spam sources when they send
     messages to spam@example.com.

9.3. Your system practices and policies may require additional rules in order
     to get the best performance from the GBUdb system. For more information
     please check out www.armresearch.com, support@armresearch.com, and our
     community list sniffer@sortmonster.com.

10. Restart MDaemon.

11. Verify the SNF plugin is installed
11.1. In the plug-ins log tab you should see:
      Attempting to load 'SNF' plugin
      *  ConfigFunc: ConfigFunc@4 (Ok, ready to use)
      *  StartupFunc: Startup@4 (Ok, ready to use)
      *  ShutdownFunc: Shutdown@4 (Ok, ready to use)
      *  PreMessageFunc:  (NULL)
      *  PostMessageFunc: MessageFunc@8 (Ok, ready to use)
      *  SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use)
      *  SMTPMessageFunc2:  (NULL)
      *  SMTPMessageFunc3:  (NULL)
      *  DomainPOPMessageFunc:  (NULL)
      *  MultiPOPMessageFunc:  (NULL)
      *  Result: success (plugin DLL loaded in slot 0)
      ----------
      SNF plugin is starting up
      SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30
      SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20
      SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml
      ----------

      Note that the slot may be different if you have other plugins.

11.2. When your system processes a message you should see something like:

      SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0

      If you have a valid AntiVirus for MDaemon license you should also see
      a line similar to this:

      SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425,  Normal} Allowed.

11.3. In your messages you should see some new headers similar to:

      X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal
      X-MessageSniffer-Scan-Result: 0
      X-MessageSniffer-Patterns:
	0-0-0-998-c