You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

InstallInstructions_MDaemon.txt 7.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. MDaemon Plugin V2.9rc* (V3) installation instructions
  2. ------------------------------------------------------------------------------
  3. 1. Locate your \MDaemon directory (Usually c:\MDaemon)
  4. 2. Create the directory \MDaemon\SNF
  5. 3. Copy the distribution files to \MDaemon\SNF
  6. 4. Edit identity.xml in notepad.
  7. 4.1. Replace licensid with your SNF license ID.
  8. 4.2. Replace authenticationxx with your SNF authentication code.
  9. 5. Adjust/Create your Plugins.dat file (\MDaemon\App\Plugins.dat)
  10. 5.1. If you already have a Plugins.dat file
  11. 5.1.1. Copy the contents of the Plugins.dat file in the distribution
  12. to the Plugins.dat file you have.
  13. 5.1.2. If you have a [Message Sniffer] section in your Plugins.dat
  14. file then make a copy of it (for backup) then remove that
  15. section. (This will disable your previous Message Sniffer
  16. installation)
  17. 5.2. If you do not already have a Plugins.dat file
  18. 5.2.1. Copy the Plugins.dat file from the distribution to your
  19. \MDaemon\App directory.
  20. 6. Copy the snf-groups.cf into \MDaemon\SpamAssassin\rules
  21. 7. Download your SNF rulebase file and place it in your SNF directory.
  22. 7.1. Once you've signed up for a 30 Day free Trial or purchased a license for
  23. SNF you will receive update notifications via email. These notifications
  24. contain instructions on how to download your rulebase file. You can get
  25. your 30 Day Free Trial started by visiting www.armresearch.com.
  26. 7.2. We have included an update script and utilities that you can use to
  27. automate updates to your rulebase file. The SNFServer engine that runs
  28. inside the plugin will produce an UpdateReady.txt file any time the local
  29. rulbase file is older than the latest available update. The included
  30. getRulebase.cmd script checks for this file and uses the open source
  31. wget and gzip utilities to download, validate, and replace your rulebase
  32. file automatically.
  33. 7.2.1. Edit the top of the getRulebase.cmd file to establish the correct
  34. working directory, authentication string, and license ID for your
  35. rulebase files.
  36. 7.2.2. Verify that the <update-script/> section of your snfmdplugin.xml file
  37. points to the correct location of the getRulebase.cmd script. This new
  38. feature will automatically run the getRulebase.cmd script whenever a
  39. newer rulebase file is available on our servers.
  40. 8. Edit the GBUdbIgnoreList.txt file in notepad.
  41. 8.1 Add the IP of any gateways you have as well as any systems you
  42. have that send mail through your mail server.
  43. 8.2 It is very important to populate your GBUdbIgnoreList if you have
  44. gateways ahead of your mail server or else GBUdb will learn that
  45. those systems are responsible for sending spam! The GBUdb engine
  46. uses the ignore list to determine the actual source IP of the message.
  47. The first IP it sees in the headers that is not on the ignore list
  48. is determined to be the source IP for the message. Since most email
  49. "in the wild" these days are spam, any gateways that are not listed
  50. will be seen to be sending mostly spam - in error, of course.
  51. 8.3 You cannot enter network blocks in the GBUdbIgnoreList.txt file. If
  52. you wish to ignore (mark as infrastructure) blocks of IPs then you should
  53. use the <drilldown/> section of the snfmdplugin.xml file to enter
  54. patterns that match the network blocks you want to ignore. For example,
  55. if you want to ignore servers in the 12.34.56.0/24 network block then
  56. you would enter a drilldown rule like:
  57. <drilldown>
  58. ...
  59. <received ordinal='0' find='[12.34.56.'/>
  60. The rule tells GBUdb to learn to ignore any IP in the top (ordinal 0)
  61. received header if that header contains the string '[12.34.56.'. Of
  62. course that string will match every IP in the 12.34.56.0/24 class C
  63. block so any servers in that block which deliver mail to the SNF equiped
  64. server will be learned as infrastructure (ignore flag set).
  65. 9. Review and adjust your snfmdplugin.xml file
  66. 9.1. Check the paths at the top of the file and make sure they are complete and
  67. correct. In most cases the defaults will work, but if you've installed
  68. MDaemon & SNF on a different drive or in a different directory it would
  69. be best to update these paths:
  70. 9.1.1. Find/Check <snf><node identity.../>
  71. 9.1.2. Find/Check <snf><node><paths><log path.../>
  72. 9.1.3. Find/Check <snf><node><paths><rulebase path.../>
  73. 9.1.4. Find/Check <snf><node><paths><workspace path.../>
  74. 9.2. If you have any addresses where people legitimately send spam such as an
  75. abuse reporting address or support address then you should enter that
  76. address into the <snf><node><gbudb><training><bypass/> section of the
  77. snfmdplugin.xml file. For example an abuse reporting address might look
  78. like this:
  79. <bypass>
  80. ...
  81. <header name='To:' find='spam@example.com'/>
  82. The rule tells GBUdb to bypass it's training mechanism if it finds a
  83. 'To:' header in a message that contains 'spam@example.com'. This should
  84. prevent customer's IPs from being learned as spam sources when they send
  85. messages to spam@example.com.
  86. 9.3. Your system practices and policies may require additional rules in order
  87. to get the best performance from the GBUdb system. For more information
  88. please check out www.armresearch.com, support@armresearch.com, and our
  89. community list sniffer@sortmonster.com.
  90. 10. Restart MDaemon.
  91. 11. Verify the SNF plugin is installed
  92. 11.1. In the plug-ins log tab you should see:
  93. Attempting to load 'SNF' plugin
  94. * ConfigFunc: ConfigFunc@4 (Ok, ready to use)
  95. * StartupFunc: Startup@4 (Ok, ready to use)
  96. * ShutdownFunc: Shutdown@4 (Ok, ready to use)
  97. * PreMessageFunc: (NULL)
  98. * PostMessageFunc: MessageFunc@8 (Ok, ready to use)
  99. * SMTPMessageFunc: MessageIPFunc@8 (Ok, ready to use)
  100. * SMTPMessageFunc2: (NULL)
  101. * SMTPMessageFunc3: (NULL)
  102. * DomainPOPMessageFunc: (NULL)
  103. * MultiPOPMessageFunc: (NULL)
  104. * Result: success (plugin DLL loaded in slot 0)
  105. ----------
  106. SNF plugin is starting up
  107. SNFMulti Engine Version 2.9rc11 Build: Mar 20 2008 15:18:30
  108. SNF MDaemon Plugin Version 2-9rc4 Build: Mar 20 2008 15:17:20
  109. SNF Config: C:\MDaemon\SNF\SNFMDPlugin.xml
  110. ----------
  111. Note that the slot may be different if you have other plugins.
  112. 11.2. When your system processes a message you should see something like:
  113. SNF MessageScan: c:\mdaemon\queues\local\md50000000039.msg, Result=0
  114. If you have a valid AntiVirus for MDaemon license you should also see
  115. a line similar to this:
  116. SNF IPScan: C:\MDaemon\Queues\Inbound\md50000000029.msg, 192.168.0.102, {Ugly, p=-1, c=0.303425, Normal} Allowed.
  117. 11.3. In your messages you should see some new headers similar to:
  118. X-MessageSniffer-GBUdb-Result: 0, 192.168.0.102, Ugly -1 0.303425 Source Normal
  119. X-MessageSniffer-Scan-Result: 0
  120. X-MessageSniffer-Patterns:
  121. 0-0-0-998-c