[sniffer] Re: Adding Message Sniffer to Zimbra
Hi Linda (and the Sniffer community), I just wanted to let everyone know what I ended up doing to work with Zimbra. I copied the snf4sa.pm and snf4sa.cf files to the /opt/zimbra/data/spamassassin/localrules directory per this Zimbra wiki article https://wiki.zimbra.com/wiki/SpamAssassin_Customizations The spamassassin implementation in Zimbra blocks SNF Headers from being added to emails. So I took Pete's advice and turned on the option in the /etc/snf-server/SNFServer.xml file http://www.armresearch.com/Documentation/QA/ltidentifiergt-2021367617.jsp Everything appears to be working great! Thanks, Daniel From: Daniel Bayerdorffer [mailto:[email protected]] Sent: Wednesday, February 04, 2015 10:08 AM To: Linda Pagillo; Message Sniffer Community Subject: Re: [sniffer] Re: Adding Message Sniffer to Zimbra Hi Linda, Thank you for the useful advice! I will be working on this next week, and I'll let you know how it turns out. I also found some useful information on Zimbra's Wiki. https://wiki.zimbra.com/wiki/SpamAssassin_Customizations I'm looking forward to the reduction in spam! Thanks, Daniel From: "Linda Pagillo" < [email protected] > To: "Daniel Bayerdorffer" < [email protected] > Sent: Tuesday, February 3, 2015 5:40:34 PM Subject: [sniffer] Re: Adding Message Sniffer to Zimbra Hi Daniel. I was hanging out in the Message Sniffer Community forums and saw that you had a question about Message Sniffer and Zimbra. I have actually set up a Zimbra/Postfix/SpamAssassin server with the SNF4SA plug-in. When I set it up, I simply added the lines for the SNF4SA to SpamAssassin’s local.cf file and it has been working without issue since. However, we have not upgraded the Zimbra server, so I’m not sure if those settings would be overwritten if we did. To avoid that, you could create a file called something like aaalocal.cf and add the SNF4SA lines to that file. That would prevent the settings from being overwritten if a Zimbra upgrade did overwrite the local.cf. I hope this helps. Thanks! Linda Pagillo Mail's Best Friend Email: [email protected] Web: www.mailsbestfriend.com Office: 703.988.3605 x7016
[sniffer] Re: Adding Message Sniffer to Zimbra
Hi Pete, I implemented the identifier option. Thanks for the advice. I've also finally seen an email where spamassassin is acknowledging some input from SNF. X-Spam-Status: Yes, score=14.214 tagged_above=-10 required=6.6 tests=[BAYES_95=3, KB_DATE_CONTAINS_TAB=2.751, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_XBL=0.375, RDNS_NONE=0.793, SNF4SA=4.000, TAB_IN_FROM=0.499] autolearn=no autolearn_force=no That is mostly what I'm looking for, but the identifier option will be helpful for debugging. Thanks again for all your help! Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Tuesday, February 10, 2015 9:20:31 AM Subject: [sniffer] Re: Adding Message Sniffer to Zimbra Unfortunately, some implementations of SA are hiding these headers. We've seen this a few times recently. There doesn't seem to be a way around it outside of hacking SA itself. (A few people have done that,... but it was ugly). If you want to be able to more easily associate SNF logs with messages you might consider changing SNF's message identifier to use the Message ID. http://www.armresearch.com/Documentation/QA/ltidentifiergt-2021367617.jsp # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
On 2015-02-10 01:20, Daniel Bayerdorffer wrote: > But there are no headers in the messages showing snf's results. I can see > that the snf4sa.cf has it set to add them though. > > # Header line containing the results from SNFServer. > add_header all SNF-Result _SNFRESULTTAG_ > add_header all MessageSniffer-Scan-Result _SNFMESSAGESNIFFERSCANRESULT_ > add_header all MessageSniffer-Rules _SNFMESSAGESNIFFERRULES_ > add_header all GBUdb-Analysis _SNFGBUDBANALYSIS_ > > Do you have any more suggestions? Unfortunately, some implementations of SA are hiding these headers. We've seen this a few times recently. There doesn't seem to be a way around it outside of hacking SA itself. (A few people have done that,... but it was ugly). If you want to be able to more easily associate SNF logs with messages you might consider changing SNF's message identifier to use the Message ID. http://www.armresearch.com/Documentation/QA/ltidentifiergt-2021367617.jsp _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
Hi Pete, Thanks for the help, that worked perfectly. I have snf running and the snf4sa installed as well. I can see that snf is scanning messages from it's license.20150210.log.xml file But there are no headers in the messages showing snf's results. I can see that the snf4sa.cf has it set to add them though. # Header line containing the results from SNFServer. add_header all SNF-Result _SNFRESULTTAG_ add_header all MessageSniffer-Scan-Result _SNFMESSAGESNIFFERSCANRESULT_ add_header all MessageSniffer-Rules _SNFMESSAGESNIFFERRULES_ add_header all GBUdb-Analysis _SNFGBUDBANALYSIS_ Do you have any more suggestions? Thanks again for the help, Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Monday, February 9, 2015 6:12:45 PM Subject: [sniffer] Re: Adding Message Sniffer to Zimbra On 2015-02-09 16:23, Daniel Bayerdorffer wrote: > libpthread package they have listed for 14.04. But the config script still > can't find that library. Can you offer any advice? apt-get install build-essential seems to be the equivalent of CentOS yum groupinstall "Development Tools" which usually solves this problem for redhat variants. Give that a shot and see if it fills in the holes. Usually by the time I've got g++ up and running on ubuntu it "just works" -- hopefully that's not broken in 14. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
On 2015-02-09 16:23, Daniel Bayerdorffer wrote: > libpthread package they have listed for 14.04. But the config script still > can't find that library. Can you offer any advice? apt-get install build-essential seems to be the equivalent of CentOS yum groupinstall "Development Tools" which usually solves this problem for redhat variants. Give that a shot and see if it fills in the holes. Usually by the time I've got g++ up and running on ubuntu it "just works" -- hopefully that's not broken in 14. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
Hello Pete, I've run into a snag on installing Message Sniffer. We are installing on Ubuntu 14.04.1 LTS Server. I'm running the config script and it says I don't have the libpthread library installed. I've done a search on Ubuntu's package website, and I've installed every libpthread package they have listed for 14.04. But the config script still can't find that library. Can you offer any advice? http://packages.ubuntu.com/search?suite=default§ion=all&arch=any&keywords=libpthread&searchon=names Thanks, Daniel # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
Hi Linda, Thank you for the useful advice! I will be working on this next week, and I'll let you know how it turns out. I also found some useful information on Zimbra's Wiki. https://wiki.zimbra.com/wiki/SpamAssassin_Customizations I'm looking forward to the reduction in spam! Thanks, Daniel From: "Linda Pagillo" To: "Daniel Bayerdorffer" Sent: Tuesday, February 3, 2015 5:40:34 PM Subject: [sniffer] Re: Adding Message Sniffer to Zimbra Hi Daniel. I was hanging out in the Message Sniffer Community forums and saw that you had a question about Message Sniffer and Zimbra. I have actually set up a Zimbra/Postfix/SpamAssassin server with the SNF4SA plug-in. When I set it up, I simply added the lines for the SNF4SA to SpamAssassin’s local.cf file and it has been working without issue since. However, we have not upgraded the Zimbra server, so I’m not sure if those settings would be overwritten if we did. To avoid that, you could create a file called something like aaalocal.cf and add the SNF4SA lines to that file. That would prevent the settings from being overwritten if a Zimbra upgrade did overwrite the local.cf. I hope this helps. Thanks! Linda Pagillo Mail's Best Friend Email: [email protected] Web: www.mailsbestfriend.com Office: 703.988.3605 x7016
[sniffer] Re: Adding Message Sniffer to Zimbra
Hi Pete, That is my expectation too. I just wasn't sure if Zimbra might try to overwrite any spam assassin conf files and such. Zimbra maintains all it's settings in ldap attributes, so it can maintain consistency across servers. So I was curious if anyone had already run into that issue. I'll do some more digging in the Zimbra documentation to verify it won't overwrite anything. Thanks, Daniel - Original Message - From: "Pete McNeil" To: "Message Sniffer Community" Sent: Tuesday, February 3, 2015 1:38:56 PM Subject: [sniffer] Re: Adding Message Sniffer to Zimbra On 2015-02-02 19:53, Daniel Bayerdorffer wrote: > Does anyone have any advice or tips for adding Message Sniffer to > Zimbra 8.6? Specifically with Zimbra's implementation of spam assassin? The SNF4SA plugin included with the Linux source code distribution should do the trick. SNF4SA looks to SpamAssassin like any other SA plugin. It creates a temp file of the message, calls SNFServer to scan the message, and then processes the results in a way SA expects so it can be scored. It _should_ be as easy as that. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Adding Message Sniffer to Zimbra
On 2015-02-02 19:53, Daniel Bayerdorffer wrote: > Does anyone have any advice or tips for adding Message Sniffer to > Zimbra 8.6? Specifically with Zimbra's implementation of spam assassin? The SNF4SA plugin included with the Linux source code distribution should do the trick. SNF4SA looks to SpamAssassin like any other SA plugin. It creates a temp file of the message, calls SNFServer to scan the message, and then processes the results in a way SA expects so it can be scored. It _should_ be as easy as that. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
