[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-06 Thread Pete McNeil
On 2015-09-06 13:11, P Pruett wrote:
> So what "gotchas" do you know that I need to be aware of if I already
> have snf-server
> setup and I am going to try snf-milter?

The two are not designed to work together.

It turns out that SNFMilter has the full SNF engine in it so if you have
SNFMilter running you should also be able to use SNFClient and things
that act like SNFClient such as SNF4SA.

This is not something we test heavily though because almost nobody tries
to do this. Most folks who run SNFMilter either build their own software
to manage messages (Milter API is highly restrictive) or have SNFMilter
inject headers that are later consumed by SpamAssassin and other
ubiquitous tools so that they can customize their system easily.

If you are using SA after SNFMilter, consider simply adding rules that
recognize headers injected by SNFMilter and add appropriate weights for
SNF's results. This is a common and successful configuration which
allows you to reject some messages during SMTP with SNFMilter and then
score the remaining messages using SNF's scan results with SA and other
tools that are usually bundled with SA.

You shouldn't try to run SNFMilter and SNFServer on the same system at
the same time. If you have SNFMilter running, the SNFServer "back-end"
should already be provided in that service. (Check that XCI is on, it
should be by default). In that case running SNFServer would be redundant.

Hope this helps,

_M

-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  



[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread P Pruett


Interesting, yes, the spamassassin SNF4SA does seem to be able to use
snf-milter instead of snf-server.

On freebsd 9.3 with Sendmail, I did add the milter and restarted sendmail
and its seems to be playing okay.

Now I turned it on, I am not sure what the snf milter is doing.

Can you point me to some more documentation with details about what the
milter is doing?
From what I saw in the setup file it can Allow, Accept, Retry, Reject

I was think it might insert information in the header

Would be nice if the milter could be somehow be used to promote IP
addresses into a pf table
for the pf firewall  to redirect with?

I would not be good at writing custom milters, but I'd be willing to
test some
things if someone would like to try.



--- relevant information in /usr/local/etc/snf-milter/SNFMilter.xml
--
  













   




#
This message is sent to you because you are subscribed to
 the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  



[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread Pete McNeil
On 2015-09-08 04:04, P Pruett wrote:
>
> Interesting, yes, the spamassassin SNF4SA does seem to be able to use
> snf-milter instead of snf-server.

That's probably not a good way to go. This will cause each message to be
scanned twice. Once by the milter and again by the engine via SNF4SA.

If you want to use SNF4SA then you should turn off the milter and use
SNFServer instead.


> On freebsd 9.3 with Sendmail, I did add the milter and restarted sendmail
> and its seems to be playing okay.
>
> Now I turned it on, I am not sure what the snf milter is doing.

That will depend on how you have it configured. The milter interface
only provides a few options. Your SNF log should tell you what was found
in the scan and the snfmilter configuration will tell you what SNF told
the milter to do.

> Can you point me to some more documentation with details about what the
> milter is doing?
> From what I saw in the setup file it can Allow, Accept, Retry, Reject

That is defined by the milter interface.

Milter.org was shut down permanently just recently.
That page says this is where to find documentation on milters:
http://www.sendmail.com/sm/open_source/download/

>
> I was think it might insert information in the header

SNFMilter should inject the usual SNF headers if they are configured
(they are by default).

>
> Would be nice if the milter could be somehow be used to promote IP
> addresses into a pf table
> for the pf firewall  to redirect with?

That's an entirely different software project. If you want that kind of
functionality then you'd do better to use SNFServer/SNFClient in a
postfix filter. The filter script could then be modified to look at the
results and respond in any way you can code.

Best,
_M



-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller 


#
This message is sent to you because you are subscribed to
  the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  



[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd

2015-09-08 Thread P Pruett
Agreed,  I was looking into how the milter could work, yet wanting to 
catch the spam,  so this was just to see what it can do.

So that was not meant to be a permanent setup.

Agreed the effort for me to customize a milter is not appropriate for my 
needs.
Good advice about considering postfix doing the work of getting IPs for 
a firewall table,
Although I have flirted with postfix and dovecot I have clung to long to 
sendmail since the middle 90s.
I wonder if those of us insisting on using software that requires macros 
just to configure something suffer

from stockholm syndrome..:)

For the moment, I can just remove the milter statement from the sendmail 
configuration,

and leave the milter daemonn running.
Later I can remove snf-milter and go back to snf-server

And btw to other readers if they missed this,
if I understand correctly, SNF4SA unlike snf-milter does not include the 
server.


It was interesting that snf-milter runs the full server and SNF4SA can 
use it.


I am thinking that for a small volume server that has extra resources,
using the milter product to do more than just discard/reject is not a fit.

BTW the SNF4SA has in the first few days made an astounding difference.
No more do I need to make my own custom spamassassin rules

THANK you for your service

Thanks for your input.

I used your mail list rather that email support direct because it was 
not urgent and so others could benefit from my emails


I'll pass on my findings on the openbsd and freebsd mail lists also
and I plan to subscribe even though its not been a week yet into the trial.

-paul

On 9/8/2015 3:14 PM, Pete McNeil wrote:

On 2015-09-08 04:04, P Pruett wrote:

>
>Interesting, yes, the spamassassin SNF4SA does seem to be able to use
>snf-milter instead of snf-server.

That's probably not a good way to go. This will cause each message to be
scanned twice. Once by the milter and again by the engine via SNF4SA.

If you want to use SNF4SA then you should turn off the milter and use
SNFServer instead.





#
This message is sent to you because you are subscribed to
 the mailing list .
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to