[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd
On 2015-09-06 13:11, P Pruett wrote: > So what "gotchas" do you know that I need to be aware of if I already > have snf-server > setup and I am going to try snf-milter? The two are not designed to work together. It turns out that SNFMilter has the full SNF engine in it so if you have SNFMilter running you should also be able to use SNFClient and things that act like SNFClient such as SNF4SA. This is not something we test heavily though because almost nobody tries to do this. Most folks who run SNFMilter either build their own software to manage messages (Milter API is highly restrictive) or have SNFMilter inject headers that are later consumed by SpamAssassin and other ubiquitous tools so that they can customize their system easily. If you are using SA after SNFMilter, consider simply adding rules that recognize headers injected by SNFMilter and add appropriate weights for SNF's results. This is a common and successful configuration which allows you to reject some messages during SMTP with SNFMilter and then score the remaining messages using SNF's scan results with SA and other tools that are usually bundled with SA. You shouldn't try to run SNFMilter and SNFServer on the same system at the same time. If you have SNFMilter running, the SNFServer "back-end" should already be provided in that service. (Check that XCI is on, it should be by default). In that case running SNFServer would be redundant. Hope this helps, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd
Interesting, yes, the spamassassin SNF4SA does seem to be able to use snf-milter instead of snf-server. On freebsd 9.3 with Sendmail, I did add the milter and restarted sendmail and its seems to be playing okay. Now I turned it on, I am not sure what the snf milter is doing. Can you point me to some more documentation with details about what the milter is doing? From what I saw in the setup file it can Allow, Accept, Retry, Reject I was think it might insert information in the header Would be nice if the milter could be somehow be used to promote IP addresses into a pf table for the pf firewall to redirect with? I would not be good at writing custom milters, but I'd be willing to test some things if someone would like to try. --- relevant information in /usr/local/etc/snf-milter/SNFMilter.xml -- # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd
On 2015-09-08 04:04, P Pruett wrote: > > Interesting, yes, the spamassassin SNF4SA does seem to be able to use > snf-milter instead of snf-server. That's probably not a good way to go. This will cause each message to be scanned twice. Once by the milter and again by the engine via SNF4SA. If you want to use SNF4SA then you should turn off the milter and use SNFServer instead. > On freebsd 9.3 with Sendmail, I did add the milter and restarted sendmail > and its seems to be playing okay. > > Now I turned it on, I am not sure what the snf milter is doing. That will depend on how you have it configured. The milter interface only provides a few options. Your SNF log should tell you what was found in the scan and the snfmilter configuration will tell you what SNF told the milter to do. > Can you point me to some more documentation with details about what the > milter is doing? > From what I saw in the setup file it can Allow, Accept, Retry, Reject That is defined by the milter interface. Milter.org was shut down permanently just recently. That page says this is where to find documentation on milters: http://www.sendmail.com/sm/open_source/download/ > > I was think it might insert information in the header SNFMilter should inject the usual SNF headers if they are configured (they are by default). > > Would be nice if the milter could be somehow be used to promote IP > addresses into a pf table > for the pf firewall to redirect with? That's an entirely different software project. If you want that kind of functionality then you'd do better to use SNFServer/SNFClient in a postfix filter. The filter script could then be modified to look at the results and respond in any way you can code. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 twitter/codedweller # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[sniffer] Re: Question, changing from SNF4SA to Milter, using freebsd
Agreed, I was looking into how the milter could work, yet wanting to catch the spam, so this was just to see what it can do. So that was not meant to be a permanent setup. Agreed the effort for me to customize a milter is not appropriate for my needs. Good advice about considering postfix doing the work of getting IPs for a firewall table, Although I have flirted with postfix and dovecot I have clung to long to sendmail since the middle 90s. I wonder if those of us insisting on using software that requires macros just to configure something suffer from stockholm syndrome..:) For the moment, I can just remove the milter statement from the sendmail configuration, and leave the milter daemonn running. Later I can remove snf-milter and go back to snf-server And btw to other readers if they missed this, if I understand correctly, SNF4SA unlike snf-milter does not include the server. It was interesting that snf-milter runs the full server and SNF4SA can use it. I am thinking that for a small volume server that has extra resources, using the milter product to do more than just discard/reject is not a fit. BTW the SNF4SA has in the first few days made an astounding difference. No more do I need to make my own custom spamassassin rules THANK you for your service Thanks for your input. I used your mail list rather that email support direct because it was not urgent and so others could benefit from my emails I'll pass on my findings on the openbsd and freebsd mail lists also and I plan to subscribe even though its not been a week yet into the trial. -paul On 9/8/2015 3:14 PM, Pete McNeil wrote: On 2015-09-08 04:04, P Pruett wrote: > >Interesting, yes, the spamassassin SNF4SA does seem to be able to use >snf-milter instead of snf-server. That's probably not a good way to go. This will cause each message to be scanned twice. Once by the milter and again by the engine via SNF4SA. If you want to use SNF4SA then you should turn off the milter and use SNFServer instead. # This message is sent to you because you are subscribed to the mailing list . This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to