Pete,
Can you cover how the communication for the GBUdb system works? Who
does it exchange information with and how? Does it need special ports open?
Darrell
----------------------------------
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Pete McNeil wrote:
Hello Keith,
First off-- there is a lot of misunderstanding in this message. I'm
sorry for any confusion. For those watching - please read my responses
carefully and hopefully they will clear things up quite a bit.
Tuesday, October 16, 2007, 3:36:23 PM, you wrote:
Pete,
I am attempting to get caught on the latest beta and just have a few
questions. I noticed Sniffer is now called a different way in the
Declude config files, is that correct?
Yes, but not very differently.
The best way to adjust your Declude (or similar) configuration files
for calling the new SNF is to REM out your existing settings, make a
copy, and in your new copy change the name & path of the SNF
executable so that it points to the new SNFClient.exe program. You do
not need to rename SNFClient.exe. It will accept the same command line
parameters that the earlier version of SNF expects - so the only
change you really have to make is the name/path to the SNF executable
you call to scan your messages.
On the last release (running
persistent), we have numerous entries in the declude.cfg file labeled:
SNIFFER-TRAVEL external 047
"C:\IMail\Declude\Sniffer\WeightGate.exe -12 %WEIGHT% 19
C:\IMail\Declude\Sniffer\snifferlic.exe codehere" 20
However, it appears the categories are going away (posted in some
previous messages) and there is a since of urgency needed in upgrading
as these won't be populated any longer soon.
THIS IS NOT TRUE. The rule categories are staying just like they are.
Perhaps the confusion is that one rule group, the IP rules, has been
deprecated. It's functionality is being replaced by the GBUdb system
which will return the same result code (63) for IPs in the "Black"
range.
The GBUdb will also return some additional values for special cases.
By default:
If the IP is in the White range, return 0.
If the IP is in the Caution range, return 40.
If the IP is in the Truncate range, return 20.
What you will want to do is:
* Make the changes to your configuration so that you are calling the
SNFClient instead of <snifferlic.exe>.
* Add two additional "tests" for the 40 result code and the 20 result
code. I suggest making the 40 result code a slightly lower weight than
you usually give to SNF - probably something similar to what you give
a fairly accurate RBL. I suggest giving the 20 result code the same
weight as SNF or possibly a higher weight.
The "meaning" of the 40 result code is - "We don't trust this IP. We
don't know a lot about it, but what we've seen so far looks like
spam."
The "meaning" of the 20 result code is - "We've watched this IP for a
while now and this IP sends spam so consistently that we don't even
look at the content any more - we just skip the message as soon as we
see the IP."
I take it we run the persistent mode the same way, but have a different
hook into Declude?
With the new SNF instead of running <snifferlic.exe> persistent, you
run <full_path_to>\SNFServer.exe <full_path_to>\snf_engine.xml.
By the way - if you have a persistent instance running, you DO NOT
need to stop it to run the new SNFServer.exe. You can run both
together and they will leave each other alone.
This way you can switch back and forth easily just by calling the
correct client --- either the original SNF installation you have or
the new SNFClient.
Whichever one you are NOT calling will more-or-less sleep while the
other works. Once you are satisfied with the results and your
installation you can then tear down the old one (if you wish).
Hope this helps,
_M
--
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
