Documentation Home · White Papers · Installation Guide: SNF4ASSP
Installation Guide: SNF4ASSP

This is a reference to assist you in walking through plugging Message Sniffer into an a PERL ASSP Install.

It is recommended that you have ASSP configured to handle mail to your satisfaction prior to adding the Message Sniffer ASSP plugin. Setting up ASSP is a task in itself.

 

How Do I Get Started?

  1. Sign up for a 30-day FREE Trial. This will give you an authentication and license ID to download a production ready rulebase and updates FREE for 30 days. You will need the license and authentication in order to setup your SNF software. Our system will send you rulebase download instructions when your rulebase is ready, but the Installer will handle setting that up for you.
  2. If you are using ASSP in a *Nix application. Follow the installation procedure in the *nix tutorial. Then skip to step 8.
  3. If you are using a Win* install of ASSP, you will need to download the SNF Client/Server Win* SNF Client/Server Win* Installer (from Products index page).
    The Installer currently does not handle the ASSP install expressly, but it will help you set up a default Message Sniffer install.
  4. Review the Installer tutorial, and read the page for the custom default installation. Have your trial SNF license ready.
  5. Run the Installer.
    • Where it asks you to select your Platform, Select: - Other (Custom Installation) (see Figure 1 of the tutorial).
    • When prompted in the Installer (see Figure 9), use the free trial licenseID and authentication. The Installer will download fresh rulebase and help set you up.
  6. When you have completed the Installer you will have installed Message Sniffer in a folder of your choice, pulled down a rulebase, and setup SNFServer as a service using XYNTService.exe.
  7. Review the documentation on configuring the snf_engine.xml file for your specific needs (Header Injection, Rulebase Downloads, GBUdb).
  8. Download and place the ASSP_SNF.pm into the [ASSProot]\plugins folder.
  9. Download and place the ReadMe file in your SNF or ASP directory.
  10. Create the following folder in your directory structure:
    Windows: "C:\SNFTemp"
    *Nix: "/opt/snf/tempdir"
    The ASSP Plugin will fail if either ASSP or Sniffer looks for the working folder and either can't find or access that folder.
  11. In your snf_engine.xml file, set the <xheader> to "api". Save and close the file.
  12. Restart your ASSP Service.
  13. Review the following sections of this page to familiarize yourself with the ASSP interface.
Back to Top

 

Details

This plugin requires ASSP 2.0 or higher (as of this writing ASSP 2.0 is still in beta test). ASSP 2.0 and SNF4ASSP require perl 5.8.8. All necessary modules are included in a standard perl 5.8.8 installation.

This plugin communicates with the SNF Server over TCP. It uses a temporary file to pass an email message to the SNF Server. The temporary file must be in a directory that both the SNF Server and the ASSP process can read, write, and create files in. On *nix systems this can be accomplished by creating a directory (e.g., /opt/snf/tempdir) and setting its ownership to "snfilter:snfilter" and its permissions to 777:

$ mkdir /opt/snf/tempdir
$ chown snfilter:snfilter /opt/snf/tempdir
$ chmod 777 /opt/snf/tempdir

It is strongly recommended that you create a directory specifically for the above mentioned purpose. The default value for this directory is:

Windows: C:\SNFTEMP
*nix: /opt/snf/tempdir

Your SNF Server should be set to operate in "api" mode (Note: This is not the default mode). This reduces I/O by preventing the SNF Server from re-writing the temporary message files. Set the output mode in your snf_engine.xml file, in the <output mode> property of the <xheaders> container like this:

<xheaders>
<output mode='api'/>

Back to Top

 

Configuration

Here is a list of the options you will encounter in ASSP (Figure 1). Somewhere near the bottom of the left column, you will find the ASSP_SNF-Plugin

Figure 1

Remember that before you finish, you must always click Apply Changes at the bottom of the control panel. ASSP will not commit the changes otheriwise (Figure 2).

Figure 2

The ASSP4SNF Plugin provides a configuration pane in the ASSP web-based configuration panel. Click on ASSP4SNF Plugin in the menu and the plugin configuration pane will open. In addition to the standard ASSP Plugin configuration options, the following SNF-specific options/features are configurable in this panel:

General Feature Response

This feature controls the general feature response. It either turns off, blocks or scores the plugin (Figure 3). The following lists the options and the actions taken if selected:

disabled - do nothing
block - reject the message (if not addressed to spamlover)
monitor - pretend its running (with logging), but don't actually block messages
score - don't block outright, add score value for DoPenaltyMessage & DoPenalty
testmode - don't block, tag messages with spamSubject

Figure 3
Option 1

Back to Top

Priority Settings

The Priority Setting allows you to set your priority of the ASSP_SNF-Plugin (Figure 4).

Figure 4
Option 2

Back to Top

Test Mode

This feature will disregard the response of the filter, but always run the filter. This is a good way to confirm that the SNF-Plugin is working before you begin having it affect your mail stream. Combine this will the x-header features in the snf_engine.xml file and you will be able to see what rules and results are being generated (Figure 5).

Figure 5
Option 3

Back to Top

SNF4ASSP Logging

(Figure 6)

Figure 6
Option 4

Back to Top

PenaltyBox Valence

The PenaltyBox is an accumulative value (similar to how other anti-spam products work per-message), but this works per-IP address or /24 net-block (Figure 7). Once the valence values reach the penalty threshold within the collection interval, those IP addresses or net-blocks will have their connections completely blocked for the expiration time alloted. If the valence values reach the extreme threshold, the IP or net-block will be permanently blocked. For detailed explanation of ASSP's PenaltyBox visit SourceForge's site.

Figure 7
Option 5

Back to Top

White-Listing Processing

ASSP operates against IP scores (Figure 8). Each test will contribute or detract from an IP's Score. If the IP is considered whitelisted, then you are going to run the message through this filter.

Figure 8
Option 6

Back to Top

Failed Mail Location Logs

You can select to put failed messages in one of these identified folders or cc to the allspam account (Figure 9).

Figure 9
Option 7

Back to Top

SNFServer Hostname

The hostname is used to connect to the SNFServer (Figure 10). Usually localhost, but may be different if your SNFServer is running on a different host than this ASSP installation.

Figure 10
Option 8

Back to Top

SNFServer Port Number

The port number is used to connect to the SNFServer (Figure 11). The default value is often correct, unless you've intentionally changed it in your SNF configuration.

Figure 11
Option 9

Back to Top

Timeout Value

The timeout value is the number of seconds to wait for a connection from the SNFServer (Figure 12). The default should be fine in most cases.

Figure 12
Option 10

Back to Top

Temporary Directory

The temporary directory defined is the directory used to pass mail messages to and from the SNFServer (Figure 13). This directory must be writable and readable by both the SNFServer and the ASSP installation.

Figure 13
Option 11

Back to Top

Temporary Message Maximum Size

This setting defines the maximum size that will be written for a temporary mail message file (Figure 14). The default (64k) matches the size used by the SNFServer, so there shouldn't be a need to change it.

Figure 14
Option 12

Back to Top

Result Code Threshold

The SNF result code threshold that is considered spam. SNF result codes at this level or above will be considered spam for the purposes of ASSP scoring (Figure 15). The default value of 20 is good in most cases.

Figure 15
Option 13

Please email [email protected] with any questions.

Back to Top

 

Technical Summary

Requires Basic Sniffer Install:

  • Use the SNF_CS_Installer for Windows. Select "Other" Option. Manual Install for *Nix.
  • Create Temp Folder: C:\SNFTemp or /opt/snf/tempdir depending on platform.
  • Place ASSP_SNF.pm in the [Root]\plugins folder.
  • Refer to SNF Documentation for info on setting custom header injection (requires edit of snf_engine.xml).
  • In your snf_engine.xml file, set the <xheader> to "api". Save and close the file.