Documentation Home · White Papers · Installation Guide:SNFMilter
Installation Guide: SNFMilter

This product is for use in a *nix environment where SNF will be integrated with sendmail or postfix MTAs as a milter. The milter also provides XCI access to support SNFClient or your own application using XCI for other scans, GBUdb manipulation, or status reporting.

You can download this package from our Downloads page.

This distribution include:

  • snf-milter - Bash control script.
  • getRulebae - Bash script uses curl and snf2check to download SNF rulebase files.
  • snfmilter - SNFMulti engine implemented with a milter interface.
  • SNFClient - Command line utility for accessing SNFMulti engine via XCI.
  • snf2check - Validates SNF rulebase files.
  • postfix-multi-message.patch - Patch to fix postfix bug*

Note: *At the time of this writing postfix (2.6.2 and earlier) contains a minor bug. The bug affects SMTP sessions where multiple messages are transferred and a milter is attempting to quarantine messages. The postfix-mult-message patch fixes that problem. See INSTALL for instructions.

What Can It Do?

SNFMilter provides filtering services through the milter interface at two points in an SMTP conversation. At connection time actions can be associated with specific GBUdb ranges. After each message is received (but before it is accepted) actions can be associated with specific SNF scan results.

At Connection Time

The connecting IP is checked against the local GBUdb data. The following options can be configured (defaults are bold):

  • GBUdb White Range - Accept, Allow, Retry, or Reject
  • GBUdb Caution Range - Accept, Allow, Retry, or Reject
  • GBUdb Black Range - Accept, Allow, Retry, or Reject
  • GBUdb Truncate Range - Accept, Allow, Retry, or Reject

After DATA but before accepting the message

A simulated local Received header is created and then the message is scanned with SNFMulti. This allows GBUdb drilldown directives to be used so that deeper IPs can be evaluated for their reputation. The GBUdb and content analysis data is integrated in the usual way.

After the message is scanned, scan result codes can be configured to trigger milter actions (defaults are bold):

  • Result code 20 (truncate) - Accept, Allow, Retry, Reject, Quarantine, or Discard
  • Result code 40 (caution) - Accept, Allow, Retry, Reject, Quarantine, or Discard
  • Result code 63 (black) - Accept, Allow, Retry, Reject, Quarantine, or Discard
  • Result code 1 (white) - Accept, Allow, Retry, Reject, Quarantine, or Discard
  • Nonzero Result Code - Accept, Allow, Retry, Reject, Quarantine, or Discard

Connect time and Scan time actions are configured in the <platform><milter/></platform> section of the SNFMilter.xml file. Any result code can be specifically assigned to an action. Any nonzero result code that is not speicifcally assigned is controled by the <nonzero/> action.

In general any X- headers produced by the SNFMulti engine are injected into the messages processed through SNFMilter. This allows later milters or other processes to be informed by these X- headers.

How Do I Get Started?

  1. Sign up for a 30-day FREE Trial. This will give you a production ready rulebase and updates FREE for 30 days. If you already have a valid SNF license you may use that for testing.
  2. Download the SNFMilter *nix software distribution.
  3. Compile the programs using configure, make, make-install.
  4. Follow the documentation in the distribution files to set up SNFMilter for your environment.
  5. Test your system carefully and make any adjustments needed. We will help :-)
  6. During or after your trial, purchase a subscription for Message Sniffer. Please note, purchasing a subscription before your trial is over will NOT cut into your free 30 days.