Documentation Home · White Papers · Configuration Guide: SNF + SpamAssassin
Configuration Guide: SNF + SpamAssassin

Getting Started

There are a number of ways to use Message Sniffer with SpamAssassin to stop spam. Three basic approaches are described below.

However, ALL of these approaches require that you start with a working SNFServer installation (and often the SNFClient is helpful as well).

  1. If you don't already have an SNF license to use, then begin by getting a 30 day free trial.
  2. Install Message Sniffer on your system. You can find a Windows Installer (SNF Client/Server Win* Installer) and a *nix distribution (SNFClient/Server *nix) on our Downloads page. In both cases, you want just a basic installation (Windows choose *other).
  3. Select one approach for using Message Sniffer with SpamAssassin from the 3 listed below.

 

1. Stopping spam with the SNF4SA Anti-Spam Plugin for SpamAssassin

The easiest way to integrate Message Sniffer with SpamAssassin is to use the SNF4SA Antispam Plugin for SpamAssassin available on the Downloads page. The SNF4SA install page includes the contents of the INSTALL file which covers configuration and basic installation.

 

2. Preemptive spam filtering with Message Sniffer and SpamAssassin

Since the Message Sniffer engine is typically more than 10 times faster than SpamAssassin on any given hardware, a number of customers have used custom scripting to place Message Sniffer ahead of SpamAssassin so that if Message Sniffer detects spam (scams, malware, phishing, viruses, etc) SpamAssassin will be bypassed. The script is usually a variation of the postfix filter plugin script provided in the distribution.

In this configuration, Message Sniffer is configured to inject headers that look like SpamAssassin results so that message routing mechanisms downstream will react the same way that they would if SpamAssassin had detected the spam.

Systems configured in this way typically avoid costly hardware upgrades and often are able to take on additional traffic reliably thus allowing other hardware to be re-purposed or decomissioned.

 

3. Tagging Spam With Injected Headers Before SpamAssassin

Another way that Message Sniffer is often integrated with SpamAssassin based filter systems is to scan messages with Message Sniffer early in the process and configure Message Sniffer to inject headers that can later be detected by SpamAssassin.

Message Sniffer will inject X-headers into the message when it detects spam and later SpamAssassin will detect these headers using a special set of rules. This technique typically allows a pre-existing SpamAssassin installation to remain virtually un-touched.

This is the method used in our MDaemon antispam plugin, for example. The MDaemon spam filtering system is based on an implementation of SpamAssassin that doesn't readily accept plugins.

The Message Sniffer anti-spam plugin for MDaemon provides the ability to block some connections during the SMTP process and then (if the connection is not blocked) injects X- headers which are later detected by SpamAssassin.

This approach allows us to integrate Message Sniffer with MDaemon without disturbing the existing infrastructure and in addition allows Message Sniffer to block connections from known spam sources based on IP reputation statistics (GBUdb) early in the process.

Please email support@armresearch.com with any questions.