Company News Products Data Tools Support Documentation Q & A Contact Us
Message Sniffer
SNF Client/Server Win*
SNF C/S Win* Installer
SNF Client/Server *nix
SNF MDaemon Plugin
SNF MD Plugin Installer
SNF4Alligate
SNF4ASSP
SNF SDK Windows
SNF SDK *nix
Subscriptions
30 Day Free Trial
Annual Subscription
Subscribe
Renew
Cancel
Monthly Subscription
Subscribe
Update
Cancel
Large Systems
OEM & Resellers

SNF4Alligate

This quick reference is to assist you in walking through plugging Message Sniffer into an Alligate Install manually. There is support for this install with our Message Sniffer Install Utility. However, for overly complex use of Alligate's Routing table feature, you will need to ensure that you are not overriding the plain-Jane install settings assumed by the Installer. Walk through this after using the Installer to double check your settings.

1. Open the Alligate Control Panel stop the three services shown in Figure 1. Top down in order: SMTP, SPOOL, and then MXRate Service.

Figure 1
Stop Services

2. Select Message Processing on the left (Figure 2). At the bottom of the screen on the right side, click Set Processing Directory for use with Alligate Anti-Spam filtering. Or you can just manually type in the install folder followed by \Drop\. This causes Alligate to put all the messages into this folder.

Figure 2
Settings Page 1

3. Double check your routing tables (Figure 3). This is where the customized settings of an Alligate installation will override the Message Sniffer installer's defaults. Alligate's routing table options will override the general default settings for the processing folder set by the installer. These need to be manually reset if they are different.

Figure 3
Select Routing

4. Then you must click on each of the domains independently. Ensure that you have the drop folder set in the processing directory. If you don't have them set, that's ok. They can be blank, or defaulted to the general directory.

Figure 4
Message Routing Definitions

We recommend that you use our installer, especially for these remaining steps which require some work in the registry and some intimate knowledge of how Alligate works. For those who wish to install SNF4Alligate manually, want to tweak their installation, or just want to know the details here are the remaining steps:

5. Next, we need to install the proper support mechanisms to call Sniffer and then move the files to the appropriate place. You need to have installed Sniffer's normal files and have Sniffer running either in the background started manually or as a service. (See our comments for using XYNTService for running Sniffer as a service.)

You may choose to locate the Sniffer files anywhere as long as you pay attention to the paths in all of the appropriate configuration files. However, you will need to install SNF4Alligate.exe and SNF4Alligate.xml in the Alligate-Install Directory. If you are unsure of this, you can look up the full path in the registry under SOFTWARE\SolidOak\Alligate\Settings InstallDir (Figure 5).

Figure 5
Settings

6. While you are in your registry, add the key FilterExe, FilterThreads keys, to the Settings folder of Alligate, and set it to the SNF4Alligate.exe that you have placed in the Alligate install directory. 20 threads for filter processing is a good default setting.

7. Now open the SNF4Alligate.xml file that you have also placed in that directory (Figure 6). You can configure this file to have Message Sniffer's response be to delete messages, (drop) or hold them for any of the return codes that are possible. If you are using the installer, then the default is set to Tag-And-Pass.

Figure 6
Alligate XML File

Use-tests showed that most users employing a gateway would tend to key off of Sniffer downstream. So not only is SNF4Alligate.exe left wide open, but the snf_engine.xml is set to dump ALL its X-Header data into the header of the message. If its too verbose for your taste, you can alter the snf_engine.xml file and turn some of the X-Header tags off.

8. Next, if you have another filter you want to hand off to if Message Sniffer decides that the message is clean, you can enter that in the delivery program setting. Enter the full path to the filter you would like SNF4Alligate to attempt to hand off to. Yes, we did say 'attempt'. This feature is not fully supported by Alligate due to Alligate's design constraints. See note below.**

Lastly, open a cmd window and navigate to the Alligate InstallDirectory (Figure 7). Not the location of SNF4Alligate.exe and .xml Enter the install command followed by the start command for the AGFiltSvc. This is what calls Sniffer each time there is a message in the drop folder. Go back and start the services that you stopped in Step 1 in reverse order, bottom up.

Figure 7
Starting as a Service

Dragon

**Explanation on the Dangers of Currently Daisy Chaining Filters in Alligate:

SNF4Alligate contains an experimental feature that can _theoretically_ be used to chain more than one filter together. Normally this feature is turned off ( <delivery program='none'/> ). The feature is designed to call the next filter exactly as if Alligate does.

At the moment Alligate's filter interface does not officially support chaining multiple filters. This is because Alligate is designed to expect only one external filter. A pool of threads waits to grab any messages that are available to be filtered.If a thread sees a message it will grab it (driven by Alligate's AGFILTSVC) and hand it off to the target of the registry key: FilterExe. The number of these threads is defined by the FilterThreads value in the registry. These threads block and wait for return, but they don't run a name check on their sisters before they start, so it is possible for collisions to occur.

In order for the next filter in the chain to see what it expects, SNF4Alligate must first unlock the message before handing it to the next filter. The thread that called SNF4Alligate with this message is blocked but if a different thread becomes available and sees the unlocked message before the next filter can lock it then that thread may pick up the message and start putting it through the filter process all over again.

The easiest fix might be to have Alligate's filter processing threads check for duplicate (busy) message file names before passing it to a filter. Another experimental option is to allow only one thread. Though that can be done even now may limit throughput and is not a good long-term option.There are other possible solutions too and we're hopeful that one will be implemented before long.

In the mean time, BE VERY CAREFUL when experimenting with chained filters behind SNF4Alligate!

Please email support@armresearch.com with any questions.

Copyright © 2007 - 2008 ARM Research Labs, LLC