Ubuntu
spamassassin package

Merge lp:~logan/ubuntu/raring/spamassassin/3.3.2-6ubuntu1 into lp:ubuntu/raring/spamassassin

  1. Raring (13.04)
  2. 3.3.2-6ubuntu1
  3. Merge into raring
Proposed by Logan Rosen
Status: Merged
Merge reported by: Sebastien Bacher
Merged at revision: not available
Proposed branch: lp:~logan/ubuntu/raring/spamassassin/3.3.2-6ubuntu1
Merge into: lp:ubuntu/raring/spamassassin
Diff against target: 38156 lines (+303/-37048)
75 files modified
.pc/10_change_config_paths/INSTALL (+0/-474)
.pc/10_change_config_paths/README (+0/-354)
.pc/10_change_config_paths/UPGRADE (+0/-309)
.pc/10_change_config_paths/USAGE (+0/-248)
.pc/10_change_config_paths/ldap/README (+0/-116)
.pc/10_change_config_paths/lib/Mail/SpamAssassin/Conf.pm (+0/-4035)
.pc/10_change_config_paths/lib/Mail/SpamAssassin/Plugin/Test.pm (+0/-72)
.pc/10_change_config_paths/lib/spamassassin-run.pod (+0/-324)
.pc/10_change_config_paths/rules/user_prefs.template (+0/-42)
.pc/10_change_config_paths/sa-compile.raw (+0/-811)
.pc/10_change_config_paths/sa-learn.raw (+0/-1345)
.pc/10_change_config_paths/spamc/spamc.pod (+0/-339)
.pc/10_change_config_paths/spamd/README (+0/-211)
.pc/10_change_config_paths/spamd/README.vpopmail (+0/-113)
.pc/10_change_config_paths/spamd/spamd.raw (+0/-3413)
.pc/10_change_config_paths/sql/README (+0/-227)
.pc/10_change_config_paths/sql/README.awl (+0/-176)
.pc/10_change_config_paths/t/data/testplugin.pm (+0/-94)
.pc/20_edit_spamc_pod/spamc/spamc.pod (+0/-339)
.pc/30_edit_README/README (+0/-354)
.pc/50_sa-learn_fix_empty_list_handling/sa-learn.raw (+0/-1345)
.pc/55_disable_nagios_epm/sa-check_spamd.raw (+0/-463)
.pc/60_bug_684709/lib/Mail/SpamAssassin/Message.pm (+0/-1205)
.pc/85_disable_SSLv2/spamc/libspamc.c (+0/-2298)
.pc/85_disable_SSLv2/spamc/libspamc.h (+0/-319)
.pc/85_disable_SSLv2/spamc/spamc.c (+0/-1035)
.pc/85_disable_SSLv2/spamc/spamc.pod (+0/-339)
.pc/85_disable_SSLv2/spamd/spamd.raw (+0/-3413)
.pc/90_missing_tld/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm (+0/-419)
.pc/90_pod_cleanup/lib/Mail/SpamAssassin/Conf.pm (+0/-4035)
.pc/91_no_rfc_ignorant/pkgrules/20_dnsbl_tests.cf (+0/-263)
.pc/91_no_rfc_ignorant/pkgrules/30_text_de.cf (+0/-400)
.pc/91_no_rfc_ignorant/pkgrules/50_scores.cf (+0/-1244)
.pc/91_no_rfc_ignorant/pkgrules/local.cf (+0/-102)
.pc/91_no_rfc_ignorant/rules/STATISTICS-set1.txt (+0/-1109)
.pc/91_no_rfc_ignorant/rules/STATISTICS-set3.txt (+0/-1109)
.pc/91_no_rfc_ignorant/rules/active.list (+0/-782)
.pc/95_bug694504-spamdforkscaling-crash/lib/Mail/SpamAssassin/Logger/Syslog.pm (+0/-241)
.pc/95_bug694504-spamdforkscaling-crash/spamd/spamd.raw (+0/-3412)
.pc/applied-patches (+0/-11)
INSTALL (+1/-1)
README (+10/-5)
UPGRADE (+2/-2)
USAGE (+3/-3)
debian/changelog (+20/-0)
debian/patches/96_disable_njabl (+129/-0)
debian/patches/series (+1/-0)
ldap/README (+1/-1)
lib/Mail/SpamAssassin/Conf.pm (+3/-3)
lib/Mail/SpamAssassin/Logger/Syslog.pm (+5/-9)
lib/Mail/SpamAssassin/Message.pm (+2/-18)
lib/Mail/SpamAssassin/Plugin/Test.pm (+1/-1)
lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm (+1/-1)
lib/spamassassin-run.pod (+2/-2)
pkgrules/20_dnsbl_tests.cf (+29/-0)
pkgrules/30_text_de.cf (+2/-0)
pkgrules/50_scores.cf (+5/-0)
pkgrules/local.cf (+7/-0)
rules/STATISTICS-set1.txt (+2/-0)
rules/STATISTICS-set3.txt (+2/-0)
rules/active.list (+15/-0)
rules/user_prefs.template (+1/-1)
sa-check_spamd.raw (+0/-5)
sa-compile.raw (+2/-2)
sa-learn.raw (+3/-3)
spamc/libspamc.c (+8/-4)
spamc/libspamc.h (+1/-1)
spamc/spamc.c (+9/-3)
spamc/spamc.pod (+7/-5)
spamd/README (+1/-1)
spamd/README.vpopmail (+1/-1)
spamd/spamd.raw (+24/-33)
sql/README (+1/-1)
sql/README.awl (+1/-1)
t/data/testplugin.pm (+1/-1)
To merge this branch: bzr merge lp:~logan/ubuntu/raring/spamassassin/3.3.2-6ubuntu1
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+152997@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Sebastien Bacher (seb128) wrote :

thanks for your work

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== removed directory '.pc/10_change_config_paths'
=== removed file '.pc/10_change_config_paths/INSTALL'
--- .pc/10_change_config_paths/INSTALL 2010-03-01 00:57:24 +0000
+++ .pc/10_change_config_paths/INSTALL 1970-01-01 00:00:00 +0000
@@ -1,474 +0,0 @@
1Upgrading SpamAssassin?
2-----------------------
3
4Please be sure to read the UPGRADE file for important changes that
5have been made since previous versions. In particular, 3.3.0 no
6longer includes a default ruleset.
7
8
9Installing or Upgrading SpamAssassin
10------------------------------------
11
12Using CPAN via CPAN.pm:
13
14 perl -MCPAN -e shell [as root]
15 o conf prerequisites_policy ask
16 install Mail::SpamAssassin
17 quit
18
19Using Linux:
20
21 Debian unstable: apt-get install spamassassin
22 Gentoo: emerge mail-filter/spamassassin
23 Fedora: yum install spamassassin
24
25Alternatively download the tarfile, zipfile, and/or build your own RPM
26from http://spamassassin.apache.org/. Building from tar/zip file is
27usually as simple as:
28
29 [unzip/untar the archive]
30 cd Mail-SpamAssassin-*
31 perl Makefile.PL
32 [option: add -DSPAMC_SSL to $CFLAGS to build an SSL-enabled spamc]
33 make
34 make install [as root]
35
36After installing SpamAssassin, you need to download and install the
37SpamAssassin ruleset using "sa-update". See the "Installing Rules"
38section below.
39
40Please make sure to read this whole document before installing, especially
41the prerequisite information further down.
42
43To install as non-root, see the directions below.
44
45If you are running AFS, you may also need to specify INSTALLSITELIB and
46SITELIBEXP.
47
48Note that you can upgrade SpamAssassin using these instructions, as long
49as you take care to read the caveats in the file UPGRADE. Upgrading
50will not delete your learnt Bayes data or local rule modifications.
51
52If you're using SunOS 4.1.x, see
53http://wiki.spamassassin.org/w/BuildingOnSunOS4 for build tips.
54
55
56Installing SpamAssassin for Personal Use (Not System-Wide)
57----------------------------------------------------------
58
59These steps assume the following, so substitute as necessary:
60 - Your UNIX login is "user"
61 - Your home directory is /home/user
62 - The location of the procmail executable is /usr/bin/procmail
63
64Many more details of this process are at
65http://wiki.apache.org/spamassassin/SingleUserUnixInstall
66
671. Uncompress and extract the SpamAssassin archive, using "unzip" or
68 "tar xvfz", in a temporary directory.
69
702. change directory into it:
71
72 cd Mail-SpamAssassin-*
73
743. Make SpamAssassin as normal, but using your home directory as the
75 target:
76
77 perl Makefile.PL PREFIX=$HOME
78 make
79 make install
80
81 Please see the file PACKAGING, sections "Changing paths in the Makefile"
82 and "Setting further options on the command line" for more informations
83 on available command line variables.
84
854. Install the SpamAssassin ruleset using "sa-update":
86
87 $HOME/bin/sa-update
88
89 See the "Installing Rules" section below if you do not wish to download
90 the rules directly from the internet.
91
925. If you already use procmail, skip to step 7. If not, ensure procmail
93 is installed using "which procmail" or install it from www.procmail.org.
94
956. Create a .forward file in your home directory containing the below
96 lines:
97
98"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user"
99
1007. Edit or create a .procmailrc file in your home directory containing the
101 below lines. If you already have a .procmailrc file, add the lines to
102 the top of your .procmailrc file:
103
104:0fw: spamassassin.lock
105| /home/user/bin/spamassassin
106
107 The above line filters all incoming mail through SpamAssassin and tags
108 probable spam with a unique header. If you would prefer to have spam
109 blocked and saved to a file called "caughtspam" in your home directory,
110 instead of passed through and tagged, append this directly below the above
111 lines:
112
113:0:
114* ^X-Spam-Status: Yes
115caughtspam
116
117Also, see the file procmailrc.example and
118http://wiki.apache.org/spamassassin/UsedViaProcmail
119
1208. Now, you should be ready to send some test emails and ensure everything
121 works as expected. First, send yourself a test email that doesn't
122 contain anything suspicious. You should receive it normally, but there
123 will be a header containing "X-Spam-Status: No". If you are only
124 tagging your spam, send yourself a copy of the GTUBE test string to
125 check to be sure it is marked as spam. GTUBE is located in the
126 sample-spam.txt message distributed with SpamAssassin and also at:
127
128 http://spamassassin.apache.org/gtube/
129
130 If your test emails don't get through to you, immediately rename your
131 .forward file until you figure out cause of the the problem, so you
132 don't lose incoming email.
133
134 Note: one possible cause for this is the use of smrsh on the MTA system;
135 see http://wiki.spamassassin.org/w/ProcmailVsSmrsh for details.
136
1379. You can now customize SpamAssassin. See README for more information.
138
139
140Installing Rules
141----------------
142
143Rules are normally installed by running a sa-update command.
144The version of sa-update program should match the version of SpamAssassin
145modules, so invoking sa-update should be performed only after installing
146or upgrading SpamAssassin code, not before.
147
148Installing rules from network is done with a single command:
149
150 sa-update
151
152This is normally run as root.
153
154If you wish to install rules from downloaded files, rather than "live" from
155the latest online ruleset, here is how to do it.
156
157Obtain all the following files:
158
159 Mail-SpamAssassin-rules-xxx.tgz
160 Mail-SpamAssassin-rules-xxx.tgz.asc
161 Mail-SpamAssassin-rules-xxx.tgz.md5
162 Mail-SpamAssassin-rules-xxx.tgz.sha1
163 (where xxx may look something like '3.3.0-rc1.r893295')
164
165Save them all to the current directory.
166Obtain a rules-signing public key:
167
168 curl -O http://spamassassin.apache.org/updates/GPG.KEY
169
170Import the signing key to the SpamAssassin gpg keyring, so that the rules
171files can be verified safely:
172
173 sa-update --import GPG.KEY
174
175Install rules from a compressed tar archive:
176
177 sa-update --install Mail-SpamAssassin-rules-xxx.tgz
178
179Note that the ".tgz.asc", ".tgz.md5" and ".tgz.sha1" files all need to
180be in the same directory, otherwise sa-update will fail.
181
182
183If the intended rules destination directory differs from a default location
184as assumed by sa-update and SpamAssassin, such as when running a content
185filter within a Unix jail or on an unusual installation, please supply the
186rules destination directory to sa-update through its option --updatedir,
187such as:
188
189 sa-update --updatedir /var/jail/var/db/spamassassin/3.003000
190
191
192CPAN
193----
194
195Most of the modules listed below are available via the Comprehensive Perl
196Archive Network (CPAN, see http://www.cpan.org/ for more information).
197While each module is different, most can be installed via a few simple
198commands such as:
199
200 $ perl -MCPAN -e shell
201 cpan> o conf prerequisites_policy ask
202 cpan> install Module::Name
203 cpan> quit
204
205If there are problems or questions regarding the installation any of the
206modules, please see the CPAN and relevant module's documentation for more
207information. We can't provide documentation or installation support for
208third party modules.
209
210Additional information about the CPAN module is also available via
211"perldoc CPAN".
212
213Most Linux distributions also offer the CPAN modules in their own native
214formats (RPMs, Debian packages, etc.), so you should be able to find these
215through those mechanisms, too, if you prefer.
216
217
218Required Perl Interpreter
219-------------------------
220
221Perl 5.8.1 or a later version is required.
222Preferred versions are 5.8.8, or 5.10.1 or later.
223
224Most of the functions might still work with Perl 5.6.1 or 5.6.2,
225but 5.6.* is no longer a supported version.
226
227
228Required Perl Modules
229---------------------
230
231In addition to the modules associated with Perl, some additional modules
232need to be installed or upgraded depending on the version of Perl that you
233are running.
234
235You can get an immediate report on which of these modules you may need (or
236want) to upgrade, by running "perl build/check_dependencies" from the
237SpamAssassin build directory.
238
239The list of required modules that do not ship with Perl and must be
240installed:
241
242 - Digest::SHA1 (from CPAN),
243 or the newer Digest::SHA which is a perl base module since Perl 5.10.0
244
245 The Digest::SHA1 module is used as a cryptographic hash for some
246 tests and the Bayes subsystem if Digest::SHA module is not available.
247
248 An external perl module razor-agents-2.84 as used by a Razor2 plugin
249 seems to be the only remaining component depending on Digest::SHA1
250 (note that a packager may ship a patched version of razor-agents which
251 can use Digest::SHA instead)
252
253 Debian: apt-get install libdigest-sha1-perl
254 Gentoo: emerge dev-perl/Digest-SHA1
255 Fedora: yum install perl-Digest-SHA1
256
257 - HTML::Parser >= 3.43 (from CPAN)
258
259 HTML is used for an ever-increasing amount of email so this dependency
260 is unavoidable. Run "perldoc -q html" for additional information.
261
262 Debian: apt-get install libhtml-parser-perl
263 Gentoo: emerge dev-perl/HTML-Parser
264 Fedora: yum install perl-HTML-Parser
265
266 - Net::DNS (from CPAN)
267
268 Used for all DNS-based tests (SBL, XBL, SpamCop, DSBL, etc.),
269 perform MX checks, used when manually reporting spam to SpamCop,
270 and used by sa-update to gather version information.
271
272 You need to make sure the Net::DNS version is sufficiently up-to-date:
273
274 - version 0.34 or higher on Unix systems
275 - version 0.46 or higher on Windows systems
276
277 Debian/Ubuntu: apt-get install libnet-dns-perl
278 Fedora: yum install perl-Net-DNS
279
280 - NetAddr::IP (from CPAN)
281
282 Used to parse IP addresses and IP address ranges for
283 "trusted_networks".
284
285 Debian/Ubuntu: apt-get install libnetaddr-ip-perl
286 Fedora: yum install perl-NetAddr-IP
287
288 - Time::HiRes (from CPAN)
289
290 Used by asynchronous DNS lookups to operate timeouts with subsecond
291 precision and to report processing times accurately.
292
293 - LWP (aka libwww-perl) (from CPAN)
294
295 This set of modules will include both the LWP::UserAgent and
296 HTTP::Date modules, used by sa-update to retrieve update archives.
297
298 Fedora: yum install perl-libwww-perl
299
300 - HTTP::Date (from CPAN)
301
302 Used by sa-update to deal with certain Date requests.
303
304 - IO::Zlib (from CPAN)
305
306 Used by sa-update to uncompress update archives.
307 Version 1.04 or later is required.
308
309 Fedora: yum install perl-IO-Zlib
310
311 - Archive::Tar (from CPAN)
312
313 Used by sa-update to expand update archives.
314 Version 1.23 or later is required.
315
316 Fedora: yum install perl-Archive-Tar
317
318
319Optional Modules
320----------------
321
322In addition, the following modules will be used for some checks, if
323available and the version is high enough. If they are not available or if
324their version is too low, SpamAssassin will still work, just not as
325effectively because some of the spam-detection tests will have to be
326skipped.
327
328Note: SpamAssassin will not warn you if these are installed, but the
329version is too low for them to be used.
330
331 - MIME::Base64
332
333 This module is highly recommended to increase the speed with which
334 Base64 encoded messages/mail parts are decoded.
335
336
337 - DB_File (from CPAN, included in many distributions)
338
339 Used to store data on-disk, for the Bayes-style logic and
340 auto-whitelist. *Much* more efficient than the other standard Perl
341 database packages. Strongly recommended.
342
343 There seems to be a bug in libdb 4.1.25, which is
344 distributed by default on some versions of Linux. See
345 http://wiki.apache.org/spamassassin/DbFileSleepBug for details.
346
347
348 - Net::SMTP (from CPAN)
349
350 Used when manually reporting spam to SpamCop.
351
352
353 - Mail::SPF (from CPAN)
354
355 Used to check DNS Sender Policy Framework (SPF) records to fight email
356 address forgery and make it easier to identify spams. This module
357 makes Mail::SPF::Query obsolete.
358
359 Net::DNS version 0.58 or higher is required.
360
361 Note that NetAddr::IP (required by Mail::SPF) versions up to and
362 including version 4.006 include a bug that will slow down the entire
363 perl interpreter. NetAddr::IP version 4.007 or later fixes this.
364
365
366 - IP::Country::Fast (from CPAN)
367
368 Used by the RelayCountry plugin (not enabled by default) to determine
369 the domain country codes of each relay in the path of an email.
370
371
372 - Net::Ident (from CPAN)
373
374 If you plan to use the --auth-ident option to spamd, you will need
375 to install this module.
376
377
378 - IO::Socket::INET6 (from CPAN)
379
380 This is required if the first nameserver listed in your IP
381 configuration or /etc/resolv.conf file is available only via an IPv6
382 address.
383
384 Fedora: yum install perl-IO-Socket-INET6
385
386
387 - IO::Socket::SSL (from CPAN)
388
389 If you wish to use SSL encryption to communicate between spamc and
390 spamd (the --ssl option to spamd), you need to install this
391 module. (You will need the OpenSSL libraries and use the
392 ENABLE_SSL="yes" argument to Makefile.PL to build and run an SSL
393 compatibile spamc.)
394
395 Fedora: yum install perl-IO-Socket-SSL
396
397
398 - Compress::Zlib (from CPAN)
399
400 If you wish to use the optional zlib compression for communication
401 between spamc and spamd (the -z option to spamc), useful for
402 long-distance use of spamc over the internet, you need to install
403 this module.
404
405 Fedora: yum install perl-Compress-Zlib
406
407
408 - Mail::DKIM (from CPAN)
409
410 If this module is installed, and you enable the DKIM plugin,
411 SpamAssassin will perform DKIM lookups when a DKIM-Signature header is
412 present in the message headers. Current versions of Mail::DKIM (0.20
413 or later) also perform Domain Key lookups on DomainKey-Signature headers,
414 without requiring the Mail::DomainKeys module, which is now obsolete.
415 Version 0.37 or later is preferred, the absolute minimal version is 0.31.
416
417 Note that the Mail::DKIM module in turn requires the Digest::SHA module
418 and OpenSSL libraries.
419
420
421 - DBI *and* DBD driver/modules for your database (from CPAN)
422
423 If you intend to use SpamAssassin with an SQL database backend for
424 user configuration data, Bayes storage, or other storage, you will need
425 to have these installed; both the basic DBI module and the driver for
426 your database.
427
428
429 - Encode::Detect (from CPAN)
430
431 If you plan to use the normalize_charset config setting to detect
432 charsets and convert them into Unicode, you will need to install
433 this module.
434
435
436 - Apache::Test (from CPAN)
437
438 If you plan to run the Apache2 version of spamd in the
439 "spamd-apache2" directory, you will need to install this
440 module.
441
442
443 - Apache 2 and mod_perl
444
445 If you plan to run the Apache2 version of spamd in the "spamd-apache2"
446 directory, you will need to ensure these are installed.
447
448 Ubuntu: sudo apt-get install apache2 libapache2-mod-perl2
449
450
451 - Razor2
452
453 If you plan to use Vipul's Razor, note that versions up to and
454 including version 2.82 include a bug that will slow down the entire
455 perl interpreter. Version 2.83 or later fixes this.
456
457 If you do not plan to use this plugin, be sure to comment out
458 its loadplugin line in "/etc/mail/spamassassin/v310.pre".
459
460
461What Next?
462----------
463
464Take a look at the USAGE document for more information on how to use
465SpamAssassin.
466
467The SpamAssassin Wiki <http://wiki.spamassassin.org/> contains
468information on custom plugins, extensions, and other optional modules
469included with SpamAssassin.
470
471
472(end of INSTALL)
473
474// vim:tw=74:
4750
=== removed file '.pc/10_change_config_paths/README'
--- .pc/10_change_config_paths/README 2010-03-01 00:57:24 +0000
+++ .pc/10_change_config_paths/README 1970-01-01 00:00:00 +0000
@@ -1,354 +0,0 @@
1Welcome to SpamAssassin!
2------------------------
3
4What SpamAssassin Is
5--------------------
6
7SpamAssassin is a mail filter which attempts to identify spam using
8a variety of mechanisms including text analysis, Bayesian filtering,
9DNS blocklists, and collaborative filtering databases.
10
11SpamAssassin is a project of the Apache Software Foundation (ASF).
12
13
14What SpamAssassin Is Not
15------------------------
16
17SpamAssassin is not a program to delete spam, route spam and ham to
18separate mailboxes or folders, or send bounces when you receive spam.
19Those are mail routing functions, and SpamAssassin is not a mail
20router. SpamAssassin is a mail filter or classifier. It will examine
21each message presented to it, and assign a score indicating the
22likelihood that the mail is spam. An external program must then
23examine this score and do any routing the user wants done. There are
24many programs that will easily perform these functions after examining
25the score assigned by SpamAssassin.
26
27
28How SpamAssassin Works
29----------------------
30
31SpamAssassin uses a wide range of heuristic tests on mail headers and
32body text to identify "spam", also known as unsolicited commercial
33email.
34
35Once identified, the mail can then be optionally tagged as spam for
36later filtering using the user's own mail user-agent application.
37
38SpamAssassin typically differentiates successfully between spam and
39non-spam in between 95% and 100% of cases, depending on what kind of mail
40you get and your training of its Bayesian filter. Specifically,
41SpamAssassin has been shown to produce around 1.5% false negatives (spam
42that was missed) and around 0.06% false positives (ham incorrectly marked
43as spam). See the rules/STATISTICS*.txt files for more information.
44
45SpamAssassin also includes plugins to support reporting spam messages
46automatically or manually to collaborative filtering databases such as
47Pyzor, DCC, and Vipul's Razor.
48
49The distribution provides "spamassassin", a command line tool to
50perform filtering, along with the "Mail::SpamAssassin" module set
51which allows SpamAssassin to be used in spam-protection proxy SMTP or
52POP/IMAP server, or a variety of different spam-blocking scenarios.
53
54In addition, "spamd", a daemonized version of SpamAssassin which
55runs persistently, is available. Using its counterpart, "spamc",
56a lightweight client written in C, an MTA can process large volumes of
57mail through SpamAssassin without having to fork/exec a perl interpreter
58for each message.
59
60
61Questions? Need Help?
62---------------------
63
64If you have questions about SpamAssassin, please check the Wiki[1] to
65see if someone has already posted an answer to your question. (The
66Wiki doubles as a FAQ.) Failing that, post a message to the
67spamassassin-users mailing list[2]. If you've found a bug (and you're
68sure it's a bug after checking the Wiki), please file a report in our
69Bugzilla[3].
70
71 [1]: http://wiki.apache.org/spamassassin/
72 [2]: http://wiki.apache.org/spamassassin/MailingLists
73 [3]: http://issues.apache.org/SpamAssassin/
74
75Please also be sure to read the man pages.
76
77
78Upgrading SpamAssassin
79----------------------
80
81IMPORTANT: If you are upgrading from a previous major version of
82SpamAssassin, please be sure to read the notes in UPGRADE to find out
83what has changed in a non-backwards compatible way.
84
85
86Installing SpamAssassin
87-----------------------
88
89See the INSTALL file.
90
91
92Customising SpamAssassin
93------------------------
94
95These are the configuration files installed by SpamAssassin. The commands
96that can be used therein are listed in the POD documentation for the
97Mail::SpamAssassin::Conf class (run the following command to read it:
98"perldoc Mail::SpamAssassin::Conf"). Note: The following directories are
99the standard defaults that people use. There is an explanation of all the
100default locations that SpamAssassin will look at the end.
101
102 - /usr/share/spamassassin/*.cf:
103
104 Distributed configuration files, with all defaults. Do not modify
105 these, as they are overwritten when you upgrade.
106
107 - /var/lib/spamassassin/*/*.cf:
108
109 Local state directory; updated rulesets, overriding the
110 distributed configuration files, downloaded using "sa-update". Do
111 not modify these, as they are overwritten when you run
112 "sa-update".
113
114 - /etc/mail/spamassassin/*.cf:
115
116 Site config files, for system admins to create, modify, and
117 add local rules and scores to. Modifications here will be
118 appended to the config loaded from the above directory.
119
120 - /etc/mail/spamassassin/*.pre:
121
122 Plugin control files, installed from the distribution. These are
123 used to control what plugins are loaded. Modifications here will
124 be loaded before any configuration loaded from the above
125 directories.
126
127 You want to modify these files if you want to load additional
128 plugins, or inhibit loading a plugin that is enabled by default.
129 If the files exist in /etc/mail/spamassassin, they will not
130 be overwritten during future installs.
131
132 - /usr/share/spamassassin/user_prefs.template:
133
134 Distributed default user preferences. Do not modify this, as it is
135 overwritten when you upgrade.
136
137 - /etc/mail/spamassassin/user_prefs.template:
138
139 Default user preferences, for system admins to create, modify, and
140 set defaults for users' preferences files. Takes precedence over
141 the above prefs file, if it exists.
142
143 Do not put system-wide settings in here; put them in a file in the
144 "/etc/mail/spamassassin" directory ending in ".cf". This file is
145 just a template, which will be copied to a user's home directory
146 for them to change.
147
148 - $USER_HOME/.spamassassin:
149
150 User state directory. Used to hold spamassassin state, such
151 as a per-user automatic whitelist, and the user's preferences
152 file.
153
154 - $USER_HOME/.spamassassin/user_prefs:
155
156 User preferences file. If it does not exist, one of the
157 default prefs file from above will be copied here for the
158 user to edit later, if they wish.
159
160 Unless you're using spamd, there is no difference in
161 interpretation between the rules file and the preferences file, so
162 users can add new rules for their own use in the
163 "~/.spamassassin/user_prefs" file, if they like. (spamd disables
164 this for security and increased speed.)
165
166 - $USER_HOME/.spamassassin/bayes*
167
168 Statistics databases used for Bayesian filtering. If they do
169 not exist, they will be created by SpamAssassin.
170
171 Spamd users may wish to create a shared set of bayes databases;
172 the "bayes_path" and "bayes_file_mode" configuration settings
173 can be used to do this.
174
175 See "perldoc sa-learn" for more documentation on how
176 to train this.
177
178File Locations:
179
180SpamAssassin will look in a number of areas to find the default
181configuration files that are used. The "__*__" text are variables
182whose value you can see by looking at the first several lines of the
183"spamassassin" or "spamd" scripts.
184
185They are set on install time and can be overridden with the Makefile.PL
186command line options DATADIR (for __def_rules_dir__) and CONFDIR (for
187__local_rules_dir__). If none of these options were given, FHS-compliant
188locations based on the PREFIX (which becomes __prefix__) are chosen.
189These are:
190
191 __prefix__ __def_rules_dir__ __local_rules_dir__
192 -------------------------------------------------------------------------
193 /usr /usr/share/spamassassin /etc/mail/spamassassin
194 /usr/local /usr/local/share/spamassassin /etc/mail/spamassassin
195 /opt/$DIR /opt/$DIR/share/spamassassin /etc/opt/mail/spamassassin
196 $DIR $DIR/share/spamassassin $DIR/etc/mail/spamassassin
197
198The files themselves are then looked for in these paths:
199
200 - Distributed Configuration Files
201 '__def_rules_dir__'
202 '__prefix__/share/spamassassin'
203 '/usr/local/share/spamassassin'
204 '/usr/share/spamassassin'
205
206 - Site Configuration Files
207 '__local_rules_dir__'
208 '__prefix__/etc/mail/spamassassin'
209 '__prefix__/etc/spamassassin'
210 '/usr/local/etc/spamassassin'
211 '/usr/pkg/etc/spamassassin'
212 '/usr/etc/spamassassin'
213 '/etc/mail/spamassassin'
214 '/etc/spamassassin'
215
216 - Default User Preferences File
217 '__local_rules_dir__/user_prefs.template'
218 '__prefix__/etc/mail/spamassassin/user_prefs.template'
219 '__prefix__/share/spamassassin/user_prefs.template'
220 '/etc/spamassassin/user_prefs.template'
221 '/etc/mail/spamassassin/user_prefs.template'
222 '/usr/local/share/spamassassin/user_prefs.template'
223 '/usr/share/spamassassin/user_prefs.template'
224
225
226In addition, the "Distributed Configuration Files" location is overridden
227by a "Local State Directory", used to store an updated copy of the
228ruleset:
229
230 __prefix__ __local_state_dir__
231 -------------------------------------------------------------------------
232 /usr /var/lib/spamassassin/__version__
233 /usr/local /var/lib/spamassassin/__version__
234 /opt/$DIR /var/opt/spamassassin/__version__
235 $DIR $DIR/var/spamassassin/__version__
236
237This is normally written to by the "sa-update" script. "__version__" is
238replaced by a representation of the version number, so that multiple
239versions of SpamAssassin will not interfere with each other's rulesets.
240
241
242After installation, try "perldoc Mail::SpamAssassin::Conf" to see what
243can be set. Common first-time tweaks include:
244
245 - required_score
246
247 Set this higher to make SpamAssassin less sensitive.
248 If you are installing SpamAssassin system-wide, this is
249 **strongly** recommended!
250
251 Statistics on how many false positives to expect at various
252 different thresholds are available in the "STATISTICS.txt" file in
253 the "rules" directory.
254
255 - rewrite_header, add_header
256
257 These options affect the way messages are tagged as spam or
258 non-spam. This makes it easy to identify incoming mail.
259
260 - ok_locales
261
262 If you expect to receive mail in non-ISO-8859 character sets (ie.
263 Chinese, Cyrillic, Japanese, Korean, or Thai) then set this.
264
265
266Learning
267--------
268
269SpamAssassin includes a Bayesian learning filter, so it is worthwhile
270training SpamAssassin with your collection of non-spam and spam,
271if possible. This will make it more accurate for your incoming mail.
272Do this using the "sa-learn" tools, like so:
273
274 sa-learn --spam ~/Mail/saved-spam-folder
275 sa-learn --ham ~/Mail/inbox
276 sa-learn --ham ~/Mail/other-nonspam-folder
277
278
279If these are mail folders in mbox format, use the --mbox switch, for
280Maildirs use a trailing slash, like Maildir/cur/.
281
282Use as many mailboxes as you like. Note that SpamAssassin will remember
283what mails it has learnt from, so you can re-run this as often as you like.
284
285
286Locali[sz]ation
287---------------
288
289All text displayed to users is taken from the configuration files. This
290means that you can translate messages, test descriptions, and templates
291into other languages.
292
293If you do so, we would *really* appreciate it if you could contribute
294these translations, so that they can be added to the
295distribution. Please file a bug in our Bugzilla[4], and attach your
296translations. You will, of course, be credited for this work!
297
298 [4]: http://issues.apache.org/SpamAssassin/
299
300
301Disabled code
302-------------
303
304There are some tests and code in SpamAssassin that are turned off by
305default: experimental code, slow code, or code that depends on
306non-open-source software or services that are not always free. These
307disabled tests include:
308
309 - DCC: depends on non-open-source software (disabled in init.pre)
310 - MAPS: commercial service (disabled in 50_scores.cf)
311 - TextCat: slow (disabled in init.pre)
312 - various optional plugins, disabled for speed (disabled in *.pre)
313
314To turn on tests disabled in 50_scores.cf, simply assign them a non-zero
315score, e.g. by adding score lines to your ~/.spamassassin/user_prefs file.
316
317To turn on tests disabled by commenting out the required plugin in
318init.pre, you need to uncomment the loadplugin line and make sure the
319prerequisites for proper operation of the plugin are present.
320
321
322Automatic Whitelist System
323--------------------------
324
325SpamAssassin includes automatic whitelisting; The current iteration is
326considerably more complex than the original version. The way it works is
327by tracking for each sender address the average score of messages so far
328seen from there. Then, it combines this long-term average score for the
329sender with the score for the particular message being evaluated, after
330all other rules have been applied.
331
332This functionality is on by default, and is enabled or disabled with the
333"use_auto_whitelist" option.
334
335A system-wide auto-whitelist can be used, by setting the
336auto_whitelist_path and auto_whitelist_file_mode configuration commands
337appropriately, e.g.
338
339 auto_whitelist_path /var/spool/spamassassin/auto-whitelist
340 auto_whitelist_file_mode 0666
341
342The spamassassin -W and -R command line flags provide an API to add and
343remove entries 'manually', if you so desire. They operate based on an
344input mail message, to allow them to be set up as aliases which users can
345simply forward their mails to. See the spamassassin manual page for more
346details.
347
348The default address-list implementation,
349Mail::SpamAssassin::DBBasedAddrList, uses Berkeley DB files to store
350the addresses.
351
352(end of README)
353
354// vim:tw=74:
3550
=== removed file '.pc/10_change_config_paths/UPGRADE'
--- .pc/10_change_config_paths/UPGRADE 2010-03-01 00:57:24 +0000
+++ .pc/10_change_config_paths/UPGRADE 1970-01-01 00:00:00 +0000
@@ -1,309 +0,0 @@
1Note for Users Upgrading to SpamAssassin 3.3.0
2-----------------------------------------------
3
4- Rules are no longer included with SpamAssassin "out of the box". You will
5 need to immediately run "sa-update", or download the additional rules .tgz
6 package and run "sa-update --install" with it, to get a ruleset.
7
8- The BETA label has been taken off of the SpamAssassin SQL support. Please
9 be aware that occasional changes may still be made to this area of the
10 code. You should be sure to read this upgrade document each time you
11 install a new version to determine if any SQL updates need to be made to
12 your local installation.
13
14- The DKIM plugin is now enabled by default for new installs, if the perl
15 module Mail::DKIM is installed. However, installation of SpamAssassin
16 will not overwrite existing .pre configuration files, so to use DKIM when
17 upgrading from a previous release that did not use DKIM, a directive:
18
19 loadplugin Mail::SpamAssassin::Plugin::DKIM
20
21 will need to be uncommented in file "v312.pre", or added to some
22 other .pre file, such as local.pre.
23
24
25Note for Users Upgrading to SpamAssassin 3.2.0
26-----------------------------------------------
27
28- The "127/8" network, including 127.0.0.1, is now always implicitly part of
29 "trusted_networks" and "internal_networks". It's impossible to remove these
30 from the trusted/internal sets, since if you cannot trust the host where
31 SpamAssassin is running, you cannot trust SpamAssassin itself. If you
32 previously had "trusted_networks" and "internal_networks" lines listing those
33 hosts, you should now remove them, otherwise a minor (non-lint-error) warning
34 will be output.
35
36- For ISPs -- version 3.2.0 now includes a new way to specify Mail Submission
37 Agents, relay hosts which accept mail from your own users and authenticates
38 them appropriately. See the Mail::SpamAssassin::Conf manual page for the
39 "msa_networks" setting.
40
41
42Note for Users Upgrading to SpamAssassin 3.1.0
43-----------------------------------------------
44
45- A significant amount of core functionality has been moved into
46 plugins. These include, AWL (auto-whitelist), DCC, Pyzor, Razor2,
47 SpamCop reporting and TextCat. For information on configuring these
48 plugins please refer to their individual documentation:
49 perldoc Mail::SpamAssassin::Plugin::* (ie AWL, DCC, etc)
50
51- There are now multiple files read to enable plugins in the
52 /etc/mail/spamassassin directory; previously only one, "init.pre" was
53 read. Now both "init.pre", "v310.pre", and any other files ending
54 in ".pre" will be read. As future releases are made, new plugins
55 will be added to new files named according to the release they're
56 added in.
57
58- Due to license restrictions the DCC and Razor2 plugins are disabled
59 by default. We encourage you to read the appropriate license
60 yourself and decide if you are able to re-enable the plugins for
61 your site.
62
63- The use_auto_whitelist config option has been moved to a user config
64 option, this allows individual users to turn on or off whitelisting
65 regardless of what is set in the system config. If you would like to
66 disable AWL (auto-whitelist) on a site-wide basis, then you can comment
67 out the plugin in "v310.pre".
68
69- The bayes_auto_learn_threshold_* config options for bayes have moved
70 to a plugin. In general the default should work just fine however
71 if you are interested in changing these values you should see:
72 perldoc Mail::SpamAssassin::Plugin::AutoLearnThreshold
73
74- The AWL support for NDBM_File databases has been dropped, due to a
75 bug in that package which renders it useless (bug 4353). It appears
76 that SDBM_File, the package which will be used instead, is fully
77 compatible with NDBM however, so this should be unnoticeable.
78
79- The prefork algorithm for spamd has been changed. In this version spamd
80 will attempt to keep a small number of "hot" child processes as busy as
81 possible, and keep any others as idle as possible, using something
82 similar to the Apache httpd server scaling algorithm. This reduces
83 memory usage and swapping. You can use the --round-robin switch for
84 spamd to disable this scaling algorithm, and the behaviour seen in the
85 3.0.x versions will be used instead, where all processes receive an
86 equal load and no scaling takes place.
87
88- As of 3.1.0, in addition to the generic BayesSQL support (via
89 Mail::SpamAssassin::BayesStore::SQL) usable by multiple database
90 drivers there is now specific support for MySQL 4.1+ and
91 PostgreSQL. This support is based on non-standard features present
92 in both database servers that allow for various performance boosts.
93
94 If you were using the previous BayesSQL support with MySQL, and
95 already have MySQL 4.1+ installed you can begin using the new module
96 immediately by replacing the bayes_store_module line in your
97 configuration with: Mail::SpamAssassin::BayesStore::MySQL
98
99 We do however recommend that you switch your MySQL tables over to
100 InnoDB for better data integrity and multi user support. You can
101 most often do this via a simple ALTER TABLE command, refer to the
102 MySQL documentation for more information.
103
104 If you were previously using PostgreSQL for your bayes database then
105 we STRONGLY recommend switching to the PostgreSQL specific backend:
106 Mail::SpamAssassin::BayesStore::PgSQL
107 To switch to this backend you should first run sa-learn --backup to
108 make a backup of your existing data and then drop and recreate the
109 database following the instructions in sql/README.bayes. Then you
110 can restore the database with sa-learn --restore. If you have
111 multiple users then you will have to run --backup and --restore for
112 each user to fully restore the database.
113
114- See http://wiki.apache.org/spamassassin/UpgradeTo310 for a
115 supplementary list of upgrade notes. It will be updated with any
116 upgrade notes not captured in this document.
117
118- Finally, this document is likely not complete. Other configuration
119 options/arguments may have changed from older versions, etc. It would
120 be good to double-check any custom configuration options to make sure
121 they're still valid. This could be as simple as running "spamassassin
122 --lint", or more complex, as required by the environment.
123
124
125Note for Users Upgrading to SpamAssassin 3.0.x
126----------------------------------------------
127
128- The SpamAssassin 2.6x release series was the last set of releases to
129 officially support perl versions earlier than perl 5.6.1. If you are
130 using an earlier version of perl, you will need to upgrade before you
131 can use the 3.0.0 version of SpamAssassin. You will also want to make
132 sure that you have the appropriate versions of required and optional
133 modules as they may have changed from old versions. The INSTALL
134 document has the modules and version requirements listed.
135
136- See http://wiki.apache.org/spamassassin/UpgradeTo300 for a
137 supplementary list of upgrade notes. It will be updated with any
138 upgrade notes not captured in this document.
139
140- SpamAssassin 3.0.0 has a significantly different API (Application Program
141 Interface) from the 2.x series of code. This means that if you use
142 SpamAssassin through a third-party utility (milter, etc,) you need to make
143 sure you have an updated version which supports 3.0.0. See
144 http://wiki.apache.org/spamassassin/UpgradeTo300 for information about
145 third-party software.
146
147- The --auto-whitelist, --whitelist and -a options for "spamd" and
148 "spamassassin" to turn on the auto-whitelist have been removed and
149 replaced by the "use_auto_whitelist" configuration option which is
150 also now turned on by default.
151
152- The --virtual-config switch for spamd had to be dropped, due to licensing
153 issues. It is replaced by the --virtual-config-dir switch.
154
155- The "rewrite_subject" and "subject_tag" configuration options were
156 deprecated and are now removed. Instead, using "rewrite_header Subject
157 [your desired setting]". e.g.
158
159 rewrite_subject 1
160 subject_tag ****SPAM(_SCORE_)****
161
162 becomes
163
164 rewrite_header Subject ****SPAM(_SCORE_)****
165
166- The "sa-learn --rebuild" command has been deprecated; please use
167 "sa-learn --sync" instead. The --rebuild option will remain temporarily
168 for backwards compatability.
169
170- The Bayesian storage modules have been completely re-written and now
171 include Berkeley DB (DBM) storage as well as SQL based storage (see
172 sql/README.bayes for more information). In addition, a new format
173 has been introduced for the bayes database that stores tokens in fixed
174 length hashes (Bayes v3). All DBM databases should be automatically
175 converted to this new format the first time they are opened for write.
176 You can manually perform the upgrade by running "sa-learn --sync"
177 from the command line.
178
179 Due to the database format change, you will want to do something like
180 this when upgrading:
181
182 - stop running spamassassin/spamd (ie: you don't want it to be running
183 during the upgrade)
184 - run "sa-learn --rebuild", this will sync your journal. if you skip
185 this step, any data from the journal will be lost when the DB is
186 upgraded.
187 - upgrade SA to 3.0.0
188 - run "sa-learn --sync", which will cause the db format to be upgraded.
189 if you want to see what is going on, you can add the "-D" option.
190 - test the new database by running some sample mails through
191 SpamAssassin, and/or at least running "sa-learn --dump" to make sure
192 the data looks valid.
193 - start running spamassassin/spamd again
194
195 If, instead of uprading your Bayes database, you want to wipe it and
196 start fresh, you can run "sa-learn --clear" to safely remove your
197 Bayes database files. If the --clear command issues an error then
198 you can simply delete the Bayes database files ("bayes_*") while SA
199 is not running; SpamAssassin will recreate them in the current
200 format when it runs.
201
202- "spamd" now has a default max-children setting of 5; no more than 5
203 child scanner processes will be run in parallel. Previously, there was
204 no default limit unless you specified the "-m" switch when starting
205 spamd.
206
207- If you are using a UNIX machine with all database files on local disks,
208 and no sharing of those databases across NFS filesystems, you can use a
209 more efficient, but non-NFS-safe, locking mechanism. Do this by adding
210 the line "lock_method flock" to the /etc/mail/spamassassin/local.cf
211 file. This is strongly recommended if you're not using NFS, as it is
212 much faster than the NFS-safe locker.
213
214- Please note that the use of the following commandline parameters for
215 spamassassin and spamd have been deprecated and may be removed in
216 upcoming versions of SpamAssassin. Please discontinue usage of these
217 options:
218
219 in the 2.6x series: --add-from, --pipe, -F, --stop-at-threshold,
220 -S, -P (spamassassin only)
221 in the 3.0.x series: --auto-whitelist, -a, --whitelist-factory, -M,
222 --warning-from, -w, --log-to-mbox, -l
223
224- user_scores_sql_table is no longer supported. If you need to use a table
225 name, other than the default, create a custom query using the
226 user_scores_sql_custom_query config option.
227
228- SpamAssassin runs in "taint mode" by default for improved security.
229 Certain third-party modules may be incompatible with taint mode.
230
231- 2.6x deprecated the use of the "check_bayes_db" script, and it
232 has been removed in 3.0.0. Please see the sa-learn man/pod
233 documentation for more info.
234
235- Finally, this document is likely not complete. Other configuration
236 options/arguments may have changed from older versions, etc. It would
237 be good to double-check any custom configuration options to make sure
238 they're still valid. This could be as simple as running "spamassassin
239 --lint", or more complex, as required by the environment.
240
241 An example: "require_version <version>" hasn't changed itself, but the
242 internal version representation is now "x.yyyzzz" instead of "x.yz"
243 which could cause issues if "require_version 3.00" is expected to work
244 (it won't, it needs to be "require_version 3.000000").
245
246
247Note for Users Upgrading from SpamAssassin 2.5x
248-----------------------------------------------
249
250- Due to major reliability shortcomings in the database support libraries
251 other than DB_File, we now require that the DB_File module be installed
252 to use SpamAssassin's Bayes rules.
253
254 SpamAssassin will still work without DB_File installed, but the Bayes
255 support will be disabled.
256
257 If you install DB_File and wish to import old Bayes database data, each
258 user with a Bayes db should run "sa-learn --import" to copy old entries
259 from the other formats into a new DB_File file.
260
261 Due to the database library change, and the change to the database
262 format itself, you will want to do something like this when upgrading:
263
264 - stop running spamassassin/spamd (ie: you don't want it to be running
265 during the upgrade)
266 - run "sa-learn --rebuild", this will sync your journal. if you skip
267 this step, any data from the journal will be lost when the DB is
268 upgraded.
269 - install DB_File module if necessary
270 - upgrade SA to 3.0.0
271 - if you were using another database module previously, run "sa-learn
272 --import" to migrate the data into new DB_File files
273 - run "sa-learn --sync", which will cause the db format to be upgraded.
274 if you want to see what is going on, you can add the "-D" option.
275 - test the new database by running some sample mails through
276 SpamAssassin, and/or at least running "sa-learn --dump" to make sure
277 the data looks valid.
278 - start running spamassassin/spamd again
279
280 Obviously the steps will be different depending on your environment, but
281 you get the idea. :)
282
283
284Note For Users Upgrading From SpamAssassin 2.3x or 2.4x
285-------------------------------------------------------
286
287- SpamAssassin no longer includes code to handle local mail delivery, as
288 it was not reliable enough, compared to procmail. So now, if you relied
289 on spamassassin to write the mail into your mail folder, you'll have to
290 change your setup to use procmail as detailed below. If you used
291 spamassassin to filter your mail and then something else wrote it into a
292 folder for you, then you should be fine.
293
294- Support for versions of the optional Mail::Audit module is no longer
295 included.
296
297- The default mode of tagging (which used to be ***SPAM*** in the subject
298 line) no longer takes place. Instead the message is rewritten. If an
299 incoming message is tagged as spam, instead of modifying the original
300 message, SpamAssassin will create a new report message and attach the
301 original message as a message/rfc822 MIME part (ensuring the original
302 message is completely preserved and easier to recover). If you do not
303 want to modify the body of incoming spam, use the "report_safe" option.
304 The "report_header" and "defang_mime" options have been removed as a
305 result.
306
307(end of UPGRADE)
308
309//vim:tw=74:
3100
=== removed file '.pc/10_change_config_paths/USAGE'
--- .pc/10_change_config_paths/USAGE 2010-03-01 00:57:24 +0000
+++ .pc/10_change_config_paths/USAGE 1970-01-01 00:00:00 +0000
@@ -1,248 +0,0 @@
1
2Important Note For Users Upgrading From Earlier Versions
3--------------------------------------------------------
4
5SpamAssassin no longer includes code to handle local mail delivery, as it
6was not reliable enough, compared to procmail. So now, if you relied on
7spamassassin to write the mail into your mail folder, you'll have to
8change your setup to use procmail as detailed below.
9
10If you used spamassassin to filter your mail and then something else wrote
11it into a folder for you, then you should be fine.
12
13Steps to take for every installation:
14
15 - Install Mail::SpamAssassin on your mail server, as per the INSTALL
16 document.
17
18 - Test it:
19
20 spamassassin -t < sample-nonspam.txt > nonspam.out
21 spamassassin -t < sample-spam.txt > spam.out
22
23 Verify (using a text viewer, ie. "less" or "notepad") that nonspam.out
24 has not been tagged as spam, and that spam.out has. The files should
25 contain the full text and headers of the messages, the "spam.out"
26 message should contain the header "X-Spam-Flag: YES" and be annotated
27 with a report from SpamAssassin, and there should be no errors when you
28 run the commands.
29
30 Even though sample-nonspam.txt is not spam, nonspam.out will
31 contain a SpamAssassin report anyway. This is a side-effect of
32 the "-t" (test) switch. However, there should be less than 5
33 points accumulated; when the "-t" switch is not in use, the report
34 text would not be added. For more verbose (debugging) output, add
35 the "-D" switch.
36
37 If the commands do not work, DO NOT PROCEED TO THE NEXT STEP, as you
38 will lose mail!
39
40
41
42If you use KMail:
43
44 - http://kmail.kde.org/tools.html mentions:
45
46 The filter setup is the work of five minutes (if that!) if you have a
47 working spamassassin set up.
48
49 The filter in question is "<any header><matches regexp> ."
50
51 The action is "<pipe through> spamassassin"
52
53 Then, in the advanced options, uncheck the "If this filter matches,
54 stop processing here" box. If you keep this filter at the top, it will
55 analyze any incoming mail, decide whether it's spam or not, and flag
56 it accordingly.
57
58 [Then add] a second filter behind it, which searches for the added
59 spam-flags and diverts them into a specific spam folder. [...]
60
61
62
63If you use procmail, or haven't decided on any of the above examples:
64
65 - Make a backup of your .procmailrc (if you already have one).
66
67 cp ~/.procmailrc ~/.procmailrc.bak
68
69 - add the line from procmailrc.example to ~/.procmailrc, at the top of
70 the file before any existing recipes.
71
72 That'll process all mail through SA, and refile spam messages to
73 a folder called "caughtspam" in your home directory.
74
75 - Send yourself a mail message, and ensure it gets to you. If it does
76 not, copy your old backed-up .procmailrc file back into place and ask
77 your sysadmin for help! Here's commands to do that:
78
79 cp ~/.procmailrc.bak ~/.procmailrc
80 echo "Help!" | mail root
81
82
83
84If you want to use SpamAssassin site-wide:
85
86 - take a look at the notes on the Wiki website, currently at
87 <http://wiki.apache.org/spamassassin/UsingSiteWide>. You will probably
88 want to use 'spamd' (see below). You may want to investigate the
89 new Apache mod_perl module, in the 'spamd-apache2' directory, too.
90
91 - *PLEASE* let your users know you've installed it, and how to turn it
92 off! This is our #1 tech support query, and the users are usually
93 pretty frustrated once it reaches that stage.
94
95 - *PLEASE* consider setting it up as "off by default" for most accounts,
96 and let users opt-in to using it. Quite a few folks prefer not to
97 have their mail filtered, presumably because they don't use their
98 email address publically and do not get much spam.
99
100 - Note that procmail users adding spamc to /etc/procmailrc should
101 add the line 'DROPPRIVS=yes' at the top of the file.
102
103
104The Auto-Whitelist
105------------------
106
107The auto-whitelist is enabled using the 'use_auto_whitelist' option.
108(See http://wiki.apache.org/spamassassin/AutoWhitelist for details on
109how it works, if you're curious.)
110
111
112Other Installation Notes
113------------------------
114
115
116 - Hashcash is a useful system; it requires that senders exercise a
117 CPU-intensive task before they can send mail to you, so we give that
118 some bonus points. However, it requires that you list what addresses
119 you expect to receive mail for, by adding 'hashcash_accept' lines to
120 your ~/.spamassassin/user_prefs or /etc/mail/spamassassin/local.cf
121 files. See the Mail::SpamAssassin::Plugin::Hashcash manual page for
122 details on how to specify these.
123
124
125 - SpamAssassin now uses a temporary file in /tmp (or $TMPDIR, if that's
126 set in the environment) for Pyzor and DCC checks. Make sure that this
127 directory is either (a) not writable by other users, or (b) not shared
128 over NFS, for security.
129
130
131 - You can create your own system-wide rules files in
132 /etc/mail/spamassassin; their filenames should end in ".cf". Multiple
133 files will be read, and SpamAssassin will not overwrite these files
134 when installing a new version.
135
136
137 - You should not modify the files in /usr/share/spamassassin; these
138 will be overwritten when you upgrade. Any changes you make in
139 files in the /etc/mail/spamassassin directory, however, will
140 override these files.
141
142
143 - Rules can be turned off by setting their scores to 0 in a
144 configuration or user-preference file.
145
146
147 - Speakers of Chinese, Japanese, Korean or Arabic may find it useful to
148 turn off the rules listed at the end of the "user_prefs.template"
149 file; we've found out that these rules are still triggering on
150 non-spam CJK mails.
151
152
153 - If you have an unusual network configuration, you should probably
154 set 'trusted_networks'. This allows SpamAssassin to determine where
155 your internal network ends and the internet begins, and allows DNS
156 checks to be more accurate. If your mail host is NATed, you will
157 almost certainly need to set 'trusted_networks' to get correct
158 results.
159
160
161 - A very handy new feature is SPF support, which allows you to check
162 that the message sender is permitted by their domain to send from the
163 IP address used. This has the potential to greatly cut down on mail
164 forgery. (see http://spf.pobox.com/ for more details.)
165
166
167 - MDaemon users should add this line to their "local.cf" file:
168
169 report_safe_copy_headers X-MDRcpt-To X-MDRemoteIP X-MDaemon-Deliver-To
170
171 Otherwise, MDaemon's internal delivery will fail when SpamAssassin
172 rewrites a message as spam.
173
174
175 - The distribution includes 'spamd', a daemonized version of
176 SpamAssassin which runs persistently. Using its counterpart,
177 'spamc', a lightweight client written in C, an MTA can process
178 large volumes of mail through SpamAssassin without having to
179 fork/exec a perl interpreter for each message. Take a look in the
180 'spamd' and 'spamc' directories for more details.
181
182
183 - The distribution also includes 'spamd-apache2', a mod_perl module
184 allowing the Apache HTTP server to be used as a platform for a
185 daemonized SpamAssassin, in an upwardly-compatible fashion from
186 'spamd'. If you don't require some of the spamd features it does not
187 implement (such as switching UIDs to read per-user configuration from
188 user home directories), this may be much faster than spamd. Take a
189 look at the 'spamd-apache2' directory for details.
190
191
192 - spamc can now be built as a shared library for use with milters or
193 to link into other existing programs; simply run "make libspamc.so"
194 to build this.
195
196
197 - If you get spammed, it is helpful to everyone else if you re-run
198 spamassassin with the "-r" option to report the message in question as
199 "verified spam". This will add it to Vipul's Razor, DCC and Pyzor,
200 assuming you've set these up appropriately.
201
202 spamassassin -r < spam-message
203
204 If you use mutt as your mail reader, this macro will bind the X key to
205 report a spam message.
206
207 macro index X "| spamassassin -r"
208
209 This is, of course, optional -- but you'll get lots of good-netizen
210 karma. ;)
211
212
213 - Quite often, if you've been on the internet for a while, you'll have
214 accumulated a few old email accounts that nowadays get nothing but
215 spam. You can set these up as spam traps using SpamAssassin; see the
216 ''SPAM TRAPPING'' section of the spamassassin manual page for details.
217
218 If you don't want to go to the bother of setting up a system yourself
219 to do this, take a look here [1] for a simple forwarding-based
220 alternative.
221
222 [1]: http://wiki.apache.org/spamassassin/SpamTrapping
223
224
225 - Scores and other user preferences can now be loaded from, and Bayes
226 and auto-whitelist data can be stored in, an SQL database; see the
227 'sql' subdirectory for more details.
228
229 If you are setting up a large 'spamd' system-wide installation, with
230 Bayes and/or auto-whitelists, we strongly recommend using SQL as
231 storage. It has proven more reliable than the default DB_File storage
232 backend at several large sites.
233
234
235 - If you are running SpamAssassin under a disk quota, or are setting up
236 'spamd' with users with disk quotas, be warned that the DB_File
237 database module used by SpamAssassin for Bayes and AWL storage seems
238 to be unreliable in the face of quotas (bug 3796). In this situation,
239 we recommend using SQL storage for those databases, instead of DB_File.
240
241
242 - Lots more ways to integrate SpamAssassin can be read at
243 http://wiki.SpamAssassin.org/ .
244
245
246(end of USAGE)
247
248// vim:tw=74:
2490
=== removed directory '.pc/10_change_config_paths/ldap'
=== removed file '.pc/10_change_config_paths/ldap/README'
--- .pc/10_change_config_paths/ldap/README 2010-03-01 00:57:24 +0000
+++ .pc/10_change_config_paths/ldap/README 1970-01-01 00:00:00 +0000
@@ -1,116 +0,0 @@
1
2Using SpamAssassin With An LDAP Server
3--------------------------------------
4
5SpamAssassin can now load users' score files from an LDAP server. The concept
6here is to have a web application (PHP/perl/ASP/etc.) that will allow users to
7be able to update their local preferences on how SpamAssassin will filter their
8e-mail. The most common use for a system like this would be for users to be
9able to update the white list of addresses (whitelist_from) without the need
10for them to update their $HOME/.spamassassin/user_prefs file. It is also quite
11common for users listed in /etc/passwd to not have a home directory,
12therefore, the only way to have their own local settings would be through a
13database or LDAP server.
14
15SpamAssassin will check the global configuration file (ie. any file matching
16/etc/mail/spamassassin/*.cf) for the following settings:
17
18 user_scores_dsn ldap://host:port/dc=basedn,dc=de?attr?scope?uid=__USERNAME__
19 user_scores_ldap_username bind dn
20 user_scores_ldap_password password
21
22The first option, user_scores_dsn, describes the data source name that will be
23used to create the connection to your LDAP server. You have to write the DSN as
24an LDAP URL, the components being the host and port to connect to, the base DN
25for the search, the scope of the search (base, one or sub), the single
26attribute being the multivalued attribute used to hold the configuration data
27(space separated pairs of key and value, just as in a file) and finally the
28filter being the expression used to filter out the wanted username. Note that
29the filter expression uses the literal text __USERNAME__ as a placeholder for
30the username (SpamAssassin will use a s///g statement to replace it with the
31actual username).
32
33Examples:
34
35 ldap://localhost:389/dc=koehntopp,dc=de?spamassassin?sub?uid=__USERNAME__
36 ldap://localhost:389/o=stooges?spamassassin?sub?uid=__USERNAME__
37
38
39If the user_scores_dsn option does not exist, SpamAssassin will not attempt
40to use an LDAP server for retrieving users' preferences. Note that this will
41NOT look for test rules, only local scores, whitelist_from(s), and
42required_score.
43
44Requirements
45------------
46
47In order for SpamAssassin to work with your LDAP database, you must have
48the perl Net::LDAP module installed. You'll also need the URI module.
49
50In order for spamd to use the LDAP driver, you will have to start spamd
51with the additional parameters '--ldap-config -x'.
52
53Each user that wants to utilise the SpamAssassin LDAP driver must add
54the 'spamassassin' attribute in their object (either manually or via the
55web interface of your making/choice) like this (see the file sa_test.ldif
56in this directory for a full database example):
57
58 spamassassin: add_header all Foo LDAP read
59
60Database Schema
61---------------
62
63You can use any schema extension to your user entries with SpamAssassin,
64as long as the attribute is multivalued and correctly named in your LDAP url.
65We are currently using a <customername>spamassassin field that is part of
66our inetOrgPerson subclass.
67
68Here's an example for openldap's /etc/openldap/schema/inetorgperson.schema :
69
70 # SpamAssassin
71 # see http://SpamAssassin.org/ .
72 attributetype ( 2.16.840.1.113730.3.1.217
73 NAME 'spamassassin'
74 DESC 'SpamAssassin user preferences settings'
75 EQUALITY caseExactMatch
76 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
77
78(don't forget to add "$ spamassassin" to the objectclass MAY clause.)
79
80
81Testing SpamAssassin/LDAP
82-------------------------
83
84To test your LDAP setup, and debug any possible problems, you should start
85spamd with the -D option, which will keep spamd in the foreground, and will
86output debug message to the terminal. You should then test spamd with a
87message by calling spamc. You can use the sample-spam.txt file with the
88following command:
89
90 cat sample-spam.txt | spamc
91
92Watch the debug output from spamd and look for the following debug line:
93
94 retrieving LDAP prefs for <username>: <value>
95
96If you do not see the above text, then the LDAP query was not successful, and
97you should see any error messages reported. <username> should be the user
98that was passed to spamd and is usually the user executing spamc.
99
100If you need to set up LDAP, a good guide is here:
101http://yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
102
103To test LDAP support using the SpamAssassin test suite, you need to
104perform a little bit of manual configuration first. See the file
105"ldap/README.testing" for details.
106
107
108******
109NB: This should be considered BETA, and the interface or overall
110operation of LDAP support may change at any time with future releases of SA.
111******
112
113Please send any comments to <kris at koehntopp.de> and file bugs via
114<http://issues.apache.org/SpamAssassin/>.
115
116Kristian Köhntopp
1170
=== removed directory '.pc/10_change_config_paths/lib'
=== removed directory '.pc/10_change_config_paths/lib/Mail'
=== removed directory '.pc/10_change_config_paths/lib/Mail/SpamAssassin'
=== removed file '.pc/10_change_config_paths/lib/Mail/SpamAssassin/Conf.pm'
--- .pc/10_change_config_paths/lib/Mail/SpamAssassin/Conf.pm 2011-05-14 12:06:12 +0000
+++ .pc/10_change_config_paths/lib/Mail/SpamAssassin/Conf.pm 1970-01-01 00:00:00 +0000
@@ -1,4035 +0,0 @@
1# <@LICENSE>
2# Licensed to the Apache Software Foundation (ASF) under one or more
3# contributor license agreements. See the NOTICE file distributed with
4# this work for additional information regarding copyright ownership.
5# The ASF licenses this file to you under the Apache License, Version 2.0
6# (the "License"); you may not use this file except in compliance with
7# the License. You may obtain a copy of the License at:
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16# </@LICENSE>
17
18=head1 NAME
19
20Mail::SpamAssassin::Conf - SpamAssassin configuration file
21
22=head1 SYNOPSIS
23
24 # a comment
25
26 rewrite_header Subject *****SPAM*****
27
28 full PARA_A_2_C_OF_1618 /Paragraph .a.{0,10}2.{0,10}C. of S. 1618/i
29 describe PARA_A_2_C_OF_1618 Claims compliance with senate bill 1618
30
31 header FROM_HAS_MIXED_NUMS From =~ /\d+[a-z]+\d+\S*@/i
32 describe FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
33
34 score A_HREF_TO_REMOVE 2.0
35
36 lang es describe FROM_FORGED_HOTMAIL Forzado From: simula ser de hotmail.com
37
38 lang pt_BR report O programa detetor de Spam ZOE [...]
39
40=head1 DESCRIPTION
41
42SpamAssassin is configured using traditional UNIX-style configuration files,
43loaded from the C</usr/share/spamassassin> and C</etc/mail/spamassassin>
44directories.
45
46The following web page lists the most important configuration settings
47used to configure SpamAssassin; novices are encouraged to read it first:
48
49 http://wiki.apache.org/spamassassin/ImportantInitialConfigItems
50
51=head1 FILE FORMAT
52
53The C<#> character starts a comment, which continues until end of line.
54B<NOTE:> if the C<#> character is to be used as part of a rule or
55configuration option, it must be escaped with a backslash. i.e.: C<\#>
56
57Whitespace in the files is not significant, but please note that starting a
58line with whitespace is deprecated, as we reserve its use for multi-line rule
59definitions, at some point in the future.
60
61Currently, each rule or configuration setting must fit on one-line; multi-line
62settings are not supported yet.
63
64File and directory paths can use C<~> to refer to the user's home
65directory, but no other shell-style path extensions such as globing or
66C<~user/> are supported.
67
68Where appropriate below, default values are listed in parentheses.
69
70=head1 USER PREFERENCES
71
72The following options can be used in both site-wide (C<local.cf>) and
73user-specific (C<user_prefs>) configuration files to customize how
74SpamAssassin handles incoming email messages.
75
76=cut
77
78package Mail::SpamAssassin::Conf;
79
80use strict;
81use warnings;
82use bytes;
83use re 'taint';
84
85use Mail::SpamAssassin::Util;
86use Mail::SpamAssassin::NetSet;
87use Mail::SpamAssassin::Constants qw(:sa);
88use Mail::SpamAssassin::Conf::Parser;
89use Mail::SpamAssassin::Logger;
90use Mail::SpamAssassin::Util::TieOneStringHash;
91use Mail::SpamAssassin::Util qw(untaint_var);
92use File::Spec;
93
94use vars qw{
95 @ISA $VERSION
96 $CONF_TYPE_STRING $CONF_TYPE_BOOL
97 $CONF_TYPE_NUMERIC $CONF_TYPE_HASH_KEY_VALUE
98 $CONF_TYPE_ADDRLIST $CONF_TYPE_TEMPLATE
99 $CONF_TYPE_STRINGLIST $CONF_TYPE_IPADDRLIST
100 $CONF_TYPE_NOARGS
101 $INVALID_VALUE $MISSING_REQUIRED_VALUE
102 @MIGRATED_SETTINGS
103 $COLLECT_REGRESSION_TESTS
104
105$TYPE_HEAD_TESTS $TYPE_HEAD_EVALS
106$TYPE_BODY_TESTS $TYPE_BODY_EVALS $TYPE_FULL_TESTS $TYPE_FULL_EVALS
107$TYPE_RAWBODY_TESTS $TYPE_RAWBODY_EVALS $TYPE_URI_TESTS $TYPE_URI_EVALS
108$TYPE_META_TESTS $TYPE_RBL_EVALS $TYPE_EMPTY_TESTS
109};
110
111@ISA = qw();
112
113# odd => eval test. Not constants so they can be shared with Parser
114# TODO: move to Constants.pm?
115$TYPE_HEAD_TESTS = 0x0008;
116$TYPE_HEAD_EVALS = 0x0009;
117$TYPE_BODY_TESTS = 0x000a;
118$TYPE_BODY_EVALS = 0x000b;
119$TYPE_FULL_TESTS = 0x000c;
120$TYPE_FULL_EVALS = 0x000d;
121$TYPE_RAWBODY_TESTS = 0x000e;
122$TYPE_RAWBODY_EVALS = 0x000f;
123$TYPE_URI_TESTS = 0x0010;
124$TYPE_URI_EVALS = 0x0011;
125$TYPE_META_TESTS = 0x0012;
126$TYPE_RBL_EVALS = 0x0013;
127$TYPE_EMPTY_TESTS = 0x0014;
128
129my @rule_types = ("body_tests", "uri_tests", "uri_evals",
130 "head_tests", "head_evals", "body_evals", "full_tests",
131 "full_evals", "rawbody_tests", "rawbody_evals",
132 "rbl_evals", "meta_tests");
133
134$VERSION = 'bogus'; # avoid CPAN.pm picking up version strings later
135
136# these are variables instead of constants so that other classes can
137# access them; if they're constants, they'd have to go in Constants.pm
138# TODO: move to Constants.pm?
139$CONF_TYPE_STRING = 1;
140$CONF_TYPE_BOOL = 2;
141$CONF_TYPE_NUMERIC = 3;
142$CONF_TYPE_HASH_KEY_VALUE = 4;
143$CONF_TYPE_ADDRLIST = 5;
144$CONF_TYPE_TEMPLATE = 6;
145$CONF_TYPE_NOARGS = 7;
146$CONF_TYPE_STRINGLIST = 8;
147$CONF_TYPE_IPADDRLIST = 9;
148$MISSING_REQUIRED_VALUE = -99999999999999;
149$INVALID_VALUE = -99999999999998;
150
151# set to "1" by the test suite code, to record regression tests
152# $Mail::SpamAssassin::Conf::COLLECT_REGRESSION_TESTS = 1;
153
154# search for "sub new {" to find the start of the code
155###########################################################################
156
157sub set_default_commands {
158 my($self) = @_;
159
160 # see "perldoc Mail::SpamAssassin::Conf::Parser" for details on this fmt.
161 # push each config item like this, to avoid a POD bug; it can't just accept
162 # ( { ... }, { ... }, { ...} ) otherwise POD parsing dies.
163 my @cmds;
164
165=head2 SCORING OPTIONS
166
167=over 4
168
169=item required_score n.nn (default: 5)
170
171Set the score required before a mail is considered spam. C<n.nn> can
172be an integer or a real number. 5.0 is the default setting, and is
173quite aggressive; it would be suitable for a single-user setup, but if
174you're an ISP installing SpamAssassin, you should probably set the
175default to be more conservative, like 8.0 or 10.0. It is not
176recommended to automatically delete or discard messages marked as
177spam, as your users B<will> complain, but if you choose to do so, only
178delete messages with an exceptionally high score such as 15.0 or
179higher. This option was previously known as C<required_hits> and that
180name is still accepted, but is deprecated.
181
182=cut
183
184 push (@cmds, {
185 setting => 'required_score',
186 aliases => ['required_hits'], # backwards compat
187 default => 5,
188 type => $CONF_TYPE_NUMERIC,
189 });
190
191=item score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]
192
193Assign scores (the number of points for a hit) to a given test.
194Scores can be positive or negative real numbers or integers.
195C<SYMBOLIC_TEST_NAME> is the symbolic name used by SpamAssassin for
196that test; for example, 'FROM_ENDS_IN_NUMS'.
197
198If only one valid score is listed, then that score is always used
199for a test.
200
201If four valid scores are listed, then the score that is used depends
202on how SpamAssassin is being used. The first score is used when
203both Bayes and network tests are disabled (score set 0). The second
204score is used when Bayes is disabled, but network tests are enabled
205(score set 1). The third score is used when Bayes is enabled and
206network tests are disabled (score set 2). The fourth score is used
207when Bayes is enabled and network tests are enabled (score set 3).
208
209Setting a rule's score to 0 will disable that rule from running.
210
211If any of the score values are surrounded by parenthesis '()', then
212all of the scores in the line are considered to be relative to the
213already set score. ie: '(3)' means increase the score for this
214rule by 3 points in all score sets. '(3) (0) (3) (0)' means increase
215the score for this rule by 3 in score sets 0 and 2 only.
216
217If no score is given for a test by the end of the configuration,
218a default score is assigned: a score of 1.0 is used for all tests,
219except those whose names begin with 'T_' (this is used to indicate a
220rule in testing) which receive 0.01.
221
222Note that test names which begin with '__' are indirect rules used
223to compose meta-match rules and can also act as prerequisites to
224other rules. They are not scored or listed in the 'tests hit'
225reports, but assigning a score of 0 to an indirect rule will disable
226it from running.
227
228=cut
229
230 push (@cmds, {
231 setting => 'score',
232 is_frequent => 1,
233 code => sub {
234 my ($self, $key, $value, $line) = @_;
235 my($rule, @scores) = split(/\s+/, $value);
236 unless (defined $value && $value !~ /^$/ &&
237 (scalar @scores == 1 || scalar @scores == 4)) {
238 info("config: score: requires a symbolic rule name and 1 or 4 scores");
239 return $MISSING_REQUIRED_VALUE;
240 }
241
242 # Figure out if we're doing relative scores, remove the parens if we are
243 my $relative = 0;
244 foreach (@scores) {
245 local ($1);
246 if (s/^\((-?\d+(?:\.\d+)?)\)$/$1/) {
247 $relative = 1;
248 }
249 unless (/^-?\d+(?:\.\d+)?$/) {
250 info("config: score: the non-numeric score ($_) is not valid, " .
251 "a numeric score is required");
252 return $INVALID_VALUE;
253 }
254 }
255
256 if ($relative && !exists $self->{scoreset}->[0]->{$rule}) {
257 info("config: score: relative score without previous setting in " .
258 "configuration");
259 return $INVALID_VALUE;
260 }
261
262 # If we're only passed 1 score, copy it to the other scoresets
263 if (@scores) {
264 if (@scores != 4) {
265 @scores = ( $scores[0], $scores[0], $scores[0], $scores[0] );
266 }
267
268 # Set the actual scoreset values appropriately
269 for my $index (0..3) {
270 my $score = $relative ?
271 $self->{scoreset}->[$index]->{$rule} + $scores[$index] :
272 $scores[$index];
273
274 $self->{scoreset}->[$index]->{$rule} = $score + 0.0;
275 }
276 }
277 }
278 });
279
280=back
281
282=head2 WHITELIST AND BLACKLIST OPTIONS
283
284=over 4
285
286=item whitelist_from user@example.com
287
288Used to whitelist sender addresses which send mail that is often tagged
289(incorrectly) as spam.
290
291Use of this setting is not recommended, since it blindly trusts the message,
292which is routinely and easily forged by spammers and phish senders. The
293recommended solution is to instead use C<whitelist_auth> or other authenticated
294whitelisting methods, or C<whitelist_from_rcvd>.
295
296Whitelist and blacklist addresses are now file-glob-style patterns, so
297C<friend@somewhere.com>, C<*@isp.com>, or C<*.domain.net> will all work.
298Specifically, C<*> and C<?> are allowed, but all other metacharacters are not.
299Regular expressions are not used for security reasons.
300
301Multiple addresses per line, separated by spaces, is OK. Multiple
302C<whitelist_from> lines is also OK.
303
304The headers checked for whitelist addresses are as follows: if C<Resent-From>
305is set, use that; otherwise check all addresses taken from the following
306set of headers:
307
308 Envelope-Sender
309 Resent-Sender
310 X-Envelope-From
311 From
312
313In addition, the "envelope sender" data, taken from the SMTP envelope data
314where this is available, is looked up. See C<envelope_sender_header>.
315
316e.g.
317
318 whitelist_from joe@example.com fred@example.com
319 whitelist_from *@example.com
320
321=cut
322
323 push (@cmds, {
324 setting => 'whitelist_from',
325 type => $CONF_TYPE_ADDRLIST,
326 });
327
328=item unwhitelist_from user@example.com
329
330Used to override a default whitelist_from entry, so for example a distribution
331whitelist_from can be overridden in a local.cf file, or an individual user can
332override a whitelist_from entry in their own C<user_prefs> file.
333The specified email address has to match exactly the address previously
334used in a whitelist_from line.
335
336e.g.
337
338 unwhitelist_from joe@example.com fred@example.com
339 unwhitelist_from *@example.com
340
341=cut
342
343 push (@cmds, {
344 command => 'unwhitelist_from',
345 setting => 'whitelist_from',
346 type => $CONF_TYPE_ADDRLIST,
347 code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
348 });
349
350=item whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
351
352Works similarly to whitelist_from, except that in addition to matching
353a sender address, a relay's rDNS name must match too for the whitelisting
354rule to fire. The first parameter is an address to whitelist, and the
355second is a string to match the relay's rDNS.
356
357This string is matched against the reverse DNS lookup used during the handover
358from the internet to your internal network's mail exchangers. It can
359either be the full hostname, or the domain component of that hostname. In
360other words, if the host that connected to your MX had an IP address that
361mapped to 'sendinghost.spamassassin.org', you should specify
362C<sendinghost.spamassassin.org> or just C<spamassassin.org> here.
363
364Note that this requires that C<internal_networks> be correct. For simple cases,
365it will be, but for a complex network you may get better results by setting that
366parameter.
367
368It also requires that your mail exchangers be configured to perform DNS
369reverse lookups on the connecting host's IP address, and to record the
370result in the generated Received: header.
371
372e.g.
373
374 whitelist_from_rcvd joe@example.com example.com
375 whitelist_from_rcvd *@axkit.org sergeant.org
376
377=item def_whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
378
379Same as C<whitelist_from_rcvd>, but used for the default whitelist entries
380in the SpamAssassin distribution. The whitelist score is lower, because
381these are often targets for spammer spoofing.
382
383=cut
384
385 push (@cmds, {
386 setting => 'whitelist_from_rcvd',
387 type => $CONF_TYPE_ADDRLIST,
388 code => sub {
389 my ($self, $key, $value, $line) = @_;
390 unless (defined $value && $value !~ /^$/) {
391 return $MISSING_REQUIRED_VALUE;
392 }
393 unless ($value =~ /^\S+\s+\S+$/) {
394 return $INVALID_VALUE;
395 }
396 $self->{parser}->add_to_addrlist_rcvd ('whitelist_from_rcvd',
397 split(/\s+/, $value));
398 }
399 });
400
401 push (@cmds, {
402 setting => 'def_whitelist_from_rcvd',
403 type => $CONF_TYPE_ADDRLIST,
404 code => sub {
405 my ($self, $key, $value, $line) = @_;
406 unless (defined $value && $value !~ /^$/) {
407 return $MISSING_REQUIRED_VALUE;
408 }
409 unless ($value =~ /^\S+\s+\S+$/) {
410 return $INVALID_VALUE;
411 }
412 $self->{parser}->add_to_addrlist_rcvd ('def_whitelist_from_rcvd',
413 split(/\s+/, $value));
414 }
415 });
416
417=item whitelist_allows_relays user@example.com
418
419Specify addresses which are in C<whitelist_from_rcvd> that sometimes
420send through a mail relay other than the listed ones. By default mail
421with a From address that is in C<whitelist_from_rcvd> that does not match
422the relay will trigger a forgery rule. Including the address in
423C<whitelist_allows_relay> prevents that.
424
425Whitelist and blacklist addresses are now file-glob-style patterns, so
426C<friend@somewhere.com>, C<*@isp.com>, or C<*.domain.net> will all work.
427Specifically, C<*> and C<?> are allowed, but all other metacharacters are not.
428Regular expressions are not used for security reasons.
429
430Multiple addresses per line, separated by spaces, is OK. Multiple
431C<whitelist_allows_relays> lines is also OK.
432
433The specified email address does not have to match exactly the address
434previously used in a whitelist_from_rcvd line as it is compared to the
435address in the header.
436
437e.g.
438
439 whitelist_allows_relays joe@example.com fred@example.com
440 whitelist_allows_relays *@example.com
441
442=cut
443
444 push (@cmds, {
445 setting => 'whitelist_allows_relays',
446 type => $CONF_TYPE_ADDRLIST,
447 });
448
449=item unwhitelist_from_rcvd user@example.com
450
451Used to override a default whitelist_from_rcvd entry, so for example a
452distribution whitelist_from_rcvd can be overridden in a local.cf file,
453or an individual user can override a whitelist_from_rcvd entry in
454their own C<user_prefs> file.
455
456The specified email address has to match exactly the address previously
457used in a whitelist_from_rcvd line.
458
459e.g.
460
461 unwhitelist_from_rcvd joe@example.com fred@example.com
462 unwhitelist_from_rcvd *@axkit.org
463
464=cut
465
466 push (@cmds, {
467 setting => 'unwhitelist_from_rcvd',
468 type => $CONF_TYPE_ADDRLIST,
469 code => sub {
470 my ($self, $key, $value, $line) = @_;
471 unless (defined $value && $value !~ /^$/) {
472 return $MISSING_REQUIRED_VALUE;
473 }
474 unless ($value =~ /^(?:\S+(?:\s+\S+)*)$/) {
475 return $INVALID_VALUE;
476 }
477 $self->{parser}->remove_from_addrlist_rcvd('whitelist_from_rcvd',
478 split (/\s+/, $value));
479 $self->{parser}->remove_from_addrlist_rcvd('def_whitelist_from_rcvd',
480 split (/\s+/, $value));
481 }
482 });
483
484=item blacklist_from user@example.com
485
486Used to specify addresses which send mail that is often tagged (incorrectly) as
487non-spam, but which the user doesn't want. Same format as C<whitelist_from>.
488
489=cut
490
491 push (@cmds, {
492 setting => 'blacklist_from',
493 type => $CONF_TYPE_ADDRLIST,
494 });
495
496=item unblacklist_from user@example.com
497
498Used to override a default blacklist_from entry, so for example a
499distribution blacklist_from can be overridden in a local.cf file, or
500an individual user can override a blacklist_from entry in their own
501C<user_prefs> file. The specified email address has to match exactly
502the address previously used in a blacklist_from line.
503
504
505e.g.
506
507 unblacklist_from joe@example.com fred@example.com
508 unblacklist_from *@spammer.com
509
510=cut
511
512
513 push (@cmds, {
514 command => 'unblacklist_from',
515 setting => 'blacklist_from',
516 type => $CONF_TYPE_ADDRLIST,
517 code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
518 });
519
520
521=item whitelist_to user@example.com
522
523If the given address appears as a recipient in the message headers
524(Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
525be whitelisted. Useful if you're deploying SpamAssassin system-wide,
526and don't want some users to have their mail filtered. Same format
527as C<whitelist_from>.
528
529There are three levels of To-whitelisting, C<whitelist_to>, C<more_spam_to>
530and C<all_spam_to>. Users in the first level may still get some spammish
531mails blocked, but users in C<all_spam_to> should never get mail blocked.
532
533The headers checked for whitelist addresses are as follows: if C<Resent-To> or
534C<Resent-Cc> are set, use those; otherwise check all addresses taken from the
535following set of headers:
536
537 To
538 Cc
539 Apparently-To
540 Delivered-To
541 Envelope-Recipients
542 Apparently-Resent-To
543 X-Envelope-To
544 Envelope-To
545 X-Delivered-To
546 X-Original-To
547 X-Rcpt-To
548 X-Real-To
549
550=item more_spam_to user@example.com
551
552See above.
553
554=item all_spam_to user@example.com
555
556See above.
557
558=cut
559
560 push (@cmds, {
561 setting => 'whitelist_to',
562 type => $CONF_TYPE_ADDRLIST,
563 });
564 push (@cmds, {
565 setting => 'more_spam_to',
566 type => $CONF_TYPE_ADDRLIST,
567 });
568 push (@cmds, {
569 setting => 'all_spam_to',
570 type => $CONF_TYPE_ADDRLIST,
571 });
572
573=item blacklist_to user@example.com
574
575If the given address appears as a recipient in the message headers
576(Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
577be blacklisted. Same format as C<blacklist_from>.
578
579=cut
580
581 push (@cmds, {
582 setting => 'blacklist_to',
583 type => $CONF_TYPE_ADDRLIST,
584 });
585
586=item whitelist_auth user@example.com
587
588Used to specify addresses which send mail that is often tagged (incorrectly) as
589spam. This is different from C<whitelist_from> and C<whitelist_from_rcvd> in
590that it first verifies that the message was sent by an authorized sender for
591the address, before whitelisting.
592
593Authorization is performed using one of the installed sender-authorization
594schemes: SPF (using C<Mail::SpamAssassin::Plugin::SPF>), or DKIM (using
595C<Mail::SpamAssassin::Plugin::DKIM>). Note that those plugins must be active,
596and working, for this to operate.
597
598Using C<whitelist_auth> is roughly equivalent to specifying duplicate
599C<whitelist_from_spf>, C<whitelist_from_dk>, and C<whitelist_from_dkim> lines
600for each of the addresses specified.
601
602e.g.
603
604 whitelist_auth joe@example.com fred@example.com
605 whitelist_auth *@example.com
606
607=item def_whitelist_auth user@example.com
608
609Same as C<whitelist_auth>, but used for the default whitelist entries
610in the SpamAssassin distribution. The whitelist score is lower, because
611these are often targets for spammer spoofing.
612
613=cut
614
615 push (@cmds, {
616 setting => 'whitelist_auth',
617 type => $CONF_TYPE_ADDRLIST,
618 });
619
620 push (@cmds, {
621 setting => 'def_whitelist_auth',
622 type => $CONF_TYPE_ADDRLIST,
623 });
624
625=item unwhitelist_auth user@example.com
626
627Used to override a C<whitelist_auth> entry. The specified email address has to
628match exactly the address previously used in a C<whitelist_auth> line.
629
630e.g.
631
632 unwhitelist_auth joe@example.com fred@example.com
633 unwhitelist_auth *@example.com
634
635=cut
636
637 push (@cmds, {
638 command => 'unwhitelist_auth',
639 setting => 'whitelist_auth',
640 type => $CONF_TYPE_ADDRLIST,
641 code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
642 });
643
644=back
645
646=head2 BASIC MESSAGE TAGGING OPTIONS
647
648=over 4
649
650=item rewrite_header { subject | from | to } STRING
651
652By default, suspected spam messages will not have the C<Subject>,
653C<From> or C<To> lines tagged to indicate spam. By setting this option,
654the header will be tagged with C<STRING> to indicate that a message is
655spam. For the From or To headers, this will take the form of an RFC 2822
656comment following the address in parantheses. For the Subject header,
657this will be prepended to the original subject. Note that you should
658only use the _REQD_ and _SCORE_ tags when rewriting the Subject header
659if C<report_safe> is 0. Otherwise, you may not be able to remove
660the SpamAssassin markup via the normal methods. More information
661about tags is explained below in the B<TEMPLATE TAGS> section.
662
663Parentheses are not permitted in STRING if rewriting the From or To headers.
664(They will be converted to square brackets.)
665
666If C<rewrite_header subject> is used, but the message being rewritten
667does not already contain a C<Subject> header, one will be created.
668
669A null value for C<STRING> will remove any existing rewrite for the specified
670header.
671
672=cut
673
674 push (@cmds, {
675 setting => 'rewrite_header',
676 type => $CONF_TYPE_HASH_KEY_VALUE,
677 code => sub {
678 my ($self, $key, $value, $line) = @_;
679 my($hdr, $string) = split(/\s+/, $value, 2);
680 $hdr = ucfirst(lc($hdr));
681
682 if ($hdr =~ /^$/) {
683 return $MISSING_REQUIRED_VALUE;
684 }
685 # We only deal with From, Subject, and To ...
686 elsif ($hdr =~ /^(?:From|Subject|To)$/) {
687 unless (defined $string && $string =~ /\S/) {
688 delete $self->{rewrite_header}->{$hdr};
689 return;
690 }
691
692 if ($hdr ne 'Subject') {
693 $string =~ tr/()/[]/;
694 }
695 $self->{rewrite_header}->{$hdr} = $string;
696 return;
697 }
698 else {
699 # if we get here, note the issue, then we'll fail through for an error.
700 info("config: rewrite_header: ignoring $hdr, not From, Subject, or To");
701 return $INVALID_VALUE;
702 }
703 }
704 });
705
706=item add_header { spam | ham | all } header_name string
707
708Customized headers can be added to the specified type of messages (spam,
709ham, or "all" to add to either). All headers begin with C<X-Spam->
710(so a C<header_name> Foo will generate a header called X-Spam-Foo).
711header_name is restricted to the character set [A-Za-z0-9_-].
712
713The order of C<add_header> configuration options is preserved, inserted
714headers will follow this order of declarations. When combining C<add_header>
715with C<clear_headers> and C<remove_header>, keep in mind that C<add_header>
716appends a new header to the current list, after first removing any existing
717header fields of the same name. Note also that C<add_header>, C<clear_headers>
718and C<remove_header> may appear in multiple .cf files, which are interpreted
719in alphabetic order.
720
721C<string> can contain tags as explained below in the B<TEMPLATE TAGS> section.
722You can also use C<\n> and C<\t> in the header to add newlines and tabulators
723as desired. A backslash has to be written as \\, any other escaped chars will
724be silently removed.
725
726All headers will be folded if fold_headers is set to C<1>. Note: Manually
727adding newlines via C<\n> disables any further automatic wrapping (ie:
728long header lines are possible). The lines will still be properly folded
729(marked as continuing) though.
730
731You can customize existing headers with B<add_header> (only the specified
732subset of messages will be changed).
733
734See also C<clear_headers> and C<remove_header> for removing headers.
735
736Here are some examples (these are the defaults, note that Checker-Version can
737not be changed or removed):
738
739 add_header spam Flag _YESNOCAPS_
740 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
741 add_header all Level _STARS(*)_
742 add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
743
744=cut
745
746 push (@cmds, {
747 setting => 'add_header',
748 code => sub {
749 my ($self, $key, $value, $line) = @_;
750 local ($1,$2,$3);
751 if ($value !~ /^(ham|spam|all)\s+([A-Za-z0-9_-]+)\s+(.*?)\s*$/) {
752 return $INVALID_VALUE;
753 }
754
755 my ($type, $name, $hline) = ($1, $2, $3);
756 if ($hline =~ /^"(.*)"$/) {
757 $hline = $1;
758 }
759 my @line = split(
760 /\\\\/, # split at double backslashes,
761 $hline."\n" # newline needed to make trailing backslashes work
762 );
763 foreach (@line) {
764 s/\\t/\t/g; # expand tabs
765 s/\\n/\n/g; # expand newlines
766 s/\\.//g; # purge all other escapes
767 };
768 $hline = join("\\", @line);
769 chop($hline); # remove dummy newline again
770 if (($type eq "ham") || ($type eq "all")) {
771 $self->{headers_ham} =
772 [ grep { lc($_->[0]) ne lc($name) } @{$self->{headers_ham}} ];
773 push(@{$self->{headers_ham}}, [$name, $hline]);
774 }
775 if (($type eq "spam") || ($type eq "all")) {
776 $self->{headers_spam} =
777 [ grep { lc($_->[0]) ne lc($name) } @{$self->{headers_spam}} ];
778 push(@{$self->{headers_spam}}, [$name, $hline]);
779 }
780 }
781 });
782
783=item remove_header { spam | ham | all } header_name
784
785Headers can be removed from the specified type of messages (spam, ham,
786or "all" to remove from either). All headers begin with C<X-Spam->
787(so C<header_name> will be appended to C<X-Spam->).
788
789See also C<clear_headers> for removing all the headers at once.
790
791Note that B<X-Spam-Checker-Version> is not removable because the version
792information is needed by mail administrators and developers to debug
793problems. Without at least one header, it might not even be possible to
794determine that SpamAssassin is running.
795
796=cut
797
798 push (@cmds, {
799 setting => 'remove_header',
800 code => sub {
801 my ($self, $key, $value, $line) = @_;
802 local ($1,$2);
803 if ($value !~ /^(ham|spam|all)\s+([A-Za-z0-9_-]+)\s*$/) {
804 return $INVALID_VALUE;
805 }
806
807 my ($type, $name) = ($1, $2);
808 return if ( $name eq "Checker-Version" );
809
810 $name = lc($name);
811 if (($type eq "ham") || ($type eq "all")) {
812 $self->{headers_ham} =
813 [ grep { lc($_->[0]) ne $name } @{$self->{headers_ham}} ];
814 }
815 if (($type eq "spam") || ($type eq "all")) {
816 $self->{headers_spam} =
817 [ grep { lc($_->[0]) ne $name } @{$self->{headers_spam}} ];
818 }
819 }
820 });
821
822=item clear_headers
823
824Clear the list of headers to be added to messages. You may use this
825before any B<add_header> options to prevent the default headers from being
826added to the message.
827
828C<add_header>, C<clear_headers> and C<remove_header> may appear in multiple
829.cf files, which are interpreted in alphabetic order, so C<clear_headers>
830in a later file will remove all added headers from previously interpreted
831configuration files, which may or may not be desired.
832
833Note that B<X-Spam-Checker-Version> is not removable because the version
834information is needed by mail administrators and developers to debug
835problems. Without at least one header, it might not even be possible to
836determine that SpamAssassin is running.
837
838=cut
839
840 push (@cmds, {
841 setting => 'clear_headers',
842 type => $CONF_TYPE_NOARGS,
843 code => sub {
844 my ($self, $key, $value, $line) = @_;
845 unless (!defined $value || $value eq '') {
846 return $INVALID_VALUE;
847 }
848 my @h = grep { lc($_->[0]) eq "checker-version" }
849 @{$self->{headers_ham}};
850 $self->{headers_ham} = !@h ? [] : [ $h[0] ];
851 $self->{headers_spam} = !@h ? [] : [ $h[0] ];
852 }
853 });
854
855=item report_safe ( 0 | 1 | 2 ) (default: 1)
856
857if this option is set to 1, if an incoming message is tagged as spam,
858instead of modifying the original message, SpamAssassin will create a
859new report message and attach the original message as a message/rfc822
860MIME part (ensuring the original message is completely preserved, not
861easily opened, and easier to recover).
862
863If this option is set to 2, then original messages will be attached with
864a content type of text/plain instead of message/rfc822. This setting
865may be required for safety reasons on certain broken mail clients that
866automatically load attachments without any action by the user. This
867setting may also make it somewhat more difficult to extract or view the
868original message.
869
870If this option is set to 0, incoming spam is only modified by adding
871some C<X-Spam-> headers and no changes will be made to the body. In
872addition, a header named B<X-Spam-Report> will be added to spam. You
873can use the B<remove_header> option to remove that header after setting
874B<report_safe> to 0.
875
876See B<report_safe_copy_headers> if you want to copy headers from
877the original mail into tagged messages.
878
879=cut
880
881 push (@cmds, {
882 setting => 'report_safe',
883 default => 1,
884 type => $CONF_TYPE_NUMERIC,
885 code => sub {
886 my ($self, $key, $value, $line) = @_;
887 if ($value eq '') {
888 return $MISSING_REQUIRED_VALUE;
889 }
890 elsif ($value !~ /^[012]$/) {
891 return $INVALID_VALUE;
892 }
893
894 $self->{report_safe} = $value+0;
895 if (! $self->{report_safe} &&
896 ! (grep { lc($_->[0]) eq "report" } @{$self->{headers_spam}}) ) {
897 push(@{$self->{headers_spam}}, ["Report", "_REPORT_"]);
898 }
899 }
900 });
901
902=back
903
904=head2 LANGUAGE OPTIONS
905
906=over 4
907
908=item ok_locales xx [ yy zz ... ] (default: all)
909
910This option is used to specify which locales are considered OK for
911incoming mail. Mail using the B<character sets> that are allowed by
912this option will not be marked as possibly being spam in a foreign
913language.
914
915If you receive lots of spam in foreign languages, and never get any non-spam in
916these languages, this may help. Note that all ISO-8859-* character sets, and
917Windows code page character sets, are always permitted by default.
918
919Set this to C<all> to allow all character sets. This is the default.
920
921The rules C<CHARSET_FARAWAY>, C<CHARSET_FARAWAY_BODY>, and
922C<CHARSET_FARAWAY_HEADERS> are triggered based on how this is set.
923
924Examples:
925
926 ok_locales all (allow all locales)
927 ok_locales en (only allow English)
928 ok_locales en ja zh (allow English, Japanese, and Chinese)
929
930Note: if there are multiple ok_locales lines, only the last one is used.
931
932Select the locales to allow from the list below:
933
934=over 4
935
936=item en - Western character sets in general
937
938=item ja - Japanese character sets
939
940=item ko - Korean character sets
941
942=item ru - Cyrillic character sets
943
944=item th - Thai character sets
945
946=item zh - Chinese (both simplified and traditional) character sets
947
948=back
949
950=cut
951
952 push (@cmds, {
953 setting => 'ok_locales',
954 default => 'all',
955 type => $CONF_TYPE_STRING,
956 });
957
958=item normalize_charset ( 0 | 1) (default: 0)
959
960Whether to detect character sets and normalize message content to
961Unicode. Requires the Encode::Detect module, HTML::Parser version
9623.46 or later, and Perl 5.8.5 or later.
963
964=cut
965
966 push (@cmds, {
967 setting => 'normalize_charset',
968 default => 0,
969 type => $CONF_TYPE_BOOL,
970 code => sub {
971 my ($self, $key, $value, $line) = @_;
972 unless (defined $value && $value !~ /^$/) {
973 return $MISSING_REQUIRED_VALUE;
974 }
975 return undef if $value == 0;
976 return $INVALID_VALUE unless $value == 1;
977
978 unless ($] > 5.008004) {
979 $self->{parser}->lint_warn("config: normalize_charset requires Perl 5.8.5 or later");
980 return $INVALID_VALUE;
981 }
982 require HTML::Parser;
983 unless ($HTML::Parser::VERSION >= 3.46) {
984 $self->{parser}->lint_warn("config: normalize_charset requires HTML::Parser 3.46 or later");
985 return $INVALID_VALUE;
986 }
987 unless (eval 'require Encode::Detect::Detector') {
988 $self->{parser}->lint_warn("config: normalize_charset requires Encode::Detect");
989 return $INVALID_VALUE;
990 }
991 unless (eval 'require Encode') {
992 $self->{parser}->lint_warn("config: normalize_charset requires Encode");
993 return $INVALID_VALUE;
994 }
995
996 $self->{normalize_charset} = 1;
997 }
998 });
999
1000
1001=back
1002
1003=head2 NETWORK TEST OPTIONS
1004
1005=over 4
1006
1007=item trusted_networks ip.add.re.ss[/mask] ... (default: none)
1008
1009What networks or hosts are 'trusted' in your setup. B<Trusted> in this case
1010means that relay hosts on these networks are considered to not be potentially
1011operated by spammers, open relays, or open proxies. A trusted host could
1012conceivably relay spam, but will not originate it, and will not forge header
1013data. DNS blacklist checks will never query for hosts on these networks.
1014
1015See C<http://wiki.apache.org/spamassassin/TrustPath> for more information.
1016
1017MXes for your domain(s) and internal relays should B<also> be specified using
1018the C<internal_networks> setting. When there are 'trusted' hosts that
1019are not MXes or internal relays for your domain(s) they should B<only> be
1020specified in C<trusted_networks>.
1021
1022If a C</mask> is specified, it's considered a CIDR-style 'netmask', specified
1023in bits. If it is not specified, but less than 4 octets are specified with a
1024trailing dot, that's considered a mask to allow all addresses in the remaining
1025octets. If a mask is not specified, and there is not trailing dot, then just
1026the single IP address specified is used, as if the mask was C</32>.
1027
1028If a network or host address is prefaced by a C<!> the network or host will be
1029excluded (or included) in a first listed match fashion.
1030
1031Note: 127/8 and ::1 are always included in trusted_networks, regardless of
1032your config.
1033
1034Examples:
1035
1036 trusted_networks 192.168/16 # all in 192.168.*.*
1037 trusted_networks 212.17.35.15 # just that host
1038 trusted_networks !10.0.1.5 10.0.1/24 # all in 10.0.1.* but not 10.0.1.5
1039 trusted_networks DEAD:BEEF::/32 # all in that ipv6 prefix
1040
1041This operates additively, so a C<trusted_networks> line after another one
1042will append new entries to the list of trusted networks. To clear out the
1043existing entries, use C<clear_trusted_networks>.
1044
1045If C<trusted_networks> is not set and C<internal_networks> is, the value
1046of C<internal_networks> will be used for this parameter.
1047
1048If neither C<trusted_networks> or C<internal_networks> is set, a basic
1049inference algorithm is applied. This works as follows:
1050
1051=over 4
1052
1053=item *
1054
1055If the 'from' host has an IP address in a private (RFC 1918) network range,
1056then it's trusted
1057
1058=item *
1059
1060If there are authentication tokens in the received header, and
1061the previous host was trusted, then this host is also trusted
1062
1063=item *
1064
1065Otherwise this host, and all further hosts, are consider untrusted.
1066
1067=back
1068
1069=cut
1070
1071 push (@cmds, {
1072 setting => 'trusted_networks',
1073 type => $CONF_TYPE_IPADDRLIST,
1074 });
1075
1076=item clear_trusted_networks
1077
1078Empty the list of trusted networks.
1079
1080=cut
1081
1082 push (@cmds, {
1083 setting => 'clear_trusted_networks',
1084 type => $CONF_TYPE_NOARGS,
1085 code => sub {
1086 my ($self, $key, $value, $line) = @_;
1087 unless (!defined $value || $value eq '') {
1088 return $INVALID_VALUE;
1089 }
1090 $self->{trusted_networks} = $self->new_netset();
1091 $self->{trusted_networks_configured} = 0;
1092 }
1093 });
1094
1095=item internal_networks ip.add.re.ss[/mask] ... (default: none)
1096
1097What networks or hosts are 'internal' in your setup. B<Internal> means
1098that relay hosts on these networks are considered to be MXes for your
1099domain(s), or internal relays. This uses the same format as
1100C<trusted_networks>, above.
1101
1102This value is used when checking 'dial-up' or dynamic IP address
1103blocklists, in order to detect direct-to-MX spamming.
1104
1105Trusted relays that accept mail directly from dial-up connections
1106(i.e. are also performing a role of mail submission agents - MSA)
1107should not be listed in C<internal_networks>. List them only in
1108C<trusted_networks>.
1109
1110If C<trusted_networks> is set and C<internal_networks> is not, the value
1111of C<trusted_networks> will be used for this parameter.
1112
1113If neither C<trusted_networks> nor C<internal_networks> is set, no addresses
1114will be considered local; in other words, any relays past the machine where
1115SpamAssassin is running will be considered external.
1116
1117Every entry in C<internal_networks> must appear in C<trusted_networks>; in
1118other words, C<internal_networks> is always a subset of the trusted set.
1119
1120Note: 127/8 and ::1 are always included in internal_networks, regardless of
1121your config.
1122
1123=cut
1124
1125 push (@cmds, {
1126 setting => 'internal_networks',
1127 type => $CONF_TYPE_IPADDRLIST,
1128 });
1129
1130=item clear_internal_networks
1131
1132Empty the list of internal networks.
1133
1134=cut
1135
1136 push (@cmds, {
1137 setting => 'clear_internal_networks',
1138 type => $CONF_TYPE_NOARGS,
1139 code => sub {
1140 my ($self, $key, $value, $line) = @_;
1141 unless (!defined $value || $value eq '') {
1142 return $INVALID_VALUE;
1143 }
1144 $self->{internal_networks} = $self->new_netset();
1145 $self->{internal_networks_configured} = 0;
1146 }
1147 });
1148
1149=item msa_networks ip.add.re.ss[/mask] ... (default: none)
1150
1151The networks or hosts which are acting as MSAs in your setup (but not also as
1152MX relays). B<MSA> means that the relay hosts on these networks accept mail
1153from your own users and authenticates them appropriately. These relays
1154will never accept mail from hosts that aren't authenticated in some way.
1155Examples of authentication include, IP lists, SMTP AUTH, POP-before-SMTP, etc.
1156
1157All relays found in the message headers after the MSA relay will take
1158on the same trusted and internal classifications as the MSA relay itself,
1159as defined by your I<trusted_networks> and I<internal_networks> configuration.
1160
1161For example, if the MSA relay is trusted and internal so will all of the
1162relays that precede it.
1163
1164When using msa_networks to identify an MSA it is recommended that you treat
1165that MSA as both trusted and internal. When an MSA is not included in
1166msa_networks you should treat the MSA as trusted but not internal, however
1167if the MSA is also acting as an MX or intermediate relay you must always
1168treat it as both trusted and internal and ensure that the MSA includes
1169visible auth tokens in its Received header to identify submission clients.
1170
1171B<Warning:> Never include an MSA that also acts as an MX (or is also an
1172intermediate relay for an MX) or otherwise accepts mail from
1173non-authenticated users in msa_networks. Doing so will result in unknown
1174external relays being trusted.
1175
1176=cut
1177
1178 push (@cmds, {
1179 setting => 'msa_networks',
1180 type => $CONF_TYPE_IPADDRLIST,
1181 });
1182
1183=item clear_msa_networks
1184
1185Empty the list of msa networks.
1186
1187=cut
1188
1189 push (@cmds, {
1190 setting => 'clear_msa_networks',
1191 type => $CONF_TYPE_NOARGS,
1192 code => sub {
1193 my ($self, $key, $value, $line) = @_;
1194 unless (!defined $value || $value eq '') {
1195 return $INVALID_VALUE;
1196 }
1197 $self->{msa_networks} = Mail::SpamAssassin::NetSet->new(); # not new_netset
1198 $self->{msa_networks_configured} = 0;
1199 }
1200 });
1201
1202=item originating_ip_headers header ... (default: X-Yahoo-Post-IP X-Originating-IP X-Apparently-From X-SenderIP)
1203
1204A list of header field names from which an originating IP address can
1205be obtained. For example, webmail servers may record a client IP address
1206in X-Originating-IP.
1207
1208These IP addresses are virtually appended into the Received: chain, so they
1209are used in RBL checks where appropriate.
1210
1211Currently the IP addresses are not added into X-Spam-Relays-* header fields,
1212but they may be in the future.
1213
1214=cut
1215
1216 push (@cmds, {
1217 setting => 'originating_ip_headers',
1218 default => [],
1219 type => $CONF_TYPE_STRINGLIST,
1220 code => sub {
1221 my ($self, $key, $value, $line) = @_;
1222 unless (defined $value && $value !~ /^$/) {
1223 return $MISSING_REQUIRED_VALUE;
1224 }
1225 foreach my $hfname (split(/\s+/, $value)) {
1226 # avoid duplicates, consider header field names case-insensitive
1227 push(@{$self->{originating_ip_headers}}, $hfname)
1228 if !grep(lc($_) eq lc($hfname), @{$self->{originating_ip_headers}});
1229 }
1230 }
1231 });
1232
1233=item clear_originating_ip_headers
1234
1235Empty the list of 'originating IP address' header field names.
1236
1237=cut
1238
1239 push (@cmds, {
1240 setting => 'clear_originating_ip_headers',
1241 type => $CONF_TYPE_NOARGS,
1242 code => sub {
1243 my ($self, $key, $value, $line) = @_;
1244 unless (!defined $value || $value eq '') {
1245 return $INVALID_VALUE;
1246 }
1247 $self->{originating_ip_headers} = [];
1248 }
1249 });
1250
1251=item always_trust_envelope_sender ( 0 | 1 ) (default: 0)
1252
1253Trust the envelope sender even if the message has been passed through one or
1254more trusted relays. See also C<envelope_sender_header>.
1255
1256=cut
1257
1258 push (@cmds, {
1259 setting => 'always_trust_envelope_sender',
1260 default => 0,
1261 type => $CONF_TYPE_BOOL,
1262 });
1263
1264=item skip_rbl_checks ( 0 | 1 ) (default: 0)
1265
1266Turning on the skip_rbl_checks setting will disable the DNSEval plugin,
1267which implements Real-time Block List (or: Blackhole List) (RBL) lookups.
1268
1269By default, SpamAssassin will run RBL checks. Individual blocklists may
1270be disabled selectively by setting a score of a corresponding rule to 0.
1271
1272See also a related configuration parameter skip_uribl_checks,
1273which controls the URIDNSBL plugin (documented in the URIDNSBL man page).
1274
1275=cut
1276
1277 push (@cmds, {
1278 setting => 'skip_rbl_checks',
1279 default => 0,
1280 type => $CONF_TYPE_BOOL,
1281 });
1282
1283=item dns_available { yes | test[: name1 name2...] | no } (default: test)
1284
1285By default, SpamAssassin will query some default hosts on the internet to
1286attempt to check if DNS is working or not. The problem is that it can
1287introduce some delay if your network connection is down, and in some cases it
1288can wrongly guess that DNS is unavailable because the test connections failed.
1289SpamAssassin includes a default set of 13 servers, among which 3 are picked
1290randomly.
1291
1292You can however specify your own list by specifying
1293
1294 dns_available test: domain1.tld domain2.tld domain3.tld
1295
1296Please note, the DNS test queries for NS records.
1297
1298=cut
1299
1300 push (@cmds, {
1301 setting => 'dns_available',
1302 default => 'test',
1303 type => $CONF_TYPE_STRING,
1304 code => sub {
1305 my ($self, $key, $value, $line) = @_;
1306 if ($value =~ /^test(?::\s+.+)?$/) {
1307 $self->{dns_available} = $value;
1308 }
1309 elsif ($value =~ /^(?:yes|1)$/) {
1310 $self->{dns_available} = 'yes';
1311 }
1312 elsif ($value =~ /^(?:no|0)$/) {
1313 $self->{dns_available} = 'no';
1314 }
1315 else {
1316 return $INVALID_VALUE;
1317 }
1318 }
1319 });
1320
1321=item dns_test_interval n (default: 600 seconds)
1322
1323If dns_available is set to 'test' (which is the default), the dns_test_interval
1324time in number of seconds will tell SpamAssassin how often to retest for working DNS.
1325
1326=cut
1327
1328 push (@cmds, {
1329 setting => 'dns_test_interval',
1330 default => 600,
1331 type => $CONF_TYPE_NUMERIC,
1332 code => sub {
1333 my ($self, $key, $value, $line) = @_;
1334 if ($value !~ /^\d+$/) { return $INVALID_VALUE; }
1335 $self->{dns_test_interval} = $value;
1336 }
1337 });
1338
1339=item dns_options rotate (default: empty)
1340
1341If set to 'rotate', this causes SpamAssassin to choose a DNS server at random
1342from all servers listed in C</etc/resolv.conf> every 'dns_test_interval'
1343seconds, effectively spreading the load over all currently available DNS
1344servers when there are many spamd workers.
1345
1346=cut
1347
1348 push (@cmds, {
1349 setting => 'dns_options',
1350 type => $CONF_TYPE_HASH_KEY_VALUE,
1351 code => sub {
1352 my ($self, $key, $value, $line) = @_;
1353 my $allowed_opts = "rotate";
1354
1355 foreach my $option (split (/\s+/, $value)) {
1356 if ($allowed_opts !~ /^$option$/) { return $INVALID_VALUE; }
1357 else { $self->{dns_options}->{$option} = 1; }
1358 }
1359 }
1360 });
1361
1362=back
1363
1364=head2 LEARNING OPTIONS
1365
1366=over 4
1367
1368=item use_learner ( 0 | 1 ) (default: 1)
1369
1370Whether to use any machine-learning classifiers with SpamAssassin, such as the
1371default 'BAYES_*' rules. Setting this to 0 will disable use of any and all
1372human-trained classifiers.
1373
1374=cut
1375
1376 push (@cmds, {
1377 setting => 'use_learner',
1378 default => 1,
1379 type => $CONF_TYPE_BOOL,
1380 });
1381
1382=item use_bayes ( 0 | 1 ) (default: 1)
1383
1384Whether to use the naive-Bayesian-style classifier built into
1385SpamAssassin. This is a master on/off switch for all Bayes-related
1386operations.
1387
1388=cut
1389
1390 push (@cmds, {
1391 setting => 'use_bayes',
1392 default => 1,
1393 type => $CONF_TYPE_BOOL,
1394 });
1395
1396=item use_bayes_rules ( 0 | 1 ) (default: 1)
1397
1398Whether to use rules using the naive-Bayesian-style classifier built
1399into SpamAssassin. This allows you to disable the rules while leaving
1400auto and manual learning enabled.
1401
1402=cut
1403
1404 push (@cmds, {
1405 setting => 'use_bayes_rules',
1406 default => 1,
1407 type => $CONF_TYPE_BOOL,
1408 });
1409
1410=item bayes_auto_learn ( 0 | 1 ) (default: 1)
1411
1412Whether SpamAssassin should automatically feed high-scoring mails (or
1413low-scoring mails, for non-spam) into its learning systems. The only
1414learning system supported currently is a naive-Bayesian-style classifier.
1415
1416See the documentation for the
1417C<Mail::SpamAssassin::Plugin::AutoLearnThreshold> plugin module
1418for details on how Bayes auto-learning is implemented by default.
1419
1420=cut
1421
1422 push (@cmds, {
1423 setting => 'bayes_auto_learn',
1424 default => 1,
1425 type => $CONF_TYPE_BOOL,
1426 });
1427
1428=item bayes_ignore_header header_name
1429
1430If you receive mail filtered by upstream mail systems, like
1431a spam-filtering ISP or mailing list, and that service adds
1432new headers (as most of them do), these headers may provide
1433inappropriate cues to the Bayesian classifier, allowing it
1434to take a "short cut". To avoid this, list the headers using this
1435setting. Example:
1436
1437 bayes_ignore_header X-Upstream-Spamfilter
1438 bayes_ignore_header X-Upstream-SomethingElse
1439
1440=cut
1441
1442 push (@cmds, {
1443 setting => 'bayes_ignore_header',
1444 default => [],
1445 type => $CONF_TYPE_STRINGLIST,
1446 code => sub {
1447 my ($self, $key, $value, $line) = @_;
1448 if ($value eq '') {
1449 return $MISSING_REQUIRED_VALUE;
1450 }
1451 push (@{$self->{bayes_ignore_headers}}, split(/\s+/, $value));
1452 }
1453 });
1454
1455=item bayes_ignore_from user@example.com
1456
1457Bayesian classification and autolearning will not be performed on mail
1458from the listed addresses. Program C<sa-learn> will also ignore the
1459listed addresses if it is invoked using the C<--use-ignores> option.
1460One or more addresses can be listed, see C<whitelist_from>.
1461
1462Spam messages from certain senders may contain many words that
1463frequently occur in ham. For example, one might read messages from a
1464preferred bookstore but also get unwanted spam messages from other
1465bookstores. If the unwanted messages are learned as spam then any
1466messages discussing books, including the preferred bookstore and
1467antiquarian messages would be in danger of being marked as spam. The
1468addresses of the annoying bookstores would be listed. (Assuming they
1469were halfway legitimate and didn't send you mail through myriad
1470affiliates.)
1471
1472Those who have pieces of spam in legitimate messages or otherwise
1473receive ham messages containing potentially spammy words might fear
1474that some spam messages might be in danger of being marked as ham.
1475The addresses of the spam mailing lists, correspondents, etc. would
1476be listed.
1477
1478=cut
1479
1480 push (@cmds, {
1481 setting => 'bayes_ignore_from',
1482 type => $CONF_TYPE_ADDRLIST,
1483 });
1484
1485=item bayes_ignore_to user@example.com
1486
1487Bayesian classification and autolearning will not be performed on mail
1488to the listed addresses. See C<bayes_ignore_from> for details.
1489
1490=cut
1491
1492 push (@cmds, {
1493 setting => 'bayes_ignore_to',
1494 type => $CONF_TYPE_ADDRLIST,
1495 });
1496
1497=item bayes_min_ham_num (Default: 200)
1498
1499=item bayes_min_spam_num (Default: 200)
1500
1501To be accurate, the Bayes system does not activate until a certain number of
1502ham (non-spam) and spam have been learned. The default is 200 of each ham and
1503spam, but you can tune these up or down with these two settings.
1504
1505=cut
1506
1507 push (@cmds, {
1508 setting => 'bayes_min_ham_num',
1509 default => 200,
1510 type => $CONF_TYPE_NUMERIC,
1511 });
1512 push (@cmds, {
1513 setting => 'bayes_min_spam_num',
1514 default => 200,
1515 type => $CONF_TYPE_NUMERIC,
1516 });
1517
1518=item bayes_learn_during_report (Default: 1)
1519
1520The Bayes system will, by default, learn any reported messages
1521(C<spamassassin -r>) as spam. If you do not want this to happen, set
1522this option to 0.
1523
1524=cut
1525
1526 push (@cmds, {
1527 setting => 'bayes_learn_during_report',
1528 default => 1,
1529 type => $CONF_TYPE_BOOL,
1530 });
1531
1532=item bayes_sql_override_username
1533
1534Used by BayesStore::SQL storage implementation.
1535
1536If this options is set the BayesStore::SQL module will override the set
1537username with the value given. This could be useful for implementing global or
1538group bayes databases.
1539
1540=cut
1541
1542 push (@cmds, {
1543 setting => 'bayes_sql_override_username',
1544 default => '',
1545 type => $CONF_TYPE_STRING,
1546 });
1547
1548=item bayes_use_hapaxes (default: 1)
1549
1550Should the Bayesian classifier use hapaxes (words/tokens that occur only
1551once) when classifying? This produces significantly better hit-rates, but
1552increases database size by about a factor of 8 to 10.
1553
1554=cut
1555
1556 push (@cmds, {
1557 setting => 'bayes_use_hapaxes',
1558 default => 1,
1559 type => $CONF_TYPE_BOOL,
1560 });
1561
1562=item bayes_journal_max_size (default: 102400)
1563
1564SpamAssassin will opportunistically sync the journal and the database.
1565It will do so once a day, but will sync more often if the journal file
1566size goes above this setting, in bytes. If set to 0, opportunistic
1567syncing will not occur.
1568
1569=cut
1570
1571 push (@cmds, {
1572 setting => 'bayes_journal_max_size',
1573 default => 102400,
1574 type => $CONF_TYPE_NUMERIC,
1575 });
1576
1577=item bayes_expiry_max_db_size (default: 150000)
1578
1579What should be the maximum size of the Bayes tokens database? When expiry
1580occurs, the Bayes system will keep either 75% of the maximum value, or
1581100,000 tokens, whichever has a larger value. 150,000 tokens is roughly
1582equivalent to a 8Mb database file.
1583
1584=cut
1585
1586 push (@cmds, {
1587 setting => 'bayes_expiry_max_db_size',
1588 default => 150000,
1589 type => $CONF_TYPE_NUMERIC,
1590 });
1591
1592=item bayes_auto_expire (default: 1)
1593
1594If enabled, the Bayes system will try to automatically expire old tokens
1595from the database. Auto-expiry occurs when the number of tokens in the
1596database surpasses the bayes_expiry_max_db_size value.
1597
1598=cut
1599
1600 push (@cmds, {
1601 setting => 'bayes_auto_expire',
1602 default => 1,
1603 type => $CONF_TYPE_BOOL,
1604 });
1605
1606=item bayes_learn_to_journal (default: 0)
1607
1608If this option is set, whenever SpamAssassin does Bayes learning, it
1609will put the information into the journal instead of directly into the
1610database. This lowers contention for locking the database to execute
1611an update, but will also cause more access to the journal and cause a
1612delay before the updates are actually committed to the Bayes database.
1613
1614=cut
1615
1616 push (@cmds, {
1617 setting => 'bayes_learn_to_journal',
1618 default => 0,
1619 type => $CONF_TYPE_BOOL,
1620 });
1621
1622=back
1623
1624=head2 MISCELLANEOUS OPTIONS
1625
1626=over 4
1627
1628=item time_limit n (default: 300)
1629
1630Specifies a limit on elapsed time in seconds that SpamAssassin is allowed
1631to spend before providing a result. The value may be fractional and must
1632not be negative, zero is interpreted as unlimited. The default is 300
1633seconds for consistency with the spamd default setting of --timeout-child .
1634
1635This is a best-effort advisory setting, processing will not be abruptly
1636aborted at an arbitrary point in processing when the time limit is exceeded,
1637but only on reaching one of locations in the program flow equipped with a
1638time test. Currently equipped with the test are the main checking loop,
1639asynchronous DNS lookups, plugins which are calling external programs.
1640Rule evaluation is guarded by starting a timer (alarm) on each set of
1641compiled rules.
1642
1643When a message is passed to Mail::SpamAssassin::parse, a deadline time
1644is established as a sum of current time and the C<time_limit> setting.
1645
1646This deadline may also be specified by a caller through an option
1647'master_deadline' in $suppl_attrib on a call to parse(), possibly providing
1648a more accurate deadline taking into account past and expected future
1649processing of a message in a mail filtering setup. If both the config
1650option as well as a 'master_deadline' option in a call are provided,
1651the shorter time limit of the two is used (since version 3.3.2).
1652Note that spamd (and possibly third-party callers of SpamAssassin) will
1653supply the 'master_deadline' option in a call based on its --timeout-child
1654option (or equivalent), unlike the command line C<spamassassin>, which has
1655no such command line option.
1656
1657When a time limit is exceeded, most of the remaining tests will be skipped,
1658as well as auto-learning. Whatever tests fired so far will determine the
1659final score. The behaviour is similar to short-circuiting with attribute 'on',
1660as implemented by a Shortcircuit plugin. A synthetic hit on a rule named
1661TIME_LIMIT_EXCEEDED with a near-zero default score is generated, so that
1662the report will reflect the event. A score for TIME_LIMIT_EXCEEDED may
1663be provided explicitly in a configuration file, for example to achieve
1664whitelisting or blacklisting effect for messages with long processing times.
1665
1666The C<time_limit> option is a useful protection against excessive processing
1667time on certain degenerate or unusually long or complex mail messages, as well
1668as against some DoS attacks. It is also needed in time-critical pre-queue
1669filtering setups (e.g. milter, proxy, integration with MTA), where message
1670processing must finish before a SMTP client times out. RFC 5321 prescribes
1671in section 4.5.3.2.6 the 'DATA Termination' time limit of 10 minutes,
1672although it is not unusual to see some SMTP clients abort sooner on waiting
1673for a response. A sensible C<time_limit> for a pre-queue filtering setup is
1674maybe 50 seconds, assuming that clients are willing to wait at least a minute.
1675
1676=cut
1677
1678 push (@cmds, {
1679 setting => 'time_limit',
1680 default => 300,
1681 type => $CONF_TYPE_NUMERIC,
1682 code => sub {
1683 my ($self, $key, $value, $line) = @_;
1684 if ($value !~ /^\d+(?:\.\d*)?$/) { return $INVALID_VALUE }
1685 $value = 0+$value;
1686 if ($value < 0) { return $INVALID_VALUE }
1687 $self->{time_limit} = $value;
1688 }
1689 });
1690
1691=item lock_method type
1692
1693Select the file-locking method used to protect database files on-disk. By
1694default, SpamAssassin uses an NFS-safe locking method on UNIX; however, if you
1695are sure that the database files you'll be using for Bayes and AWL storage will
1696never be accessed over NFS, a non-NFS-safe locking system can be selected.
1697
1698This will be quite a bit faster, but may risk file corruption if the files are
1699ever accessed by multiple clients at once, and one or more of them is accessing
1700them through an NFS filesystem.
1701
1702Note that different platforms require different locking systems.
1703
1704The supported locking systems for C<type> are as follows:
1705
1706=over 4
1707
1708=item I<nfssafe> - an NFS-safe locking system
1709
1710=item I<flock> - simple UNIX C<flock()> locking
1711
1712=item I<win32> - Win32 locking using C<sysopen (..., O_CREAT|O_EXCL)>.
1713
1714=back
1715
1716nfssafe and flock are only available on UNIX, and win32 is only available
1717on Windows. By default, SpamAssassin will choose either nfssafe or
1718win32 depending on the platform in use.
1719
1720=cut
1721
1722 push (@cmds, {
1723 setting => 'lock_method',
1724 default => '',
1725 type => $CONF_TYPE_STRING,
1726 code => sub {
1727 my ($self, $key, $value, $line) = @_;
1728 if ($value !~ /^(nfssafe|flock|win32)$/) {
1729 return $INVALID_VALUE;
1730 }
1731
1732 $self->{lock_method} = $value;
1733 # recreate the locker
1734 $self->{main}->create_locker();
1735 }
1736 });
1737
1738=item fold_headers ( 0 | 1 ) (default: 1)
1739
1740By default, headers added by SpamAssassin will be whitespace folded.
1741In other words, they will be broken up into multiple lines instead of
1742one very long one and each continuation line will have a tabulator
1743prepended to mark it as a continuation of the preceding one.
1744
1745The automatic wrapping can be disabled here. Note that this can generate very
1746long lines. RFC 2822 required that header lines do not exceed 998 characters
1747(not counting the final CRLF).
1748
1749=cut
1750
1751 push (@cmds, {
1752 setting => 'fold_headers',
1753 default => 1,
1754 type => $CONF_TYPE_BOOL,
1755 });
1756
1757=item report_safe_copy_headers header_name ...
1758
1759If using C<report_safe>, a few of the headers from the original message
1760are copied into the wrapper header (From, To, Cc, Subject, Date, etc.)
1761If you want to have other headers copied as well, you can add them
1762using this option. You can specify multiple headers on the same line,
1763separated by spaces, or you can just use multiple lines.
1764
1765=cut
1766
1767 push (@cmds, {
1768 setting => 'report_safe_copy_headers',
1769 default => [],
1770 type => $CONF_TYPE_STRINGLIST,
1771 code => sub {
1772 my ($self, $key, $value, $line) = @_;
1773 if ($value eq '') {
1774 return $MISSING_REQUIRED_VALUE;
1775 }
1776 push(@{$self->{report_safe_copy_headers}}, split(/\s+/, $value));
1777 }
1778 });
1779
1780=item envelope_sender_header Name-Of-Header
1781
1782SpamAssassin will attempt to discover the address used in the 'MAIL FROM:'
1783phase of the SMTP transaction that delivered this message, if this data has
1784been made available by the SMTP server. This is used in the C<EnvelopeFrom>
1785pseudo-header, and for various rules such as SPF checking.
1786
1787By default, various MTAs will use different headers, such as the following:
1788
1789 X-Envelope-From
1790 Envelope-Sender
1791 X-Sender
1792 Return-Path
1793
1794SpamAssassin will attempt to use these, if some heuristics (such as the header
1795placement in the message, or the absence of fetchmail signatures) appear to
1796indicate that they are safe to use. However, it may choose the wrong headers
1797in some mailserver configurations. (More discussion of this can be found
1798in bug 2142 and bug 4747 in the SpamAssassin BugZilla.)
1799
1800To avoid this heuristic failure, the C<envelope_sender_header> setting may be
1801helpful. Name the header that your MTA or MDA adds to messages containing the
1802address used at the MAIL FROM step of the SMTP transaction.
1803
1804If the header in question contains C<E<lt>> or C<E<gt>> characters at the start
1805and end of the email address in the right-hand side, as in the SMTP
1806transaction, these will be stripped.
1807
1808If the header is not found in a message, or if it's value does not contain an
1809C<@> sign, SpamAssassin will issue a warning in the logs and fall back to its
1810default heuristics.
1811
1812(Note for MTA developers: we would prefer if the use of a single header be
1813avoided in future, since that precludes 'downstream' spam scanning.
1814C<http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived> details a
1815better proposal, storing the envelope sender at each hop in the C<Received>
1816header.)
1817
1818example:
1819
1820 envelope_sender_header X-SA-Exim-Mail-From
1821
1822=cut
1823
1824 push (@cmds, {
1825 setting => 'envelope_sender_header',
1826 default => undef,
1827 type => $CONF_TYPE_STRING,
1828 });
1829
1830=item describe SYMBOLIC_TEST_NAME description ...
1831
1832Used to describe a test. This text is shown to users in the detailed report.
1833
1834Note that test names which begin with '__' are reserved for meta-match
1835sub-rules, and are not scored or listed in the 'tests hit' reports.
1836
1837Also note that by convention, rule descriptions should be limited in
1838length to no more than 50 characters.
1839
1840=cut
1841
1842 push (@cmds, {
1843 command => 'describe',
1844 setting => 'descriptions',
1845 is_frequent => 1,
1846 type => $CONF_TYPE_HASH_KEY_VALUE,
1847 });
1848
1849=item report_charset CHARSET (default: unset)
1850
1851Set the MIME Content-Type charset used for the text/plain report which
1852is attached to spam mail messages.
1853
1854=cut
1855
1856 push (@cmds, {
1857 setting => 'report_charset',
1858 default => '',
1859 type => $CONF_TYPE_STRING,
1860 });
1861
1862=item report ...some text for a report...
1863
1864Set the report template which is attached to spam mail messages. See the
1865C<10_default_prefs.cf> configuration file in C</usr/share/spamassassin> for an
1866example.
1867
1868If you change this, try to keep it under 78 columns. Each C<report>
1869line appends to the existing template, so use C<clear_report_template>
1870to restart.
1871
1872Tags can be included as explained above.
1873
1874=cut
1875
1876 push (@cmds, {
1877 command => 'report',
1878 setting => 'report_template',
1879 default => '',
1880 type => $CONF_TYPE_TEMPLATE,
1881 });
1882
1883=item clear_report_template
1884
1885Clear the report template.
1886
1887=cut
1888
1889 push (@cmds, {
1890 command => 'clear_report_template',
1891 setting => 'report_template',
1892 type => $CONF_TYPE_NOARGS,
1893 code => \&Mail::SpamAssassin::Conf::Parser::set_template_clear
1894 });
1895
1896=item report_contact ...text of contact address...
1897
1898Set what _CONTACTADDRESS_ is replaced with in the above report text.
1899By default, this is 'the administrator of that system', since the hostname
1900of the system the scanner is running on is also included.
1901
1902=cut
1903
1904 push (@cmds, {
1905 setting => 'report_contact',
1906 default => 'the administrator of that system',
1907 type => $CONF_TYPE_STRING,
1908 });
1909
1910=item report_hostname ...hostname to use...
1911
1912Set what _HOSTNAME_ is replaced with in the above report text.
1913By default, this is determined dynamically as whatever the host running
1914SpamAssassin calls itself.
1915
1916=cut
1917
1918 push (@cmds, {
1919 setting => 'report_hostname',
1920 default => '',
1921 type => $CONF_TYPE_STRING,
1922 });
1923
1924=item unsafe_report ...some text for a report...
1925
1926Set the report template which is attached to spam mail messages which contain a
1927non-text/plain part. See the C<10_default_prefs.cf> configuration file in
1928C</usr/share/spamassassin> for an example.
1929
1930Each C<unsafe-report> line appends to the existing template, so use
1931C<clear_unsafe_report_template> to restart.
1932
1933Tags can be used in this template (see above for details).
1934
1935=cut
1936
1937 push (@cmds, {
1938 command => 'unsafe_report',
1939 setting => 'unsafe_report_template',
1940 default => '',
1941 type => $CONF_TYPE_TEMPLATE,
1942 });
1943
1944=item clear_unsafe_report_template
1945
1946Clear the unsafe_report template.
1947
1948=cut
1949
1950 push (@cmds, {
1951 command => 'clear_unsafe_report_template',
1952 setting => 'unsafe_report_template',
1953 type => $CONF_TYPE_NOARGS,
1954 code => \&Mail::SpamAssassin::Conf::Parser::set_template_clear
1955 });
1956
1957=back
1958
1959=head1 RULE DEFINITIONS AND PRIVILEGED SETTINGS
1960
1961These settings differ from the ones above, in that they are considered
1962'privileged'. Only users running C<spamassassin> from their procmailrc's or
1963forward files, or sysadmins editing a file in C</etc/mail/spamassassin>, can
1964use them. C<spamd> users cannot use them in their C<user_prefs> files, for
1965security and efficiency reasons, unless C<allow_user_rules> is enabled (and
1966then, they may only add rules from below).
1967
1968=over 4
1969
1970=item allow_user_rules ( 0 | 1 ) (default: 0)
1971
1972This setting allows users to create rules (and only rules) in their
1973C<user_prefs> files for use with C<spamd>. It defaults to off, because
1974this could be a severe security hole. It may be possible for users to
1975gain root level access if C<spamd> is run as root. It is NOT a good
1976idea, unless you have some other way of ensuring that users' tests are
1977safe. Don't use this unless you are certain you know what you are
1978doing. Furthermore, this option causes spamassassin to recompile all
1979the tests each time it processes a message for a user with a rule in
1980his/her C<user_prefs> file, which could have a significant effect on
1981server load. It is not recommended.
1982
1983Note that it is not currently possible to use C<allow_user_rules> to modify an
1984existing system rule from a C<user_prefs> file with C<spamd>.
1985
1986=cut
1987
1988 push (@cmds, {
1989 setting => 'allow_user_rules',
1990 is_priv => 1,
1991 default => 0,
1992 type => $CONF_TYPE_BOOL,
1993 code => sub {
1994 my ($self, $key, $value, $line) = @_;
1995 if ($value eq '') {
1996 return $MISSING_REQUIRED_VALUE;
1997 }
1998 elsif ($value !~ /^[01]$/) {
1999 return $INVALID_VALUE;
2000 }
2001
2002 $self->{allow_user_rules} = $value+0;
2003 dbg("config: " . ($self->{allow_user_rules} ? "allowing":"not allowing") . " user rules!");
2004 }
2005 });
2006
2007=item redirector_pattern /pattern/modifiers
2008
2009A regex pattern that matches both the redirector site portion, and
2010the target site portion of a URI.
2011
2012Note: The target URI portion must be surrounded in parentheses and
2013 no other part of the pattern may create a backreference.
2014
2015Example: http://chkpt.zdnet.com/chkpt/whatever/spammer.domain/yo/dude
2016
2017 redirector_pattern /^https?:\/\/(?:opt\.)?chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
2018
2019=cut
2020
2021 push (@cmds, {
2022 setting => 'redirector_pattern',
2023 is_priv => 1,
2024 code => sub {
2025 my ($self, $key, $value, $line) = @_;
2026 if ($value eq '') {
2027 return $MISSING_REQUIRED_VALUE;
2028 }
2029 elsif (!$self->{parser}->is_delimited_regexp_valid("redirector_pattern", $value)) {
2030 return $INVALID_VALUE;
2031 }
2032
2033 # convert to qr// while including modifiers
2034 local ($1,$2,$3);
2035 $value =~ /^m?(\W)(.*)(?:\1|>|}|\)|\])(.*?)$/;
2036 my $pattern = $2;
2037 $pattern = "(?".$3.")".$pattern if $3;
2038 $pattern = qr/$pattern/;
2039
2040 push @{$self->{main}->{conf}->{redirector_patterns}}, $pattern;
2041 # dbg("config: adding redirector regex: " . $value);
2042 }
2043 });
2044
2045=item header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: STRING]
2046
2047Define a test. C<SYMBOLIC_TEST_NAME> is a symbolic test name, such as
2048'FROM_ENDS_IN_NUMS'. C<header> is the name of a mail header field,
2049such as 'Subject', 'To', 'From', etc. Header field names are matched
2050case-insensitively (conforming to RFC 5322 section 1.2.2), except for
2051all-capitals metaheader fields such as ALL, MESSAGEID, ALL-TRUSTED.
2052
2053Appending a modifier C<:raw> to a header field name will inhibit decoding of
2054quoted-printable or base-64 encoded strings, and will preserve all whitespace
2055inside the header string. The C<:raw> may also be applied to pseudo-headers
2056e.g. C<ALL:raw> will return a pristine (unmodified) header section.
2057
2058Appending a modifier C<:addr> to a header field name will cause everything
2059except the first email address to be removed from the header field. It is
2060mainly applicable to header fields 'From', 'Sender', 'To', 'Cc' along with
2061their 'Resent-*' counterparts, and the 'Return-Path'.
2062
2063Appending a modifier C<:name> to a header field name will cause everything
2064except the first display name to be removed from the header field. It is
2065mainly applicable to header fields 'From' and 'Resent-From'.
2066
2067It is syntactically permitted to append more than one modifier to a header
2068field name, although currently most combinations achieve no additional effect,
2069for example C<From:addr:raw> or C<From:raw:addr> is currently the same as
2070C<From:addr> .
2071
2072=over 4
2073
2074=item example@foo
2075
2076=item example@foo (Foo Blah)
2077
2078=item example@foo, example@bar
2079
2080=item display: example@foo (Foo Blah), example@bar ;
2081
2082=item Foo Blah <example@foo>
2083
2084=item "Foo Blah" <example@foo>
2085
2086=item "'Foo Blah'" <example@foo>
2087
2088=back
2089
2090Appending C<:name> to the header name will cause everything except
2091the first real name to be removed from the header. For example,
2092all of the following will result in "Foo Blah"
2093
2094=over 4
2095
2096=item example@foo (Foo Blah)
2097
2098=item example@foo (Foo Blah), example@bar
2099
2100=item display: example@foo (Foo Blah), example@bar ;
2101
2102=item Foo Blah <example@foo>
2103
2104=item "Foo Blah" <example@foo>
2105
2106=item "'Foo Blah'" <example@foo>
2107
2108=back
2109
2110There are several special pseudo-headers that can be specified:
2111
2112=over 4
2113
2114=item C<ALL> can be used to mean the text of all the message's headers.
2115Note that all whitespace inside the headers, at line folds, is currently
2116compressed into a single space (' ') character. To obtain a pristine
2117(unmodified) header section, use C<ALL:raw> - the :raw modifier is documented
2118above.
2119
2120=item C<ToCc> can be used to mean the contents of both the 'To' and 'Cc'
2121headers.
2122
2123=item C<EnvelopeFrom> is the address used in the 'MAIL FROM:' phase of the SMTP
2124transaction that delivered this message, if this data has been made available
2125by the SMTP server. See C<envelope_sender_header> for more information
2126on how to set this.
2127
2128=item C<MESSAGEID> is a symbol meaning all Message-Id's found in the message;
2129some mailing list software moves the real 'Message-Id' to 'Resent-Message-Id'
2130or to 'X-Message-Id', then uses its own one in the 'Message-Id' header.
2131The value returned for this symbol is the text from all 3 headers, separated
2132by newlines.
2133
2134=item C<X-Spam-Relays-Untrusted>, C<X-Spam-Relays-Trusted>,
2135C<X-Spam-Relays-Internal> and C<X-Spam-Relays-External> represent a portable,
2136pre-parsed representation of the message's network path, as recorded in the
2137Received headers, divided into 'trusted' vs 'untrusted' and 'internal' vs
2138'external' sets. See C<http://wiki.apache.org/spamassassin/TrustedRelays> for
2139more details.
2140
2141=back
2142
2143C<op> is either C<=~> (contains regular expression) or C<!~> (does not contain
2144regular expression), and C<pattern> is a valid Perl regular expression, with
2145C<modifiers> as regexp modifiers in the usual style. Note that multi-line
2146rules are not supported, even if you use C<x> as a modifier. Also note that
2147the C<#> character must be escaped (C<\#>) or else it will be considered to be
2148the start of a comment and not part of the regexp.
2149
2150If the C<[if-unset: STRING]> tag is present, then C<STRING> will
2151be used if the header is not found in the mail message.
2152
2153Test names must not start with a number, and must contain only
2154alphanumerics and underscores. It is suggested that lower-case characters
2155not be used, and names have a length of no more than 22 characters,
2156as an informal convention. Dashes are not allowed.
2157
2158Note that test names which begin with '__' are reserved for meta-match
2159sub-rules, and are not scored or listed in the 'tests hit' reports.
2160Test names which begin with 'T_' are reserved for tests which are
2161undergoing QA, and these are given a very low score.
2162
2163If you add or modify a test, please be sure to run a sanity check afterwards
2164by running C<spamassassin --lint>. This will avoid confusing error
2165messages, or other tests being skipped as a side-effect.
2166
2167=item header SYMBOLIC_TEST_NAME exists:name_of_header
2168
2169Define a header existence test. C<name_of_header> is the name of a
2170header field to test for existence. This is just a very simple version
2171of the above header tests.
2172
2173=item header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
2174
2175Define a header eval test. C<name_of_eval_method> is the name of
2176a method on the C<Mail::SpamAssassin::EvalTests> object. C<arguments>
2177are optional arguments to the function call.
2178
2179=item header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
2180
2181Check a DNSBL (a DNS blacklist or whitelist). This will retrieve Received:
2182headers from the message, extract the IP addresses, select which ones are
2183'untrusted' based on the C<trusted_networks> logic, and query that DNSBL
2184zone. There's a few things to note:
2185
2186=over 4
2187
2188=item duplicated or private IPs
2189
2190Duplicated IPs are only queried once and reserved IPs are not queried.
2191Private IPs are those listed in
2192<http://www.iana.org/assignments/ipv4-address-space>,
2193<http://duxcw.com/faq/network/privip.htm>,
2194<http://duxcw.com/faq/network/autoip.htm>, or
2195<ftp://ftp.rfc-editor.org/in-notes/rfc3330.txt> as private.
2196
2197=item the 'set' argument
2198
2199This is used as a 'zone ID'. If you want to look up a multiple-meaning zone
2200like NJABL or SORBS, you can then query the results from that zone using it;
2201but all check_rbl_sub() calls must use that zone ID.
2202
2203Also, if more than one IP address gets a DNSBL hit for a particular rule, it
2204does not affect the score because rules only trigger once per message.
2205
2206=item the 'zone' argument
2207
2208This is the root zone of the DNSBL, ending in a period.
2209
2210=item the 'sub-test' argument
2211
2212This optional argument behaves the same as the sub-test argument in
2213C<check_rbl_sub()> below.
2214
2215=item selecting all IPs except for the originating one
2216
2217This is accomplished by placing '-notfirsthop' at the end of the set name.
2218This is useful for querying against DNS lists which list dialup IP
2219addresses; the first hop may be a dialup, but as long as there is at least
2220one more hop, via their outgoing SMTP server, that's legitimate, and so
2221should not gain points. If there is only one hop, that will be queried
2222anyway, as it should be relaying via its outgoing SMTP server instead of
2223sending directly to your MX (mail exchange).
2224
2225=item selecting IPs by whether they are trusted
2226
2227When checking a 'nice' DNSBL (a DNS whitelist), you cannot trust the IP
2228addresses in Received headers that were not added by trusted relays. To
2229test the first IP address that can be trusted, place '-firsttrusted' at the
2230end of the set name. That should test the IP address of the relay that
2231connected to the most remote trusted relay.
2232
2233Note that this requires that SpamAssassin know which relays are trusted. For
2234simple cases, SpamAssassin can make a good estimate. For complex cases, you
2235may get better results by setting C<trusted_networks> manually.
2236
2237In addition, you can test all untrusted IP addresses by placing '-untrusted'
2238at the end of the set name. Important note -- this does NOT include the
2239IP address from the most recent 'untrusted line', as used in '-firsttrusted'
2240above. That's because we're talking about the trustworthiness of the
2241IP address data, not the source header line, here; and in the case of
2242the most recent header (the 'firsttrusted'), that data can be trusted.
2243See the Wiki page at C<http://wiki.apache.org/spamassassin/TrustedRelays>
2244for more information on this.
2245
2246=item Selecting just the last external IP
2247
2248By using '-lastexternal' at the end of the set name, you can select only
2249the external host that connected to your internal network, or at least
2250the last external host with a public IP.
2251
2252=back
2253
2254=item header SYMBOLIC_TEST_NAME eval:check_rbl_txt('set', 'zone')
2255
2256Same as check_rbl(), except querying using IN TXT instead of IN A records.
2257If the zone supports it, it will result in a line of text describing
2258why the IP is listed, typically a hyperlink to a database entry.
2259
2260=item header SYMBOLIC_TEST_NAME eval:check_rbl_sub('set', 'sub-test')
2261
2262Create a sub-test for 'set'. If you want to look up a multi-meaning zone
2263like relays.osirusoft.com, you can then query the results from that zone
2264using the zone ID from the original query. The sub-test may either be an
2265IPv4 dotted address for RBLs that return multiple A records or a
2266non-negative decimal number to specify a bitmask for RBLs that return a
2267single A record containing a bitmask of results, a SenderBase test
2268beginning with "sb:", or (if none of the preceding options seem to fit) a
2269regular expression.
2270
2271Note: the set name must be exactly the same for as the main query rule,
2272including selections like '-notfirsthop' appearing at the end of the set
2273name.
2274
2275=cut
2276
2277 push (@cmds, {
2278 setting => 'header',
2279 is_frequent => 1,
2280 is_priv => 1,
2281 code => sub {
2282 my ($self, $key, $value, $line) = @_;
2283 local ($1,$2);
2284 if ($value =~ /^(\S+)\s+(?:rbl)?eval:(.*)$/) {
2285 my ($name, $fn) = ($1, $2);
2286
2287 if ($fn =~ /^check_(?:rbl|dns)/) {
2288 $self->{parser}->add_test ($name, $fn, $TYPE_RBL_EVALS);
2289 }
2290 else {
2291 $self->{parser}->add_test ($name, $fn, $TYPE_HEAD_EVALS);
2292 }
2293 }
2294 elsif ($value =~ /^(\S+)\s+exists:([!-9;-\176]+)$/) {
2295 # RFC 5322 section 3.6.8, ftext printable US-ASCII ch not including ":"
2296 $self->{parser}->add_test ($1, "defined($2)", $TYPE_HEAD_TESTS);
2297 $self->{descriptions}->{$1} = "Found a $2 header";
2298 }
2299 else {
2300 my @values = split(/\s+/, $value, 2);
2301 if (@values != 2) {
2302 return $MISSING_REQUIRED_VALUE;
2303 }
2304 $self->{parser}->add_test (@values, $TYPE_HEAD_TESTS);
2305 }
2306 }
2307 });
2308
2309=item body SYMBOLIC_TEST_NAME /pattern/modifiers
2310
2311Define a body pattern test. C<pattern> is a Perl regular expression. Note:
2312as per the header tests, C<#> must be escaped (C<\#>) or else it is considered
2313the beginning of a comment.
2314
2315The 'body' in this case is the textual parts of the message body;
2316any non-text MIME parts are stripped, and the message decoded from
2317Quoted-Printable or Base-64-encoded format if necessary. The message
2318Subject header is considered part of the body and becomes the first
2319paragraph when running the rules. All HTML tags and line breaks will
2320be removed before matching.
2321
2322=item body SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
2323
2324Define a body eval test. See above.
2325
2326=cut
2327
2328 push (@cmds, {
2329 setting => 'body',
2330 is_frequent => 1,
2331 is_priv => 1,
2332 code => sub {
2333 my ($self, $key, $value, $line) = @_;
2334 local ($1,$2);
2335 if ($value =~ /^(\S+)\s+eval:(.*)$/) {
2336 $self->{parser}->add_test ($1, $2, $TYPE_BODY_EVALS);
2337 }
2338 else {
2339 my @values = split(/\s+/, $value, 2);
2340 if (@values != 2) {
2341 return $MISSING_REQUIRED_VALUE;
2342 }
2343 $self->{parser}->add_test (@values, $TYPE_BODY_TESTS);
2344 }
2345 }
2346 });
2347
2348=item uri SYMBOLIC_TEST_NAME /pattern/modifiers
2349
2350Define a uri pattern test. C<pattern> is a Perl regular expression. Note: as
2351per the header tests, C<#> must be escaped (C<\#>) or else it is considered
2352the beginning of a comment.
2353
2354The 'uri' in this case is a list of all the URIs in the body of the email,
2355and the test will be run on each and every one of those URIs, adjusting the
2356score if a match is found. Use this test instead of one of the body tests
2357when you need to match a URI, as it is more accurately bound to the start/end
2358points of the URI, and will also be faster.
2359
2360=cut
2361
2362# we don't do URI evals yet - maybe later
2363# if (/^uri\s+(\S+)\s+eval:(.*)$/) {
2364# $self->{parser}->add_test ($1, $2, $TYPE_URI_EVALS);
2365# next;
2366# }
2367 push (@cmds, {
2368 setting => 'uri',
2369 is_priv => 1,
2370 code => sub {
2371 my ($self, $key, $value, $line) = @_;
2372 my @values = split(/\s+/, $value, 2);
2373 if (@values != 2) {
2374 return $MISSING_REQUIRED_VALUE;
2375 }
2376 $self->{parser}->add_test (@values, $TYPE_URI_TESTS);
2377 }
2378 });
2379
2380=item rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
2381
2382Define a raw-body pattern test. C<pattern> is a Perl regular expression.
2383Note: as per the header tests, C<#> must be escaped (C<\#>) or else it is
2384considered the beginning of a comment.
2385
2386The 'raw body' of a message is the raw data inside all textual parts. The
2387text will be decoded from base64 or quoted-printable encoding, but HTML
2388tags and line breaks will still be present. Multiline expressions will
2389need to be used to match strings that are broken by line breaks.
2390
2391=item rawbody SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
2392
2393Define a raw-body eval test. See above.
2394
2395=cut
2396
2397 push (@cmds, {
2398 setting => 'rawbody',
2399 is_frequent => 1,
2400 is_priv => 1,
2401 code => sub {
2402 my ($self, $key, $value, $line) = @_;
2403 local ($1,$2);
2404 if ($value =~ /^(\S+)\s+eval:(.*)$/) {
2405 $self->{parser}->add_test ($1, $2, $TYPE_RAWBODY_EVALS);
2406 } else {
2407 my @values = split(/\s+/, $value, 2);
2408 if (@values != 2) {
2409 return $MISSING_REQUIRED_VALUE;
2410 }
2411 $self->{parser}->add_test (@values, $TYPE_RAWBODY_TESTS);
2412 }
2413 }
2414 });
2415
2416=item full SYMBOLIC_TEST_NAME /pattern/modifiers
2417
2418Define a full message pattern test. C<pattern> is a Perl regular expression.
2419Note: as per the header tests, C<#> must be escaped (C<\#>) or else it is
2420considered the beginning of a comment.
2421
2422The full message is the pristine message headers plus the pristine message
2423body, including all MIME data such as images, other attachments, MIME
2424boundaries, etc.
2425
2426=item full SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
2427
2428Define a full message eval test. See above.
2429
2430=cut
2431
2432 push (@cmds, {
2433 setting => 'full',
2434 is_priv => 1,
2435 code => sub {
2436 my ($self, $key, $value, $line) = @_;
2437 local ($1,$2);
2438 if ($value =~ /^(\S+)\s+eval:(.*)$/) {
2439 $self->{parser}->add_test ($1, $2, $TYPE_FULL_EVALS);
2440 } else {
2441 my @values = split(/\s+/, $value, 2);
2442 if (@values != 2) {
2443 return $MISSING_REQUIRED_VALUE;
2444 }
2445 $self->{parser}->add_test (@values, $TYPE_FULL_TESTS);
2446 }
2447 }
2448 });
2449
2450=item meta SYMBOLIC_TEST_NAME boolean expression
2451
2452Define a boolean expression test in terms of other tests that have
2453been hit or not hit. For example:
2454
2455meta META1 TEST1 && !(TEST2 || TEST3)
2456
2457Note that English language operators ("and", "or") will be treated as
2458rule names, and that there is no C<XOR> operator.
2459
2460=item meta SYMBOLIC_TEST_NAME boolean arithmetic expression
2461
2462Can also define an arithmetic expression in terms of other tests,
2463with an unhit test having the value "0" and a hit test having a
2464nonzero value. The value of a hit meta test is that of its arithmetic
2465expression. The value of a hit eval test is that returned by its
2466method. The value of a hit header, body, rawbody, uri, or full test
2467which has the "multiple" tflag is the number of times the test hit.
2468The value of any other type of hit test is "1".
2469
2470For example:
2471
2472meta META2 (3 * TEST1 - 2 * TEST2) > 0
2473
2474Note that Perl builtins and functions, like C<abs()>, B<can't> be
2475used, and will be treated as rule names.
2476
2477If you want to define a meta-rule, but do not want its individual sub-rules to
2478count towards the final score unless the entire meta-rule matches, give the
2479sub-rules names that start with '__' (two underscores). SpamAssassin will
2480ignore these for scoring.
2481
2482=cut
2483
2484 push (@cmds, {
2485 setting => 'meta',
2486 is_frequent => 1,
2487 is_priv => 1,
2488 code => sub {
2489 my ($self, $key, $value, $line) = @_;
2490 my @values = split(/\s+/, $value, 2);
2491 if (@values != 2) {
2492 return $MISSING_REQUIRED_VALUE;
2493 }
2494 if ($values[1] =~ /\*\s*\*/) {
2495 info("config: found invalid '**' or '* *' operator in meta command");
2496 return $INVALID_VALUE;
2497 }
2498 $self->{parser}->add_test (@values, $TYPE_META_TESTS);
2499 }
2500 });
2501
2502=item reuse SYMBOLIC_TEST_NAME [ OLD_SYMBOLIC_TEST_NAME_1 ... ]
2503
2504Defines the name of a test that should be "reused" during the scoring
2505process. If a message has an X-Spam-Status header that shows a hit for
2506this rule or any of the old rule names given, a hit will be added for
2507this rule when B<mass-check --reuse> is used. Examples:
2508
2509C<reuse SPF_PASS>
2510
2511C<reuse MY_NET_RULE_V2 MY_NET_RULE_V1>
2512
2513The actual logic for reuse tests is done by
2514B<Mail::SpamAssassin::Plugin::Reuse>.
2515
2516=cut
2517
2518 push (@cmds, {
2519 setting => 'reuse',
2520 is_priv => 1,
2521 code => sub {
2522 my ($self, $key, $value, $line) = @_;
2523 if ($value !~ /\s*(\w+)(?:\s+(?:\w+(?:\s+\w+)*))?\s*$/) {
2524 return $INVALID_VALUE;
2525 }
2526 my $rule_name = $1;
2527 # don't overwrite tests, just define them so scores, priorities work
2528 if (!exists $self->{tests}->{$rule_name}) {
2529 $self->{parser}->add_test($rule_name, undef, $TYPE_EMPTY_TESTS);
2530 }
2531 }
2532 });
2533
2534=item tflags SYMBOLIC_TEST_NAME [ {net|nice|learn|userconf|noautolearn|multiple} ]
2535
2536Used to set flags on a test. These flags are used in the
2537score-determination back end system for details of the test's
2538behaviour. Please see C<bayes_auto_learn> for more information
2539about tflag interaction with those systems. The following flags
2540can be set:
2541
2542=over 4
2543
2544=item net
2545
2546The test is a network test, and will not be run in the mass checking system
2547or if B<-L> is used, therefore its score should not be modified.
2548
2549=item nice
2550
2551The test is intended to compensate for common false positives, and should be
2552assigned a negative score.
2553
2554=item userconf
2555
2556The test requires user configuration before it can be used (like language-
2557specific tests).
2558
2559=item learn
2560
2561The test requires training before it can be used.
2562
2563=item noautolearn
2564
2565The test will explicitly be ignored when calculating the score for
2566learning systems.
2567
2568=item multiple
2569
2570The test will be evaluated multiple times, for use with meta rules.
2571Only affects header, body, rawbody, uri, and full tests.
2572
2573=back
2574
2575=cut
2576
2577 push (@cmds, {
2578 setting => 'tflags',
2579 is_frequent => 1,
2580 is_priv => 1,
2581 type => $CONF_TYPE_HASH_KEY_VALUE,
2582 });
2583
2584=item priority SYMBOLIC_TEST_NAME n
2585
2586Assign a specific priority to a test. All tests, except for DNS and Meta
2587tests, are run in increasing priority value order (negative priority values
2588are run before positive priority values). The default test priority is 0
2589(zero).
2590
2591The values <-99999999999999> and <-99999999999998> have a special meaning
2592internally, and should not be used.
2593
2594=cut
2595
2596 push (@cmds, {
2597 setting => 'priority',
2598 is_priv => 1,
2599 type => $CONF_TYPE_HASH_KEY_VALUE,
2600 });
2601
2602=back
2603
2604=head1 ADMINISTRATOR SETTINGS
2605
2606These settings differ from the ones above, in that they are considered 'more
2607privileged' -- even more than the ones in the B<PRIVILEGED SETTINGS> section.
2608No matter what C<allow_user_rules> is set to, these can never be set from a
2609user's C<user_prefs> file when spamc/spamd is being used. However, all
2610settings can be used by local programs run directly by the user.
2611
2612=over 4
2613
2614=item version_tag string
2615
2616This tag is appended to the SA version in the X-Spam-Status header. You should
2617include it when modify your ruleset, especially if you plan to distribute it.
2618A good choice for I<string> is your last name or your initials followed by a
2619number which you increase with each change.
2620
2621The version_tag will be lowercased, and any non-alphanumeric or period
2622character will be replaced by an underscore.
2623
2624e.g.
2625
2626 version_tag myrules1 # version=2.41-myrules1
2627
2628=cut
2629
2630 push (@cmds, {
2631 setting => 'version_tag',
2632 is_admin => 1,
2633 code => sub {
2634 my ($self, $key, $value, $line) = @_;
2635 if ($value eq '') {
2636 return $MISSING_REQUIRED_VALUE;
2637 }
2638 my $tag = lc($value);
2639 $tag =~ tr/a-z0-9./_/c;
2640 foreach (@Mail::SpamAssassin::EXTRA_VERSION) {
2641 if($_ eq $tag) { $tag = undef; last; }
2642 }
2643 push(@Mail::SpamAssassin::EXTRA_VERSION, $tag) if($tag);
2644 }
2645 });
2646
2647=item test SYMBOLIC_TEST_NAME (ok|fail) Some string to test against
2648
2649Define a regression testing string. You can have more than one regression test
2650string per symbolic test name. Simply specify a string that you wish the test
2651to match.
2652
2653These tests are only run as part of the test suite - they should not affect the
2654general running of SpamAssassin.
2655
2656=cut
2657
2658 push (@cmds, {
2659 setting => 'test',
2660 is_admin => 1,
2661 code => sub {
2662 return unless defined $COLLECT_REGRESSION_TESTS;
2663 my ($self, $key, $value, $line) = @_;
2664 local ($1,$2,$3);
2665 if ($value !~ /^(\S+)\s+(ok|fail)\s+(.*)$/) { return $INVALID_VALUE; }
2666 $self->{parser}->add_regression_test($1, $2, $3);
2667 }
2668 });
2669
2670=item rbl_timeout t [t_min] [zone] (default: 15 3)
2671
2672All DNS queries are made at the beginning of a check and we try to read
2673the results at the end. This value specifies the maximum period of time
2674(in seconds) to wait for a DNS query. If most of the DNS queries have
2675succeeded for a particular message, then SpamAssassin will not wait for
2676the full period to avoid wasting time on unresponsive server(s), but will
2677shrink the timeout according to a percentage of queries already completed.
2678As the number of queries remaining approaches 0, the timeout value will
2679gradually approach a t_min value, which is an optional second parameter
2680and defaults to 0.2 * t. If t is smaller than t_min, the initial timeout
2681is set to t_min. Here is a chart of queries remaining versus the timeout
2682in seconds, for the default 15 second / 3 second timeout setting:
2683
2684 queries left 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
2685 timeout 15 14.9 14.5 13.9 13.1 12.0 10.7 9.1 7.3 5.3 3
2686
2687For example, if 20 queries are made at the beginning of a message check
2688and 16 queries have returned (leaving 20%), the remaining 4 queries should
2689finish within 7.3 seconds since their query started or they will be timed out.
2690Note that timed out queries are only aborted when there is nothing else left
2691for SpamAssassin to do - long evaluation of other rules may grant queries
2692additional time.
2693
2694If a parameter 'zone' is specified (it must end with a letter, which
2695distinguishes it from other numeric parametrs), then the setting only
2696applies to DNS queries against the specified DNS domain (host, domain or
2697RBL (sub)zone). Matching is case-insensitive, the actual domain may be a
2698subdomain of the specified zone.
2699
2700=cut
2701
2702 push (@cmds, {
2703 setting => 'rbl_timeout',
2704 is_admin => 1,
2705 default => 15,
2706 code => sub {
2707 my ($self, $key, $value, $line) = @_;
2708 unless (defined $value && $value !~ /^$/) {
2709 return $MISSING_REQUIRED_VALUE;
2710 }
2711 local ($1,$2,$3);
2712 unless ($value =~ /^ ( [+-]? \d+ (?: \. \d*)? )
2713 (?: \s+ ( [+-]? \d+ (?: \. \d*)? ) )?
2714 (?: \s+ (\S* [a-zA-Z]) )? $/xs) {
2715 return $INVALID_VALUE;
2716 }
2717 my $zone = $3;
2718 if (!defined $zone) { # a global setting
2719 $self->{rbl_timeout} = $1+0;
2720 $self->{rbl_timeout_min} = $2+0 if defined $2;
2721 }
2722 else { # per-zone settings
2723 $zone =~ s/^\.//; $zone =~ s/\.$//; # strip leading and trailing dot
2724 $zone = lc $zone;
2725 $self->{by_zone}{$zone}{rbl_timeout} = $1+0;
2726 $self->{by_zone}{$zone}{rbl_timeout_min} = $2+0 if defined $2;
2727 }
2728 },
2729 type => $CONF_TYPE_NUMERIC,
2730 });
2731
2732=item util_rb_tld tld1 tld2 ...
2733
2734This option allows the addition of new TLDs to the RegistrarBoundaries code.
2735Updates to the list usually happen when new versions of SpamAssassin are
2736released, but sometimes it's necessary to add in new TLDs faster than a
2737release can occur. TLDs include things like com, net, org, etc.
2738
2739=cut
2740
2741 push (@cmds, {
2742 setting => 'util_rb_tld',
2743 is_admin => 1,
2744 code => sub {
2745 my ($self, $key, $value, $line) = @_;
2746 unless (defined $value && $value !~ /^$/) {
2747 return $MISSING_REQUIRED_VALUE;
2748 }
2749 unless ($value =~ /^[a-zA-Z]+(?:\s+[a-zA-Z]+)*$/) {
2750 return $INVALID_VALUE;
2751 }
2752 foreach (split(/\s+/, $value)) {
2753 $Mail::SpamAssassin::Util::RegistrarBoundaries::VALID_TLDS{lc $_} = 1;
2754 }
2755 }
2756 });
2757
2758=item util_rb_2tld 2tld-1.tld 2tld-2.tld ...
2759
2760This option allows the addition of new 2nd-level TLDs (2TLD) to the
2761RegistrarBoundaries code. Updates to the list usually happen when new
2762versions of SpamAssassin are released, but sometimes it's necessary to add in
2763new 2TLDs faster than a release can occur. 2TLDs include things like co.uk,
2764fed.us, etc.
2765
2766=cut
2767
2768 push (@cmds, {
2769 setting => 'util_rb_2tld',
2770 is_admin => 1,
2771 code => sub {
2772 my ($self, $key, $value, $line) = @_;
2773 unless (defined $value && $value !~ /^$/) {
2774 return $MISSING_REQUIRED_VALUE;
2775 }
2776 unless ($value =~ /^[^\s.]+\.[^\s.]+(?:\s+[^\s.]+\.[^\s.]+)*$/) {
2777 return $INVALID_VALUE;
2778 }
2779 foreach (split(/\s+/, $value)) {
2780 $Mail::SpamAssassin::Util::RegistrarBoundaries::TWO_LEVEL_DOMAINS{lc $_} = 1;
2781 }
2782 }
2783 });
2784
2785=item util_rb_3tld 3tld1.some.tld 3tld2.other.tld ...
2786
2787This option allows the addition of new 3rd-level TLDs (3TLD) to the
2788RegistrarBoundaries code. Updates to the list usually happen when new
2789versions of SpamAssassin are released, but sometimes it's necessary to add in
2790new 3TLDs faster than a release can occur. 3TLDs include things like
2791demon.co.uk, plc.co.im, etc.
2792
2793=cut
2794
2795 push (@cmds, {
2796 setting => 'util_rb_3tld',
2797 is_admin => 1,
2798 code => sub {
2799 my ($self, $key, $value, $line) = @_;
2800 unless (defined $value && $value !~ /^$/) {
2801 return $MISSING_REQUIRED_VALUE;
2802 }
2803 unless ($value =~ /^[^\s.]+\.[^\s.]+\.[^\s.]+(?:\s+[^\s.]+\.[^\s.]+)*$/) {
2804 return $INVALID_VALUE;
2805 }
2806 foreach (split(/\s+/, $value)) {
2807 $Mail::SpamAssassin::Util::RegistrarBoundaries::THREE_LEVEL_DOMAINS{lc $_} = 1;
2808 }
2809 }
2810 });
2811
2812=item bayes_path /path/filename (default: ~/.spamassassin/bayes)
2813
2814This is the directory and filename for Bayes databases. Several databases
2815will be created, with this as the base directory and filename, with C<_toks>,
2816C<_seen>, etc. appended to the base. The default setting results in files
2817called C<~/.spamassassin/bayes_seen>, C<~/.spamassassin/bayes_toks>, etc.
2818
2819By default, each user has their own in their C<~/.spamassassin> directory with
2820mode 0700/0600. For system-wide SpamAssassin use, you may want to reduce disk
2821space usage by sharing this across all users. However, Bayes appears to be
2822more effective with individual user databases.
2823
2824=cut
2825
2826 push (@cmds, {
2827 setting => 'bayes_path',
2828 is_admin => 1,
2829 default => '__userstate__/bayes',
2830 type => $CONF_TYPE_STRING,
2831 code => sub {
2832 my ($self, $key, $value, $line) = @_;
2833 unless (defined $value && $value !~ /^$/) {
2834 return $MISSING_REQUIRED_VALUE;
2835 }
2836 if (-d $value) {
2837 return $INVALID_VALUE;
2838 }
2839 $self->{bayes_path} = $value;
2840 }
2841 });
2842
2843=item bayes_file_mode (default: 0700)
2844
2845The file mode bits used for the Bayesian filtering database files.
2846
2847Make sure you specify this using the 'x' mode bits set, as it may also be used
2848to create directories. However, if a file is created, the resulting file will
2849not have any execute bits set (the umask is set to 111). The argument is a
2850string of octal digits, it is converted to a numeric value internally.
2851
2852=cut
2853
2854 push (@cmds, {
2855 setting => 'bayes_file_mode',
2856 is_admin => 1,
2857 default => '0700',
2858 type => $CONF_TYPE_NUMERIC,
2859 code => sub {
2860 my ($self, $key, $value, $line) = @_;
2861 if ($value !~ /^0?\d{3}$/) { return $INVALID_VALUE }
2862 $self->{bayes_file_mode} = untaint_var($value);
2863 }
2864 });
2865
2866=item bayes_store_module Name::Of::BayesStore::Module
2867
2868If this option is set, the module given will be used as an alternate
2869to the default bayes storage mechanism. It must conform to the
2870published storage specification (see
2871Mail::SpamAssassin::BayesStore). For example, set this to
2872Mail::SpamAssassin::BayesStore::SQL to use the generic SQL storage
2873module.
2874
2875=cut
2876
2877 push (@cmds, {
2878 setting => 'bayes_store_module',
2879 is_admin => 1,
2880 default => '',
2881 type => $CONF_TYPE_STRING,
2882 code => sub {
2883 my ($self, $key, $value, $line) = @_;
2884 local ($1);
2885 if ($value !~ /^([_A-Za-z0-9:]+)$/) { return $INVALID_VALUE; }
2886 $self->{bayes_store_module} = $1;
2887 }
2888 });
2889
2890=item bayes_sql_dsn DBI::databasetype:databasename:hostname:port
2891
2892Used for BayesStore::SQL storage implementation.
2893
2894This option give the connect string used to connect to the SQL based Bayes storage.
2895
2896=cut
2897
2898 push (@cmds, {
2899 setting => 'bayes_sql_dsn',
2900 is_admin => 1,
2901 default => '',
2902 type => $CONF_TYPE_STRING,
2903 });
2904
2905=item bayes_sql_username
2906
2907Used by BayesStore::SQL storage implementation.
2908
2909This option gives the username used by the above DSN.
2910
2911=cut
2912
2913 push (@cmds, {
2914 setting => 'bayes_sql_username',
2915 is_admin => 1,
2916 default => '',
2917 type => $CONF_TYPE_STRING,
2918 });
2919
2920=item bayes_sql_password
2921
2922Used by BayesStore::SQL storage implementation.
2923
2924This option gives the password used by the above DSN.
2925
2926=cut
2927
2928 push (@cmds, {
2929 setting => 'bayes_sql_password',
2930 is_admin => 1,
2931 default => '',
2932 type => $CONF_TYPE_STRING,
2933 });
2934
2935=item bayes_sql_username_authorized ( 0 | 1 ) (default: 0)
2936
2937Whether to call the services_authorized_for_username plugin hook in BayesSQL.
2938If the hook does not determine that the user is allowed to use bayes or is
2939invalid then then database will not be initialized.
2940
2941NOTE: By default the user is considered invalid until a plugin returns
2942a true value. If you enable this, but do not have a proper plugin
2943loaded, all users will turn up as invalid.
2944
2945The username passed into the plugin can be affected by the
2946bayes_sql_override_username config option.
2947
2948=cut
2949
2950 push (@cmds, {
2951 setting => 'bayes_sql_username_authorized',
2952 is_admin => 1,
2953 default => 0,
2954 type => $CONF_TYPE_BOOL,
2955 });
2956
2957=item user_scores_dsn DBI:databasetype:databasename:hostname:port
2958
2959If you load user scores from an SQL database, this will set the DSN
2960used to connect. Example: C<DBI:mysql:spamassassin:localhost>
2961
2962If you load user scores from an LDAP directory, this will set the DSN used to
2963connect. You have to write the DSN as an LDAP URL, the components being the
2964host and port to connect to, the base DN for the search, the scope of the
2965search (base, one or sub), the single attribute being the multivalued attribute
2966used to hold the configuration data (space separated pairs of key and value,
2967just as in a file) and finally the filter being the expression used to filter
2968out the wanted username. Note that the filter expression is being used in a
2969sprintf statement with the username as the only parameter, thus is can hold a
2970single __USERNAME__ expression. This will be replaced with the username.
2971
2972Example: C<ldap://localhost:389/dc=koehntopp,dc=de?saconfig?uid=__USERNAME__>
2973
2974=cut
2975
2976 push (@cmds, {
2977 setting => 'user_scores_dsn',
2978 is_admin => 1,
2979 default => '',
2980 type => $CONF_TYPE_STRING,
2981 });
2982
2983=item user_scores_sql_username username
2984
2985The authorized username to connect to the above DSN.
2986
2987=cut
2988
2989 push (@cmds, {
2990 setting => 'user_scores_sql_username',
2991 is_admin => 1,
2992 default => '',
2993 type => $CONF_TYPE_STRING,
2994 });
2995
2996=item user_scores_sql_password password
2997
2998The password for the database username, for the above DSN.
2999
3000=cut
3001
3002 push (@cmds, {
3003 setting => 'user_scores_sql_password',
3004 is_admin => 1,
3005 default => '',
3006 type => $CONF_TYPE_STRING,
3007 });
3008
3009=item user_scores_sql_custom_query query
3010
3011This option gives you the ability to create a custom SQL query to
3012retrieve user scores and preferences. In order to work correctly your
3013query should return two values, the preference name and value, in that
3014order. In addition, there are several "variables" that you can use
3015as part of your query, these variables will be substituted for the
3016current values right before the query is run. The current allowed
3017variables are:
3018
3019=over 4
3020
3021=item _TABLE_
3022
3023The name of the table where user scores and preferences are stored. Currently
3024hardcoded to userpref, to change this value you need to create a new custom
3025query with the new table name.
3026
3027=item _USERNAME_
3028
3029The current user's username.
3030
3031=item _MAILBOX_
3032
3033The portion before the @ as derived from the current user's username.
3034
3035=item _DOMAIN_
3036
3037The portion after the @ as derived from the current user's username, this
3038value may be null.
3039
3040=back
3041
3042The query must be one continuous line in order to parse correctly.
3043
3044Here are several example queries, please note that these are broken up
3045for easy reading, in your config it should be one continuous line.
3046
3047=over 4
3048
3049=item Current default query:
3050
3051C<SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '@GLOBAL' ORDER BY username ASC>
3052
3053=item Use global and then domain level defaults:
3054
3055C<SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '@GLOBAL' OR username = '@~'||_DOMAIN_ ORDER BY username ASC>
3056
3057=item Maybe global prefs should override user prefs:
3058
3059C<SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '@GLOBAL' ORDER BY username DESC>
3060
3061=back
3062
3063=cut
3064
3065 push (@cmds, {
3066 setting => 'user_scores_sql_custom_query',
3067 is_admin => 1,
3068 default => undef,
3069 type => $CONF_TYPE_STRING,
3070 });
3071
3072=item user_scores_ldap_username
3073
3074This is the Bind DN used to connect to the LDAP server. It defaults
3075to the empty string (""), allowing anonymous binding to work.
3076
3077Example: C<cn=master,dc=koehntopp,dc=de>
3078
3079=cut
3080
3081 push (@cmds, {
3082 setting => 'user_scores_ldap_username',
3083 is_admin => 1,
3084 default => '',
3085 type => $CONF_TYPE_STRING,
3086 });
3087
3088=item user_scores_ldap_password
3089
3090This is the password used to connect to the LDAP server. It defaults
3091to the empty string ("").
3092
3093=cut
3094
3095 push (@cmds, {
3096 setting => 'user_scores_ldap_password',
3097 is_admin => 1,
3098 default => '',
3099 type => $CONF_TYPE_STRING,
3100 });
3101
3102=item loadplugin PluginModuleName [/path/module.pm]
3103
3104Load a SpamAssassin plugin module. The C<PluginModuleName> is the perl module
3105name, used to create the plugin object itself.
3106
3107C</path/to/module.pm> is the file to load, containing the module's perl code;
3108if it's specified as a relative path, it's considered to be relative to the
3109current configuration file. If it is omitted, the module will be loaded
3110using perl's search path (the C<@INC> array).
3111
3112See C<Mail::SpamAssassin::Plugin> for more details on writing plugins.
3113
3114=cut
3115
3116 push (@cmds, {
3117 setting => 'loadplugin',
3118 is_admin => 1,
3119 code => sub {
3120 my ($self, $key, $value, $line) = @_;
3121 if ($value eq '') {
3122 return $MISSING_REQUIRED_VALUE;
3123 }
3124 my ($package, $path);
3125 local ($1,$2);
3126 if ($value =~ /^(\S+)\s+(\S+)$/) {
3127 ($package, $path) = ($1, $2);
3128 } elsif ($value =~ /^\S+$/) {
3129 ($package, $path) = ($value, undef);
3130 } else {
3131 return $INVALID_VALUE;
3132 }
3133 # is blindly untainting safe? it is no worse than before
3134 $_ = untaint_var($_) for ($package,$path);
3135 $self->load_plugin ($package, $path);
3136 }
3137 });
3138
3139=item tryplugin PluginModuleName [/path/module.pm]
3140
3141Same as C<loadplugin>, but silently ignored if the .pm file cannot be found in
3142the filesystem.
3143
3144=cut
3145
3146 push (@cmds, {
3147 setting => 'tryplugin',
3148 is_admin => 1,
3149 code => sub {
3150 my ($self, $key, $value, $line) = @_;
3151 if ($value eq '') {
3152 return $MISSING_REQUIRED_VALUE;
3153 }
3154 my ($package, $path);
3155 local ($1,$2);
3156 if ($value =~ /^(\S+)\s+(\S+)$/) {
3157 ($package, $path) = ($1, $2);
3158 } elsif ($value =~ /^\S+$/) {
3159 ($package, $path) = ($value, undef);
3160 } else {
3161 return $INVALID_VALUE;
3162 }
3163 # is blindly untainting safe? it is no worse than before
3164 $_ = untaint_var($_) for ($package,$path);
3165 $self->load_plugin ($package, $path, 1);
3166 }
3167 });
3168
3169=item ignore_always_matching_regexps (Default: 0)
3170
3171Ignore any rule which contains a regexp which always matches.
3172Currently only catches regexps which contain '||', or which begin or
3173end with a '|'. Also ignore rules with C<some> combinatorial explosions.
3174
3175=cut
3176
3177 push (@cmds, {
3178 setting => 'ignore_always_matching_regexps',
3179 is_admin => 1,
3180 default => 0,
3181 type => $CONF_TYPE_BOOL,
3182 });
3183
3184=back
3185
3186=head1 PREPROCESSING OPTIONS
3187
3188=over 4
3189
3190=item include filename
3191
3192Include configuration lines from C<filename>. Relative paths are considered
3193relative to the current configuration file or user preferences file.
3194
3195=item if (boolean perl expression)
3196
3197Used to support conditional interpretation of the configuration
3198file. Lines between this and a corresponding C<else> or C<endif> line
3199will be ignored unless the expression evaluates as true
3200(in the perl sense; that is, defined and non-0 and non-empty string).
3201
3202The conditional accepts a limited subset of perl for security -- just enough to
3203perform basic arithmetic comparisons. The following input is accepted:
3204
3205=over 4
3206
3207=item numbers, whitespace, arithmetic operations and grouping
3208
3209Namely these characters and ranges:
3210
3211 ( ) - + * / _ . , < = > ! ~ 0-9 whitespace
3212
3213=item version
3214
3215This will be replaced with the version number of the currently-running
3216SpamAssassin engine. Note: The version used is in the internal SpamAssassin
3217version format which is C<x.yyyzzz>, where x is major version, y is minor
3218version, and z is maintenance version. So 3.0.0 is C<3.000000>, and 3.4.80 is
3219C<3.004080>.
3220
3221=item plugin(Name::Of::Plugin)
3222
3223This is a function call that returns C<1> if the plugin named
3224C<Name::Of::Plugin> is loaded, or C<undef> otherwise.
3225
3226=item can(Name::Of::Package::function_name)
3227
3228This is a function call that returns C<1> if the perl package named
3229C<Name::Of::Package> includes a function called C<function_name>, or C<undef>
3230otherwise. Note that packages can be SpamAssassin plugins or built-in classes,
3231there's no difference in this respect.
3232
3233=back
3234
3235If the end of a configuration file is reached while still inside a
3236C<if> scope, a warning will be issued, but parsing will restart on
3237the next file.
3238
3239For example:
3240
3241 if (version > 3.000000)
3242 header MY_FOO ...
3243 endif
3244
3245 loadplugin MyPlugin plugintest.pm
3246
3247 if plugin (MyPlugin)
3248 header MY_PLUGIN_FOO eval:check_for_foo()
3249 score MY_PLUGIN_FOO 0.1
3250 endif
3251
3252=item ifplugin PluginModuleName
3253
3254An alias for C<if plugin(PluginModuleName)>.
3255
3256=item else
3257
3258Used to support conditional interpretation of the configuration
3259file. Lines between this and a corresponding C<endif> line,
3260will be ignored unless the conditional expression evaluates as false
3261(in the perl sense; that is, not defined and not 0 and non-empty string).
3262
3263=item require_version n.nnnnnn
3264
3265Indicates that the entire file, from this line on, requires a certain
3266version of SpamAssassin to run. If a different (older or newer) version
3267of SpamAssassin tries to read the configuration from this file, it will
3268output a warning instead, and ignore it.
3269
3270Note: The version used is in the internal SpamAssassin version format which is
3271C<x.yyyzzz>, where x is major version, y is minor version, and z is maintenance
3272version. So 3.0.0 is C<3.000000>, and 3.4.80 is C<3.004080>.
3273
3274=cut
3275
3276 push (@cmds, {
3277 setting => 'require_version',
3278 type => $CONF_TYPE_STRING,
3279 code => sub {
3280 }
3281 });
3282
3283=back
3284
3285=head1 TEMPLATE TAGS
3286
3287The following C<tags> can be used as placeholders in certain options.
3288They will be replaced by the corresponding value when they are used.
3289
3290Some tags can take an argument (in parentheses). The argument is
3291optional, and the default is shown below.
3292
3293 _YESNO_ "Yes" for spam, "No" for nonspam (=ham)
3294 _YESNO(spam_str,ham_str)_ returns the first argument ("Yes" if missing)
3295 for spam, and the second argument ("No" if missing) for ham
3296 _YESNOCAPS_ "YES" for spam, "NO" for nonspam (=ham)
3297 _YESNOCAPS(spam_str,ham_str)_ same as _YESNO(...)_, but uppercased
3298 _SCORE(PAD)_ message score, if PAD is included and is either spaces or
3299 zeroes, then pad scores with that many spaces or zeroes
3300 (default, none) ie: _SCORE(0)_ makes 2.4 become 02.4,
3301 _SCORE(00)_ is 002.4. 12.3 would be 12.3 and 012.3
3302 respectively.
3303 _REQD_ message threshold
3304 _VERSION_ version (eg. 3.0.0 or 3.1.0-r26142-foo1)
3305 _SUBVERSION_ sub-version/code revision date (eg. 2004-01-10)
3306 _HOSTNAME_ hostname of the machine the mail was processed on
3307 _REMOTEHOSTNAME_ hostname of the machine the mail was sent from, only
3308 available with spamd
3309 _REMOTEHOSTADDR_ ip address of the machine the mail was sent from, only
3310 available with spamd
3311 _BAYES_ bayes score
3312 _TOKENSUMMARY_ number of new, neutral, spammy, and hammy tokens found
3313 _BAYESTC_ number of new tokens found
3314 _BAYESTCLEARNED_ number of seen tokens found
3315 _BAYESTCSPAMMY_ number of spammy tokens found
3316 _BAYESTCHAMMY_ number of hammy tokens found
3317 _HAMMYTOKENS(N)_ the N most significant hammy tokens (default, 5)
3318 _SPAMMYTOKENS(N)_ the N most significant spammy tokens (default, 5)
3319 _DATE_ rfc-2822 date of scan
3320 _STARS(*)_ one "*" (use any character) for each full score point
3321 (note: limited to 50 'stars')
3322 _RELAYSTRUSTED_ relays used and deemed to be trusted (see the
3323 'X-Spam-Relays-Trusted' pseudo-header)
3324 _RELAYSUNTRUSTED_ relays used that can not be trusted (see the
3325 'X-Spam-Relays-Untrusted' pseudo-header)
3326 _RELAYSINTERNAL_ relays used and deemed to be internal (see the
3327 'X-Spam-Relays-Internal' pseudo-header)
3328 _RELAYSEXTERNAL_ relays used and deemed to be external (see the
3329 'X-Spam-Relays-External' pseudo-header)
3330 _LASTEXTERNALIP_ IP address of client in the external-to-internal
3331 SMTP handover
3332 _LASTEXTERNALRDNS_ reverse-DNS of client in the external-to-internal
3333 SMTP handover
3334 _LASTEXTERNALHELO_ HELO string used by client in the external-to-internal
3335 SMTP handover
3336 _AUTOLEARN_ autolearn status ("ham", "no", "spam", "disabled",
3337 "failed", "unavailable")
3338 _AUTOLEARNSCORE_ portion of message score used by autolearn
3339 _TESTS(,)_ tests hit separated by "," (or other separator)
3340 _TESTSSCORES(,)_ as above, except with scores appended (eg. AWL=-3.0,...)
3341 _SUBTESTS(,)_ subtests (start with "__") hit separated by ","
3342 (or other separator)
3343 _DCCB_ DCC's "Brand"
3344 _DCCR_ DCC's results
3345 _PYZOR_ Pyzor results
3346 _RBL_ full results for positive RBL queries in DNS URI format
3347 _LANGUAGES_ possible languages of mail
3348 _PREVIEW_ content preview
3349 _REPORT_ terse report of tests hit (for header reports)
3350 _SUMMARY_ summary of tests hit for standard report (for body reports)
3351 _CONTACTADDRESS_ contents of the 'report_contact' setting
3352 _HEADER(NAME)_ includes the value of a message header. value is the same
3353 as is found for header rules (see elsewhere in this doc)
3354 _TIMING_ timing breakdown report
3355 _ADDEDHEADERHAM_ resulting header fields as requested by add_header for spam
3356 _ADDEDHEADERSPAM_ resulting header fields as requested by add_header for ham
3357 _ADDEDHEADER_ same as ADDEDHEADERHAM for ham or ADDEDHEADERSPAM for spam
3358
3359If a tag reference uses the name of a tag which is not in this list or defined
3360by a loaded plugin, the reference will be left intact and not replaced by any
3361value.
3362
3363The C<HAMMYTOKENS> and C<SPAMMYTOKENS> tags have an optional second argument
3364which specifies a format. See the B<HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT>
3365section, below, for details.
3366
3367=head2 HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
3368
3369The C<HAMMYTOKENS> and C<SPAMMYTOKENS> tags have an optional second argument
3370which specifies a format: C<_SPAMMYTOKENS(N,FMT)_>, C<_HAMMYTOKENS(N,FMT)_>
3371The following formats are available:
3372
3373=over 4
3374
3375=item short
3376
3377Only the tokens themselves are listed.
3378I<For example, preference file entry:>
3379
3380C<add_header all Spammy _SPAMMYTOKENS(2,short)_>
3381
3382I<Results in message header:>
3383
3384C<X-Spam-Spammy: remove.php, UD:jpg>
3385
3386Indicating that the top two spammy tokens found are C<remove.php>
3387and C<UD:jpg>. (The token itself follows the last colon, the
3388text before the colon indicates something about the token.
3389C<UD> means the token looks like it might be part of a domain name.)
3390
3391=item compact
3392
3393The token probability, an abbreviated declassification distance (see
3394example), and the token are listed.
3395I<For example, preference file entry:>
3396
3397C<add_header all Spammy _SPAMMYTOKENS(2,compact)_>
3398
3399I<Results in message header:>
3400
3401C<0.989-6--remove.php, 0.988-+--UD:jpg>
3402
3403Indicating that the probabilities of the top two tokens are 0.989 and
34040.988, respectively. The first token has a declassification distance
3405of 6, meaning that if the token had appeared in at least 6 more ham
3406messages it would not be considered spammy. The C<+> for the second
3407token indicates a declassification distance greater than 9.
3408
3409=item long
3410
3411Probability, declassification distance, number of times seen in a ham
3412message, number of times seen in a spam message, age and the token are
3413listed.
3414
3415I<For example, preference file entry:>
3416
3417C<add_header all Spammy _SPAMMYTOKENS(2,long)_>
3418
3419I<Results in message header:>
3420
3421C<X-Spam-Spammy: 0.989-6--0h-4s--4d--remove.php, 0.988-33--2h-25s--1d--UD:jpg>
3422
3423In addition to the information provided by the compact option,
3424the long option shows that the first token appeared in zero
3425ham messages and four spam messages, and that it was last
3426seen four days ago. The second token appeared in two ham messages,
342725 spam messages and was last seen one day ago.
3428(Unlike the C<compact> option, the long option shows declassification
3429distances that are greater than 9.)
3430
3431=back
3432
3433=cut
3434
3435 return \@cmds;
3436}
3437
3438###########################################################################
3439
3440# settings that were once part of core, but are now in (possibly-optional)
3441# bundled plugins. These will be warned about, but do not generate a fatal
3442# error when "spamassassin --lint" is run like a normal syntax error would.
3443
3444@MIGRATED_SETTINGS = qw{
3445 ok_languages
3446};
3447
3448###########################################################################
3449
3450sub new {
3451 my $class = shift;
3452 $class = ref($class) || $class;
3453 my $self = {
3454 main => shift,
3455 registered_commands => [],
3456 }; bless ($self, $class);
3457
3458 $self->{parser} = Mail::SpamAssassin::Conf::Parser->new($self);
3459 $self->{parser}->register_commands($self->set_default_commands());
3460
3461 $self->{errors} = 0;
3462 $self->{plugins_loaded} = { };
3463
3464 $self->{tests} = { };
3465 $self->{test_types} = { };
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes: