1Mail::SpamAssassin::ConUfs(e3r)Contributed Perl DocumentMaatiilo:n:SpamAssassin::Conf(3)
2
3
4

NAME

6       Mail::SpamAssassin::Conf - SpamAssassin configuration file
7

SYNOPSIS

9         # a comment
10
11         rewrite_header Subject          *****SPAM*****
12
13         full PARA_A_2_C_OF_1618         /Paragraph .a.{0,10}2.{0,10}C. of S. 1618/i
14         describe PARA_A_2_C_OF_1618     Claims compliance with senate bill 1618
15
16         header FROM_HAS_MIXED_NUMS      From =~ /\d+[a-z]+\d+\S*@/i
17         describe FROM_HAS_MIXED_NUMS    From: contains numbers mixed in with letters
18
19         score A_HREF_TO_REMOVE          2.0
20
21         lang es describe FROM_FORGED_HOTMAIL Forzado From: simula ser de hotmail.com
22
23         lang pt_BR report O programa detetor de Spam ZOE [...]
24

DESCRIPTION

26       SpamAssassin is configured using traditional UNIX-style configuration
27       files, loaded from the "/usr/share/spamassassin" and
28       "/etc/mail/spamassassin" directories.
29
30       The following web page lists the most important configuration settings
31       used to configure SpamAssassin; novices are encouraged to read it
32       first:
33
34         http://wiki.apache.org/spamassassin/ImportantInitialConfigItems
35

FILE FORMAT

37       The "#" character starts a comment, which continues until end of line.
38       NOTE: if the "#" character is to be used as part of a rule or
39       configuration option, it must be escaped with a backslash.  i.e.: "\#"
40
41       Whitespace in the files is not significant, but please note that
42       starting a line with whitespace is deprecated, as we reserve its use
43       for multi-line rule definitions, at some point in the future.
44
45       Currently, each rule or configuration setting must fit on one-line;
46       multi-line settings are not supported yet.
47
48       File and directory paths can use "~" to refer to the user's home
49       directory, but no other shell-style path extensions such as globing or
50       "~user/" are supported.
51
52       Where appropriate below, default values are listed in parentheses.
53

USER PREFERENCES

55       The following options can be used in both site-wide ("local.cf") and
56       user-specific ("user_prefs") configuration files to customize how
57       SpamAssassin handles incoming email messages.
58
59   SCORING OPTIONS
60       required_score n.nn (default: 5)
61           Set the score required before a mail is considered spam.  "n.nn"
62           can be an integer or a real number.  5.0 is the default setting,
63           and is quite aggressive; it would be suitable for a single-user
64           setup, but if you're an ISP installing SpamAssassin, you should
65           probably set the default to be more conservative, like 8.0 or 10.0.
66           It is not recommended to automatically delete or discard messages
67           marked as spam, as your users will complain, but if you choose to
68           do so, only delete messages with an exceptionally high score such
69           as 15.0 or higher. This option was previously known as
70           "required_hits" and that name is still accepted, but is deprecated.
71
72       score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]
73           Assign scores (the number of points for a hit) to a given test.
74           Scores can be positive or negative real numbers or integers.
75           "SYMBOLIC_TEST_NAME" is the symbolic name used by SpamAssassin for
76           that test; for example, 'FROM_ENDS_IN_NUMS'.
77
78           If only one valid score is listed, then that score is always used
79           for a test.
80
81           If four valid scores are listed, then the score that is used
82           depends on how SpamAssassin is being used. The first score is used
83           when both Bayes and network tests are disabled (score set 0). The
84           second score is used when Bayes is disabled, but network tests are
85           enabled (score set 1). The third score is used when Bayes is
86           enabled and network tests are disabled (score set 2). The fourth
87           score is used when Bayes is enabled and network tests are enabled
88           (score set 3).
89
90           Setting a rule's score to 0 will disable that rule from running.
91
92           If any of the score values are surrounded by parenthesis '()', then
93           all of the scores in the line are considered to be relative to the
94           already set score.  ie: '(3)' means increase the score for this
95           rule by 3 points in all score sets.  '(3) (0) (3) (0)' means
96           increase the score for this rule by 3 in score sets 0 and 2 only.
97
98           If no score is given for a test by the end of the configuration, a
99           default score is assigned: a score of 1.0 is used for all tests,
100           except those whose names begin with 'T_' (this is used to indicate
101           a rule in testing) which receive 0.01.
102
103           Note that test names which begin with '__' are indirect rules used
104           to compose meta-match rules and can also act as prerequisites to
105           other rules.  They are not scored or listed in the 'tests hit'
106           reports, but assigning a score of 0 to an indirect rule will
107           disable it from running.
108
109   WHITELIST AND BLACKLIST OPTIONS
110       whitelist_from add@ress.com
111           Used to whitelist sender addresses which send mail that is often
112           tagged (incorrectly) as spam.
113
114           Use of this setting is not recommended, since it blindly trusts the
115           message, which is routinely and easily forged by spammers and phish
116           senders. The recommended solution is to instead use
117           "whitelist_auth" or other authenticated whitelisting methods, or
118           "whitelist_from_rcvd".
119
120           Whitelist and blacklist addresses are now file-glob-style patterns,
121           so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
122           work.  Specifically, "*" and "?" are allowed, but all other
123           metacharacters are not.  Regular expressions are not used for
124           security reasons.
125
126           Multiple addresses per line, separated by spaces, is OK.  Multiple
127           "whitelist_from" lines is also OK.
128
129           The headers checked for whitelist addresses are as follows: if
130           "Resent-From" is set, use that; otherwise check all addresses taken
131           from the following set of headers:
132
133                   Envelope-Sender
134                   Resent-Sender
135                   X-Envelope-From
136                   From
137
138           In addition, the "envelope sender" data, taken from the SMTP
139           envelope data where this is available, is looked up.  See
140           "envelope_sender_header".
141
142           e.g.
143
144             whitelist_from joe@example.com fred@example.com
145             whitelist_from *@example.com
146
147       unwhitelist_from add@ress.com
148           Used to override a default whitelist_from entry, so for example a
149           distribution whitelist_from can be overridden in a local.cf file,
150           or an individual user can override a whitelist_from entry in their
151           own "user_prefs" file.  The specified email address has to match
152           exactly the address previously used in a whitelist_from line.
153
154           e.g.
155
156             unwhitelist_from joe@example.com fred@example.com
157             unwhitelist_from *@example.com
158
159       whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
160           Works similarly to whitelist_from, except that in addition to
161           matching a sender address, a relay's rDNS name must match too for
162           the whitelisting rule to fire. The first parameter is an address to
163           whitelist, and the second is a string to match the relay's rDNS.
164
165           This string is matched against the reverse DNS lookup used during
166           the handover from the internet to your internal network's mail
167           exchangers.  It can either be the full hostname, or the domain
168           component of that hostname.  In other words, if the host that
169           connected to your MX had an IP address that mapped to
170           'sendinghost.spamassassin.org', you should specify
171           "sendinghost.spamassassin.org" or just "spamassassin.org" here.
172
173           Note that this requires that "internal_networks" be correct.  For
174           simple cases, it will be, but for a complex network you may get
175           better results by setting that parameter.
176
177           It also requires that your mail exchangers be configured to perform
178           DNS reverse lookups on the connecting host's IP address, and to
179           record the result in the generated Received: header.
180
181           e.g.
182
183             whitelist_from_rcvd joe@example.com  example.com
184             whitelist_from_rcvd *@axkit.org      sergeant.org
185
186       def_whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
187           Same as "whitelist_from_rcvd", but used for the default whitelist
188           entries in the SpamAssassin distribution.  The whitelist score is
189           lower, because these are often targets for spammer spoofing.
190
191       whitelist_allows_relays add@ress.com
192           Specify addresses which are in "whitelist_from_rcvd" that sometimes
193           send through a mail relay other than the listed ones. By default
194           mail with a From address that is in "whitelist_from_rcvd" that does
195           not match the relay will trigger a forgery rule. Including the
196           address in "whitelist_allows_relay" prevents that.
197
198           Whitelist and blacklist addresses are now file-glob-style patterns,
199           so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
200           work.  Specifically, "*" and "?" are allowed, but all other
201           metacharacters are not.  Regular expressions are not used for
202           security reasons.
203
204           Multiple addresses per line, separated by spaces, is OK.  Multiple
205           "whitelist_allows_relays" lines is also OK.
206
207           The specified email address does not have to match exactly the
208           address previously used in a whitelist_from_rcvd line as it is
209           compared to the address in the header.
210
211           e.g.
212
213             whitelist_allows_relays joe@example.com fred@example.com
214             whitelist_allows_relays *@example.com
215
216       unwhitelist_from_rcvd add@ress.com
217           Used to override a default whitelist_from_rcvd entry, so for
218           example a distribution whitelist_from_rcvd can be overridden in a
219           local.cf file, or an individual user can override a
220           whitelist_from_rcvd entry in their own "user_prefs" file.
221
222           The specified email address has to match exactly the address
223           previously used in a whitelist_from_rcvd line.
224
225           e.g.
226
227             unwhitelist_from_rcvd joe@example.com fred@example.com
228             unwhitelist_from_rcvd *@axkit.org
229
230       blacklist_from add@ress.com
231           Used to specify addresses which send mail that is often tagged
232           (incorrectly) as non-spam, but which the user doesn't want.  Same
233           format as "whitelist_from".
234
235       unblacklist_from add@ress.com
236           Used to override a default blacklist_from entry, so for example a
237           distribution blacklist_from can be overridden in a local.cf file,
238           or an individual user can override a blacklist_from entry in their
239           own "user_prefs" file. The specified email address has to match
240           exactly the address previously used in a blacklist_from line.
241
242           e.g.
243
244             unblacklist_from joe@example.com fred@example.com
245             unblacklist_from *@spammer.com
246
247       whitelist_to add@ress.com
248           If the given address appears as a recipient in the message headers
249           (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
250           be whitelisted.  Useful if you're deploying SpamAssassin system-
251           wide, and don't want some users to have their mail filtered.  Same
252           format as "whitelist_from".
253
254           There are three levels of To-whitelisting, "whitelist_to",
255           "more_spam_to" and "all_spam_to".  Users in the first level may
256           still get some spammish mails blocked, but users in "all_spam_to"
257           should never get mail blocked.
258
259           The headers checked for whitelist addresses are as follows: if
260           "Resent-To" or "Resent-Cc" are set, use those; otherwise check all
261           addresses taken from the following set of headers:
262
263                   To
264                   Cc
265                   Apparently-To
266                   Delivered-To
267                   Envelope-Recipients
268                   Apparently-Resent-To
269                   X-Envelope-To
270                   Envelope-To
271                   X-Delivered-To
272                   X-Original-To
273                   X-Rcpt-To
274                   X-Real-To
275
276       more_spam_to add@ress.com
277           See above.
278
279       all_spam_to add@ress.com
280           See above.
281
282       blacklist_to add@ress.com
283           If the given address appears as a recipient in the message headers
284           (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
285           be blacklisted.  Same format as "blacklist_from".
286
287       whitelist_auth add@ress.com
288           Used to specify addresses which send mail that is often tagged
289           (incorrectly) as spam.  This is different from "whitelist_from" and
290           "whitelist_from_rcvd" in that it first verifies that the message
291           was sent by an authorized sender for the address, before
292           whitelisting.
293
294           Authorization is performed using one of the installed sender-
295           authorization schemes: SPF (using
296           "Mail::SpamAssassin::Plugin::SPF"), or DKIM (using
297           "Mail::SpamAssassin::Plugin::DKIM").  Note that those plugins must
298           be active, and working, for this to operate.
299
300           Using "whitelist_auth" is roughly equivalent to specifying
301           duplicate "whitelist_from_spf", "whitelist_from_dk", and
302           "whitelist_from_dkim" lines for each of the addresses specified.
303
304           e.g.
305
306             whitelist_auth joe@example.com fred@example.com
307             whitelist_auth *@example.com
308
309       def_whitelist_auth add@ress.com
310           Same as "whitelist_auth", but used for the default whitelist
311           entries in the SpamAssassin distribution.  The whitelist score is
312           lower, because these are often targets for spammer spoofing.
313
314       unwhitelist_auth add@ress.com
315           Used to override a "whitelist_auth" entry. The specified email
316           address has to match exactly the address previously used in a
317           "whitelist_auth" line.
318
319           e.g.
320
321             unwhitelist_auth joe@example.com fred@example.com
322             unwhitelist_auth *@example.com
323
324   BASIC MESSAGE TAGGING OPTIONS
325       rewrite_header { subject | from | to } STRING
326           By default, suspected spam messages will not have the "Subject",
327           "From" or "To" lines tagged to indicate spam. By setting this
328           option, the header will be tagged with "STRING" to indicate that a
329           message is spam. For the From or To headers, this will take the
330           form of an RFC 2822 comment following the address in parantheses.
331           For the Subject header, this will be prepended to the original
332           subject. Note that you should only use the _REQD_ and _SCORE_ tags
333           when rewriting the Subject header if "report_safe" is 0. Otherwise,
334           you may not be able to remove the SpamAssassin markup via the
335           normal methods.  More information about tags is explained below in
336           the TEMPLATE TAGS section.
337
338           Parentheses are not permitted in STRING if rewriting the From or To
339           headers.  (They will be converted to square brackets.)
340
341           If "rewrite_header subject" is used, but the message being
342           rewritten does not already contain a "Subject" header, one will be
343           created.
344
345           A null value for "STRING" will remove any existing rewrite for the
346           specified header.
347
348       add_header { spam | ham | all } header_name string
349           Customized headers can be added to the specified type of messages
350           (spam, ham, or "all" to add to either).  All headers begin with
351           "X-Spam-" (so a "header_name" Foo will generate a header called
352           X-Spam-Foo).  header_name is restricted to the character set
353           [A-Za-z0-9_-].
354
355           The order of "add_header" configuration options is preserved,
356           inserted headers will follow this order of declarations. When
357           combining "add_header" with "clear_headers" and "remove_header",
358           keep in mind that "add_header" appends a new header to the current
359           list, after first removing any existing header fields of the same
360           name. Note also that "add_header", "clear_headers" and
361           "remove_header" may appear in multiple .cf files, which are
362           interpreted in alphabetic order.
363
364           "string" can contain tags as explained below in the TEMPLATE TAGS
365           section.  You can also use "\n" and "\t" in the header to add
366           newlines and tabulators as desired.  A backslash has to be written
367           as \\, any other escaped chars will be silently removed.
368
369           All headers will be folded if fold_headers is set to 1. Note:
370           Manually adding newlines via "\n" disables any further automatic
371           wrapping (ie: long header lines are possible). The lines will still
372           be properly folded (marked as continuing) though.
373
374           You can customize existing headers with add_header (only the
375           specified subset of messages will be changed).
376
377           See also "clear_headers" and "remove_header" for removing headers.
378
379           Here are some examples (these are the defaults, note that Checker-
380           Version can not be changed or removed):
381
382             add_header spam Flag _YESNOCAPS_
383             add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
384             add_header all Level _STARS(*)_
385             add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
386
387       remove_header { spam | ham | all } header_name
388           Headers can be removed from the specified type of messages (spam,
389           ham, or "all" to remove from either).  All headers begin with
390           "X-Spam-" (so "header_name" will be appended to "X-Spam-").
391
392           See also "clear_headers" for removing all the headers at once.
393
394           Note that X-Spam-Checker-Version is not removable because the
395           version information is needed by mail administrators and developers
396           to debug problems.  Without at least one header, it might not even
397           be possible to determine that SpamAssassin is running.
398
399       clear_headers
400           Clear the list of headers to be added to messages.  You may use
401           this before any add_header options to prevent the default headers
402           from being added to the message.
403
404           "add_header", "clear_headers" and "remove_header" may appear in
405           multiple .cf files, which are interpreted in alphabetic order, so
406           "clear_headers" in a later file will remove all added headers from
407           previously interpreted configuration files, which may or may not be
408           desired.
409
410           Note that X-Spam-Checker-Version is not removable because the
411           version information is needed by mail administrators and developers
412           to debug problems.  Without at least one header, it might not even
413           be possible to determine that SpamAssassin is running.
414
415       report_safe ( 0 | 1 | 2 )     (default: 1)
416           if this option is set to 1, if an incoming message is tagged as
417           spam, instead of modifying the original message, SpamAssassin will
418           create a new report message and attach the original message as a
419           message/rfc822 MIME part (ensuring the original message is
420           completely preserved, not easily opened, and easier to recover).
421
422           If this option is set to 2, then original messages will be attached
423           with a content type of text/plain instead of message/rfc822.  This
424           setting may be required for safety reasons on certain broken mail
425           clients that automatically load attachments without any action by
426           the user.  This setting may also make it somewhat more difficult to
427           extract or view the original message.
428
429           If this option is set to 0, incoming spam is only modified by
430           adding some "X-Spam-" headers and no changes will be made to the
431           body.  In addition, a header named X-Spam-Report will be added to
432           spam.  You can use the remove_header option to remove that header
433           after setting report_safe to 0.
434
435           See report_safe_copy_headers if you want to copy headers from the
436           original mail into tagged messages.
437
438   LANGUAGE OPTIONS
439       ok_locales xx [ yy zz ... ]        (default: all)
440           This option is used to specify which locales are considered OK for
441           incoming mail.  Mail using the character sets that are allowed by
442           this option will not be marked as possibly being spam in a foreign
443           language.
444
445           If you receive lots of spam in foreign languages, and never get any
446           non-spam in these languages, this may help.  Note that all
447           ISO-8859-* character sets, and Windows code page character sets,
448           are always permitted by default.
449
450           Set this to "all" to allow all character sets.  This is the
451           default.
452
453           The rules "CHARSET_FARAWAY", "CHARSET_FARAWAY_BODY", and
454           "CHARSET_FARAWAY_HEADERS" are triggered based on how this is set.
455
456           Examples:
457
458             ok_locales all         (allow all locales)
459             ok_locales en          (only allow English)
460             ok_locales en ja zh    (allow English, Japanese, and Chinese)
461
462           Note: if there are multiple ok_locales lines, only the last one is
463           used.
464
465           Select the locales to allow from the list below:
466
467           en   - Western character sets in general
468           ja   - Japanese character sets
469           ko   - Korean character sets
470           ru   - Cyrillic character sets
471           th   - Thai character sets
472           zh   - Chinese (both simplified and traditional) character sets
473       normalize_charset ( 0 | 1)        (default: 0)
474           Whether to detect character sets and normalize message content to
475           Unicode.  Requires the Encode::Detect module, HTML::Parser version
476           3.46 or later, and Perl 5.8.5 or later.
477
478   NETWORK TEST OPTIONS
479       trusted_networks ip.add.re.ss[/mask] ...   (default: none)
480           What networks or hosts are 'trusted' in your setup.  Trusted in
481           this case means that relay hosts on these networks are considered
482           to not be potentially operated by spammers, open relays, or open
483           proxies.  A trusted host could conceivably relay spam, but will not
484           originate it, and will not forge header data. DNS blacklist checks
485           will never query for hosts on these networks.
486
487           See "http://wiki.apache.org/spamassassin/TrustPath" for more
488           information.
489
490           MXes for your domain(s) and internal relays should also be
491           specified using the "internal_networks" setting. When there are
492           'trusted' hosts that are not MXes or internal relays for your
493           domain(s) they should only be specified in "trusted_networks".
494
495           If a "/mask" is specified, it's considered a CIDR-style 'netmask',
496           specified in bits.  If it is not specified, but less than 4 octets
497           are specified with a trailing dot, that's considered a mask to
498           allow all addresses in the remaining octets.  If a mask is not
499           specified, and there is not trailing dot, then just the single IP
500           address specified is used, as if the mask was "/32".
501
502           If a network or host address is prefaced by a "!" the network or
503           host will be excluded (or included) in a first listed match
504           fashion.
505
506           Note: 127/8 and ::1 are always included in trusted_networks,
507           regardless of your config.
508
509           Examples:
510
511              trusted_networks 192.168/16            # all in 192.168.*.*
512              trusted_networks 212.17.35.15          # just that host
513              trusted_networks !10.0.1.5 10.0.1/24   # all in 10.0.1.* but not 10.0.1.5
514              trusted_networks DEAD:BEEF::/32        # all in that ipv6 prefix
515
516           This operates additively, so a "trusted_networks" line after
517           another one will append new entries to the list of trusted
518           networks.  To clear out the existing entries, use
519           "clear_trusted_networks".
520
521           If "trusted_networks" is not set and "internal_networks" is, the
522           value of "internal_networks" will be used for this parameter.
523
524           If neither "trusted_networks" or "internal_networks" is set, a
525           basic inference algorithm is applied.  This works as follows:
526
527           ·   If the 'from' host has an IP address in a private (RFC 1918)
528               network range, then it's trusted
529
530           ·   If there are authentication tokens in the received header, and
531               the previous host was trusted, then this host is also trusted
532
533           ·   Otherwise this host, and all further hosts, are consider
534               untrusted.
535
536       clear_trusted_networks
537           Empty the list of trusted networks.
538
539       internal_networks ip.add.re.ss[/mask] ...   (default: none)
540           What networks or hosts are 'internal' in your setup.   Internal
541           means that relay hosts on these networks are considered to be MXes
542           for your domain(s), or internal relays.  This uses the same format
543           as "trusted_networks", above.
544
545           This value is used when checking 'dial-up' or dynamic IP address
546           blocklists, in order to detect direct-to-MX spamming.
547
548           Trusted relays that accept mail directly from dial-up connections
549           (i.e. are also performing a role of mail submission agents - MSA)
550           should not be listed in "internal_networks". List them only in
551           "trusted_networks".
552
553           If "trusted_networks" is set and "internal_networks" is not, the
554           value of "trusted_networks" will be used for this parameter.
555
556           If neither "trusted_networks" nor "internal_networks" is set, no
557           addresses will be considered local; in other words, any relays past
558           the machine where SpamAssassin is running will be considered
559           external.
560
561           Every entry in "internal_networks" must appear in
562           "trusted_networks"; in other words, "internal_networks" is always a
563           subset of the trusted set.
564
565           Note: 127/8 and ::1 are always included in internal_networks,
566           regardless of your config.
567
568       clear_internal_networks
569           Empty the list of internal networks.
570
571       msa_networks ip.add.re.ss[/mask] ...   (default: none)
572           The networks or hosts which are acting as MSAs in your setup (but
573           not also as MX relays).  MSA means that the relay hosts on these
574           networks accept mail from your own users and authenticates them
575           appropriately.  These relays will never accept mail from hosts that
576           aren't authenticated in some way.  Examples of authentication
577           include, IP lists, SMTP AUTH, POP-before-SMTP, etc.
578
579           All relays found in the message headers after the MSA relay will
580           take on the same trusted and internal classifications as the MSA
581           relay itself, as defined by your trusted_networks and
582           internal_networks configuration.
583
584           For example, if the MSA relay is trusted and internal so will all
585           of the relays that precede it.
586
587           When using msa_networks to identify an MSA it is recommended that
588           you treat that MSA as both trusted and internal.  When an MSA is
589           not included in msa_networks you should treat the MSA as trusted
590           but not internal, however if the MSA is also acting as an MX or
591           intermediate relay you must always treat it as both trusted and
592           internal and ensure that the MSA includes visible auth tokens in
593           its Received header to identify submission clients.
594
595           Warning: Never include an MSA that also acts as an MX (or is also
596           an intermediate relay for an MX) or otherwise accepts mail from
597           non-authenticated users in msa_networks.  Doing so will result in
598           unknown external relays being trusted.
599
600       clear_msa_networks
601           Empty the list of msa networks.
602
603       originating_ip_headers header ...   (default: X-Yahoo-Post-IP
604       X-Originating-IP X-Apparently-From X-SenderIP)
605           A list of header field names from which an originating IP address
606           can be obtained. For example, webmail servers may record a client
607           IP address in X-Originating-IP.
608
609           These IP addresses are virtually appended into the Received: chain,
610           so they are used in RBL checks where appropriate.
611
612           Currently the IP addresses are not added into X-Spam-Relays-*
613           header fields, but they may be in the future.
614
615       clear_originating_ip_headers
616           Empty the list of 'originating IP address' header field names.
617
618       always_trust_envelope_sender ( 0 | 1 )   (default: 0)
619           Trust the envelope sender even if the message has been passed
620           through one or more trusted relays.  See also
621           "envelope_sender_header".
622
623       skip_rbl_checks ( 0 | 1 )   (default: 0)
624           Turning on the skip_rbl_checks setting will disable the DNSEval
625           plugin, which implements Real-time Block List (or: Blackhole List)
626           (RBL) lookups.
627
628           By default, SpamAssassin will run RBL checks. Individual blocklists
629           may be disabled selectively by setting a score of a corresponding
630           rule to 0.
631
632           See also a related configuration parameter skip_uribl_checks, which
633           controls the URIDNSBL plugin (documented in the URIDNSBL man page).
634
635       dns_available { yes | test[: name1 name2...] | no }   (default: test)
636           By default, SpamAssassin will query some default hosts on the
637           internet to attempt to check if DNS is working or not. The problem
638           is that it can introduce some delay if your network connection is
639           down, and in some cases it can wrongly guess that DNS is
640           unavailable because the test connections failed.  SpamAssassin
641           includes a default set of 13 servers, among which 3 are picked
642           randomly.
643
644           You can however specify your own list by specifying
645
646             dns_available test: domain1.tld domain2.tld domain3.tld
647
648           Please note, the DNS test queries for NS records.
649
650       dns_test_interval n   (default: 600 seconds)
651           If dns_available is set to 'test' (which is the default), the
652           dns_test_interval time in number of seconds will tell SpamAssassin
653           how often to retest for working DNS.
654
655       dns_options rotate    (default: empty)
656           If set to 'rotate', this causes SpamAssassin to choose a DNS server
657           at random from all servers listed in "/etc/resolv.conf" every
658           'dns_test_interval' seconds, effectively spreading the load over
659           all currently available DNS servers when there are many spamd
660           workers.
661
662   LEARNING OPTIONS
663       use_learner ( 0 | 1 )         (default: 1)
664           Whether to use any machine-learning classifiers with SpamAssassin,
665           such as the default 'BAYES_*' rules.  Setting this to 0 will
666           disable use of any and all human-trained classifiers.
667
668       use_bayes ( 0 | 1 )      (default: 1)
669           Whether to use the naive-Bayesian-style classifier built into
670           SpamAssassin.  This is a master on/off switch for all Bayes-related
671           operations.
672
673       use_bayes_rules ( 0 | 1 )          (default: 1)
674           Whether to use rules using the naive-Bayesian-style classifier
675           built into SpamAssassin.  This allows you to disable the rules
676           while leaving auto and manual learning enabled.
677
678       bayes_auto_learn ( 0 | 1 )      (default: 1)
679           Whether SpamAssassin should automatically feed high-scoring mails
680           (or low-scoring mails, for non-spam) into its learning systems.
681           The only learning system supported currently is a naive-Bayesian-
682           style classifier.
683
684           See the documentation for the
685           "Mail::SpamAssassin::Plugin::AutoLearnThreshold" plugin module for
686           details on how Bayes auto-learning is implemented by default.
687
688       bayes_ignore_header header_name
689           If you receive mail filtered by upstream mail systems, like a spam-
690           filtering ISP or mailing list, and that service adds new headers
691           (as most of them do), these headers may provide inappropriate cues
692           to the Bayesian classifier, allowing it to take a "short cut". To
693           avoid this, list the headers using this setting.  Example:
694
695                   bayes_ignore_header X-Upstream-Spamfilter
696                   bayes_ignore_header X-Upstream-SomethingElse
697
698       bayes_ignore_from add@ress.com
699           Bayesian classification and autolearning will not be performed on
700           mail from the listed addresses.  Program "sa-learn" will also
701           ignore the listed addresses if it is invoked using the
702           "--use-ignores" option.  One or more addresses can be listed, see
703           "whitelist_from".
704
705           Spam messages from certain senders may contain many words that
706           frequently occur in ham.  For example, one might read messages from
707           a preferred bookstore but also get unwanted spam messages from
708           other bookstores.  If the unwanted messages are learned as spam
709           then any messages discussing books, including the preferred
710           bookstore and antiquarian messages would be in danger of being
711           marked as spam.  The addresses of the annoying bookstores would be
712           listed.  (Assuming they were halfway legitimate and didn't send you
713           mail through myriad affiliates.)
714
715           Those who have pieces of spam in legitimate messages or otherwise
716           receive ham messages containing potentially spammy words might fear
717           that some spam messages might be in danger of being marked as ham.
718           The addresses of the spam mailing lists, correspondents, etc.
719           would be listed.
720
721       bayes_ignore_to add@ress.com
722           Bayesian classification and autolearning will not be performed on
723           mail to the listed addresses.  See "bayes_ignore_from" for details.
724
725       bayes_min_ham_num             (Default: 200)
726       bayes_min_spam_num       (Default: 200)
727           To be accurate, the Bayes system does not activate until a certain
728           number of ham (non-spam) and spam have been learned.  The default
729           is 200 of each ham and spam, but you can tune these up or down with
730           these two settings.
731
732       bayes_learn_during_report         (Default: 1)
733           The Bayes system will, by default, learn any reported messages
734           ("spamassassin -r") as spam.  If you do not want this to happen,
735           set this option to 0.
736
737       bayes_sql_override_username
738           Used by BayesStore::SQL storage implementation.
739
740           If this options is set the BayesStore::SQL module will override the
741           set username with the value given.  This could be useful for
742           implementing global or group bayes databases.
743
744       bayes_use_hapaxes        (default: 1)
745           Should the Bayesian classifier use hapaxes (words/tokens that occur
746           only once) when classifying?  This produces significantly better
747           hit-rates, but increases database size by about a factor of 8 to
748           10.
749
750       bayes_journal_max_size        (default: 102400)
751           SpamAssassin will opportunistically sync the journal and the
752           database.  It will do so once a day, but will sync more often if
753           the journal file size goes above this setting, in bytes.  If set to
754           0, opportunistic syncing will not occur.
755
756       bayes_expiry_max_db_size      (default: 150000)
757           What should be the maximum size of the Bayes tokens database?  When
758           expiry occurs, the Bayes system will keep either 75% of the maximum
759           value, or 100,000 tokens, whichever has a larger value.  150,000
760           tokens is roughly equivalent to a 8Mb database file.
761
762       bayes_auto_expire             (default: 1)
763           If enabled, the Bayes system will try to automatically expire old
764           tokens from the database.  Auto-expiry occurs when the number of
765           tokens in the database surpasses the bayes_expiry_max_db_size
766           value.
767
768       bayes_learn_to_journal   (default: 0)
769           If this option is set, whenever SpamAssassin does Bayes learning,
770           it will put the information into the journal instead of directly
771           into the database.  This lowers contention for locking the database
772           to execute an update, but will also cause more access to the
773           journal and cause a delay before the updates are actually committed
774           to the Bayes database.
775
776   MISCELLANEOUS OPTIONS
777       time_limit n   (default: 300)
778           Specifies a limit on elapsed time in seconds that SpamAssassin is
779           allowed to spend before providing a result. The value may be
780           fractional and must not be negative, zero is interpreted as
781           unlimited. The default is 300 seconds for consistency with the
782           spamd default setting of --timeout-child .
783
784           This is a best-effort advisory setting, processing will not be
785           abruptly aborted at an arbitrary point in processing when the time
786           limit is exceeded, but only on reaching one of locations in the
787           program flow equipped with a time test. Currently equipped with the
788           test are the main checking loop, asynchronous DNS lookups, plugins
789           which are calling external programs.  Rule evaluation is guarded by
790           starting a timer (alarm) on each set of compiled rules.
791
792           When a message is passed to Mail::SpamAssassin::parse, a deadline
793           time is established as a sum of current time and the "time_limit"
794           setting.
795
796           This deadline may be overruled by a caller through option
797           'master_deadline' in $suppl_attrib on a call to parse(), possibly
798           providing a more accurate deadline taking into account past and
799           expected future processing of a message in a mail filtering setup.
800           Note that spamd (and possibly some third-party callers of
801           SpamAssassin) will overrule the "time_limit" setting based on its
802           --timeout-child option, unlike the command line "spamassassin",
803           which has no such command line option.
804
805           When a time limit is exceeded, most of the remaining tests will be
806           skipped, as well as auto-learning. Whatever tests fired so far will
807           determine the final score. The behaviour is similar to short-
808           circuiting with attribute 'on', as implemented by a Shortcircuit
809           plugin. A synthetic hit on a rule named TIME_LIMIT_EXCEEDED with a
810           near-zero score is generated, so that the report will reflect the
811           event.
812
813           The "time_limit" option is a useful protection against excessive
814           processing time on certain degenerate or unusually long or complex
815           mail messages, as well as against some DoS attacks. It is also
816           needed in time-critical pre-queue filtering setups (e.g. milter,
817           proxy, integration with MTA), where message processing must finish
818           before a SMTP client times out.  RFC 5321 prescribes in section
819           4.5.3.2.6 the 'DATA Termination' time limit of 10 minutes, although
820           it is not unusual to see some SMTP clients abort sooner on waiting
821           for a response. A sensible "time_limit" for a pre-queue filtering
822           setup is maybe 50 seconds, assuming that clients are willing to
823           wait at least a minute.
824
825       lock_method type
826           Select the file-locking method used to protect database files on-
827           disk. By default, SpamAssassin uses an NFS-safe locking method on
828           UNIX; however, if you are sure that the database files you'll be
829           using for Bayes and AWL storage will never be accessed over NFS, a
830           non-NFS-safe locking system can be selected.
831
832           This will be quite a bit faster, but may risk file corruption if
833           the files are ever accessed by multiple clients at once, and one or
834           more of them is accessing them through an NFS filesystem.
835
836           Note that different platforms require different locking systems.
837
838           The supported locking systems for "type" are as follows:
839
840           nfssafe - an NFS-safe locking system
841           flock - simple UNIX "flock()" locking
842           win32 - Win32 locking using "sysopen (..., O_CREAT|O_EXCL)".
843
844           nfssafe and flock are only available on UNIX, and win32 is only
845           available on Windows.  By default, SpamAssassin will choose either
846           nfssafe or win32 depending on the platform in use.
847
848       fold_headers ( 0 | 1 )        (default: 1)
849           By default, headers added by SpamAssassin will be whitespace
850           folded.  In other words, they will be broken up into multiple lines
851           instead of one very long one and each continuation line will have a
852           tabulator prepended to mark it as a continuation of the preceding
853           one.
854
855           The automatic wrapping can be disabled here.  Note that this can
856           generate very long lines.  RFC 2822 required that header lines do
857           not exceed 998 characters (not counting the final CRLF).
858
859       report_safe_copy_headers header_name ...
860           If using "report_safe", a few of the headers from the original
861           message are copied into the wrapper header (From, To, Cc, Subject,
862           Date, etc.)  If you want to have other headers copied as well, you
863           can add them using this option.  You can specify multiple headers
864           on the same line, separated by spaces, or you can just use multiple
865           lines.
866
867       envelope_sender_header Name-Of-Header
868           SpamAssassin will attempt to discover the address used in the 'MAIL
869           FROM:' phase of the SMTP transaction that delivered this message,
870           if this data has been made available by the SMTP server.  This is
871           used in the "EnvelopeFrom" pseudo-header, and for various rules
872           such as SPF checking.
873
874           By default, various MTAs will use different headers, such as the
875           following:
876
877               X-Envelope-From
878               Envelope-Sender
879               X-Sender
880               Return-Path
881
882           SpamAssassin will attempt to use these, if some heuristics (such as
883           the header placement in the message, or the absence of fetchmail
884           signatures) appear to indicate that they are safe to use.  However,
885           it may choose the wrong headers in some mailserver configurations.
886           (More discussion of this can be found in bug 2142 and bug 4747 in
887           the SpamAssassin BugZilla.)
888
889           To avoid this heuristic failure, the "envelope_sender_header"
890           setting may be helpful.  Name the header that your MTA or MDA adds
891           to messages containing the address used at the MAIL FROM step of
892           the SMTP transaction.
893
894           If the header in question contains "<" or ">" characters at the
895           start and end of the email address in the right-hand side, as in
896           the SMTP transaction, these will be stripped.
897
898           If the header is not found in a message, or if it's value does not
899           contain an "@" sign, SpamAssassin will issue a warning in the logs
900           and fall back to its default heuristics.
901
902           (Note for MTA developers: we would prefer if the use of a single
903           header be avoided in future, since that precludes 'downstream' spam
904           scanning.
905           "http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived"
906           details a better proposal, storing the envelope sender at each hop
907           in the "Received" header.)
908
909           example:
910
911               envelope_sender_header X-SA-Exim-Mail-From
912
913       describe SYMBOLIC_TEST_NAME description ...
914           Used to describe a test.  This text is shown to users in the
915           detailed report.
916
917           Note that test names which begin with '__' are reserved for meta-
918           match sub-rules, and are not scored or listed in the 'tests hit'
919           reports.
920
921           Also note that by convention, rule descriptions should be limited
922           in length to no more than 50 characters.
923
924       report_charset CHARSET        (default: unset)
925           Set the MIME Content-Type charset used for the text/plain report
926           which is attached to spam mail messages.
927
928       report ...some text for a report...
929           Set the report template which is attached to spam mail messages.
930           See the "10_default_prefs.cf" configuration file in
931           "/usr/share/spamassassin" for an example.
932
933           If you change this, try to keep it under 78 columns. Each "report"
934           line appends to the existing template, so use
935           "clear_report_template" to restart.
936
937           Tags can be included as explained above.
938
939       clear_report_template
940           Clear the report template.
941
942       report_contact ...text of contact address...
943           Set what _CONTACTADDRESS_ is replaced with in the above report
944           text.  By default, this is 'the administrator of that system',
945           since the hostname of the system the scanner is running on is also
946           included.
947
948       report_hostname ...hostname to use...
949           Set what _HOSTNAME_ is replaced with in the above report text.  By
950           default, this is determined dynamically as whatever the host
951           running SpamAssassin calls itself.
952
953       unsafe_report ...some text for a report...
954           Set the report template which is attached to spam mail messages
955           which contain a non-text/plain part.  See the "10_default_prefs.cf"
956           configuration file in "/usr/share/spamassassin" for an example.
957
958           Each "unsafe-report" line appends to the existing template, so use
959           "clear_unsafe_report_template" to restart.
960
961           Tags can be used in this template (see above for details).
962
963       clear_unsafe_report_template
964           Clear the unsafe_report template.
965

RULE DEFINITIONS AND PRIVILEGED SETTINGS

967       These settings differ from the ones above, in that they are considered
968       'privileged'.  Only users running "spamassassin" from their
969       procmailrc's or forward files, or sysadmins editing a file in
970       "/etc/mail/spamassassin", can use them.   "spamd" users cannot use them
971       in their "user_prefs" files, for security and efficiency reasons,
972       unless "allow_user_rules" is enabled (and then, they may only add rules
973       from below).
974
975       allow_user_rules ( 0 | 1 )         (default: 0)
976           This setting allows users to create rules (and only rules) in their
977           "user_prefs" files for use with "spamd". It defaults to off,
978           because this could be a severe security hole. It may be possible
979           for users to gain root level access if "spamd" is run as root. It
980           is NOT a good idea, unless you have some other way of ensuring that
981           users' tests are safe. Don't use this unless you are certain you
982           know what you are doing. Furthermore, this option causes
983           spamassassin to recompile all the tests each time it processes a
984           message for a user with a rule in his/her "user_prefs" file, which
985           could have a significant effect on server load. It is not
986           recommended.
987
988           Note that it is not currently possible to use "allow_user_rules" to
989           modify an existing system rule from a "user_prefs" file with
990           "spamd".
991
992       redirector_pattern  /pattern/modifiers
993           A regex pattern that matches both the redirector site portion, and
994           the target site portion of a URI.
995
996           Note: The target URI portion must be surrounded in parentheses and
997                 no other part of the pattern may create a backreference.
998
999           Example:
1000           http://chkpt.zdnet.com/chkpt/whatever/spammer.domain/yo/dude
1001
1002             redirector_pattern    /^https?:\/\/(?:opt\.)?chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
1003
1004       header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset:
1005       STRING]
1006           Define a test.  "SYMBOLIC_TEST_NAME" is a symbolic test name, such
1007           as 'FROM_ENDS_IN_NUMS'.  "header" is the name of a mail header
1008           field, such as 'Subject', 'To', 'From', etc.
1009
1010           Appending a modifier ":raw" to a header field name will inhibit
1011           decoding of quoted-printable or base-64 encoded strings, and will
1012           preserve all whitespace inside the header string.  The ":raw" may
1013           also be applied to pseudo-headers e.g. "ALL:raw" will return a
1014           pristine (unmodified) header section.
1015
1016           Appending a modifier ":addr" to a header field name will cause
1017           everything except the first email address to be removed from the
1018           header field.  It is mainly applicable to header fields 'From',
1019           'Sender', 'To', 'Cc' along with their 'Resent-*' counterparts, and
1020           the 'Return-Path'.
1021
1022           Appending a modifier ":name" to a header field name will cause
1023           everything except the first display name to be removed from the
1024           header field.  It is mainly applicable to header fields 'From' and
1025           'Resent-From'.
1026
1027           It is syntactically permitted to append more than one modifier to a
1028           header field name, although currently most combinations achieve no
1029           additional effect, for example "From:addr:raw" or "From:raw:addr"
1030           is currently the same as "From:addr" .
1031
1032           example@foo
1033           example@foo (Foo Blah)
1034           example@foo, example@bar
1035           display: example@foo (Foo Blah), example@bar ;
1036           Foo Blah <example@foo>
1037           "Foo Blah" <example@foo>
1038           "'Foo Blah'" <example@foo>
1039
1040           Appending ":name" to the header name will cause everything except
1041           the first real name to be removed from the header.  For example,
1042           all of the following will result in "Foo Blah"
1043
1044           example@foo (Foo Blah)
1045           example@foo (Foo Blah), example@bar
1046           display: example@foo (Foo Blah), example@bar ;
1047           Foo Blah <example@foo>
1048           "Foo Blah" <example@foo>
1049           "'Foo Blah'" <example@foo>
1050
1051           There are several special pseudo-headers that can be specified:
1052
1053           "ALL" can be used to mean the text of all the message's headers.
1054           Note that all whitespace inside the headers, at line folds, is
1055           currently compressed into a single space (' ') character. To obtain
1056           a pristine (unmodified) header section, use "ALL:raw" - the :raw
1057           modifier is documented above.
1058           "ToCc" can be used to mean the contents of both the 'To' and 'Cc'
1059           headers.
1060           "EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of the
1061           SMTP transaction that delivered this message, if this data has been
1062           made available by the SMTP server.  See "envelope_sender_header"
1063           for more information on how to set this.
1064           "MESSAGEID" is a symbol meaning all Message-Id's found in the
1065           message; some mailing list software moves the real 'Message-Id' to
1066           'Resent-Message-Id' or to 'X-Message-Id', then uses its own one in
1067           the 'Message-Id' header. The value returned for this symbol is the
1068           text from all 3 headers, separated by newlines.
1069           "X-Spam-Relays-Untrusted", "X-Spam-Relays-Trusted",
1070           "X-Spam-Relays-Internal" and "X-Spam-Relays-External" represent a
1071           portable, pre-parsed representation of the message's network path,
1072           as recorded in the Received headers, divided into 'trusted' vs
1073           'untrusted' and 'internal' vs 'external' sets.  See
1074           "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1075           details.
1076
1077           "op" is either "=~" (contains regular expression) or "!~" (does not
1078           contain regular expression), and "pattern" is a valid Perl regular
1079           expression, with "modifiers" as regexp modifiers in the usual
1080           style.   Note that multi-line rules are not supported, even if you
1081           use "x" as a modifier.  Also note that the "#" character must be
1082           escaped ("\#") or else it will be considered to be the start of a
1083           comment and not part of the regexp.
1084
1085           If the "[if-unset: STRING]" tag is present, then "STRING" will be
1086           used if the header is not found in the mail message.
1087
1088           Test names must not start with a number, and must contain only
1089           alphanumerics and underscores.  It is suggested that lower-case
1090           characters not be used, and names have a length of no more than 22
1091           characters, as an informal convention.  Dashes are not allowed.
1092
1093           Note that test names which begin with '__' are reserved for meta-
1094           match sub-rules, and are not scored or listed in the 'tests hit'
1095           reports.  Test names which begin with 'T_' are reserved for tests
1096           which are undergoing QA, and these are given a very low score.
1097
1098           If you add or modify a test, please be sure to run a sanity check
1099           afterwards by running "spamassassin --lint".  This will avoid
1100           confusing error messages, or other tests being skipped as a side-
1101           effect.
1102
1103       header SYMBOLIC_TEST_NAME exists:name_of_header
1104           Define a header existence test.  "name_of_header" is the name of a
1105           header field to test for existence.  This is just a very simple
1106           version of the above header tests.
1107
1108       header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
1109           Define a header eval test.  "name_of_eval_method" is the name of a
1110           method on the "Mail::SpamAssassin::EvalTests" object.  "arguments"
1111           are optional arguments to the function call.
1112
1113       header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
1114           Check a DNSBL (a DNS blacklist or whitelist).  This will retrieve
1115           Received: headers from the message, extract the IP addresses,
1116           select which ones are 'untrusted' based on the "trusted_networks"
1117           logic, and query that DNSBL zone.  There's a few things to note:
1118
1119           duplicated or private IPs
1120               Duplicated IPs are only queried once and reserved IPs are not
1121               queried.  Private IPs are those listed in
1122               <http://www.iana.org/assignments/ipv4-address-space>,
1123               <http://duxcw.com/faq/network/privip.htm>,
1124               <http://duxcw.com/faq/network/autoip.htm>, or
1125               <ftp://ftp.rfc-editor.org/in-notes/rfc3330.txt> as private.
1126
1127           the 'set' argument
1128               This is used as a 'zone ID'.  If you want to look up a
1129               multiple-meaning zone like NJABL or SORBS, you can then query
1130               the results from that zone using it; but all check_rbl_sub()
1131               calls must use that zone ID.
1132
1133               Also, if more than one IP address gets a DNSBL hit for a
1134               particular rule, it does not affect the score because rules
1135               only trigger once per message.
1136
1137           the 'zone' argument
1138               This is the root zone of the DNSBL, ending in a period.
1139
1140           the 'sub-test' argument
1141               This optional argument behaves the same as the sub-test
1142               argument in "check_rbl_sub()" below.
1143
1144           selecting all IPs except for the originating one
1145               This is accomplished by placing '-notfirsthop' at the end of
1146               the set name.  This is useful for querying against DNS lists
1147               which list dialup IP addresses; the first hop may be a dialup,
1148               but as long as there is at least one more hop, via their
1149               outgoing SMTP server, that's legitimate, and so should not gain
1150               points.  If there is only one hop, that will be queried anyway,
1151               as it should be relaying via its outgoing SMTP server instead
1152               of sending directly to your MX (mail exchange).
1153
1154           selecting IPs by whether they are trusted
1155               When checking a 'nice' DNSBL (a DNS whitelist), you cannot
1156               trust the IP addresses in Received headers that were not added
1157               by trusted relays.  To test the first IP address that can be
1158               trusted, place '-firsttrusted' at the end of the set name.
1159               That should test the IP address of the relay that connected to
1160               the most remote trusted relay.
1161
1162               Note that this requires that SpamAssassin know which relays are
1163               trusted.  For simple cases, SpamAssassin can make a good
1164               estimate.  For complex cases, you may get better results by
1165               setting "trusted_networks" manually.
1166
1167               In addition, you can test all untrusted IP addresses by placing
1168               '-untrusted' at the end of the set name.   Important note --
1169               this does NOT include the IP address from the most recent
1170               'untrusted line', as used in '-firsttrusted' above.  That's
1171               because we're talking about the trustworthiness of the IP
1172               address data, not the source header line, here; and in the case
1173               of the most recent header (the 'firsttrusted'), that data can
1174               be trusted.  See the Wiki page at
1175               "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1176               information on this.
1177
1178           Selecting just the last external IP
1179               By using '-lastexternal' at the end of the set name, you can
1180               select only the external host that connected to your internal
1181               network, or at least the last external host with a public IP.
1182
1183       header SYMBOLIC_TEST_NAME eval:check_rbl_txt('set', 'zone')
1184           Same as check_rbl(), except querying using IN TXT instead of IN A
1185           records.  If the zone supports it, it will result in a line of text
1186           describing why the IP is listed, typically a hyperlink to a
1187           database entry.
1188
1189       header SYMBOLIC_TEST_NAME eval:check_rbl_sub('set', 'sub-test')
1190           Create a sub-test for 'set'.  If you want to look up a multi-
1191           meaning zone like relays.osirusoft.com, you can then query the
1192           results from that zone using the zone ID from the original query.
1193           The sub-test may either be an IPv4 dotted address for RBLs that
1194           return multiple A records or a non-negative decimal number to
1195           specify a bitmask for RBLs that return a single A record containing
1196           a bitmask of results, a SenderBase test beginning with "sb:", or
1197           (if none of the preceding options seem to fit) a regular
1198           expression.
1199
1200           Note: the set name must be exactly the same for as the main query
1201           rule, including selections like '-notfirsthop' appearing at the end
1202           of the set name.
1203
1204       body SYMBOLIC_TEST_NAME /pattern/modifiers
1205           Define a body pattern test.  "pattern" is a Perl regular
1206           expression.  Note: as per the header tests, "#" must be escaped
1207           ("\#") or else it is considered the beginning of a comment.
1208
1209           The 'body' in this case is the textual parts of the message body;
1210           any non-text MIME parts are stripped, and the message decoded from
1211           Quoted-Printable or Base-64-encoded format if necessary.  The
1212           message Subject header is considered part of the body and becomes
1213           the first paragraph when running the rules.  All HTML tags and line
1214           breaks will be removed before matching.
1215
1216       body SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1217           Define a body eval test.  See above.
1218
1219       uri SYMBOLIC_TEST_NAME /pattern/modifiers
1220           Define a uri pattern test.  "pattern" is a Perl regular expression.
1221           Note: as per the header tests, "#" must be escaped ("\#") or else
1222           it is considered the beginning of a comment.
1223
1224           The 'uri' in this case is a list of all the URIs in the body of the
1225           email, and the test will be run on each and every one of those
1226           URIs, adjusting the score if a match is found. Use this test
1227           instead of one of the body tests when you need to match a URI, as
1228           it is more accurately bound to the start/end points of the URI, and
1229           will also be faster.
1230
1231       rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
1232           Define a raw-body pattern test.  "pattern" is a Perl regular
1233           expression.  Note: as per the header tests, "#" must be escaped
1234           ("\#") or else it is considered the beginning of a comment.
1235
1236           The 'raw body' of a message is the raw data inside all textual
1237           parts. The text will be decoded from base64 or quoted-printable
1238           encoding, but HTML tags and line breaks will still be present.
1239           Multiline expressions will need to be used to match strings that
1240           are broken by line breaks.
1241
1242       rawbody SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1243           Define a raw-body eval test.  See above.
1244
1245       full SYMBOLIC_TEST_NAME /pattern/modifiers
1246           Define a full message pattern test.  "pattern" is a Perl regular
1247           expression.  Note: as per the header tests, "#" must be escaped
1248           ("\#") or else it is considered the beginning of a comment.
1249
1250           The full message is the pristine message headers plus the pristine
1251           message body, including all MIME data such as images, other
1252           attachments, MIME boundaries, etc.
1253
1254       full SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1255           Define a full message eval test.  See above.
1256
1257       meta SYMBOLIC_TEST_NAME boolean expression
1258           Define a boolean expression test in terms of other tests that have
1259           been hit or not hit.  For example:
1260
1261           meta META1        TEST1 && !(TEST2 || TEST3)
1262
1263           Note that English language operators ("and", "or") will be treated
1264           as rule names, and that there is no "XOR" operator.
1265
1266       meta SYMBOLIC_TEST_NAME boolean arithmetic expression
1267           Can also define an arithmetic expression in terms of other tests,
1268           with an unhit test having the value "0" and a hit test having a
1269           nonzero value.  The value of a hit meta test is that of its
1270           arithmetic expression.  The value of a hit eval test is that
1271           returned by its method.  The value of a hit header, body, rawbody,
1272           uri, or full test which has the "multiple" tflag is the number of
1273           times the test hit.  The value of any other type of hit test is
1274           "1".
1275
1276           For example:
1277
1278           meta META2        (3 * TEST1 - 2 * TEST2) > 0
1279
1280           Note that Perl builtins and functions, like "abs()", can't be used,
1281           and will be treated as rule names.
1282
1283           If you want to define a meta-rule, but do not want its individual
1284           sub-rules to count towards the final score unless the entire meta-
1285           rule matches, give the sub-rules names that start with '__' (two
1286           underscores).  SpamAssassin will ignore these for scoring.
1287
1288       reuse SYMBOLIC_TEST_NAME [ OLD_SYMBOLIC_TEST_NAME_1 ... ]
1289           Defines the name of a test that should be "reused" during the
1290           scoring process. If a message has an X-Spam-Status header that
1291           shows a hit for this rule or any of the old rule names given, a hit
1292           will be added for this rule when mass-check --reuse is used.
1293           Examples:
1294
1295           "reuse SPF_PASS"
1296
1297           "reuse MY_NET_RULE_V2 MY_NET_RULE_V1"
1298
1299           The actual logic for reuse tests is done by
1300           Mail::SpamAssassin::Plugin::Reuse.
1301
1302       tflags SYMBOLIC_TEST_NAME [
1303       {net|nice|learn|userconf|noautolearn|multiple} ]
1304           Used to set flags on a test.  These flags are used in the score-
1305           determination back end system for details of the test's behaviour.
1306           Please see "bayes_auto_learn" for more information about tflag
1307           interaction with those systems. The following flags can be set:
1308
1309           net The test is a network test, and will not be run in the mass
1310               checking system or if -L is used, therefore its score should
1311               not be modified.
1312
1313           nice
1314               The test is intended to compensate for common false positives,
1315               and should be assigned a negative score.
1316
1317           userconf
1318               The test requires user configuration before it can be used
1319               (like language- specific tests).
1320
1321           learn
1322               The test requires training before it can be used.
1323
1324           noautolearn
1325               The test will explicitly be ignored when calculating the score
1326               for learning systems.
1327
1328           multiple
1329               The test will be evaluated multiple times, for use with meta
1330               rules.  Only affects header, body, rawbody, uri, and full
1331               tests.
1332
1333       priority SYMBOLIC_TEST_NAME n
1334           Assign a specific priority to a test.  All tests, except for DNS
1335           and Meta tests, are run in increasing priority value order
1336           (negative priority values are run before positive priority values).
1337           The default test priority is 0 (zero).
1338
1339           The values <-99999999999999> and <-99999999999998> have a special
1340           meaning internally, and should not be used.
1341

ADMINISTRATOR SETTINGS

1343       These settings differ from the ones above, in that they are considered
1344       'more privileged' -- even more than the ones in the PRIVILEGED SETTINGS
1345       section.  No matter what "allow_user_rules" is set to, these can never
1346       be set from a user's "user_prefs" file when spamc/spamd is being used.
1347       However, all settings can be used by local programs run directly by the
1348       user.
1349
1350       version_tag string
1351           This tag is appended to the SA version in the X-Spam-Status header.
1352           You should include it when modify your ruleset, especially if you
1353           plan to distribute it.  A good choice for string is your last name
1354           or your initials followed by a number which you increase with each
1355           change.
1356
1357           The version_tag will be lowercased, and any non-alphanumeric or
1358           period character will be replaced by an underscore.
1359
1360           e.g.
1361
1362             version_tag myrules1    # version=2.41-myrules1
1363
1364       test SYMBOLIC_TEST_NAME (ok|fail) Some string to test against
1365           Define a regression testing string. You can have more than one
1366           regression test string per symbolic test name. Simply specify a
1367           string that you wish the test to match.
1368
1369           These tests are only run as part of the test suite - they should
1370           not affect the general running of SpamAssassin.
1371
1372       rbl_timeout t [t_min] [zone]       (default: 15 3)
1373           All DNS queries are made at the beginning of a check and we try to
1374           read the results at the end.  This value specifies the maximum
1375           period of time (in seconds) to wait for a DNS query.  If most of
1376           the DNS queries have succeeded for a particular message, then
1377           SpamAssassin will not wait for the full period to avoid wasting
1378           time on unresponsive server(s), but will shrink the timeout
1379           according to a percentage of queries already completed.  As the
1380           number of queries remaining approaches 0, the timeout value will
1381           gradually approach a t_min value, which is an optional second
1382           parameter and defaults to 0.2 * t.  If t is smaller than t_min, the
1383           initial timeout is set to t_min.  Here is a chart of queries
1384           remaining versus the timeout in seconds, for the default 15 second
1385           / 3 second timeout setting:
1386
1387             queries left  100%  90%  80%  70%  60%  50%  40%  30%  20%  10%   0%
1388             timeout        15   14.9 14.5 13.9 13.1 12.0 10.7  9.1  7.3  5.3  3
1389
1390           For example, if 20 queries are made at the beginning of a message
1391           check and 16 queries have returned (leaving 20%), the remaining 4
1392           queries should finish within 7.3 seconds since their query started
1393           or they will be timed out.  Note that timed out queries are only
1394           aborted when there is nothing else left for SpamAssassin to do -
1395           long evaluation of other rules may grant queries additional time.
1396
1397           If a parameter 'zone' is specified (it must end with a letter,
1398           which distinguishes it from other numeric parametrs), then the
1399           setting only applies to DNS queries against the specified DNS
1400           domain (host, domain or RBL (sub)zone).  Matching is case-
1401           insensitive, the actual domain may be a subdomain of the specified
1402           zone.
1403
1404       util_rb_tld tld1 tld2 ...
1405           This option allows the addition of new TLDs to the
1406           RegistrarBoundaries code.  Updates to the list usually happen when
1407           new versions of SpamAssassin are released, but sometimes it's
1408           necessary to add in new TLDs faster than a release can occur.  TLDs
1409           include things like com, net, org, etc.
1410
1411       util_rb_2tld 2tld-1.tld 2tld-2.tld ...
1412           This option allows the addition of new 2nd-level TLDs (2TLD) to the
1413           RegistrarBoundaries code.  Updates to the list usually happen when
1414           new versions of SpamAssassin are released, but sometimes it's
1415           necessary to add in new 2TLDs faster than a release can occur.
1416           2TLDs include things like co.uk, fed.us, etc.
1417
1418       util_rb_3tld 3tld1.some.tld 3tld2.other.tld ...
1419           This option allows the addition of new 3rd-level TLDs (3TLD) to the
1420           RegistrarBoundaries code.  Updates to the list usually happen when
1421           new versions of SpamAssassin are released, but sometimes it's
1422           necessary to add in new 3TLDs faster than a release can occur.
1423           3TLDs include things like demon.co.uk, plc.co.im, etc.
1424
1425       bayes_path /path/filename     (default: ~/.spamassassin/bayes)
1426           This is the directory and filename for Bayes databases.  Several
1427           databases will be created, with this as the base directory and
1428           filename, with "_toks", "_seen", etc. appended to the base.  The
1429           default setting results in files called
1430           "~/.spamassassin/bayes_seen", "~/.spamassassin/bayes_toks", etc.
1431
1432           By default, each user has their own in their "~/.spamassassin"
1433           directory with mode 0700/0600.  For system-wide SpamAssassin use,
1434           you may want to reduce disk space usage by sharing this across all
1435           users.  However, Bayes appears to be more effective with individual
1436           user databases.
1437
1438       bayes_file_mode          (default: 0700)
1439           The file mode bits used for the Bayesian filtering database files.
1440
1441           Make sure you specify this using the 'x' mode bits set, as it may
1442           also be used to create directories.  However, if a file is created,
1443           the resulting file will not have any execute bits set (the umask is
1444           set to 111). The argument is a string of octal digits, it is
1445           converted to a numeric value internally.
1446
1447       bayes_store_module Name::Of::BayesStore::Module
1448           If this option is set, the module given will be used as an
1449           alternate to the default bayes storage mechanism.  It must conform
1450           to the published storage specification (see
1451           Mail::SpamAssassin::BayesStore). For example, set this to
1452           Mail::SpamAssassin::BayesStore::SQL to use the generic SQL storage
1453           module.
1454
1455       bayes_sql_dsn DBI::databasetype:databasename:hostname:port
1456           Used for BayesStore::SQL storage implementation.
1457
1458           This option give the connect string used to connect to the SQL
1459           based Bayes storage.
1460
1461       bayes_sql_username
1462           Used by BayesStore::SQL storage implementation.
1463
1464           This option gives the username used by the above DSN.
1465
1466       bayes_sql_password
1467           Used by BayesStore::SQL storage implementation.
1468
1469           This option gives the password used by the above DSN.
1470
1471       bayes_sql_username_authorized ( 0 | 1 )  (default: 0)
1472           Whether to call the services_authorized_for_username plugin hook in
1473           BayesSQL.  If the hook does not determine that the user is allowed
1474           to use bayes or is invalid then then database will not be
1475           initialized.
1476
1477           NOTE: By default the user is considered invalid until a plugin
1478           returns a true value.  If you enable this, but do not have a proper
1479           plugin loaded, all users will turn up as invalid.
1480
1481           The username passed into the plugin can be affected by the
1482           bayes_sql_override_username config option.
1483
1484       user_scores_dsn DBI:databasetype:databasename:hostname:port
1485           If you load user scores from an SQL database, this will set the DSN
1486           used to connect.  Example: "DBI:mysql:spamassassin:localhost"
1487
1488           If you load user scores from an LDAP directory, this will set the
1489           DSN used to connect. You have to write the DSN as an LDAP URL, the
1490           components being the host and port to connect to, the base DN for
1491           the search, the scope of the search (base, one or sub), the single
1492           attribute being the multivalued attribute used to hold the
1493           configuration data (space separated pairs of key and value, just as
1494           in a file) and finally the filter being the expression used to
1495           filter out the wanted username. Note that the filter expression is
1496           being used in a sprintf statement with the username as the only
1497           parameter, thus is can hold a single __USERNAME__ expression. This
1498           will be replaced with the username.
1499
1500           Example:
1501           "ldap://localhost:389/dc=koehntopp,dc=de?spamassassinconfig?uid=__USERNAME__"
1502
1503       user_scores_sql_username username
1504           The authorized username to connect to the above DSN.
1505
1506       user_scores_sql_password password
1507           The password for the database username, for the above DSN.
1508
1509       user_scores_sql_custom_query query
1510           This option gives you the ability to create a custom SQL query to
1511           retrieve user scores and preferences.  In order to work correctly
1512           your query should return two values, the preference name and value,
1513           in that order.  In addition, there are several "variables" that you
1514           can use as part of your query, these variables will be substituted
1515           for the current values right before the query is run.  The current
1516           allowed variables are:
1517
1518           _TABLE_
1519               The name of the table where user scores and preferences are
1520               stored. Currently hardcoded to userpref, to change this value
1521               you need to create a new custom query with the new table name.
1522
1523           _USERNAME_
1524               The current user's username.
1525
1526           _MAILBOX_
1527               The portion before the @ as derived from the current user's
1528               username.
1529
1530           _DOMAIN_
1531               The portion after the @ as derived from the current user's
1532               username, this value may be null.
1533
1534           The query must be one continuous line in order to parse correctly.
1535
1536           Here are several example queries, please note that these are broken
1537           up for easy reading, in your config it should be one continuous
1538           line.
1539
1540           Current default query:
1541               "SELECT preference, value FROM _TABLE_ WHERE username =
1542               _USERNAME_ OR username = '@GLOBAL' ORDER BY username ASC"
1543
1544           Use global and then domain level defaults:
1545               "SELECT preference, value FROM _TABLE_ WHERE username =
1546               _USERNAME_ OR username = '@GLOBAL' OR username = '@~'||_DOMAIN_
1547               ORDER BY username ASC"
1548
1549           Maybe global prefs should override user prefs:
1550               "SELECT preference, value FROM _TABLE_ WHERE username =
1551               _USERNAME_ OR username = '@GLOBAL' ORDER BY username DESC"
1552
1553       user_scores_ldap_username
1554           This is the Bind DN used to connect to the LDAP server.  It
1555           defaults to the empty string (""), allowing anonymous binding to
1556           work.
1557
1558           Example: "cn=master,dc=koehntopp,dc=de"
1559
1560       user_scores_ldap_password
1561           This is the password used to connect to the LDAP server.  It
1562           defaults to the empty string ("").
1563
1564       loadplugin PluginModuleName [/path/module.pm]
1565           Load a SpamAssassin plugin module.  The "PluginModuleName" is the
1566           perl module name, used to create the plugin object itself.
1567
1568           "/path/to/module.pm" is the file to load, containing the module's
1569           perl code; if it's specified as a relative path, it's considered to
1570           be relative to the current configuration file.  If it is omitted,
1571           the module will be loaded using perl's search path (the @INC
1572           array).
1573
1574           See "Mail::SpamAssassin::Plugin" for more details on writing
1575           plugins.
1576
1577       tryplugin PluginModuleName [/path/module.pm]
1578           Same as "loadplugin", but silently ignored if the .pm file cannot
1579           be found in the filesystem.
1580
1581       ignore_always_matching_regexps         (Default: 0)
1582           Ignore any rule which contains a regexp which always matches.
1583           Currently only catches regexps which contain '||', or which begin
1584           or end with a '|'.  Also ignore rules with "some" combinatorial
1585           explosions.
1586

PREPROCESSING OPTIONS

1588       include filename
1589           Include configuration lines from "filename".   Relative paths are
1590           considered relative to the current configuration file or user
1591           preferences file.
1592
1593       if (boolean perl expression)
1594           Used to support conditional interpretation of the configuration
1595           file. Lines between this and a corresponding "else" or "endif" line
1596           will be ignored unless the expression evaluates as true (in the
1597           perl sense; that is, defined and non-0 and non-empty string).
1598
1599           The conditional accepts a limited subset of perl for security --
1600           just enough to perform basic arithmetic comparisons.  The following
1601           input is accepted:
1602
1603           numbers, whitespace, arithmetic operations and grouping
1604               Namely these characters and ranges:
1605
1606                 ( ) - + * / _ . , < = > ! ~ 0-9 whitespace
1607
1608           version
1609               This will be replaced with the version number of the currently-
1610               running SpamAssassin engine.  Note: The version used is in the
1611               internal SpamAssassin version format which is "x.yyyzzz", where
1612               x is major version, y is minor version, and z is maintenance
1613               version.  So 3.0.0 is 3.000000, and 3.4.80 is 3.004080.
1614
1615           plugin(Name::Of::Plugin)
1616               This is a function call that returns 1 if the plugin named
1617               "Name::Of::Plugin" is loaded, or "undef" otherwise.
1618
1619           can(Name::Of::Package::function_name)
1620               This is a function call that returns 1 if the perl package
1621               named "Name::Of::Package" includes a function called
1622               "function_name", or "undef" otherwise.  Note that packages can
1623               be SpamAssassin plugins or built-in classes, there's no
1624               difference in this respect.
1625
1626           If the end of a configuration file is reached while still inside a
1627           "if" scope, a warning will be issued, but parsing will restart on
1628           the next file.
1629
1630           For example:
1631
1632                   if (version > 3.000000)
1633                     header MY_FOO ...
1634                   endif
1635
1636                   loadplugin MyPlugin plugintest.pm
1637
1638                   if plugin (MyPlugin)
1639                     header MY_PLUGIN_FOO  eval:check_for_foo()
1640                     score  MY_PLUGIN_FOO  0.1
1641                   endif
1642
1643       ifplugin PluginModuleName
1644           An alias for "if plugin(PluginModuleName)".
1645
1646       else
1647           Used to support conditional interpretation of the configuration
1648           file. Lines between this and a corresponding "endif" line, will be
1649           ignored unless the conditional expression evaluates as false (in
1650           the perl sense; that is, not defined and not 0 and non-empty
1651           string).
1652
1653       require_version n.nnnnnn
1654           Indicates that the entire file, from this line on, requires a
1655           certain version of SpamAssassin to run.  If a different (older or
1656           newer) version of SpamAssassin tries to read the configuration from
1657           this file, it will output a warning instead, and ignore it.
1658
1659           Note: The version used is in the internal SpamAssassin version
1660           format which is "x.yyyzzz", where x is major version, y is minor
1661           version, and z is maintenance version.  So 3.0.0 is 3.000000, and
1662           3.4.80 is 3.004080.
1663

TEMPLATE TAGS

1665       The following "tags" can be used as placeholders in certain options.
1666       They will be replaced by the corresponding value when they are used.
1667
1668       Some tags can take an argument (in parentheses). The argument is
1669       optional, and the default is shown below.
1670
1671        _YESNOCAPS_       "YES"/"NO" for is/isn't spam
1672        _YESNO_           "Yes"/"No" for is/isn't spam
1673        _SCORE(PAD)_      message score, if PAD is included and is either spaces or
1674                          zeroes, then pad scores with that many spaces or zeroes
1675                          (default, none)  ie: _SCORE(0)_ makes 2.4 become 02.4,
1676                          _SCORE(00)_ is 002.4.  12.3 would be 12.3 and 012.3
1677                          respectively.
1678        _REQD_            message threshold
1679        _VERSION_         version (eg. 3.0.0 or 3.1.0-r26142-foo1)
1680        _SUBVERSION_      sub-version/code revision date (eg. 2004-01-10)
1681        _HOSTNAME_        hostname of the machine the mail was processed on
1682        _REMOTEHOSTNAME_  hostname of the machine the mail was sent from, only
1683                          available with spamd
1684        _REMOTEHOSTADDR_  ip address of the machine the mail was sent from, only
1685                          available with spamd
1686        _BAYES_           bayes score
1687        _TOKENSUMMARY_    number of new, neutral, spammy, and hammy tokens found
1688        _BAYESTC_         number of new tokens found
1689        _BAYESTCLEARNED_  number of seen tokens found
1690        _BAYESTCSPAMMY_   number of spammy tokens found
1691        _BAYESTCHAMMY_    number of hammy tokens found
1692        _HAMMYTOKENS(N)_  the N most significant hammy tokens (default, 5)
1693        _SPAMMYTOKENS(N)_ the N most significant spammy tokens (default, 5)
1694        _DATE_            rfc-2822 date of scan
1695        _STARS(*)_        one "*" (use any character) for each full score point
1696                          (note: limited to 50 'stars')
1697        _RELAYSTRUSTED_   relays used and deemed to be trusted (see the
1698                          'X-Spam-Relays-Trusted' pseudo-header)
1699        _RELAYSUNTRUSTED_ relays used that can not be trusted (see the
1700                          'X-Spam-Relays-Untrusted' pseudo-header)
1701        _RELAYSINTERNAL_  relays used and deemed to be internal (see the
1702                          'X-Spam-Relays-Internal' pseudo-header)
1703        _RELAYSEXTERNAL_  relays used and deemed to be external (see the
1704                          'X-Spam-Relays-External' pseudo-header)
1705        _LASTEXTERNALIP_  IP address of client in the external-to-internal
1706                          SMTP handover
1707        _LASTEXTERNALRDNS_ reverse-DNS of client in the external-to-internal
1708                          SMTP handover
1709        _LASTEXTERNALHELO_ HELO string used by client in the external-to-internal
1710                          SMTP handover
1711        _AUTOLEARN_       autolearn status ("ham", "no", "spam", "disabled",
1712                          "failed", "unavailable")
1713        _AUTOLEARNSCORE_  portion of message score used by autolearn
1714        _TESTS(,)_        tests hit separated by "," (or other separator)
1715        _TESTSSCORES(,)_  as above, except with scores appended (eg. AWL=-3.0,...)
1716        _SUBTESTS(,)_     subtests (start with "__") hit separated by ","
1717                          (or other separator)
1718        _DCCB_            DCC's "Brand"
1719        _DCCR_            DCC's results
1720        _PYZOR_           Pyzor results
1721        _RBL_             full results for positive RBL queries in DNS URI format
1722        _LANGUAGES_       possible languages of mail
1723        _PREVIEW_         content preview
1724        _REPORT_          terse report of tests hit (for header reports)
1725        _SUMMARY_         summary of tests hit for standard report (for body reports)
1726        _CONTACTADDRESS_  contents of the 'report_contact' setting
1727        _HEADER(NAME)_    includes the value of a message header.  value is the same
1728                          as is found for header rules (see elsewhere in this doc)
1729        _TIMING_          timing breakdown report
1730        _ADDEDHEADERHAM_  resulting header fields as requested by add_header for spam
1731        _ADDEDHEADERSPAM_ resulting header fields as requested by add_header for ham
1732        _ADDEDHEADER_     same as ADDEDHEADERHAM for ham or ADDEDHEADERSPAM for spam
1733
1734       If a tag reference uses the name of a tag which is not in this list or
1735       defined by a loaded plugin, the reference will be left intact and not
1736       replaced by any value.
1737
1738       The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
1739       argument which specifies a format.  See the HAMMYTOKENS/SPAMMYTOKENS
1740       TAG FORMAT section, below, for details.
1741
1742   HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
1743       The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
1744       argument which specifies a format: "_SPAMMYTOKENS(N,FMT)_",
1745       "_HAMMYTOKENS(N,FMT)_" The following formats are available:
1746
1747       short
1748           Only the tokens themselves are listed.  For example, preference
1749           file entry:
1750
1751           "add_header all Spammy _SPAMMYTOKENS(2,short)_"
1752
1753           Results in message header:
1754
1755           "X-Spam-Spammy: remove.php, UD:jpg"
1756
1757           Indicating that the top two spammy tokens found are "remove.php"
1758           and "UD:jpg".  (The token itself follows the last colon, the text
1759           before the colon indicates something about the token.  "UD" means
1760           the token looks like it might be part of a domain name.)
1761
1762       compact
1763           The token probability, an abbreviated declassification distance
1764           (see example), and the token are listed.  For example, preference
1765           file entry:
1766
1767           "add_header all Spammy _SPAMMYTOKENS(2,compact)_"
1768
1769           Results in message header:
1770
1771           "0.989-6--remove.php, 0.988-+--UD:jpg"
1772
1773           Indicating that the probabilities of the top two tokens are 0.989
1774           and 0.988, respectively.  The first token has a declassification
1775           distance of 6, meaning that if the token had appeared in at least 6
1776           more ham messages it would not be considered spammy.  The "+" for
1777           the second token indicates a declassification distance greater than
1778           9.
1779
1780       long
1781           Probability, declassification distance, number of times seen in a
1782           ham message, number of times seen in a spam message, age and the
1783           token are listed.
1784
1785           For example, preference file entry:
1786
1787           "add_header all Spammy _SPAMMYTOKENS(2,long)_"
1788
1789           Results in message header:
1790
1791           "X-Spam-Spammy: 0.989-6--0h-4s--4d--remove.php,
1792           0.988-33--2h-25s--1d--UD:jpg"
1793
1794           In addition to the information provided by the compact option, the
1795           long option shows that the first token appeared in zero ham
1796           messages and four spam messages, and that it was last seen four
1797           days ago.  The second token appeared in two ham messages, 25 spam
1798           messages and was last seen one day ago.  (Unlike the "compact"
1799           option, the long option shows declassification distances that are
1800           greater than 9.)
1801

LOCALI[SZ]ATION

1803       A line starting with the text "lang xx" will only be interpreted if the
1804       user is in that locale, allowing test descriptions and templates to be
1805       set for that language.
1806
1807       The locales string should specify either both the language and country,
1808       e.g.  "lang pt_BR", or just the language, e.g. "lang de".
1809

SEE ALSO

1811       "Mail::SpamAssassin" "spamassassin" "spamd"
1812
1813
1814
1815perl v5.10.1                      2010-03-16       Mail::SpamAssassin::Conf(3)