1Mail::SpamAssassin::ConUfs(e3r)Contributed Perl DocumentMaatiilo:n:SpamAssassin::Conf(3)
2
3
4
6 Mail::SpamAssassin::Conf - SpamAssassin configuration file
7
9 # a comment
10
11 rewrite_header Subject *****SPAM*****
12
13 full PARA_A_2_C_OF_1618 /Paragraph .a.{0,10}2.{0,10}C. of S. 1618/i
14 describe PARA_A_2_C_OF_1618 Claims compliance with senate bill 1618
15
16 header FROM_HAS_MIXED_NUMS From =~ /\d+[a-z]+\d+\S*@/i
17 describe FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
18
19 score A_HREF_TO_REMOVE 2.0
20
21 lang es describe FROM_FORGED_HOTMAIL Forzado From: simula ser de hotmail.com
22
23 lang pt_BR report O programa detetor de Spam ZOE [...]
24
26 SpamAssassin is configured using traditional UNIX-style configuration
27 files, loaded from the "/usr/share/spamassassin" and
28 "/etc/mail/spamassassin" directories.
29
30 The following web page lists the most important configuration settings
31 used to configure SpamAssassin; novices are encouraged to read it
32 first:
33
34 http://wiki.apache.org/spamassassin/ImportantInitialConfigItems
35
37 The "#" character starts a comment, which continues until end of line.
38 NOTE: if the "#" character is to be used as part of a rule or
39 configuration option, it must be escaped with a backslash. i.e.: "\#"
40
41 Whitespace in the files is not significant, but please note that
42 starting a line with whitespace is deprecated, as we reserve its use
43 for multi-line rule definitions, at some point in the future.
44
45 Currently, each rule or configuration setting must fit on one-line;
46 multi-line settings are not supported yet.
47
48 File and directory paths can use "~" to refer to the user's home
49 directory, but no other shell-style path extensions such as globing or
50 "~user/" are supported.
51
52 Where appropriate below, default values are listed in parentheses.
53
55 The following options can be used in both site-wide ("local.cf") and
56 user-specific ("user_prefs") configuration files to customize how
57 SpamAssassin handles incoming email messages.
58
59 SCORING OPTIONS
60 required_score n.nn (default: 5)
61 Set the score required before a mail is considered spam. "n.nn"
62 can be an integer or a real number. 5.0 is the default setting,
63 and is quite aggressive; it would be suitable for a single-user
64 setup, but if you're an ISP installing SpamAssassin, you should
65 probably set the default to be more conservative, like 8.0 or 10.0.
66 It is not recommended to automatically delete or discard messages
67 marked as spam, as your users will complain, but if you choose to
68 do so, only delete messages with an exceptionally high score such
69 as 15.0 or higher. This option was previously known as
70 "required_hits" and that name is still accepted, but is deprecated.
71
72 score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]
73 Assign scores (the number of points for a hit) to a given test.
74 Scores can be positive or negative real numbers or integers.
75 "SYMBOLIC_TEST_NAME" is the symbolic name used by SpamAssassin for
76 that test; for example, 'FROM_ENDS_IN_NUMS'.
77
78 If only one valid score is listed, then that score is always used
79 for a test.
80
81 If four valid scores are listed, then the score that is used
82 depends on how SpamAssassin is being used. The first score is used
83 when both Bayes and network tests are disabled (score set 0). The
84 second score is used when Bayes is disabled, but network tests are
85 enabled (score set 1). The third score is used when Bayes is
86 enabled and network tests are disabled (score set 2). The fourth
87 score is used when Bayes is enabled and network tests are enabled
88 (score set 3).
89
90 Setting a rule's score to 0 will disable that rule from running.
91
92 If any of the score values are surrounded by parenthesis '()', then
93 all of the scores in the line are considered to be relative to the
94 already set score. ie: '(3)' means increase the score for this
95 rule by 3 points in all score sets. '(3) (0) (3) (0)' means
96 increase the score for this rule by 3 in score sets 0 and 2 only.
97
98 If no score is given for a test by the end of the configuration, a
99 default score is assigned: a score of 1.0 is used for all tests,
100 except those whose names begin with 'T_' (this is used to indicate
101 a rule in testing) which receive 0.01.
102
103 Note that test names which begin with '__' are indirect rules used
104 to compose meta-match rules and can also act as prerequisites to
105 other rules. They are not scored or listed in the 'tests hit'
106 reports, but assigning a score of 0 to an indirect rule will
107 disable it from running.
108
109 WHITELIST AND BLACKLIST OPTIONS
110 whitelist_from user@example.com
111 Used to whitelist sender addresses which send mail that is often
112 tagged (incorrectly) as spam.
113
114 Use of this setting is not recommended, since it blindly trusts the
115 message, which is routinely and easily forged by spammers and phish
116 senders. The recommended solution is to instead use
117 "whitelist_auth" or other authenticated whitelisting methods, or
118 "whitelist_from_rcvd".
119
120 Whitelist and blacklist addresses are now file-glob-style patterns,
121 so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
122 work. Specifically, "*" and "?" are allowed, but all other
123 metacharacters are not. Regular expressions are not used for
124 security reasons. Matching is case-insensitive.
125
126 Multiple addresses per line, separated by spaces, is OK. Multiple
127 "whitelist_from" lines are also OK.
128
129 The headers checked for whitelist addresses are as follows: if
130 "Resent-From" is set, use that; otherwise check all addresses taken
131 from the following set of headers:
132
133 Envelope-Sender
134 Resent-Sender
135 X-Envelope-From
136 From
137
138 In addition, the "envelope sender" data, taken from the SMTP
139 envelope data where this is available, is looked up. See
140 "envelope_sender_header".
141
142 e.g.
143
144 whitelist_from joe@example.com fred@example.com
145 whitelist_from *@example.com
146
147 unwhitelist_from user@example.com
148 Used to override a default whitelist_from entry, so for example a
149 distribution whitelist_from can be overridden in a local.cf file,
150 or an individual user can override a whitelist_from entry in their
151 own "user_prefs" file. The specified email address has to match
152 exactly (although case-insensitively) the address previously used
153 in a whitelist_from line, which implies that a wildcard only
154 matches literally the same wildcard (not 'any' address).
155
156 e.g.
157
158 unwhitelist_from joe@example.com fred@example.com
159 unwhitelist_from *@example.com
160
161 whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
162 Works similarly to whitelist_from, except that in addition to
163 matching a sender address, a relay's rDNS name or its IP address
164 must match too for the whitelisting rule to fire. The first
165 parameter is a sender's e-mail address to whitelist, and the second
166 is a string to match the relay's rDNS, or its IP address. Matching
167 is case-insensitive.
168
169 This second parameter is matched against a TCP-info information
170 field as provided in a FROM clause of a trace information (i.e. in
171 a Received header field, see RFC 5321). Only the Received header
172 fields inserted by trusted hosts are considered. This parameter can
173 either be a full hostname, or a domain component of that hostname,
174 or an IP address (optionally followed by a slash and a prefix
175 length) in square brackets. The address prefix (mask) length with a
176 slash may stand within brackets along with an address, or may
177 follow the bracketed address. Reverse DNS lookup is done by an MTA,
178 not by SpamAssassin.
179
180 For backward compatibility as an alternative to a CIDR notation, an
181 IPv4 address in brackets may be truncated on classful boundaries to
182 cover whole subnets, e.g. "[10.1.2.3]", "[10.1.2]", "[10.1]",
183 "[10]".
184
185 In other words, if the host that connected to your MX had an IP
186 address 192.0.2.123 that mapped to 'sendinghost.example.org', you
187 should specify "sendinghost.example.org", or "example.org", or
188 "[192.0.2.123]", or "[192.0.2.0/24]", or "[192.0.2]" here.
189
190 Note that this requires that "internal_networks" be correct. For
191 simple cases, it will be, but for a complex network you may get
192 better results by setting that parameter.
193
194 It also requires that your mail exchangers be configured to perform
195 DNS reverse lookups on the connecting host's IP address, and to
196 record the result in the generated Received header field according
197 to RFC 5321.
198
199 e.g.
200
201 whitelist_from_rcvd joe@example.com example.com
202 whitelist_from_rcvd *@* mail.example.org
203 whitelist_from_rcvd *@axkit.org [192.0.2.123]
204 whitelist_from_rcvd *@axkit.org [192.0.2.0/24]
205 whitelist_from_rcvd *@axkit.org [192.0.2.0]/24
206 whitelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
207 whitelist_from_rcvd *@axkit.org [2001:db8:1234::]/48
208
209 def_whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
210 Same as "whitelist_from_rcvd", but used for the default whitelist
211 entries in the SpamAssassin distribution. The whitelist score is
212 lower, because these are often targets for spammer spoofing.
213
214 whitelist_allows_relays user@example.com
215 Specify addresses which are in "whitelist_from_rcvd" that sometimes
216 send through a mail relay other than the listed ones. By default
217 mail with a From address that is in "whitelist_from_rcvd" that does
218 not match the relay will trigger a forgery rule. Including the
219 address in "whitelist_allows_relay" prevents that.
220
221 Whitelist and blacklist addresses are now file-glob-style patterns,
222 so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
223 work. Specifically, "*" and "?" are allowed, but all other
224 metacharacters are not. Regular expressions are not used for
225 security reasons. Matching is case-insensitive.
226
227 Multiple addresses per line, separated by spaces, is OK. Multiple
228 "whitelist_allows_relays" lines are also OK.
229
230 The specified email address does not have to match exactly the
231 address previously used in a whitelist_from_rcvd line as it is
232 compared to the address in the header.
233
234 e.g.
235
236 whitelist_allows_relays joe@example.com fred@example.com
237 whitelist_allows_relays *@example.com
238
239 unwhitelist_from_rcvd user@example.com
240 Used to override a default whitelist_from_rcvd entry, so for
241 example a distribution whitelist_from_rcvd can be overridden in a
242 local.cf file, or an individual user can override a
243 whitelist_from_rcvd entry in their own "user_prefs" file.
244
245 The specified email address has to match exactly the address
246 previously used in a whitelist_from_rcvd line.
247
248 e.g.
249
250 unwhitelist_from_rcvd joe@example.com fred@example.com
251 unwhitelist_from_rcvd *@axkit.org
252
253 blacklist_from user@example.com
254 Used to specify addresses which send mail that is often tagged
255 (incorrectly) as non-spam, but which the user doesn't want. Same
256 format as "whitelist_from".
257
258 unblacklist_from user@example.com
259 Used to override a default blacklist_from entry, so for example a
260 distribution blacklist_from can be overridden in a local.cf file,
261 or an individual user can override a blacklist_from entry in their
262 own "user_prefs" file. The specified email address has to match
263 exactly the address previously used in a blacklist_from line.
264
265 e.g.
266
267 unblacklist_from joe@example.com fred@example.com
268 unblacklist_from *@spammer.com
269
270 whitelist_to user@example.com
271 If the given address appears as a recipient in the message headers
272 (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
273 be whitelisted. Useful if you're deploying SpamAssassin system-
274 wide, and don't want some users to have their mail filtered. Same
275 format as "whitelist_from".
276
277 There are three levels of To-whitelisting, "whitelist_to",
278 "more_spam_to" and "all_spam_to". Users in the first level may
279 still get some spammish mails blocked, but users in "all_spam_to"
280 should never get mail blocked.
281
282 The headers checked for whitelist addresses are as follows: if
283 "Resent-To" or "Resent-Cc" are set, use those; otherwise check all
284 addresses taken from the following set of headers:
285
286 To
287 Cc
288 Apparently-To
289 Delivered-To
290 Envelope-Recipients
291 Apparently-Resent-To
292 X-Envelope-To
293 Envelope-To
294 X-Delivered-To
295 X-Original-To
296 X-Rcpt-To
297 X-Real-To
298
299 more_spam_to user@example.com
300 See above.
301
302 all_spam_to user@example.com
303 See above.
304
305 blacklist_to user@example.com
306 If the given address appears as a recipient in the message headers
307 (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
308 be blacklisted. Same format as "blacklist_from".
309
310 whitelist_auth user@example.com
311 Used to specify addresses which send mail that is often tagged
312 (incorrectly) as spam. This is different from "whitelist_from" and
313 "whitelist_from_rcvd" in that it first verifies that the message
314 was sent by an authorized sender for the address, before
315 whitelisting.
316
317 Authorization is performed using one of the installed sender-
318 authorization schemes: SPF (using
319 "Mail::SpamAssassin::Plugin::SPF"), or DKIM (using
320 "Mail::SpamAssassin::Plugin::DKIM"). Note that those plugins must
321 be active, and working, for this to operate.
322
323 Using "whitelist_auth" is roughly equivalent to specifying
324 duplicate "whitelist_from_spf", "whitelist_from_dk", and
325 "whitelist_from_dkim" lines for each of the addresses specified.
326
327 e.g.
328
329 whitelist_auth joe@example.com fred@example.com
330 whitelist_auth *@example.com
331
332 def_whitelist_auth user@example.com
333 Same as "whitelist_auth", but used for the default whitelist
334 entries in the SpamAssassin distribution. The whitelist score is
335 lower, because these are often targets for spammer spoofing.
336
337 unwhitelist_auth user@example.com
338 Used to override a "whitelist_auth" entry. The specified email
339 address has to match exactly the address previously used in a
340 "whitelist_auth" line.
341
342 e.g.
343
344 unwhitelist_auth joe@example.com fred@example.com
345 unwhitelist_auth *@example.com
346
347 enlist_uri_host (listname) host ...
348 Adds one or more host names or domain names to a named list of URI
349 domains. The named list can then be consulted through a
350 check_uri_host_listed() eval rule implemented by the WLBLEval
351 plugin, which takes the list name as an argument. Parenthesis
352 around a list name are literal - a required syntax.
353
354 Host names may optionally be prefixed by an exclamantion mark '!',
355 which produces false as a result if this entry matches. This makes
356 it easier to exclude some subdomains when their superdomain is
357 listed, for example:
358
359 enlist_uri_host (MYLIST) !sub1.example.com !sub2.example.com example.com
360
361 No wildcards are supported, but subdomains do match implicitly.
362 Lists are independent. Search for each named list starts by looking
363 up the full hostname first, then leading fields are progressively
364 stripped off (e.g.: sub.example.com, example.com, com) until a
365 match is found or we run out of fields. The first matching entry
366 (the most specific) determines if a lookup yielded a true (no '!'
367 prefix) or a false (with a '!' prefix) result.
368
369 If an URL found in a message contains an IP address in place of a
370 host name, the given list must specify the exact same IP address
371 (instead of a host name) in order to match.
372
373 Use the delist_uri_host directive to neutralize previous
374 enlist_uri_host settings.
375
376 Enlisting to lists named 'BLACK' and 'WHITE' have their shorthand
377 directives blacklist_uri_host and whitelist_uri_host and
378 corresponding default rules, but the names 'BLACK' and 'WHITE' are
379 otherwise not special or reserved.
380
381 delist_uri_host [ (listname) ] host ...
382 Removes one or more specified host names from a named list of URI
383 domains. Removing an unlisted name is ignored (is not an error).
384 Listname is optional, if specified then just the named list is
385 affected, otherwise hosts are removed from all URI host lists
386 created so far. Parenthesis around a list name are a required
387 syntax.
388
389 Note that directives in configuration files are processed in
390 sequence, the delist_uri_host only applies to previously listed
391 entries and has no effect on enlisted entries in yet-to-be-
392 processed directives.
393
394 For convenience (similarity to the enlist_uri_host directive)
395 hostnames may be prefixed by a an exclamation mark, which is
396 stripped off from each name and has no meaning here.
397
398 enlist_addrlist (listname) user@example.com
399 Adds one or more addresses to a named list of addresses. The named
400 list can then be consulted through a check_from_in_list() or a
401 check_to_in_list() eval rule implemented by the WLBLEval plugin,
402 which takes the list name as an argument. Parenthesis around a list
403 name are literal - a required syntax.
404
405 Listed addresses are file-glob-style patterns, so
406 "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
407 work. Specifically, "*" and "?" are allowed, but all other
408 metacharacters are not. Regular expressions are not used for
409 security reasons. Matching is case-insensitive.
410
411 Multiple addresses per line, separated by spaces, is OK. Multiple
412 "enlist_addrlist" lines are also OK.
413
414 Enlisting an address to the list named blacklist_to is synonymous
415 to using the directive blacklist_to
416
417 Enlisting an address to the list named blacklist_from is synonymous
418 to using the directive blacklist_from
419
420 Enlisting an address to the list named whitelist_to is synonymous
421 to using the directive whitelist_to
422
423 Enlisting an address to the list named whitelist_from is synonymous
424 to using the directive whitelist_from
425
426 e.g.
427
428 enlist_addrlist (PAYPAL_ADDRESS) service@paypal.com
429 enlist_addrlist (PAYPAL_ADDRESS) *@paypal.co.uk
430
431 blacklist_uri_host host-or-domain ...
432 Is a shorthand for a directive: enlist_uri_host (BLACK) host ...
433
434 Please see directives enlist_uri_host and delist_uri_host for
435 details.
436
437 whitelist_uri_host host-or-domain ...
438 Is a shorthand for a directive: enlist_uri_host (BLACK) host ...
439
440 Please see directives enlist_uri_host and delist_uri_host for
441 details.
442
443 BASIC MESSAGE TAGGING OPTIONS
444 rewrite_header { subject | from | to } STRING
445 By default, suspected spam messages will not have the "Subject",
446 "From" or "To" lines tagged to indicate spam. By setting this
447 option, the header will be tagged with "STRING" to indicate that a
448 message is spam. For the From or To headers, this will take the
449 form of an RFC 2822 comment following the address in parantheses.
450 For the Subject header, this will be prepended to the original
451 subject. Note that you should only use the _REQD_ and _SCORE_ tags
452 when rewriting the Subject header if "report_safe" is 0. Otherwise,
453 you may not be able to remove the SpamAssassin markup via the
454 normal methods. More information about tags is explained below in
455 the TEMPLATE TAGS section.
456
457 Parentheses are not permitted in STRING if rewriting the From or To
458 headers. (They will be converted to square brackets.)
459
460 If "rewrite_header subject" is used, but the message being
461 rewritten does not already contain a "Subject" header, one will be
462 created.
463
464 A null value for "STRING" will remove any existing rewrite for the
465 specified header.
466
467 add_header { spam | ham | all } header_name string
468 Customized headers can be added to the specified type of messages
469 (spam, ham, or "all" to add to either). All headers begin with
470 "X-Spam-" (so a "header_name" Foo will generate a header called
471 X-Spam-Foo). header_name is restricted to the character set
472 [A-Za-z0-9_-].
473
474 The order of "add_header" configuration options is preserved,
475 inserted headers will follow this order of declarations. When
476 combining "add_header" with "clear_headers" and "remove_header",
477 keep in mind that "add_header" appends a new header to the current
478 list, after first removing any existing header fields of the same
479 name. Note also that "add_header", "clear_headers" and
480 "remove_header" may appear in multiple .cf files, which are
481 interpreted in alphabetic order.
482
483 "string" can contain tags as explained below in the TEMPLATE TAGS
484 section. You can also use "\n" and "\t" in the header to add
485 newlines and tabulators as desired. A backslash has to be written
486 as \\, any other escaped chars will be silently removed.
487
488 All headers will be folded if fold_headers is set to 1. Note:
489 Manually adding newlines via "\n" disables any further automatic
490 wrapping (ie: long header lines are possible). The lines will still
491 be properly folded (marked as continuing) though.
492
493 You can customize existing headers with add_header (only the
494 specified subset of messages will be changed).
495
496 See also "clear_headers" and "remove_header" for removing headers.
497
498 Here are some examples (these are the defaults, note that Checker-
499 Version can not be changed or removed):
500
501 add_header spam Flag _YESNOCAPS_
502 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
503 add_header all Level _STARS(*)_
504 add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
505
506 remove_header { spam | ham | all } header_name
507 Headers can be removed from the specified type of messages (spam,
508 ham, or "all" to remove from either). All headers begin with
509 "X-Spam-" (so "header_name" will be appended to "X-Spam-").
510
511 See also "clear_headers" for removing all the headers at once.
512
513 Note that X-Spam-Checker-Version is not removable because the
514 version information is needed by mail administrators and developers
515 to debug problems. Without at least one header, it might not even
516 be possible to determine that SpamAssassin is running.
517
518 clear_headers
519 Clear the list of headers to be added to messages. You may use
520 this before any add_header options to prevent the default headers
521 from being added to the message.
522
523 "add_header", "clear_headers" and "remove_header" may appear in
524 multiple .cf files, which are interpreted in alphabetic order, so
525 "clear_headers" in a later file will remove all added headers from
526 previously interpreted configuration files, which may or may not be
527 desired.
528
529 Note that X-Spam-Checker-Version is not removable because the
530 version information is needed by mail administrators and developers
531 to debug problems. Without at least one header, it might not even
532 be possible to determine that SpamAssassin is running.
533
534 report_safe ( 0 | 1 | 2 ) (default: 1)
535 if this option is set to 1, if an incoming message is tagged as
536 spam, instead of modifying the original message, SpamAssassin will
537 create a new report message and attach the original message as a
538 message/rfc822 MIME part (ensuring the original message is
539 completely preserved, not easily opened, and easier to recover).
540
541 If this option is set to 2, then original messages will be attached
542 with a content type of text/plain instead of message/rfc822. This
543 setting may be required for safety reasons on certain broken mail
544 clients that automatically load attachments without any action by
545 the user. This setting may also make it somewhat more difficult to
546 extract or view the original message.
547
548 If this option is set to 0, incoming spam is only modified by
549 adding some "X-Spam-" headers and no changes will be made to the
550 body. In addition, a header named X-Spam-Report will be added to
551 spam. You can use the remove_header option to remove that header
552 after setting report_safe to 0.
553
554 See report_safe_copy_headers if you want to copy headers from the
555 original mail into tagged messages.
556
557 report_wrap_width (default: 70)
558 This option sets the wrap width for description lines in the
559 X-Spam-Report header, not accounting for tab width.
560
561 LANGUAGE OPTIONS
562 ok_locales xx [ yy zz ... ] (default: all)
563 This option is used to specify which locales are considered OK for
564 incoming mail. Mail using the character sets that are allowed by
565 this option will not be marked as possibly being spam in a foreign
566 language.
567
568 If you receive lots of spam in foreign languages, and never get any
569 non-spam in these languages, this may help. Note that all
570 ISO-8859-* character sets, and Windows code page character sets,
571 are always permitted by default.
572
573 Set this to "all" to allow all character sets. This is the
574 default.
575
576 The rules "CHARSET_FARAWAY", "CHARSET_FARAWAY_BODY", and
577 "CHARSET_FARAWAY_HEADERS" are triggered based on how this is set.
578
579 Examples:
580
581 ok_locales all (allow all locales)
582 ok_locales en (only allow English)
583 ok_locales en ja zh (allow English, Japanese, and Chinese)
584
585 Note: if there are multiple ok_locales lines, only the last one is
586 used.
587
588 Select the locales to allow from the list below:
589
590 en - Western character sets in general
591 ja - Japanese character sets
592 ko - Korean character sets
593 ru - Cyrillic character sets
594 th - Thai character sets
595 zh - Chinese (both simplified and traditional) character sets
596 normalize_charset ( 0 | 1) (default: 0)
597 Whether to decode non- UTF-8 and non-ASCII textual parts and recode
598 them to UTF-8 before the text is given over to rules processing.
599 The character set used for attempted decoding is primarily based on
600 a declared character set in a Content-Type header, but if the
601 decoding attempt fails a module Encode::Detect::Detector is
602 consulted (if available) to provide a guess based on the actual
603 text, and decoding is re-attempted. Even if the option is enabled
604 no unnecessary decoding and re-encoding work is done when possible
605 (like with an all-ASCII text with a US-ASCII or extended ASCII
606 character set declaration, e.g. UTF-8 or ISO-8859-nn or Windows-
607 nnnn).
608
609 Unicode support in old versions of perl or in a core module Encode
610 is likely to be buggy in places, so if the normalize_charset
611 function is enabled it is advised to stick to more recent versions
612 of perl (preferably 5.12 or later). The module
613 Encode::Detect::Detector is optional, when necessary it will be
614 used if it is available.
615
616 NETWORK TEST OPTIONS
617 trusted_networks IPaddress[/masklen] ... (default: none)
618 What networks or hosts are 'trusted' in your setup. Trusted in
619 this case means that relay hosts on these networks are considered
620 to not be potentially operated by spammers, open relays, or open
621 proxies. A trusted host could conceivably relay spam, but will not
622 originate it, and will not forge header data. DNS blacklist checks
623 will never query for hosts on these networks.
624
625 See "http://wiki.apache.org/spamassassin/TrustPath" for more
626 information.
627
628 MXes for your domain(s) and internal relays should also be
629 specified using the "internal_networks" setting. When there are
630 'trusted' hosts that are not MXes or internal relays for your
631 domain(s) they should only be specified in "trusted_networks".
632
633 The "IPaddress" can be an IPv4 address (in a dot-quad form), or an
634 IPv6 address optionally enclosed in square brackets. Scoped link-
635 local IPv6 addresses are syntactically recognized but the interface
636 scope is currently ignored (e.g. [fe80::1234%eth0] ) and should be
637 avoided.
638
639 If a "/masklen" is specified, it is considered a CIDR-style
640 'netmask' length, specified in bits. If it is not specified, but
641 less than 4 octets of an IPv4 address are specified with a trailing
642 dot, an implied netmask length covers all addresses in remaining
643 octets (i.e. implied masklen is /8 or /16 or /24). If masklen is
644 not specified, and there is not trailing dot, then just a single IP
645 address specified is used, as if the masklen were "/32" with an
646 IPv4 address, or "/128" in case of an IPv6 address.
647
648 If a network or host address is prefaced by a "!" the matching
649 network or host will be excluded from the list even if a less
650 specific (shorter netmask length) subnet is later specified in the
651 list. This allows a subset of a wider network to be exempt. In case
652 of specifying overlapping subnets, specify more specific subnets
653 first (tighter matching, i.e. with a longer netmask length),
654 followed by less specific (shorter netmask length) subnets to get
655 predictable results regarless of the search algorithm used - when
656 Net::Patricia module is installed the search finds the tightest
657 matching entry in the list, while a sequential search as used in
658 absence of the module Net::Patricia will find the first matching
659 entry in the list.
660
661 Note: 127.0.0.0/8 and ::1 are always included in trusted_networks,
662 regardless of your config.
663
664 Examples:
665
666 trusted_networks 192.168.0.0/16 # all in 192.168.*.*
667 trusted_networks 192.168. # all in 192.168.*.*
668 trusted_networks 212.17.35.15 # just that host
669 trusted_networks !10.0.1.5 10.0.1/24 # all in 10.0.1.* but not 10.0.1.5
670 trusted_networks 2001:db8:1::1 !2001:db8:1::/64 2001:db8::/32
671 # 2001:db8::/32 and 2001:db8:1::1/128, except the rest of 2001:db8:1::/64
672
673 This operates additively, so a "trusted_networks" line after
674 another one will append new entries to the list of trusted
675 networks. To clear out the existing entries, use
676 "clear_trusted_networks".
677
678 If "trusted_networks" is not set and "internal_networks" is, the
679 value of "internal_networks" will be used for this parameter.
680
681 If neither "trusted_networks" or "internal_networks" is set, a
682 basic inference algorithm is applied. This works as follows:
683
684 · If the 'from' host has an IP address in a private (RFC 1918)
685 network range, then it's trusted
686
687 · If there are authentication tokens in the received header, and
688 the previous host was trusted, then this host is also trusted
689
690 · Otherwise this host, and all further hosts, are consider
691 untrusted.
692
693 clear_trusted_networks
694 Empty the list of trusted networks.
695
696 internal_networks IPaddress[/masklen] ... (default: none)
697 What networks or hosts are 'internal' in your setup. Internal
698 means that relay hosts on these networks are considered to be MXes
699 for your domain(s), or internal relays. This uses the same syntax
700 as "trusted_networks", above - see there for details.
701
702 This value is used when checking 'dial-up' or dynamic IP address
703 blocklists, in order to detect direct-to-MX spamming.
704
705 Trusted relays that accept mail directly from dial-up connections
706 (i.e. are also performing a role of mail submission agents - MSA)
707 should not be listed in "internal_networks". List them only in
708 "trusted_networks".
709
710 If "trusted_networks" is set and "internal_networks" is not, the
711 value of "trusted_networks" will be used for this parameter.
712
713 If neither "trusted_networks" nor "internal_networks" is set, no
714 addresses will be considered local; in other words, any relays past
715 the machine where SpamAssassin is running will be considered
716 external.
717
718 Every entry in "internal_networks" must appear in
719 "trusted_networks"; in other words, "internal_networks" is always a
720 subset of the trusted set.
721
722 Note: 127/8 and ::1 are always included in internal_networks,
723 regardless of your config.
724
725 clear_internal_networks
726 Empty the list of internal networks.
727
728 msa_networks IPaddress[/masklen] ... (default: none)
729 The networks or hosts which are acting as MSAs in your setup (but
730 not also as MX relays). This uses the same syntax as
731 "trusted_networks", above - see there for details.
732
733 MSA means that the relay hosts on these networks accept mail from
734 your own users and authenticates them appropriately. These relays
735 will never accept mail from hosts that aren't authenticated in some
736 way. Examples of authentication include, IP lists, SMTP AUTH, POP-
737 before-SMTP, etc.
738
739 All relays found in the message headers after the MSA relay will
740 take on the same trusted and internal classifications as the MSA
741 relay itself, as defined by your trusted_networks and
742 internal_networks configuration.
743
744 For example, if the MSA relay is trusted and internal so will all
745 of the relays that precede it.
746
747 When using msa_networks to identify an MSA it is recommended that
748 you treat that MSA as both trusted and internal. When an MSA is
749 not included in msa_networks you should treat the MSA as trusted
750 but not internal, however if the MSA is also acting as an MX or
751 intermediate relay you must always treat it as both trusted and
752 internal and ensure that the MSA includes visible auth tokens in
753 its Received header to identify submission clients.
754
755 Warning: Never include an MSA that also acts as an MX (or is also
756 an intermediate relay for an MX) or otherwise accepts mail from
757 non-authenticated users in msa_networks. Doing so will result in
758 unknown external relays being trusted.
759
760 clear_msa_networks
761 Empty the list of msa networks.
762
763 originating_ip_headers header ... (default: X-Yahoo-Post-IP
764 X-Originating-IP X-Apparently-From X-SenderIP)
765 A list of header field names from which an originating IP address
766 can be obtained. For example, webmail servers may record a client
767 IP address in X-Originating-IP.
768
769 These IP addresses are virtually appended into the Received: chain,
770 so they are used in RBL checks where appropriate.
771
772 Currently the IP addresses are not added into X-Spam-Relays-*
773 header fields, but they may be in the future.
774
775 clear_originating_ip_headers
776 Empty the list of 'originating IP address' header field names.
777
778 always_trust_envelope_sender ( 0 | 1 ) (default: 0)
779 Trust the envelope sender even if the message has been passed
780 through one or more trusted relays. See also
781 "envelope_sender_header".
782
783 skip_rbl_checks ( 0 | 1 ) (default: 0)
784 Turning on the skip_rbl_checks setting will disable the DNSEval
785 plugin, which implements Real-time Block List (or: Blackhole List)
786 (RBL) lookups.
787
788 By default, SpamAssassin will run RBL checks. Individual blocklists
789 may be disabled selectively by setting a score of a corresponding
790 rule to 0.
791
792 See also a related configuration parameter skip_uribl_checks, which
793 controls the URIDNSBL plugin (documented in the URIDNSBL man page).
794
795 dns_available { yes | no | test[: domain1 domain2...] } (default:
796 yes)
797 Tells SpamAssassin whether DNS resolving is available or not. A
798 value yes indicates DNS resolving is available, a value no
799 indicates DNS resolving is not available - both of these values
800 apply unconditionally and skip initial DNS tests, which can be slow
801 or unreliable.
802
803 When the option value is a test (with or without arguments),
804 SpamAssassin will query some domain names on the internet during
805 initialization, attempting to determine if DNS resolving is working
806 or not. A space-separated list of domain names may be specified
807 explicitly, or left to a built-in default of a dozen or so domain
808 names. From an explicit or a default list a subset of three domain
809 names is picked randomly for checking. The test queries for NS
810 records of these domain: if at least one query returns a success
811 then SpamAssassin considers DNS resolving as available, otherwise
812 not.
813
814 The problem is that the test can introduce some startup delay if a
815 network connection is down, and in some cases it can wrongly guess
816 that DNS is unavailable because a test connection failed, what
817 causes disabling several DNS-dependent tests.
818
819 Please note, the DNS test queries for NS records, so specify domain
820 names, not host names.
821
822 Since version 3.4.0 of SpamAssassin a default setting for option
823 dns_available is yes. A default in older versions was test.
824
825 dns_server ip-addr-port (default: entries provided by Net::DNS)
826 Specifies an IP address of a DNS server, and optionally its port
827 number. The dns_server directive may be specified multiple times,
828 each entry adding to a list of available resolving name servers.
829 The ip-addr-port argument can either be an IPv4 or IPv6 address,
830 optionally enclosed in brackets, and optionally followed by a colon
831 and a port number. In absence of a port number a standard port
832 number 53 is assumed. When an IPv6 address is specified along with
833 a port number, the address must be enclosed in brackets to avoid
834 parsing ambiguity regarding a colon separator. A scoped link-local
835 IP address is allowed (assuming underlying modules allow it).
836
837 Examples :
838 dns_server 127.0.0.1
839 dns_server 127.0.0.1:53
840 dns_server [127.0.0.1]:53
841 dns_server [::1]:53
842 dns_server fe80::1%lo0
843 dns_server [fe80::1%lo0]:53
844
845 In absence of dns_server directives, the list of name servers is
846 provided by Net::DNS module, which typically obtains the list from
847 /etc/resolv.conf, but this may be platform dependent. Please
848 consult the Net::DNS::Resolver documentation for details.
849
850 clear_dns_servers
851 Empty the list of explicitly configured DNS servers through a
852 dns_server directive, falling back to Net::DNS -supplied defaults.
853
854 dns_local_ports_permit ranges...
855 Add the specified ports or ports ranges to the set of allowed port
856 numbers that can be used as local port numbers when sending DNS
857 queries to a resolver.
858
859 The argument is a whitespace-separated or a comma-separated list of
860 single port numbers n, or port number pairs (i.e. m-n) delimited by
861 a '-', representing a range. Allowed port numbers are between 1 and
862 65535.
863
864 Directives dns_local_ports_permit and dns_local_ports_avoid are
865 processed in order in which they appear in configuration files.
866 Each directive adds (or subtracts) its subsets of ports to a
867 current set of available ports. Whatever is left in the set by the
868 end of configuration processing is made available to a DNS
869 resolving client code.
870
871 If the resulting set of port numbers is empty (see also the
872 directive dns_local_ports_none), then SpamAssassin does not apply
873 its ports randomization logic, but instead leaves the operating
874 system to choose a suitable free local port number.
875
876 The initial set consists of all port numbers in the range
877 1024-65535. Note that system config files already modify the set
878 and remove all the IANA registered port numbers and some other
879 ranges, so there is rarely a need to adjust the ranges by site-
880 specific directives.
881
882 See also directives dns_local_ports_permit and
883 dns_local_ports_none.
884
885 dns_local_ports_avoid ranges...
886 Remove specified ports or ports ranges from the set of allowed port
887 numbers that can be used as local port numbers when sending DNS
888 queries to a resolver.
889
890 Please see directive dns_local_ports_permit for details.
891
892 dns_local_ports_none
893 Is a fast shorthand for:
894
895 dns_local_ports_avoid 1-65535
896
897 leaving the set of available DNS query local port numbers empty. In
898 all respects (apart from speed) it is equivalent to the shown
899 directive, and can be freely mixed with dns_local_ports_permit and
900 dns_local_ports_avoid.
901
902 If the resulting set of port numbers is empty, then SpamAssassin
903 does not apply its ports randomization logic, but instead leaves
904 the operating system to choose a suitable free local port number.
905
906 See also directives dns_local_ports_permit and
907 dns_local_ports_avoid.
908
909 dns_test_interval n (default: 600 seconds)
910 If dns_available is set to test, the dns_test_interval time in
911 number of seconds will tell SpamAssassin how often to retest for
912 working DNS. A numeric value is optionally suffixed by a time unit
913 (s, m, h, d, w, indicating seconds (default), minutes, hours, days,
914 weeks).
915
916 dns_options opts (default: norotate, nodns0x20, edns=4096)
917 Provides a (whitespace or comma -separated) list of options
918 applying to DNS resolving. Available options are: rotate, dns0x20
919 and edns (or edns0). Option name may be negated by prepending a no
920 (e.g. norotate, NoEDNS) to counteract a previously enabled option.
921 Option names are not case-sensitive. The dns_options directive may
922 appear in configuration files multiple times, the last setting
923 prevails.
924
925 Option edns (or edsn0) may take a value which specifies a
926 requestor's acceptable UDP payload size according to EDNS0
927 specifications (RFC 6891, ex RFC 2671) e.g. edns=4096. When EDNS0
928 is off (noedns or edns=512) a traditional implied UDP payload size
929 is 512 bytes, which is also a minimum allowed value for this
930 option. When the option is specified but a value is not provided, a
931 conservative default of 1220 bytes is implied. It is recommended to
932 keep edns enabled when using a local recursive DNS server which
933 supports EDNS0 (like most modern DNS servers do), a suitable
934 setting in this case is edns=4096, which is also a default.
935 Allowing UDP payload size larger than 512 bytes can avoid
936 truncation of resource records in large DNS responses (like in TXT
937 records of some SPF and DKIM responses, or when an unreasonable
938 number of A records is published by some domain). The option should
939 be disabled when a recursive DNS server is only reachable through
940 non- RFC 6891 compliant middleboxes (such as some old-fashioned
941 firewall) which bans DNS UDP payload sizes larger than 512 bytes. A
942 suitable value when a non-local recursive DNS server is used and a
943 middlebox does allow EDNS0 but blocks fragmented IP packets is
944 perhaps 1220 bytes, allowing a DNS UDP packet to fit within a
945 single IP packet in most cases (a slightly less conservative range
946 would be 1280-1410 bytes).
947
948 Option rotate causes SpamAssassin to choose a DNS server at random
949 from all servers listed in "/etc/resolv.conf" every
950 dns_test_interval seconds, effectively spreading the load over all
951 currently available DNS servers when there are many spamd workers.
952
953 Option dns0x20 enables randomization of letters in a DNS query
954 label according to draft-vixie-dnsext-dns0x20, decreasing a chance
955 of collisions of responses (by chance or by a malicious intent) by
956 increasing spread as provided by a 16-bit query ID and up to 16
957 bits of a port number, with additional bits as encoded by flipping
958 case (upper/lower) of letters in a query. The number of additional
959 random bits corresponds to the number of letters in a query label.
960 Should work reliably with all mainstream DNS servers - do not turn
961 on if you see frequent info messages "dns: no callback for id:" in
962 the log, or if RBL or URIDNS lookups do not work for no apparent
963 reason.
964
965 dns_query_restriction (allow|deny) domain1 domain2 ...
966 Option allows disabling of rules which would result in a DNS query
967 to one of the listed domains. The first argument must be a literal
968 "allow" or "deny", remaining arguments are domains names.
969
970 Most DNS queries (with some exceptions) are subject to
971 dns_query_restriction. A domain to be queried is successively
972 stripped-off of its leading labels (thus yielding a series of its
973 parent domains), and on each iteration a check is made against an
974 associative array generated by dns_query_restriction options.
975 Search stops at the first match (i.e. the tightest match), and the
976 matching entry with its "allow" or "deny" value then controls
977 whether a DNS query is allowed to be launched.
978
979 If no match is found an implicit default is to allow a query. The
980 purpose of an explicit "allow" entry is to be able to override a
981 previously configured "deny" on the same domain or to override an
982 entry (possibly yet to be configured in subsequent config
983 directives) on one of its parent domains. Thus an 'allow
984 zen.spamhaus.org' with a 'deny spamhaus.org' would permit DNS
985 queries on a specific DNS BL zone but deny queries to other zones
986 under the same parent domain.
987
988 Domains are matched case-insensitively, no wildcards are
989 recognized, there should be no leading or trailing dot.
990
991 Specifying a block on querying a domain name has a similar effect
992 as setting a score of corresponding DNSBL and URIBL rules to zero,
993 and can be a handy alternative to hunting for such rules when a
994 site policy does not allow certain DNS block lists to be queried.
995
996 Example:
997 dns_query_restriction deny dnswl.org surbl.org
998 dns_query_restriction allow zen.spamhaus.org
999 dns_query_restriction deny spamhaus.org mailspike.net
1000 spamcop.net
1001
1002 clear_dns_query_restriction
1003 The option removes any entries entered by previous
1004 'dns_query_restriction' options, leaving the list empty, i.e.
1005 allowing DNS queries for any domain (including any DNS BL zone).
1006
1007 LEARNING OPTIONS
1008 use_learner ( 0 | 1 ) (default: 1)
1009 Whether to use any machine-learning classifiers with SpamAssassin,
1010 such as the default 'BAYES_*' rules. Setting this to 0 will
1011 disable use of any and all human-trained classifiers.
1012
1013 use_bayes ( 0 | 1 ) (default: 1)
1014 Whether to use the naive-Bayesian-style classifier built into
1015 SpamAssassin. This is a master on/off switch for all Bayes-related
1016 operations.
1017
1018 use_bayes_rules ( 0 | 1 ) (default: 1)
1019 Whether to use rules using the naive-Bayesian-style classifier
1020 built into SpamAssassin. This allows you to disable the rules
1021 while leaving auto and manual learning enabled.
1022
1023 bayes_auto_learn ( 0 | 1 ) (default: 1)
1024 Whether SpamAssassin should automatically feed high-scoring mails
1025 (or low-scoring mails, for non-spam) into its learning systems.
1026 The only learning system supported currently is a naive-Bayesian-
1027 style classifier.
1028
1029 See the documentation for the
1030 "Mail::SpamAssassin::Plugin::AutoLearnThreshold" plugin module for
1031 details on how Bayes auto-learning is implemented by default.
1032
1033 bayes_token_sources (default: header visible invisible uri)
1034 Controls which sources in a mail message can contribute tokens
1035 (e.g. words, phrases, etc.) to a Bayes classifier. The argument is
1036 a space-separated list of keywords: header, visible, invisible,
1037 uri, mimepart), each of which may be prefixed by a no to indicate
1038 its exclusion. Additionally two reserved keywords are allowed: all
1039 and none (or: noall). The list of keywords is processed
1040 sequentially: a keyword all adds all available keywords to a set
1041 being built, a none or noall clears the set, other non-negated
1042 keywords are added to the set, and negated keywords are removed
1043 from the set. Keywords are case-insensitive.
1044
1045 The default set is: header visible invisible uri, which is
1046 equivalent for example to: All NoMIMEpart. The reason why mimepart
1047 is not currently in a default set is that it is a newer source
1048 (introduced with SpamAssassin version 3.4.1) and not much
1049 experience has yet been gathered regarding its usefulness.
1050
1051 See also option "bayes_ignore_header" for a fine-grained control on
1052 individual header fields under the umbrella of a more general
1053 keyword header here.
1054
1055 Keywords imply the following data sources:
1056
1057 header - tokens collected from a message header section
1058 visible - words from visible text (plain or HTML) in a message body
1059 invisible - hidden/invisible text in HTML parts of a message body
1060 uri - URIs collected from a message body
1061 mimepart - digests (hashes) of all MIME parts (textual or non-
1062 textual) of a message, computed after Base64 and quoted-printable
1063 decoding, suffixed by their Content-Type
1064 all - adds all the above keywords to the set being assembled
1065 none or noall - removes all keywords from the set
1066
1067 The "bayes_token_sources" directive may appear multiple times, its
1068 keywords are interpreted sequentially, adding or removing items
1069 from the final set as they appear in their order in
1070 "bayes_token_sources" directive(s).
1071
1072 bayes_ignore_header header_name
1073 If you receive mail filtered by upstream mail systems, like a spam-
1074 filtering ISP or mailing list, and that service adds new headers
1075 (as most of them do), these headers may provide inappropriate cues
1076 to the Bayesian classifier, allowing it to take a "short cut". To
1077 avoid this, list the headers using this setting. Example:
1078
1079 bayes_ignore_header X-Upstream-Spamfilter
1080 bayes_ignore_header X-Upstream-SomethingElse
1081
1082 bayes_ignore_from user@example.com
1083 Bayesian classification and autolearning will not be performed on
1084 mail from the listed addresses. Program "sa-learn" will also
1085 ignore the listed addresses if it is invoked using the
1086 "--use-ignores" option. One or more addresses can be listed, see
1087 "whitelist_from".
1088
1089 Spam messages from certain senders may contain many words that
1090 frequently occur in ham. For example, one might read messages from
1091 a preferred bookstore but also get unwanted spam messages from
1092 other bookstores. If the unwanted messages are learned as spam
1093 then any messages discussing books, including the preferred
1094 bookstore and antiquarian messages would be in danger of being
1095 marked as spam. The addresses of the annoying bookstores would be
1096 listed. (Assuming they were halfway legitimate and didn't send you
1097 mail through myriad affiliates.)
1098
1099 Those who have pieces of spam in legitimate messages or otherwise
1100 receive ham messages containing potentially spammy words might fear
1101 that some spam messages might be in danger of being marked as ham.
1102 The addresses of the spam mailing lists, correspondents, etc.
1103 would be listed.
1104
1105 bayes_ignore_to user@example.com
1106 Bayesian classification and autolearning will not be performed on
1107 mail to the listed addresses. See "bayes_ignore_from" for details.
1108
1109 bayes_min_ham_num (Default: 200)
1110 bayes_min_spam_num (Default: 200)
1111 To be accurate, the Bayes system does not activate until a certain
1112 number of ham (non-spam) and spam have been learned. The default
1113 is 200 of each ham and spam, but you can tune these up or down with
1114 these two settings.
1115
1116 bayes_learn_during_report (Default: 1)
1117 The Bayes system will, by default, learn any reported messages
1118 ("spamassassin -r") as spam. If you do not want this to happen,
1119 set this option to 0.
1120
1121 bayes_sql_override_username
1122 Used by BayesStore::SQL storage implementation.
1123
1124 If this options is set the BayesStore::SQL module will override the
1125 set username with the value given. This could be useful for
1126 implementing global or group bayes databases.
1127
1128 bayes_use_hapaxes (default: 1)
1129 Should the Bayesian classifier use hapaxes (words/tokens that occur
1130 only once) when classifying? This produces significantly better
1131 hit-rates.
1132
1133 bayes_journal_max_size (default: 102400)
1134 SpamAssassin will opportunistically sync the journal and the
1135 database. It will do so once a day, but will sync more often if
1136 the journal file size goes above this setting, in bytes. If set to
1137 0, opportunistic syncing will not occur.
1138
1139 bayes_expiry_max_db_size (default: 150000)
1140 What should be the maximum size of the Bayes tokens database? When
1141 expiry occurs, the Bayes system will keep either 75% of the maximum
1142 value, or 100,000 tokens, whichever has a larger value. 150,000
1143 tokens is roughly equivalent to a 8Mb database file.
1144
1145 bayes_auto_expire (default: 1)
1146 If enabled, the Bayes system will try to automatically expire old
1147 tokens from the database. Auto-expiry occurs when the number of
1148 tokens in the database surpasses the bayes_expiry_max_db_size
1149 value. If a bayes datastore backend does not implement individual
1150 key/value expirations, the setting is silently ignored.
1151
1152 bayes_token_ttl (default: 3w, i.e. 3 weeks)
1153 Time-to-live / expiration time in seconds for tokens kept in a
1154 Bayes database. A numeric value is optionally suffixed by a time
1155 unit (s, m, h, d, w, indicating seconds (default), minutes, hours,
1156 days, weeks).
1157
1158 If bayes_auto_expire is true and a Bayes datastore backend supports
1159 it (currently only Redis), this setting controls deletion of
1160 expired tokens from a bayes database. The value is observed on a
1161 best-effort basis, exact timing promises are not necessarily kept.
1162 If a bayes datastore backend does not implement individual
1163 key/value expirations, the setting is silently ignored.
1164
1165 bayes_seen_ttl (default: 8d, i.e. 8 days)
1166 Time-to-live / expiration time in seconds for 'seen' entries (i.e.
1167 mail message digests with their status) kept in a Bayes database.
1168 A numeric value is optionally suffixed by a time unit (s, m, h, d,
1169 w, indicating seconds (default), minutes, hours, days, weeks).
1170
1171 If bayes_auto_expire is true and a Bayes datastore backend supports
1172 it (currently only Redis), this setting controls deletion of
1173 expired 'seen' entries from a bayes database. The value is observed
1174 on a best-effort basis, exact timing promises are not necessarily
1175 kept. If a bayes datastore backend does not implement individual
1176 key/value expirations, the setting is silently ignored.
1177
1178 bayes_learn_to_journal (default: 0)
1179 If this option is set, whenever SpamAssassin does Bayes learning,
1180 it will put the information into the journal instead of directly
1181 into the database. This lowers contention for locking the database
1182 to execute an update, but will also cause more access to the
1183 journal and cause a delay before the updates are actually committed
1184 to the Bayes database.
1185
1186 MISCELLANEOUS OPTIONS
1187 time_limit n (default: 300)
1188 Specifies a limit on elapsed time in seconds that SpamAssassin is
1189 allowed to spend before providing a result. The value may be
1190 fractional and must not be negative, zero is interpreted as
1191 unlimited. The default is 300 seconds for consistency with the
1192 spamd default setting of --timeout-child .
1193
1194 This is a best-effort advisory setting, processing will not be
1195 abruptly aborted at an arbitrary point in processing when the time
1196 limit is exceeded, but only on reaching one of locations in the
1197 program flow equipped with a time test. Currently equipped with the
1198 test are the main checking loop, asynchronous DNS lookups, plugins
1199 which are calling external programs. Rule evaluation is guarded by
1200 starting a timer (alarm) on each set of compiled rules.
1201
1202 When a message is passed to Mail::SpamAssassin::parse, a deadline
1203 time is established as a sum of current time and the "time_limit"
1204 setting.
1205
1206 This deadline may also be specified by a caller through an option
1207 'master_deadline' in $suppl_attrib on a call to parse(), possibly
1208 providing a more accurate deadline taking into account past and
1209 expected future processing of a message in a mail filtering setup.
1210 If both the config option as well as a 'master_deadline' option in
1211 a call are provided, the shorter time limit of the two is used
1212 (since version 3.3.2). Note that spamd (and possibly third-party
1213 callers of SpamAssassin) will supply the 'master_deadline' option
1214 in a call based on its --timeout-child option (or equivalent),
1215 unlike the command line "spamassassin", which has no such command
1216 line option.
1217
1218 When a time limit is exceeded, most of the remaining tests will be
1219 skipped, as well as auto-learning. Whatever tests fired so far will
1220 determine the final score. The behaviour is similar to short-
1221 circuiting with attribute 'on', as implemented by a Shortcircuit
1222 plugin. A synthetic hit on a rule named TIME_LIMIT_EXCEEDED with a
1223 near-zero default score is generated, so that the report will
1224 reflect the event. A score for TIME_LIMIT_EXCEEDED may be provided
1225 explicitly in a configuration file, for example to achieve
1226 whitelisting or blacklisting effect for messages with long
1227 processing times.
1228
1229 The "time_limit" option is a useful protection against excessive
1230 processing time on certain degenerate or unusually long or complex
1231 mail messages, as well as against some DoS attacks. It is also
1232 needed in time-critical pre-queue filtering setups (e.g. milter,
1233 proxy, integration with MTA), where message processing must finish
1234 before a SMTP client times out. RFC 5321 prescribes in section
1235 4.5.3.2.6 the 'DATA Termination' time limit of 10 minutes, although
1236 it is not unusual to see some SMTP clients abort sooner on waiting
1237 for a response. A sensible "time_limit" for a pre-queue filtering
1238 setup is maybe 50 seconds, assuming that clients are willing to
1239 wait at least a minute.
1240
1241 lock_method type
1242 Select the file-locking method used to protect database files on-
1243 disk. By default, SpamAssassin uses an NFS-safe locking method on
1244 UNIX; however, if you are sure that the database files you'll be
1245 using for Bayes and AWL storage will never be accessed over NFS, a
1246 non-NFS-safe locking system can be selected.
1247
1248 This will be quite a bit faster, but may risk file corruption if
1249 the files are ever accessed by multiple clients at once, and one or
1250 more of them is accessing them through an NFS filesystem.
1251
1252 Note that different platforms require different locking systems.
1253
1254 The supported locking systems for "type" are as follows:
1255
1256 nfssafe - an NFS-safe locking system
1257 flock - simple UNIX "flock()" locking
1258 win32 - Win32 locking using "sysopen (..., O_CREAT|O_EXCL)".
1259
1260 nfssafe and flock are only available on UNIX, and win32 is only
1261 available on Windows. By default, SpamAssassin will choose either
1262 nfssafe or win32 depending on the platform in use.
1263
1264 fold_headers ( 0 | 1 ) (default: 1)
1265 By default, headers added by SpamAssassin will be whitespace
1266 folded. In other words, they will be broken up into multiple lines
1267 instead of one very long one and each continuation line will have a
1268 tabulator prepended to mark it as a continuation of the preceding
1269 one.
1270
1271 The automatic wrapping can be disabled here. Note that this can
1272 generate very long lines. RFC 2822 required that header lines do
1273 not exceed 998 characters (not counting the final CRLF).
1274
1275 report_safe_copy_headers header_name ...
1276 If using "report_safe", a few of the headers from the original
1277 message are copied into the wrapper header (From, To, Cc, Subject,
1278 Date, etc.) If you want to have other headers copied as well, you
1279 can add them using this option. You can specify multiple headers
1280 on the same line, separated by spaces, or you can just use multiple
1281 lines.
1282
1283 envelope_sender_header Name-Of-Header
1284 SpamAssassin will attempt to discover the address used in the 'MAIL
1285 FROM:' phase of the SMTP transaction that delivered this message,
1286 if this data has been made available by the SMTP server. This is
1287 used in the "EnvelopeFrom" pseudo-header, and for various rules
1288 such as SPF checking.
1289
1290 By default, various MTAs will use different headers, such as the
1291 following:
1292
1293 X-Envelope-From
1294 Envelope-Sender
1295 X-Sender
1296 Return-Path
1297
1298 SpamAssassin will attempt to use these, if some heuristics (such as
1299 the header placement in the message, or the absence of fetchmail
1300 signatures) appear to indicate that they are safe to use. However,
1301 it may choose the wrong headers in some mailserver configurations.
1302 (More discussion of this can be found in bug 2142 and bug 4747 in
1303 the SpamAssassin BugZilla.)
1304
1305 To avoid this heuristic failure, the "envelope_sender_header"
1306 setting may be helpful. Name the header that your MTA or MDA adds
1307 to messages containing the address used at the MAIL FROM step of
1308 the SMTP transaction.
1309
1310 If the header in question contains "<" or ">" characters at the
1311 start and end of the email address in the right-hand side, as in
1312 the SMTP transaction, these will be stripped.
1313
1314 If the header is not found in a message, or if it's value does not
1315 contain an "@" sign, SpamAssassin will issue a warning in the logs
1316 and fall back to its default heuristics.
1317
1318 (Note for MTA developers: we would prefer if the use of a single
1319 header be avoided in future, since that precludes 'downstream' spam
1320 scanning.
1321 "http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived"
1322 details a better proposal, storing the envelope sender at each hop
1323 in the "Received" header.)
1324
1325 example:
1326
1327 envelope_sender_header X-SA-Exim-Mail-From
1328
1329 describe SYMBOLIC_TEST_NAME description ...
1330 Used to describe a test. This text is shown to users in the
1331 detailed report.
1332
1333 Note that test names which begin with '__' are reserved for meta-
1334 match sub-rules, and are not scored or listed in the 'tests hit'
1335 reports.
1336
1337 Also note that by convention, rule descriptions should be limited
1338 in length to no more than 50 characters.
1339
1340 report_charset CHARSET (default: unset)
1341 Set the MIME Content-Type charset used for the text/plain report
1342 which is attached to spam mail messages.
1343
1344 report ...some text for a report...
1345 Set the report template which is attached to spam mail messages.
1346 See the "10_default_prefs.cf" configuration file in
1347 "/usr/share/spamassassin" for an example.
1348
1349 If you change this, try to keep it under 78 columns. Each "report"
1350 line appends to the existing template, so use
1351 "clear_report_template" to restart.
1352
1353 Tags can be included as explained above.
1354
1355 clear_report_template
1356 Clear the report template.
1357
1358 report_contact ...text of contact address...
1359 Set what _CONTACTADDRESS_ is replaced with in the above report
1360 text. By default, this is 'the administrator of that system',
1361 since the hostname of the system the scanner is running on is also
1362 included.
1363
1364 report_hostname ...hostname to use...
1365 Set what _HOSTNAME_ is replaced with in the above report text. By
1366 default, this is determined dynamically as whatever the host
1367 running SpamAssassin calls itself.
1368
1369 unsafe_report ...some text for a report...
1370 Set the report template which is attached to spam mail messages
1371 which contain a non-text/plain part. See the "10_default_prefs.cf"
1372 configuration file in "/usr/share/spamassassin" for an example.
1373
1374 Each "unsafe-report" line appends to the existing template, so use
1375 "clear_unsafe_report_template" to restart.
1376
1377 Tags can be used in this template (see above for details).
1378
1379 clear_unsafe_report_template
1380 Clear the unsafe_report template.
1381
1382 mbox_format_from_regex
1383 Set a specific regular expression to be used for mbox file From
1384 separators.
1385
1386 For example, this setting will allow sa-learn to process emails
1387 stored in a kmail 2 mbox:
1388
1389 mbox_format_from_regex /^From \S+ ?[[:upper:]][[:lower:]]{2}(?:,
1390 \d\d [[:upper:]][[:lower:]]{2} \d{4} [0-2]\d:\d\d:\d\d [+-]\d{4}|
1391 [[:upper:]][[:lower:]]{2} [ 1-3]\d [ 0-2]\d:\d\d:\d\d \d{4})/
1392
1393 parse_dkim_uris ( 0 | 1 ) (default: 1)
1394 If this option is set to 1 and the message contains DKIM headers,
1395 the headers will be parsed for URIs to process alongside URIs found
1396 in the body with some rules and modules (ex. URIDNSBL)
1397
1399 These settings differ from the ones above, in that they are considered
1400 'privileged'. Only users running "spamassassin" from their
1401 procmailrc's or forward files, or sysadmins editing a file in
1402 "/etc/mail/spamassassin", can use them. "spamd" users cannot use them
1403 in their "user_prefs" files, for security and efficiency reasons,
1404 unless "allow_user_rules" is enabled (and then, they may only add rules
1405 from below).
1406
1407 allow_user_rules ( 0 | 1 ) (default: 0)
1408 This setting allows users to create rules (and only rules) in their
1409 "user_prefs" files for use with "spamd". It defaults to off,
1410 because this could be a severe security hole. It may be possible
1411 for users to gain root level access if "spamd" is run as root. It
1412 is NOT a good idea, unless you have some other way of ensuring that
1413 users' tests are safe. Don't use this unless you are certain you
1414 know what you are doing. Furthermore, this option causes
1415 spamassassin to recompile all the tests each time it processes a
1416 message for a user with a rule in his/her "user_prefs" file, which
1417 could have a significant effect on server load. It is not
1418 recommended.
1419
1420 Note that it is not currently possible to use "allow_user_rules" to
1421 modify an existing system rule from a "user_prefs" file with
1422 "spamd".
1423
1424 redirector_pattern /pattern/modifiers
1425 A regex pattern that matches both the redirector site portion, and
1426 the target site portion of a URI.
1427
1428 Note: The target URI portion must be surrounded in parentheses and
1429 no other part of the pattern may create a backreference.
1430
1431 Example:
1432 http://chkpt.zdnet.com/chkpt/whatever/spammer.domain/yo/dude
1433
1434 redirector_pattern /^https?:\/\/(?:opt\.)?chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
1435
1436 header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset:
1437 STRING]
1438 Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such
1439 as 'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header
1440 field, such as 'Subject', 'To', 'From', etc. Header field names
1441 are matched case-insensitively (conforming to RFC 5322 section
1442 1.2.2), except for all-capitals metaheader fields such as ALL,
1443 MESSAGEID, ALL-TRUSTED.
1444
1445 Appending a modifier ":raw" to a header field name will inhibit
1446 decoding of quoted-printable or base-64 encoded strings, and will
1447 preserve all whitespace inside the header string. The ":raw" may
1448 also be applied to pseudo-headers e.g. "ALL:raw" will return a
1449 pristine (unmodified) header section.
1450
1451 Appending a modifier ":addr" to a header field name will cause
1452 everything except the first email address to be removed from the
1453 header field. It is mainly applicable to header fields 'From',
1454 'Sender', 'To', 'Cc' along with their 'Resent-*' counterparts, and
1455 the 'Return-Path'.
1456
1457 Appending a modifier ":name" to a header field name will cause
1458 everything except the first display name to be removed from the
1459 header field. It is mainly applicable to header fields containing a
1460 single mail address: 'From', 'Sender', along with their
1461 'Resent-From' and 'Resent-Sender' counterparts.
1462
1463 It is syntactically permitted to append more than one modifier to a
1464 header field name, although currently most combinations achieve no
1465 additional effect, for example "From:addr:raw" or "From:raw:addr"
1466 is currently the same as "From:addr" .
1467
1468 For example, appending ":addr" to a header name will result in
1469 example@foo in all of the following cases:
1470
1471 example@foo
1472 example@foo (Foo Blah)
1473 example@foo, example@bar
1474 display: example@foo (Foo Blah), example@bar ;
1475 Foo Blah <example@foo>
1476 "Foo Blah" <example@foo>
1477 "'Foo Blah'" <example@foo>
1478
1479 For example, appending ":name" to a header name will result in "Foo
1480 Blah" (without quotes) in all of the following cases:
1481
1482 example@foo (Foo Blah)
1483 example@foo (Foo Blah), example@bar
1484 display: example@foo (Foo Blah), example@bar ;
1485 Foo Blah <example@foo>
1486 "Foo Blah" <example@foo>
1487 "'Foo Blah'" <example@foo>
1488
1489 There are several special pseudo-headers that can be specified:
1490
1491 "ALL" can be used to mean the text of all the message's headers.
1492 Note that all whitespace inside the headers, at line folds, is
1493 currently compressed into a single space (' ') character. To obtain
1494 a pristine (unmodified) header section, use "ALL:raw" - the :raw
1495 modifier is documented above.
1496 "ToCc" can be used to mean the contents of both the 'To' and 'Cc'
1497 headers.
1498 "EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of the
1499 SMTP transaction that delivered this message, if this data has been
1500 made available by the SMTP server. See "envelope_sender_header"
1501 for more information on how to set this.
1502 "MESSAGEID" is a symbol meaning all Message-Id's found in the
1503 message; some mailing list software moves the real 'Message-Id' to
1504 'Resent-Message-Id' or to 'X-Message-Id', then uses its own one in
1505 the 'Message-Id' header. The value returned for this symbol is the
1506 text from all 3 headers, separated by newlines.
1507 "X-Spam-Relays-Untrusted", "X-Spam-Relays-Trusted",
1508 "X-Spam-Relays-Internal" and "X-Spam-Relays-External" represent a
1509 portable, pre-parsed representation of the message's network path,
1510 as recorded in the Received headers, divided into 'trusted' vs
1511 'untrusted' and 'internal' vs 'external' sets. See
1512 "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1513 details.
1514
1515 "op" is either "=~" (contains regular expression) or "!~" (does not
1516 contain regular expression), and "pattern" is a valid Perl regular
1517 expression, with "modifiers" as regexp modifiers in the usual
1518 style. Note that multi-line rules are not supported, even if you
1519 use "x" as a modifier. Also note that the "#" character must be
1520 escaped ("\#") or else it will be considered to be the start of a
1521 comment and not part of the regexp.
1522
1523 If the "[if-unset: STRING]" tag is present, then "STRING" will be
1524 used if the header is not found in the mail message.
1525
1526 Test names must not start with a number, and must contain only
1527 alphanumerics and underscores. It is suggested that lower-case
1528 characters not be used, and names have a length of no more than 22
1529 characters, as an informal convention. Dashes are not allowed.
1530
1531 Note that test names which begin with '__' are reserved for meta-
1532 match sub-rules, and are not scored or listed in the 'tests hit'
1533 reports. Test names which begin with 'T_' are reserved for tests
1534 which are undergoing QA, and these are given a very low score.
1535
1536 If you add or modify a test, please be sure to run a sanity check
1537 afterwards by running "spamassassin --lint". This will avoid
1538 confusing error messages, or other tests being skipped as a side-
1539 effect.
1540
1541 header SYMBOLIC_TEST_NAME exists:header_field_name
1542 Define a header field existence test. "header_field_name" is the
1543 name of a header field to test for existence. Not to be confused
1544 with a test for a nonempty header field body, which can be
1545 implemented by a "header SYMBOLIC_TEST_NAME header =~ /\S/" rule as
1546 described above.
1547
1548 header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
1549 Define a header eval test. "name_of_eval_method" is the name of a
1550 method registered by a "Mail::SpamAssassin::Plugin" object.
1551 "arguments" are optional arguments to the function call.
1552
1553 header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
1554 Check a DNSBL (a DNS blacklist or whitelist). This will retrieve
1555 Received: headers from the message, extract the IP addresses,
1556 select which ones are 'untrusted' based on the "trusted_networks"
1557 logic, and query that DNSBL zone. There's a few things to note:
1558
1559 duplicated or private IPs
1560 Duplicated IPs are only queried once and reserved IPs are not
1561 queried. Private IPs are those listed in
1562 <http://www.iana.org/assignments/ipv4-address-space>,
1563 <http://duxcw.com/faq/network/privip.htm>,
1564 <http://duxcw.com/faq/network/autoip.htm>, or
1565 <http://tools.ietf.org/html/rfc5735> as private.
1566
1567 the 'set' argument
1568 This is used as a 'zone ID'. If you want to look up a
1569 multiple-meaning zone like SORBS, you can then query the
1570 results from that zone using it; but all check_rbl_sub() calls
1571 must use that zone ID.
1572
1573 Also, if more than one IP address gets a DNSBL hit for a
1574 particular rule, it does not affect the score because rules
1575 only trigger once per message.
1576
1577 the 'zone' argument
1578 This is the root zone of the DNSBL.
1579
1580 The domain name is considered to be a fully qualified domain
1581 name (i.e. not subject to DNS resolver's search or default
1582 domain options). No trailing period is needed, and will be
1583 removed if specified.
1584
1585 the 'sub-test' argument
1586 This optional argument behaves the same as the sub-test
1587 argument in "check_rbl_sub()" below.
1588
1589 selecting all IPs except for the originating one
1590 This is accomplished by placing '-notfirsthop' at the end of
1591 the set name. This is useful for querying against DNS lists
1592 which list dialup IP addresses; the first hop may be a dialup,
1593 but as long as there is at least one more hop, via their
1594 outgoing SMTP server, that's legitimate, and so should not gain
1595 points. If there is only one hop, that will be queried anyway,
1596 as it should be relaying via its outgoing SMTP server instead
1597 of sending directly to your MX (mail exchange).
1598
1599 selecting IPs by whether they are trusted
1600 When checking a 'nice' DNSBL (a DNS whitelist), you cannot
1601 trust the IP addresses in Received headers that were not added
1602 by trusted relays. To test the first IP address that can be
1603 trusted, place '-firsttrusted' at the end of the set name.
1604 That should test the IP address of the relay that connected to
1605 the most remote trusted relay.
1606
1607 Note that this requires that SpamAssassin know which relays are
1608 trusted. For simple cases, SpamAssassin can make a good
1609 estimate. For complex cases, you may get better results by
1610 setting "trusted_networks" manually.
1611
1612 In addition, you can test all untrusted IP addresses by placing
1613 '-untrusted' at the end of the set name. Important note --
1614 this does NOT include the IP address from the most recent
1615 'untrusted line', as used in '-firsttrusted' above. That's
1616 because we're talking about the trustworthiness of the IP
1617 address data, not the source header line, here; and in the case
1618 of the most recent header (the 'firsttrusted'), that data can
1619 be trusted. See the Wiki page at
1620 "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1621 information on this.
1622
1623 Selecting just the last external IP
1624 By using '-lastexternal' at the end of the set name, you can
1625 select only the external host that connected to your internal
1626 network, or at least the last external host with a public IP.
1627
1628 header SYMBOLIC_TEST_NAME eval:check_rbl_txt('set', 'zone')
1629 Same as check_rbl(), except querying using IN TXT instead of IN A
1630 records. If the zone supports it, it will result in a line of text
1631 describing why the IP is listed, typically a hyperlink to a
1632 database entry.
1633
1634 header SYMBOLIC_TEST_NAME eval:check_rbl_sub('set', 'sub-test')
1635 Create a sub-test for 'set'. If you want to look up a multi-
1636 meaning zone like relays.osirusoft.com, you can then query the
1637 results from that zone using the zone ID from the original query.
1638 The sub-test may either be an IPv4 dotted address for RBLs that
1639 return multiple A records or a non-negative decimal number to
1640 specify a bitmask for RBLs that return a single A record containing
1641 a bitmask of results, a SenderBase test beginning with "sb:", or
1642 (if none of the preceding options seem to fit) a regular
1643 expression.
1644
1645 Note: the set name must be exactly the same for as the main query
1646 rule, including selections like '-notfirsthop' appearing at the end
1647 of the set name.
1648
1649 body SYMBOLIC_TEST_NAME /pattern/modifiers
1650 Define a body pattern test. "pattern" is a Perl regular
1651 expression. Note: as per the header tests, "#" must be escaped
1652 ("\#") or else it is considered the beginning of a comment.
1653
1654 The 'body' in this case is the textual parts of the message body;
1655 any non-text MIME parts are stripped, and the message decoded from
1656 Quoted-Printable or Base-64-encoded format if necessary. Parts
1657 declared as text/html will be rendered from HTML to text.
1658
1659 All body paragraphs (double-newline-separated blocks text) are
1660 turned into a line breaks removed, whitespace normalized single
1661 line. Any lines longer than 2kB are split into shorter separate
1662 lines (from a boundary when possible), this may unexpectedly
1663 prevent pattern from matching. Patterns are matched independently
1664 against each of these lines.
1665
1666 Note that the message Subject header is considered part of the body
1667 and becomes the first line when running the rules.
1668
1669 body SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1670 Define a body eval test. See above.
1671
1672 uri SYMBOLIC_TEST_NAME /pattern/modifiers
1673 Define a uri pattern test. "pattern" is a Perl regular expression.
1674 Note: as per the header tests, "#" must be escaped ("\#") or else
1675 it is considered the beginning of a comment.
1676
1677 The 'uri' in this case is a list of all the URIs in the body of the
1678 email, and the test will be run on each and every one of those
1679 URIs, adjusting the score if a match is found. Use this test
1680 instead of one of the body tests when you need to match a URI, as
1681 it is more accurately bound to the start/end points of the URI, and
1682 will also be faster.
1683
1684 rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
1685 Define a raw-body pattern test. "pattern" is a Perl regular
1686 expression. Note: as per the header tests, "#" must be escaped
1687 ("\#") or else it is considered the beginning of a comment.
1688
1689 The 'raw body' of a message is the raw data inside all textual
1690 parts. The text will be decoded from base64 or quoted-printable
1691 encoding, but HTML tags and line breaks will still be present.
1692 Multiline expressions will need to be used to match strings that
1693 are broken by line breaks.
1694
1695 Note that the text is split into 2-4kB chunks (from a word boundary
1696 when possible), this may unexpectedly prevent pattern from
1697 matching. Patterns are matched independently against each of these
1698 chunks.
1699
1700 rawbody SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1701 Define a raw-body eval test. See above.
1702
1703 full SYMBOLIC_TEST_NAME /pattern/modifiers
1704 Define a full message pattern test. "pattern" is a Perl regular
1705 expression. Note: as per the header tests, "#" must be escaped
1706 ("\#") or else it is considered the beginning of a comment.
1707
1708 The full message is the pristine message headers plus the pristine
1709 message body, including all MIME data such as images, other
1710 attachments, MIME boundaries, etc.
1711
1712 full SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1713 Define a full message eval test. See above.
1714
1715 meta SYMBOLIC_TEST_NAME boolean expression
1716 Define a boolean expression test in terms of other tests that have
1717 been hit or not hit. For example:
1718
1719 meta META1 TEST1 && !(TEST2 || TEST3)
1720
1721 Note that English language operators ("and", "or") will be treated
1722 as rule names, and that there is no "XOR" operator.
1723
1724 meta SYMBOLIC_TEST_NAME boolean arithmetic expression
1725 Can also define an arithmetic expression in terms of other tests,
1726 with an unhit test having the value "0" and a hit test having a
1727 nonzero value. The value of a hit meta test is that of its
1728 arithmetic expression. The value of a hit eval test is that
1729 returned by its method. The value of a hit header, body, rawbody,
1730 uri, or full test which has the "multiple" tflag is the number of
1731 times the test hit. The value of any other type of hit test is
1732 "1".
1733
1734 For example:
1735
1736 meta META2 (3 * TEST1 - 2 * TEST2) > 0
1737
1738 Note that Perl builtins and functions, like "abs()", can't be used,
1739 and will be treated as rule names.
1740
1741 If you want to define a meta-rule, but do not want its individual
1742 sub-rules to count towards the final score unless the entire meta-
1743 rule matches, give the sub-rules names that start with '__' (two
1744 underscores). SpamAssassin will ignore these for scoring.
1745
1746 reuse SYMBOLIC_TEST_NAME [ OLD_SYMBOLIC_TEST_NAME_1 ... ]
1747 Defines the name of a test that should be "reused" during the
1748 scoring process. If a message has an X-Spam-Status header that
1749 shows a hit for this rule or any of the old rule names given, a hit
1750 will be added for this rule when mass-check --reuse is used.
1751 Examples:
1752
1753 "reuse SPF_PASS"
1754
1755 "reuse MY_NET_RULE_V2 MY_NET_RULE_V1"
1756
1757 The actual logic for reuse tests is done by
1758 Mail::SpamAssassin::Plugin::Reuse.
1759
1760 tflags SYMBOLIC_TEST_NAME flags
1761 Used to set flags on a test. Parameter is a space-separated list of
1762 flag names or flag name = value pairs. These flags are used in the
1763 score-determination back end system for details of the test's
1764 behaviour. Please see "bayes_auto_learn" for more information
1765 about tflag interaction with those systems. The following flags can
1766 be set:
1767
1768 net The test is a network test, and will not be run in the mass
1769 checking system or if -L is used, therefore its score should
1770 not be modified.
1771
1772 nice
1773 The test is intended to compensate for common false positives,
1774 and should be assigned a negative score.
1775
1776 userconf
1777 The test requires user configuration before it can be used
1778 (like language-specific tests).
1779
1780 learn
1781 The test requires training before it can be used.
1782
1783 noautolearn
1784 The test will explicitly be ignored when calculating the score
1785 for learning systems.
1786
1787 autolearn_force
1788 The test will be subject to less stringent autolearn
1789 thresholds.
1790
1791 Normally, SpamAssassin will require 3 points from the header
1792 and 3 points from the body to be auto-learned as spam. This
1793 option keeps the threshold at 6 points total but changes it to
1794 have no regard to the source of the points.
1795
1796 noawl
1797 This flag is specific when using AWL plugin.
1798
1799 Normally, AWL plugin normalizes scores via auto-whitelist. In
1800 some scenarios it works against the system administrator when
1801 trying to add some rules to correct miss-classified email. When
1802 AWL plugin searches the email and finds the noawl flag it will
1803 exit without normalizing the score nor storing the value in db.
1804
1805 multiple
1806 The test will be evaluated multiple times, for use with meta
1807 rules. Only affects header, body, rawbody, uri, and full
1808 tests.
1809
1810 maxhits=N
1811 If multiple is specified, limit the number of hits found to N.
1812 If the rule is used in a meta that counts the hits (e.g.
1813 __RULENAME > 5), this is a way to avoid wasted extra work (use
1814 "tflags multiple maxhits=6").
1815
1816 For example:
1817
1818 uri __KAM_COUNT_URIS /^./
1819 tflags __KAM_COUNT_URIS multiple maxhits=16
1820 describe __KAM_COUNT_URIS A multiple match used to count URIs in a message
1821
1822 meta __KAM_HAS_0_URIS (__KAM_COUNT_URIS == 0)
1823 meta __KAM_HAS_1_URIS (__KAM_COUNT_URIS >= 1)
1824 meta __KAM_HAS_2_URIS (__KAM_COUNT_URIS >= 2)
1825 meta __KAM_HAS_3_URIS (__KAM_COUNT_URIS >= 3)
1826 meta __KAM_HAS_4_URIS (__KAM_COUNT_URIS >= 4)
1827 meta __KAM_HAS_5_URIS (__KAM_COUNT_URIS >= 5)
1828 meta __KAM_HAS_10_URIS (__KAM_COUNT_URIS >= 10)
1829 meta __KAM_HAS_15_URIS (__KAM_COUNT_URIS >= 15)
1830
1831 ips_only
1832 This flag is specific to rules invoking an URIDNSBL plugin, it
1833 is documented there.
1834
1835 domains_only
1836 This flag is specific to rules invoking an URIDNSBL plugin, it
1837 is documented there.
1838
1839 ns This flag is specific to rules invoking an URIDNSBL plugin, it
1840 is documented there.
1841
1842 a This flag is specific to rules invoking an URIDNSBL plugin, it
1843 is documented there.
1844
1845 priority SYMBOLIC_TEST_NAME n
1846 Assign a specific priority to a test. All tests, except for DNS
1847 and Meta tests, are run in increasing priority value order
1848 (negative priority values are run before positive priority values).
1849 The default test priority is 0 (zero).
1850
1851 The values <-99999999999999> and <-99999999999998> have a special
1852 meaning internally, and should not be used.
1853
1855 These settings differ from the ones above, in that they are considered
1856 'more privileged' -- even more than the ones in the PRIVILEGED SETTINGS
1857 section. No matter what "allow_user_rules" is set to, these can never
1858 be set from a user's "user_prefs" file when spamc/spamd is being used.
1859 However, all settings can be used by local programs run directly by the
1860 user.
1861
1862 version_tag string
1863 This tag is appended to the SA version in the X-Spam-Status header.
1864 You should include it when you modify your ruleset, especially if
1865 you plan to distribute it. A good choice for string is your last
1866 name or your initials followed by a number which you increase with
1867 each change.
1868
1869 The version_tag will be lowercased, and any non-alphanumeric or
1870 period character will be replaced by an underscore.
1871
1872 e.g.
1873
1874 version_tag myrules1 # version=2.41-myrules1
1875
1876 test SYMBOLIC_TEST_NAME (ok|fail) Some string to test against
1877 Define a regression testing string. You can have more than one
1878 regression test string per symbolic test name. Simply specify a
1879 string that you wish the test to match.
1880
1881 These tests are only run as part of the test suite - they should
1882 not affect the general running of SpamAssassin.
1883
1884 rbl_timeout t [t_min] [zone] (default: 15 3)
1885 All DNS queries are made at the beginning of a check and we try to
1886 read the results at the end. This value specifies the maximum
1887 period of time (in seconds) to wait for a DNS query. If most of
1888 the DNS queries have succeeded for a particular message, then
1889 SpamAssassin will not wait for the full period to avoid wasting
1890 time on unresponsive server(s), but will shrink the timeout
1891 according to a percentage of queries already completed. As the
1892 number of queries remaining approaches 0, the timeout value will
1893 gradually approach a t_min value, which is an optional second
1894 parameter and defaults to 0.2 * t. If t is smaller than t_min, the
1895 initial timeout is set to t_min. Here is a chart of queries
1896 remaining versus the timeout in seconds, for the default 15 second
1897 / 3 second timeout setting:
1898
1899 queries left 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
1900 timeout 15 14.9 14.5 13.9 13.1 12.0 10.7 9.1 7.3 5.3 3
1901
1902 For example, if 20 queries are made at the beginning of a message
1903 check and 16 queries have returned (leaving 20%), the remaining 4
1904 queries should finish within 7.3 seconds since their query started
1905 or they will be timed out. Note that timed out queries are only
1906 aborted when there is nothing else left for SpamAssassin to do -
1907 long evaluation of other rules may grant queries additional time.
1908
1909 If a parameter 'zone' is specified (it must end with a letter,
1910 which distinguishes it from other numeric parametrs), then the
1911 setting only applies to DNS queries against the specified DNS
1912 domain (host, domain or RBL (sub)zone). Matching is case-
1913 insensitive, the actual domain may be a subdomain of the specified
1914 zone.
1915
1916 util_rb_tld tld1 tld2 ...
1917 This option maintains list of valid TLDs in the RegistryBoundaries
1918 code. TLDs include things like com, net, org, etc.
1919
1920 util_rb_2tld 2tld-1.tld 2tld-2.tld ...
1921 This option maintains list of valid 2nd-level TLDs in the
1922 RegistryBoundaries code. 2TLDs include things like co.uk, fed.us,
1923 etc.
1924
1925 util_rb_3tld 3tld1.some.tld 3tld2.other.tld ...
1926 This option maintains list of valid 3rd-level TLDs in the
1927 RegistryBoundaries code. 3TLDs include things like demon.co.uk,
1928 plc.co.im, etc.
1929
1930 clear_util_rb
1931 Empty internal list of valid TLDs (including 2nd and 3rd level)
1932 which RegistryBoundaries code uses. Only useful if you want to
1933 override the standard lists supplied by sa-update.
1934
1935 bayes_path /path/filename (default: ~/.spamassassin/bayes)
1936 This is the directory and filename for Bayes databases. Several
1937 databases will be created, with this as the base directory and
1938 filename, with "_toks", "_seen", etc. appended to the base. The
1939 default setting results in files called
1940 "~/.spamassassin/bayes_seen", "~/.spamassassin/bayes_toks", etc.
1941
1942 By default, each user has their own in their "~/.spamassassin"
1943 directory with mode 0700/0600. For system-wide SpamAssassin use,
1944 you may want to reduce disk space usage by sharing this across all
1945 users. However, Bayes appears to be more effective with individual
1946 user databases.
1947
1948 bayes_file_mode (default: 0700)
1949 The file mode bits used for the Bayesian filtering database files.
1950
1951 Make sure you specify this using the 'x' mode bits set, as it may
1952 also be used to create directories. However, if a file is created,
1953 the resulting file will not have any execute bits set (the umask is
1954 set to 111). The argument is a string of octal digits, it is
1955 converted to a numeric value internally.
1956
1957 bayes_store_module Name::Of::BayesStore::Module
1958 If this option is set, the module given will be used as an
1959 alternate to the default bayes storage mechanism. It must conform
1960 to the published storage specification (see
1961 Mail::SpamAssassin::BayesStore). For example, set this to
1962 Mail::SpamAssassin::BayesStore::SQL to use the generic SQL storage
1963 module.
1964
1965 bayes_sql_dsn DBI::databasetype:databasename:hostname:port
1966 Used for BayesStore::SQL storage implementation.
1967
1968 This option give the connect string used to connect to the SQL
1969 based Bayes storage.
1970
1971 bayes_sql_username
1972 Used by BayesStore::SQL storage implementation.
1973
1974 This option gives the username used by the above DSN.
1975
1976 bayes_sql_password
1977 Used by BayesStore::SQL storage implementation.
1978
1979 This option gives the password used by the above DSN.
1980
1981 bayes_sql_username_authorized ( 0 | 1 ) (default: 0)
1982 Whether to call the services_authorized_for_username plugin hook in
1983 BayesSQL. If the hook does not determine that the user is allowed
1984 to use bayes or is invalid then then database will not be
1985 initialized.
1986
1987 NOTE: By default the user is considered invalid until a plugin
1988 returns a true value. If you enable this, but do not have a proper
1989 plugin loaded, all users will turn up as invalid.
1990
1991 The username passed into the plugin can be affected by the
1992 bayes_sql_override_username config option.
1993
1994 user_scores_dsn DBI:databasetype:databasename:hostname:port
1995 If you load user scores from an SQL database, this will set the DSN
1996 used to connect. Example: "DBI:mysql:spamassassin:localhost"
1997
1998 If you load user scores from an LDAP directory, this will set the
1999 DSN used to connect. You have to write the DSN as an LDAP URL, the
2000 components being the host and port to connect to, the base DN for
2001 the search, the scope of the search (base, one or sub), the single
2002 attribute being the multivalued attribute used to hold the
2003 configuration data (space separated pairs of key and value, just as
2004 in a file) and finally the filter being the expression used to
2005 filter out the wanted username. Note that the filter expression is
2006 being used in a sprintf statement with the username as the only
2007 parameter, thus is can hold a single __USERNAME__ expression. This
2008 will be replaced with the username.
2009
2010 Example:
2011 "ldap://localhost:389/dc=koehntopp,dc=de?saconfig?uid=__USERNAME__"
2012
2013 user_scores_sql_username username
2014 The authorized username to connect to the above DSN.
2015
2016 user_scores_sql_password password
2017 The password for the database username, for the above DSN.
2018
2019 user_scores_sql_custom_query query
2020 This option gives you the ability to create a custom SQL query to
2021 retrieve user scores and preferences. In order to work correctly
2022 your query should return two values, the preference name and value,
2023 in that order. In addition, there are several "variables" that you
2024 can use as part of your query, these variables will be substituted
2025 for the current values right before the query is run. The current
2026 allowed variables are:
2027
2028 _TABLE_
2029 The name of the table where user scores and preferences are
2030 stored. Currently hardcoded to userpref, to change this value
2031 you need to create a new custom query with the new table name.
2032
2033 _USERNAME_
2034 The current user's username.
2035
2036 _MAILBOX_
2037 The portion before the @ as derived from the current user's
2038 username.
2039
2040 _DOMAIN_
2041 The portion after the @ as derived from the current user's
2042 username, this value may be null.
2043
2044 The query must be one continuous line in order to parse correctly.
2045
2046 Here are several example queries, please note that these are broken
2047 up for easy reading, in your config it should be one continuous
2048 line.
2049
2050 Current default query:
2051 "SELECT preference, value FROM _TABLE_ WHERE username =
2052 _USERNAME_ OR username = '@GLOBAL' ORDER BY username ASC"
2053
2054 Use global and then domain level defaults:
2055 "SELECT preference, value FROM _TABLE_ WHERE username =
2056 _USERNAME_ OR username = '@GLOBAL' OR username = '@~'||_DOMAIN_
2057 ORDER BY username ASC"
2058
2059 Maybe global prefs should override user prefs:
2060 "SELECT preference, value FROM _TABLE_ WHERE username =
2061 _USERNAME_ OR username = '@GLOBAL' ORDER BY username DESC"
2062
2063 user_scores_ldap_username
2064 This is the Bind DN used to connect to the LDAP server. It
2065 defaults to the empty string (""), allowing anonymous binding to
2066 work.
2067
2068 Example: "cn=master,dc=koehntopp,dc=de"
2069
2070 user_scores_ldap_password
2071 This is the password used to connect to the LDAP server. It
2072 defaults to the empty string ("").
2073
2074 user_scores_fallback_to_global (default: 1)
2075 Fall back to global scores and settings if userprefs can't be
2076 loaded from SQL or LDAP, instead of passing the message through
2077 unprocessed.
2078
2079 loadplugin PluginModuleName [/path/module.pm]
2080 Load a SpamAssassin plugin module. The "PluginModuleName" is the
2081 perl module name, used to create the plugin object itself.
2082
2083 "/path/to/module.pm" is the file to load, containing the module's
2084 perl code; if it's specified as a relative path, it's considered to
2085 be relative to the current configuration file. If it is omitted,
2086 the module will be loaded using perl's search path (the @INC
2087 array).
2088
2089 See "Mail::SpamAssassin::Plugin" for more details on writing
2090 plugins.
2091
2092 tryplugin PluginModuleName [/path/module.pm]
2093 Same as "loadplugin", but silently ignored if the .pm file cannot
2094 be found in the filesystem.
2095
2096 ignore_always_matching_regexps (Default: 0)
2097 Ignore any rule which contains a regexp which always matches.
2098 Currently only catches regexps which contain '||', or which begin
2099 or end with a '|'. Also ignore rules with "some" combinatorial
2100 explosions.
2101
2103 include filename
2104 Include configuration lines from "filename". Relative paths are
2105 considered relative to the current configuration file or user
2106 preferences file.
2107
2108 if (boolean perl expression)
2109 Used to support conditional interpretation of the configuration
2110 file. Lines between this and a corresponding "else" or "endif" line
2111 will be ignored unless the expression evaluates as true (in the
2112 perl sense; that is, defined and non-0 and non-empty string).
2113
2114 The conditional accepts a limited subset of perl for security --
2115 just enough to perform basic arithmetic comparisons. The following
2116 input is accepted:
2117
2118 numbers, whitespace, arithmetic operations and grouping
2119 Namely these characters and ranges:
2120
2121 ( ) - + * / _ . , < = > ! ~ 0-9 whitespace
2122
2123 version
2124 This will be replaced with the version number of the currently-
2125 running SpamAssassin engine. Note: The version used is in the
2126 internal SpamAssassin version format which is "x.yyyzzz", where
2127 x is major version, y is minor version, and z is maintenance
2128 version. So 3.0.0 is 3.000000, and 3.4.80 is 3.004080.
2129
2130 perl_version
2131 (Introduced in 3.4.1) This will be replaced with the version
2132 number of the currently-running perl engine. Note: The version
2133 used is in the $] version format which is "x.yyyzzz", where x
2134 is major version, y is minor version, and z is maintenance
2135 version. So 5.8.8 is 5.008008, and 5.10.0 is 5.010000. Use to
2136 protect rules that incorporate RE syntax elements introduced in
2137 later versions of perl, such as the "++" non-backtracking match
2138 introduced in perl 5.10. For example:
2139
2140 # Avoid lint error on older perl installs
2141 # Check SA version first to avoid warnings on checking perl_version on older SA
2142 if version > 3.004001 && perl_version >= 5.018000
2143 body INVALID_RE_SYNTAX_IN_PERL_BEFORE_5_18 /(?[ \p{Thai} & \p{Digit} ])/
2144 endif
2145
2146 Note that the above will still generate a warning on perl older
2147 than 5.10.0; to avoid that warning do this instead:
2148
2149 # Avoid lint error on older perl installs
2150 if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
2151 body INVALID_RE_SYNTAX_IN_PERL_5_8 /\w++/
2152 endif
2153
2154 Warning: a can() test is only defined for perl 5.10.0!
2155
2156 plugin(Name::Of::Plugin)
2157 This is a function call that returns 1 if the plugin named
2158 "Name::Of::Plugin" is loaded, or "undef" otherwise.
2159
2160 has(Name::Of::Package::function_name)
2161 This is a function call that returns 1 if the perl package
2162 named "Name::Of::Package" includes a function called
2163 "function_name", or "undef" otherwise. Note that packages can
2164 be SpamAssassin plugins or built-in classes, there's no
2165 difference in this respect. Internally this invokes
2166 UNIVERSAL::can.
2167
2168 can(Name::Of::Package::function_name)
2169 This is a function call that returns 1 if the perl package
2170 named "Name::Of::Package" includes a function called
2171 "function_name" and that function returns a true value when
2172 called with no arguments, otherwise "undef" is returned.
2173
2174 Is similar to "has", except that it also calls the named
2175 function, testing its return value (unlike the perl function
2176 UNIVERSAL::can). This makes it possible for a 'feature'
2177 function to determine its result value at run time.
2178
2179 If the end of a configuration file is reached while still inside a
2180 "if" scope, a warning will be issued, but parsing will restart on
2181 the next file.
2182
2183 For example:
2184
2185 if (version > 3.000000)
2186 header MY_FOO ...
2187 endif
2188
2189 loadplugin MyPlugin plugintest.pm
2190
2191 if plugin (MyPlugin)
2192 header MY_PLUGIN_FOO eval:check_for_foo()
2193 score MY_PLUGIN_FOO 0.1
2194 endif
2195
2196 ifplugin PluginModuleName
2197 An alias for "if plugin(PluginModuleName)".
2198
2199 else
2200 Used to support conditional interpretation of the configuration
2201 file. Lines between this and a corresponding "endif" line, will be
2202 ignored unless the conditional expression evaluates as false (in
2203 the perl sense; that is, not defined and not 0 and non-empty
2204 string).
2205
2206 require_version n.nnnnnn
2207 Indicates that the entire file, from this line on, requires a
2208 certain version of SpamAssassin to run. If a different (older or
2209 newer) version of SpamAssassin tries to read the configuration from
2210 this file, it will output a warning instead, and ignore it.
2211
2212 Note: The version used is in the internal SpamAssassin version
2213 format which is "x.yyyzzz", where x is major version, y is minor
2214 version, and z is maintenance version. So 3.0.0 is 3.000000, and
2215 3.4.80 is 3.004080.
2216
2218 The following "tags" can be used as placeholders in certain options.
2219 They will be replaced by the corresponding value when they are used.
2220
2221 Some tags can take an argument (in parentheses). The argument is
2222 optional, and the default is shown below.
2223
2224 _YESNO_ "Yes" for spam, "No" for nonspam (=ham)
2225 _YESNO(spam_str,ham_str)_ returns the first argument ("Yes" if missing)
2226 for spam, and the second argument ("No" if missing) for ham
2227 _YESNOCAPS_ "YES" for spam, "NO" for nonspam (=ham)
2228 _YESNOCAPS(spam_str,ham_str)_ same as _YESNO(...)_, but uppercased
2229 _SCORE(PAD)_ message score, if PAD is included and is either spaces or
2230 zeroes, then pad scores with that many spaces or zeroes
2231 (default, none) ie: _SCORE(0)_ makes 2.4 become 02.4,
2232 _SCORE(00)_ is 002.4. 12.3 would be 12.3 and 012.3
2233 respectively.
2234 _REQD_ message threshold
2235 _VERSION_ version (eg. 3.0.0 or 3.1.0-r26142-foo1)
2236 _SUBVERSION_ sub-version/code revision date (eg. 2004-01-10)
2237 _RULESVERSION_ comma-separated list of rules versions, retrieved from
2238 an '# UPDATE version' comment in rules files; if there is
2239 more than one set of rules (update channels) the order
2240 is unspecified (currently sorted by names of files);
2241 _HOSTNAME_ hostname of the machine the mail was processed on
2242 _REMOTEHOSTNAME_ hostname of the machine the mail was sent from, only
2243 available with spamd
2244 _REMOTEHOSTADDR_ ip address of the machine the mail was sent from, only
2245 available with spamd
2246 _BAYES_ bayes score
2247 _TOKENSUMMARY_ number of new, neutral, spammy, and hammy tokens found
2248 _BAYESTC_ number of new tokens found
2249 _BAYESTCLEARNED_ number of seen tokens found
2250 _BAYESTCSPAMMY_ number of spammy tokens found
2251 _BAYESTCHAMMY_ number of hammy tokens found
2252 _HAMMYTOKENS(N)_ the N most significant hammy tokens (default, 5)
2253 _SPAMMYTOKENS(N)_ the N most significant spammy tokens (default, 5)
2254 _DATE_ rfc-2822 date of scan
2255 _STARS(*)_ one "*" (use any character) for each full score point
2256 (note: limited to 50 'stars')
2257 _SENDERDOMAIN_ a domain name of the envelope sender address, lowercased
2258 _AUTHORDOMAIN_ a domain name of the author address (the From header
2259 field), lowercased; note that RFC 5322 allows a mail
2260 message to have multiple authors - currently only the
2261 domain name of the first email address is returned
2262 _RELAYSTRUSTED_ relays used and deemed to be trusted (see the
2263 'X-Spam-Relays-Trusted' pseudo-header)
2264 _RELAYSUNTRUSTED_ relays used that can not be trusted (see the
2265 'X-Spam-Relays-Untrusted' pseudo-header)
2266 _RELAYSINTERNAL_ relays used and deemed to be internal (see the
2267 'X-Spam-Relays-Internal' pseudo-header)
2268 _RELAYSEXTERNAL_ relays used and deemed to be external (see the
2269 'X-Spam-Relays-External' pseudo-header)
2270 _LASTEXTERNALIP_ IP address of client in the external-to-internal
2271 SMTP handover
2272 _LASTEXTERNALRDNS_ reverse-DNS of client in the external-to-internal
2273 SMTP handover
2274 _LASTEXTERNALHELO_ HELO string used by client in the external-to-internal
2275 SMTP handover
2276 _AUTOLEARN_ autolearn status ("ham", "no", "spam", "disabled",
2277 "failed", "unavailable")
2278 _AUTOLEARNSCORE_ portion of message score used by autolearn
2279 _TESTS(,)_ tests hit separated by "," (or other separator)
2280 _TESTSSCORES(,)_ as above, except with scores appended (eg. AWL=-3.0,...)
2281 _SUBTESTS(,)_ subtests (start with "__") hit separated by ","
2282 (or other separator)
2283 _DCCB_ DCC's "Brand"
2284 _DCCR_ DCC's results
2285 _PYZOR_ Pyzor results
2286 _RBL_ full results for positive RBL queries in DNS URI format
2287 _LANGUAGES_ possible languages of mail
2288 _PREVIEW_ content preview
2289 _REPORT_ terse report of tests hit (for header reports)
2290 _SUMMARY_ summary of tests hit for standard report (for body reports)
2291 _CONTACTADDRESS_ contents of the 'report_contact' setting
2292 _HEADER(NAME)_ includes the value of a message header. value is the same
2293 as is found for header rules (see elsewhere in this doc)
2294 _TIMING_ timing breakdown report
2295 _ADDEDHEADERHAM_ resulting header fields as requested by add_header for spam
2296 _ADDEDHEADERSPAM_ resulting header fields as requested by add_header for ham
2297 _ADDEDHEADER_ same as ADDEDHEADERHAM for ham or ADDEDHEADERSPAM for spam
2298
2299 If a tag reference uses the name of a tag which is not in this list or
2300 defined by a loaded plugin, the reference will be left intact and not
2301 replaced by any value.
2302
2303 Additional, plugin specific, template tags can be found in the
2304 documentation for the following plugins:
2305
2306 L<Mail::SpamAssassin::Plugin::ASN>
2307 L<Mail::SpamAssassin::Plugin::AWL>
2308 L<Mail::SpamAssassin::Plugin::TxRep>
2309
2310 The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
2311 argument which specifies a format. See the HAMMYTOKENS/SPAMMYTOKENS
2312 TAG FORMAT section, below, for details.
2313
2314 HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
2315 The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
2316 argument which specifies a format: "_SPAMMYTOKENS(N,FMT)_",
2317 "_HAMMYTOKENS(N,FMT)_" The following formats are available:
2318
2319 short
2320 Only the tokens themselves are listed. For example, preference
2321 file entry:
2322
2323 "add_header all Spammy _SPAMMYTOKENS(2,short)_"
2324
2325 Results in message header:
2326
2327 "X-Spam-Spammy: remove.php, UD:jpg"
2328
2329 Indicating that the top two spammy tokens found are "remove.php"
2330 and "UD:jpg". (The token itself follows the last colon, the text
2331 before the colon indicates something about the token. "UD" means
2332 the token looks like it might be part of a domain name.)
2333
2334 compact
2335 The token probability, an abbreviated declassification distance
2336 (see example), and the token are listed. For example, preference
2337 file entry:
2338
2339 "add_header all Spammy _SPAMMYTOKENS(2,compact)_"
2340
2341 Results in message header:
2342
2343 "0.989-6--remove.php, 0.988-+--UD:jpg"
2344
2345 Indicating that the probabilities of the top two tokens are 0.989
2346 and 0.988, respectively. The first token has a declassification
2347 distance of 6, meaning that if the token had appeared in at least 6
2348 more ham messages it would not be considered spammy. The "+" for
2349 the second token indicates a declassification distance greater than
2350 9.
2351
2352 long
2353 Probability, declassification distance, number of times seen in a
2354 ham message, number of times seen in a spam message, age and the
2355 token are listed.
2356
2357 For example, preference file entry:
2358
2359 "add_header all Spammy _SPAMMYTOKENS(2,long)_"
2360
2361 Results in message header:
2362
2363 "X-Spam-Spammy: 0.989-6--0h-4s--4d--remove.php,
2364 0.988-33--2h-25s--1d--UD:jpg"
2365
2366 In addition to the information provided by the compact option, the
2367 long option shows that the first token appeared in zero ham
2368 messages and four spam messages, and that it was last seen four
2369 days ago. The second token appeared in two ham messages, 25 spam
2370 messages and was last seen one day ago. (Unlike the "compact"
2371 option, the long option shows declassification distances that are
2372 greater than 9.)
2373
2375 A line starting with the text "lang xx" will only be interpreted if the
2376 user is in that locale, allowing test descriptions and templates to be
2377 set for that language.
2378
2379 The locales string should specify either both the language and country,
2380 e.g. "lang pt_BR", or just the language, e.g. "lang de".
2381
2383 "Mail::SpamAssassin" "spamassassin" "spamd"
2384
2385
2386
2387perl v5.30.0 2019-10-01 Mail::SpamAssassin::Conf(3)