1Mail::SpamAssassin::ConUfs(e3r)Contributed Perl DocumentMaatiilo:n:SpamAssassin::Conf(3)
2
3
4

NAME

6       Mail::SpamAssassin::Conf - SpamAssassin configuration file
7

SYNOPSIS

9         # a comment
10
11         rewrite_header Subject          *****SPAM*****
12
13         full PARA_A_2_C_OF_1618         /Paragraph .a.{0,10}2.{0,10}C. of S. 1618/i
14         describe PARA_A_2_C_OF_1618     Claims compliance with senate bill 1618
15
16         header FROM_HAS_MIXED_NUMS      From =~ /\d+[a-z]+\d+\S*@/i
17         describe FROM_HAS_MIXED_NUMS    From: contains numbers mixed in with letters
18
19         score A_HREF_TO_REMOVE          2.0
20
21         lang es describe FROM_FORGED_HOTMAIL Forzado From: simula ser de hotmail.com
22
23         lang pt_BR report O programa detetor de Spam ZOE [...]
24

DESCRIPTION

26       SpamAssassin is configured using traditional UNIX-style configuration
27       files, loaded from the "/usr/share/spamassassin" and
28       "/etc/mail/spamassassin" directories.
29
30       The following web page lists the most important configuration settings
31       used to configure SpamAssassin; novices are encouraged to read it
32       first:
33
34         http://wiki.apache.org/spamassassin/ImportantInitialConfigItems
35

FILE FORMAT

37       The "#" character starts a comment, which continues until end of line.
38       NOTE: if the "#" character is to be used as part of a rule or
39       configuration option, it must be escaped with a backslash.  i.e.: "\#"
40
41       Whitespace in the files is not significant, but please note that
42       starting a line with whitespace is deprecated, as we reserve its use
43       for multi-line rule definitions, at some point in the future.
44
45       Currently, each rule or configuration setting must fit on one-line;
46       multi-line settings are not supported yet.
47
48       File and directory paths can use "~" to refer to the user's home
49       directory, but no other shell-style path extensions such as globing or
50       "~user/" are supported.
51
52       Where appropriate below, default values are listed in parentheses.
53
54       Test names ("SYMBOLIC_TEST_NAME") can only contain
55       alphanumerics/underscores, can not start with digit, and must be less
56       than 128 characters.
57

USER PREFERENCES

59       The following options can be used in both site-wide ("local.cf") and
60       user-specific ("user_prefs") configuration files to customize how
61       SpamAssassin handles incoming email messages.
62
63   SCORING OPTIONS
64       required_score n.nn (default: 5)
65           Set the score required before a mail is considered spam.  "n.nn"
66           can be an integer or a real number.  5.0 is the default setting,
67           and is quite aggressive; it would be suitable for a single-user
68           setup, but if you're an ISP installing SpamAssassin, you should
69           probably set the default to be more conservative, like 8.0 or 10.0.
70           It is not recommended to automatically delete or discard messages
71           marked as spam, as your users will complain, but if you choose to
72           do so, only delete messages with an exceptionally high score such
73           as 15.0 or higher. This option was previously known as
74           "required_hits" and that name is still accepted, but is deprecated.
75
76       score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]
77           Assign scores (the number of points for a hit) to a given test.
78           Scores can be positive or negative real numbers or integers.
79           "SYMBOLIC_TEST_NAME" is the symbolic name used by SpamAssassin for
80           that test; for example, 'FROM_ENDS_IN_NUMS'.
81
82           If only one valid score is listed, then that score is always used
83           for a test.
84
85           If four valid scores are listed, then the score that is used
86           depends on how SpamAssassin is being used. The first score is used
87           when both Bayes and network tests are disabled (score set 0). The
88           second score is used when Bayes is disabled, but network tests are
89           enabled (score set 1). The third score is used when Bayes is
90           enabled and network tests are disabled (score set 2). The fourth
91           score is used when Bayes is enabled and network tests are enabled
92           (score set 3).
93
94           Setting a rule's score to 0 will disable that rule from running.
95
96           If any of the score values are surrounded by parenthesis '()', then
97           all of the scores in the line are considered to be relative to the
98           already set score.  ie: '(3)' means increase the score for this
99           rule by 3 points in all score sets.  '(3) (0) (3) (0)' means
100           increase the score for this rule by 3 in score sets 0 and 2 only.
101
102           If no score is given for a test by the end of the configuration, a
103           default score is assigned: a score of 1.0 is used for all tests,
104           except those whose names begin with 'T_' (this is used to indicate
105           a rule in testing) which receive 0.01.
106
107           Note that test names which begin with '__' are indirect rules used
108           to compose meta-match rules and can also act as prerequisites to
109           other rules.  They are not scored or listed in the 'tests hit'
110           reports, but assigning a score of 0 to an indirect rule will
111           disable it from running.
112
113   WHITELIST AND BLACKLIST OPTIONS
114       whitelist_from user@example.com
115           Used to whitelist sender addresses which send mail that is often
116           tagged (incorrectly) as spam.
117
118           Use of this setting is not recommended, since it blindly trusts the
119           message, which is routinely and easily forged by spammers and phish
120           senders. The recommended solution is to instead use
121           "whitelist_auth" or other authenticated whitelisting methods, or
122           "whitelist_from_rcvd".
123
124           Whitelist and blacklist addresses are now file-glob-style patterns,
125           so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
126           work.  Specifically, "*" and "?" are allowed, but all other
127           metacharacters are not. Regular expressions are not used for
128           security reasons.  Matching is case-insensitive.
129
130           Multiple addresses per line, separated by spaces, is OK.  Multiple
131           "whitelist_from" lines are also OK.
132
133           The headers checked for whitelist addresses are as follows: if
134           "Resent-From" is set, use that; otherwise check all addresses taken
135           from the following set of headers:
136
137                   Envelope-Sender
138                   Resent-Sender
139                   X-Envelope-From
140                   From
141
142           In addition, the "envelope sender" data, taken from the SMTP
143           envelope data where this is available, is looked up.  See
144           "envelope_sender_header".
145
146           e.g.
147
148             whitelist_from joe@example.com fred@example.com
149             whitelist_from *@example.com
150
151       unwhitelist_from user@example.com
152           Used to remove a default whitelist_from entry, so for example a
153           distribution whitelist_from can be overridden in a local.cf file,
154           or an individual user can override a whitelist_from entry in their
155           own "user_prefs" file.  The specified email address has to match
156           exactly (although case-insensitively) the address previously used
157           in a whitelist_from line, which implies that a wildcard only
158           matches literally the same wildcard (not 'any' address).
159
160           e.g.
161
162             unwhitelist_from joe@example.com fred@example.com
163             unwhitelist_from *@example.com
164
165       whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
166           Works similarly to whitelist_from, except that in addition to
167           matching a sender address, a relay's rDNS name or its IP address
168           must match too for the whitelisting rule to fire. The first
169           parameter is a sender's e-mail address to whitelist, and the second
170           is a string to match the relay's rDNS, or its IP address. Matching
171           is case-insensitive.
172
173           This second parameter is matched against a TCP-info information
174           field as provided in a FROM clause of a trace information (i.e. in
175           a Received header field, see RFC 5321). Only the Received header
176           fields inserted by trusted hosts are considered. This parameter can
177           either be a full hostname, or a domain component of that hostname,
178           or an IP address (optionally followed by a slash and a prefix
179           length) in square brackets. The address prefix (mask) length with a
180           slash may stand within brackets along with an address, or may
181           follow the bracketed address. Reverse DNS lookup is done by an MTA,
182           not by SpamAssassin.
183
184           For backward compatibility as an alternative to a CIDR notation, an
185           IPv4 address in brackets may be truncated on classful boundaries to
186           cover whole subnets, e.g. "[10.1.2.3]", "[10.1.2]", "[10.1]",
187           "[10]".
188
189           In other words, if the host that connected to your MX had an IP
190           address 192.0.2.123 that mapped to 'sendinghost.example.org', you
191           should specify "sendinghost.example.org", or "example.org", or
192           "[192.0.2.123]", or "[192.0.2.0/24]", or "[192.0.2]" here.
193
194           Note that this requires that "internal_networks" be correct.  For
195           simple cases, it will be, but for a complex network you may get
196           better results by setting that parameter.
197
198           It also requires that your mail exchangers be configured to perform
199           DNS reverse lookups on the connecting host's IP address, and to
200           record the result in the generated Received header field according
201           to RFC 5321.
202
203           e.g.
204
205             whitelist_from_rcvd joe@example.com  example.com
206             whitelist_from_rcvd *@*              mail.example.org
207             whitelist_from_rcvd *@axkit.org      [192.0.2.123]
208             whitelist_from_rcvd *@axkit.org      [192.0.2.0/24]
209             whitelist_from_rcvd *@axkit.org      [192.0.2.0]/24
210             whitelist_from_rcvd *@axkit.org      [2001:db8:1234::/48]
211             whitelist_from_rcvd *@axkit.org      [2001:db8:1234::]/48
212
213       def_whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
214           Same as "whitelist_from_rcvd", but used for the default whitelist
215           entries in the SpamAssassin distribution.  The whitelist score is
216           lower, because these are often targets for spammer spoofing.
217
218       whitelist_allows_relays user@example.com
219           Specify addresses which are in "whitelist_from_rcvd" that sometimes
220           send through a mail relay other than the listed ones. By default
221           mail with a From address that is in "whitelist_from_rcvd" that does
222           not match the relay will trigger a forgery rule. Including the
223           address in "whitelist_allows_relay" prevents that.
224
225           Whitelist and blacklist addresses are now file-glob-style patterns,
226           so "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
227           work.  Specifically, "*" and "?" are allowed, but all other
228           metacharacters are not. Regular expressions are not used for
229           security reasons.  Matching is case-insensitive.
230
231           Multiple addresses per line, separated by spaces, is OK.  Multiple
232           "whitelist_allows_relays" lines are also OK.
233
234           The specified email address does not have to match exactly the
235           address previously used in a whitelist_from_rcvd line as it is
236           compared to the address in the header.
237
238           e.g.
239
240             whitelist_allows_relays joe@example.com fred@example.com
241             whitelist_allows_relays *@example.com
242
243       unwhitelist_from_rcvd user@example.com
244           Used to remove a default whitelist_from_rcvd or
245           def_whitelist_from_rcvd entry, so for example a distribution
246           whitelist_from_rcvd can be overridden in a local.cf file, or an
247           individual user can override a whitelist_from_rcvd entry in their
248           own "user_prefs" file.
249
250           The specified email address has to match exactly the address
251           previously used in a whitelist_from_rcvd line.
252
253           e.g.
254
255             unwhitelist_from_rcvd joe@example.com fred@example.com
256             unwhitelist_from_rcvd *@axkit.org
257
258       blacklist_from user@example.com
259           Used to specify addresses which send mail that is often tagged
260           (incorrectly) as non-spam, but which the user doesn't want.  Same
261           format as "whitelist_from".
262
263       unblacklist_from user@example.com
264           Used to remove a default blacklist_from entry, so for example a
265           distribution blacklist_from can be overridden in a local.cf file,
266           or an individual user can override a blacklist_from entry in their
267           own "user_prefs" file. The specified email address has to match
268           exactly the address previously used in a blacklist_from line.
269
270           e.g.
271
272             unblacklist_from joe@example.com fred@example.com
273             unblacklist_from *@spammer.com
274
275       whitelist_to user@example.com
276           If the given address appears as a recipient in the message headers
277           (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
278           be whitelisted.  Useful if you're deploying SpamAssassin system-
279           wide, and don't want some users to have their mail filtered.  Same
280           format as "whitelist_from".
281
282           There are three levels of To-whitelisting, "whitelist_to",
283           "more_spam_to" and "all_spam_to".  Users in the first level may
284           still get some spammish mails blocked, but users in "all_spam_to"
285           should never get mail blocked.
286
287           The headers checked for whitelist addresses are as follows: if
288           "Resent-To" or "Resent-Cc" are set, use those; otherwise check all
289           addresses taken from the following set of headers:
290
291                   To
292                   Cc
293                   Apparently-To
294                   Delivered-To
295                   Envelope-Recipients
296                   Apparently-Resent-To
297                   X-Envelope-To
298                   Envelope-To
299                   X-Delivered-To
300                   X-Original-To
301                   X-Rcpt-To
302                   X-Real-To
303
304       more_spam_to user@example.com
305           See above.
306
307       all_spam_to user@example.com
308           See above.
309
310       blacklist_to user@example.com
311           If the given address appears as a recipient in the message headers
312           (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
313           be blacklisted.  Same format as "blacklist_from".
314
315       whitelist_auth user@example.com
316           Used to specify addresses which send mail that is often tagged
317           (incorrectly) as spam.  This is different from "whitelist_from" and
318           "whitelist_from_rcvd" in that it first verifies that the message
319           was sent by an authorized sender for the address, before
320           whitelisting.
321
322           Authorization is performed using one of the installed sender-
323           authorization schemes: SPF (using
324           "Mail::SpamAssassin::Plugin::SPF"), or DKIM (using
325           "Mail::SpamAssassin::Plugin::DKIM").  Note that those plugins must
326           be active, and working, for this to operate.
327
328           Using "whitelist_auth" is roughly equivalent to specifying
329           duplicate "whitelist_from_spf", "whitelist_from_dk", and
330           "whitelist_from_dkim" lines for each of the addresses specified.
331
332           e.g.
333
334             whitelist_auth joe@example.com fred@example.com
335             whitelist_auth *@example.com
336
337       def_whitelist_auth user@example.com
338           Same as "whitelist_auth", but used for the default whitelist
339           entries in the SpamAssassin distribution.  The whitelist score is
340           lower, because these are often targets for spammer spoofing.
341
342       unwhitelist_auth user@example.com
343           Used to remove a "whitelist_auth" or "def_whitelist_auth" entry.
344           The specified email address has to match exactly the address
345           previously used.
346
347           e.g.
348
349             unwhitelist_auth joe@example.com fred@example.com
350             unwhitelist_auth *@example.com
351
352       enlist_uri_host (listname) host ...
353           Adds one or more host names or domain names to a named list of URI
354           domains.  The named list can then be consulted through a
355           check_uri_host_listed() eval rule implemented by the WLBLEval
356           plugin, which takes the list name as an argument. Parenthesis
357           around a list name are literal - a required syntax.
358
359           Host names may optionally be prefixed by an exclamation mark '!',
360           which produces false as a result if this entry matches. This makes
361           it easier to exclude some subdomains when their superdomain is
362           listed, for example:
363
364             enlist_uri_host (MYLIST) !sub1.example.com !sub2.example.com example.com
365
366           No wildcards are supported, but subdomains do match implicitly.
367           Lists are independent. Search for each named list starts by looking
368           up the full hostname first, then leading fields are progressively
369           stripped off (e.g.: sub.example.com, example.com, com) until a
370           match is found or we run out of fields. The first matching entry
371           (the most specific) determines if a lookup yielded a true (no '!'
372           prefix) or a false (with a '!' prefix) result.
373
374           If an URL found in a message contains an IP address in place of a
375           host name, the given list must specify the exact same IP address
376           (instead of a host name) in order to match.
377
378           Use the delist_uri_host directive to neutralize previous
379           enlist_uri_host settings.
380
381           Enlisting to lists named 'BLACK' and 'WHITE' have their shorthand
382           directives blacklist_uri_host and whitelist_uri_host and
383           corresponding default rules, but the names 'BLACK' and 'WHITE' are
384           otherwise not special or reserved.
385
386       delist_uri_host [ (listname) ] host ...
387           Removes one or more specified host names from a named list of URI
388           domains.  Removing an unlisted name is ignored (is not an error).
389           Listname is optional, if specified then just the named list is
390           affected, otherwise hosts are removed from all URI host lists
391           created so far. Parenthesis around a list name are a required
392           syntax.
393
394           Note that directives in configuration files are processed in
395           sequence, the delist_uri_host only applies to previously listed
396           entries and has no effect on enlisted entries in yet-to-be-
397           processed directives.
398
399           For convenience (similarity to the enlist_uri_host directive)
400           hostnames may be prefixed by a an exclamation mark, which is
401           stripped off from each name and has no meaning here.
402
403       enlist_addrlist (listname) user@example.com
404           Adds one or more addresses to a named list of addresses.  The named
405           list can then be consulted through a check_from_in_list() or a
406           check_to_in_list() eval rule implemented by the WLBLEval plugin,
407           which takes the list name as an argument. Parenthesis around a list
408           name are literal - a required syntax.
409
410           Listed addresses are file-glob-style patterns, so
411           "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all
412           work.  Specifically, "*" and "?" are allowed, but all other
413           metacharacters are not. Regular expressions are not used for
414           security reasons.  Matching is case-insensitive.
415
416           Multiple addresses per line, separated by spaces, is OK.  Multiple
417           "enlist_addrlist" lines are also OK.
418
419           Enlisting an address to the list named blacklist_to is synonymous
420           to using the directive blacklist_to
421
422           Enlisting an address to the list named blacklist_from is synonymous
423           to using the directive blacklist_from
424
425           Enlisting an address to the list named whitelist_to is synonymous
426           to using the directive whitelist_to
427
428           Enlisting an address to the list named whitelist_from is synonymous
429           to using the directive whitelist_from
430
431           e.g.
432
433             enlist_addrlist (PAYPAL_ADDRESS) service@paypal.com
434             enlist_addrlist (PAYPAL_ADDRESS) *@paypal.co.uk
435
436       blacklist_uri_host host-or-domain ...
437           Is a shorthand for a directive:  enlist_uri_host (BLACK) host ...
438
439           Please see directives enlist_uri_host and delist_uri_host for
440           details.
441
442       whitelist_uri_host host-or-domain ...
443           Is a shorthand for a directive:  enlist_uri_host (BLACK) host ...
444
445           Please see directives enlist_uri_host and delist_uri_host for
446           details.
447
448   BASIC MESSAGE TAGGING OPTIONS
449       rewrite_header { subject | from | to } STRING
450           By default, suspected spam messages will not have the "Subject",
451           "From" or "To" lines tagged to indicate spam. By setting this
452           option, the header will be tagged with "STRING" to indicate that a
453           message is spam. For the From or To headers, this will take the
454           form of an RFC 2822 comment following the address in parentheses.
455           For the Subject header, this will be prepended to the original
456           subject. Note that you should only use the _REQD_ and _SCORE_ tags
457           when rewriting the Subject header if "report_safe" is 0. Otherwise,
458           you may not be able to remove the SpamAssassin markup via the
459           normal methods.  More information about tags is explained below in
460           the TEMPLATE TAGS section.
461
462           Parentheses are not permitted in STRING if rewriting the From or To
463           headers.  (They will be converted to square brackets.)
464
465           If "rewrite_header subject" is used, but the message being
466           rewritten does not already contain a "Subject" header, one will be
467           created.
468
469           A null value for "STRING" will remove any existing rewrite for the
470           specified header.
471
472       subjprefix
473           Add a prefix in emails Subject if a rule is matched.  To enable
474           this option "rewrite_header Subject" config option must be enabled
475           as well.
476
477           The check "if can(Mail::SpamAssassin::Conf::feature_subjprefix)"
478           should be used to silence warnings in previous SpamAssassin
479           versions.
480
481           To be able to use this feature a "add_header all Subjprefix
482           _SUBJPREFIX_" configuration line could be needed when the glue
483           between the MTA and SpamAssassin rewrites the email content.
484
485           Here is an example on how to use this feature:
486
487                   rewrite_header Subject *****SPAM*****
488                   add_header all Subjprefix _SUBJPREFIX_
489                   body     OLEMACRO_MALICE eval:check_olemacro_malice()
490                   describe OLEMACRO_MALICE Dangerous Office Macro
491                   score    OLEMACRO_MALICE 5.0
492                   if can(Mail::SpamAssassin::Conf::feature_subjprefix)
493                     subjprefix OLEMACRO_MALICE [VIRUS]
494                   endif
495
496       add_header { spam | ham | all } header_name string
497           Customized headers can be added to the specified type of messages
498           (spam, ham, or "all" to add to either).  All headers begin with
499           "X-Spam-" (so a "header_name" Foo will generate a header called
500           X-Spam-Foo).  header_name is restricted to the character set
501           [A-Za-z0-9_-].
502
503           The order of "add_header" configuration options is preserved,
504           inserted headers will follow this order of declarations. When
505           combining "add_header" with "clear_headers" and "remove_header",
506           keep in mind that "add_header" appends a new header to the current
507           list, after first removing any existing header fields of the same
508           name. Note also that "add_header", "clear_headers" and
509           "remove_header" may appear in multiple .cf files, which are
510           interpreted in alphabetic order.
511
512           "string" can contain tags as explained below in the TEMPLATE TAGS
513           section.  You can also use "\n" and "\t" in the header to add
514           newlines and tabulators as desired.  A backslash has to be written
515           as \\, any other escaped chars will be silently removed.
516
517           All headers will be folded if fold_headers is set to 1. Note:
518           Manually adding newlines via "\n" disables any further automatic
519           wrapping (ie: long header lines are possible). The lines will still
520           be properly folded (marked as continuing) though.
521
522           You can customize existing headers with add_header (only the
523           specified subset of messages will be changed).
524
525           See also "clear_headers" and "remove_header" for removing headers.
526
527           Here are some examples (these are the defaults, note that Checker-
528           Version can not be changed or removed):
529
530             add_header spam Flag _YESNOCAPS_
531             add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
532             add_header all Level _STARS(*)_
533             add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
534
535       remove_header { spam | ham | all } header_name
536           Headers can be removed from the specified type of messages (spam,
537           ham, or "all" to remove from either).  All headers begin with
538           "X-Spam-" (so "header_name" will be appended to "X-Spam-").
539
540           See also "clear_headers" for removing all the headers at once.
541
542           Note that X-Spam-Checker-Version is not removable because the
543           version information is needed by mail administrators and developers
544           to debug problems.  Without at least one header, it might not even
545           be possible to determine that SpamAssassin is running.
546
547       clear_headers
548           Clear the list of headers to be added to messages.  You may use
549           this before any add_header options to prevent the default headers
550           from being added to the message.
551
552           "add_header", "clear_headers" and "remove_header" may appear in
553           multiple .cf files, which are interpreted in alphabetic order, so
554           "clear_headers" in a later file will remove all added headers from
555           previously interpreted configuration files, which may or may not be
556           desired.
557
558           Note that X-Spam-Checker-Version is not removable because the
559           version information is needed by mail administrators and developers
560           to debug problems.  Without at least one header, it might not even
561           be possible to determine that SpamAssassin is running.
562
563       report_safe ( 0 | 1 | 2 )     (default: 1)
564           if this option is set to 1, if an incoming message is tagged as
565           spam, instead of modifying the original message, SpamAssassin will
566           create a new report message and attach the original message as a
567           message/rfc822 MIME part (ensuring the original message is
568           completely preserved, not easily opened, and easier to recover).
569
570           If this option is set to 2, then original messages will be attached
571           with a content type of text/plain instead of message/rfc822.  This
572           setting may be required for safety reasons on certain broken mail
573           clients that automatically load attachments without any action by
574           the user.  This setting may also make it somewhat more difficult to
575           extract or view the original message.
576
577           If this option is set to 0, incoming spam is only modified by
578           adding some "X-Spam-" headers and no changes will be made to the
579           body.  In addition, a header named X-Spam-Report will be added to
580           spam.  You can use the remove_header option to remove that header
581           after setting report_safe to 0.
582
583           See report_safe_copy_headers if you want to copy headers from the
584           original mail into tagged messages.
585
586       report_wrap_width (default: 70)
587           This option sets the wrap width for description lines in the
588           X-Spam-Report header, not accounting for tab width.
589
590   LANGUAGE OPTIONS
591       ok_locales xx [ yy zz ... ]        (default: all)
592           This option is used to specify which locales are considered OK for
593           incoming mail.  Mail using the character sets that are allowed by
594           this option will not be marked as possibly being spam in a foreign
595           language.
596
597           If you receive lots of spam in foreign languages, and never get any
598           non-spam in these languages, this may help.  Note that all
599           ISO-8859-* character sets, and Windows code page character sets,
600           are always permitted by default.
601
602           Set this to "all" to allow all character sets.  This is the
603           default.
604
605           The rules "CHARSET_FARAWAY", "CHARSET_FARAWAY_BODY", and
606           "CHARSET_FARAWAY_HEADERS" are triggered based on how this is set.
607
608           Examples:
609
610             ok_locales all         (allow all locales)
611             ok_locales en          (only allow English)
612             ok_locales en ja zh    (allow English, Japanese, and Chinese)
613
614           Note: if there are multiple ok_locales lines, only the last one is
615           used.
616
617           Select the locales to allow from the list below:
618
619           en   - Western character sets in general
620           ja   - Japanese character sets
621           ko   - Korean character sets
622           ru   - Cyrillic character sets
623           th   - Thai character sets
624           zh   - Chinese (both simplified and traditional) character sets
625       normalize_charset ( 0 | 1)        (default: 0)
626           Whether to decode non- UTF-8 and non-ASCII textual parts and recode
627           them to UTF-8 before the text is given over to rules processing.
628           The character set used for attempted decoding is primarily based on
629           a declared character set in a Content-Type header, but if the
630           decoding attempt fails a module Encode::Detect::Detector is
631           consulted (if available) to provide a guess based on the actual
632           text, and decoding is re-attempted. Even if the option is enabled
633           no unnecessary decoding and re-encoding work is done when possible
634           (like with an all-ASCII text with a US-ASCII or extended ASCII
635           character set declaration, e.g. UTF-8 or ISO-8859-nn or Windows-
636           nnnn).
637
638           Unicode support in old versions of perl or in a core module Encode
639           is likely to be buggy in places, so if the normalize_charset
640           function is enabled it is advised to stick to more recent versions
641           of perl (preferably 5.12 or later). The module
642           Encode::Detect::Detector is optional, when necessary it will be
643           used if it is available.
644
645   NETWORK TEST OPTIONS
646       trusted_networks IPaddress[/masklen] ...   (default: none)
647           What networks or hosts are 'trusted' in your setup.  Trusted in
648           this case means that relay hosts on these networks are considered
649           to not be potentially operated by spammers, open relays, or open
650           proxies.  A trusted host could conceivably relay spam, but will not
651           originate it, and will not forge header data. DNS blacklist checks
652           will never query for hosts on these networks.
653
654           See "http://wiki.apache.org/spamassassin/TrustPath" for more
655           information.
656
657           MXes for your domain(s) and internal relays should also be
658           specified using the "internal_networks" setting. When there are
659           'trusted' hosts that are not MXes or internal relays for your
660           domain(s) they should only be specified in "trusted_networks".
661
662           The "IPaddress" can be an IPv4 address (in a dot-quad form), or an
663           IPv6 address optionally enclosed in square brackets. Scoped link-
664           local IPv6 addresses are syntactically recognized but the interface
665           scope is currently ignored (e.g. [fe80::1234%eth0] ) and should be
666           avoided.
667
668           If a "/masklen" is specified, it is considered a CIDR-style
669           'netmask' length, specified in bits.  If it is not specified, but
670           less than 4 octets of an IPv4 address are specified with a trailing
671           dot, an implied netmask length covers all addresses in remaining
672           octets (i.e. implied masklen is /8 or /16 or /24).  If masklen is
673           not specified, and there is not trailing dot, then just a single IP
674           address specified is used, as if the masklen were "/32" with an
675           IPv4 address, or "/128" in case of an IPv6 address.
676
677           If a network or host address is prefaced by a "!" the matching
678           network or host will be excluded from the list even if a less
679           specific (shorter netmask length) subnet is later specified in the
680           list. This allows a subset of a wider network to be exempt. In case
681           of specifying overlapping subnets, specify more specific subnets
682           first (tighter matching, i.e. with a longer netmask length),
683           followed by less specific (shorter netmask length) subnets to get
684           predictable results regardless of the search algorithm used - when
685           Net::Patricia module is installed the search finds the tightest
686           matching entry in the list, while a sequential search as used in
687           absence of the module Net::Patricia will find the first matching
688           entry in the list.
689
690           Note: 127.0.0.0/8 and ::1 are always included in trusted_networks,
691           regardless of your config.
692
693           Examples:
694
695              trusted_networks 192.168.0.0/16        # all in 192.168.*.*
696              trusted_networks 192.168.              # all in 192.168.*.*
697              trusted_networks 212.17.35.15          # just that host
698              trusted_networks !10.0.1.5 10.0.1/24   # all in 10.0.1.* but not 10.0.1.5
699              trusted_networks 2001:db8:1::1 !2001:db8:1::/64 2001:db8::/32
700                # 2001:db8::/32 and 2001:db8:1::1/128, except the rest of 2001:db8:1::/64
701
702           This operates additively, so a "trusted_networks" line after
703           another one will append new entries to the list of trusted
704           networks.  To clear out the existing entries, use
705           "clear_trusted_networks".
706
707           If "trusted_networks" is not set and "internal_networks" is, the
708           value of "internal_networks" will be used for this parameter.
709
710           If neither "trusted_networks" or "internal_networks" is set, a
711           basic inference algorithm is applied.  This works as follows:
712
713           •   If the 'from' host has an IP address in a private (RFC 1918)
714               network range, then it's trusted
715
716           •   If there are authentication tokens in the received header, and
717               the previous host was trusted, then this host is also trusted
718
719           •   Otherwise this host, and all further hosts, are consider
720               untrusted.
721
722       clear_trusted_networks
723           Empty the list of trusted networks.
724
725       internal_networks IPaddress[/masklen] ...   (default: none)
726           What networks or hosts are 'internal' in your setup.   Internal
727           means that relay hosts on these networks are considered to be MXes
728           for your domain(s), or internal relays.  This uses the same syntax
729           as "trusted_networks", above - see there for details.
730
731           This value is used when checking 'dial-up' or dynamic IP address
732           blocklists, in order to detect direct-to-MX spamming.
733
734           Trusted relays that accept mail directly from dial-up connections
735           (i.e. are also performing a role of mail submission agents - MSA)
736           should not be listed in "internal_networks". List them only in
737           "trusted_networks".
738
739           If "trusted_networks" is set and "internal_networks" is not, the
740           value of "trusted_networks" will be used for this parameter.
741
742           If neither "trusted_networks" nor "internal_networks" is set, no
743           addresses will be considered local; in other words, any relays past
744           the machine where SpamAssassin is running will be considered
745           external.
746
747           Every entry in "internal_networks" must appear in
748           "trusted_networks"; in other words, "internal_networks" is always a
749           subset of the trusted set.
750
751           Note: 127/8 and ::1 are always included in internal_networks,
752           regardless of your config.
753
754       clear_internal_networks
755           Empty the list of internal networks.
756
757       msa_networks IPaddress[/masklen] ...   (default: none)
758           The networks or hosts which are acting as MSAs in your setup (but
759           not also as MX relays). This uses the same syntax as
760           "trusted_networks", above - see there for details.
761
762           MSA means that the relay hosts on these networks accept mail from
763           your own users and authenticates them appropriately.  These relays
764           will never accept mail from hosts that aren't authenticated in some
765           way. Examples of authentication include, IP lists, SMTP AUTH, POP-
766           before-SMTP, etc.
767
768           All relays found in the message headers after the MSA relay will
769           take on the same trusted and internal classifications as the MSA
770           relay itself, as defined by your trusted_networks and
771           internal_networks configuration.
772
773           For example, if the MSA relay is trusted and internal so will all
774           of the relays that precede it.
775
776           When using msa_networks to identify an MSA it is recommended that
777           you treat that MSA as both trusted and internal.  When an MSA is
778           not included in msa_networks you should treat the MSA as trusted
779           but not internal, however if the MSA is also acting as an MX or
780           intermediate relay you must always treat it as both trusted and
781           internal and ensure that the MSA includes visible auth tokens in
782           its Received header to identify submission clients.
783
784           Warning: Never include an MSA that also acts as an MX (or is also
785           an intermediate relay for an MX) or otherwise accepts mail from
786           non-authenticated users in msa_networks.  Doing so will result in
787           unknown external relays being trusted.
788
789       clear_msa_networks
790           Empty the list of msa networks.
791
792       originating_ip_headers header ...   (default: X-Yahoo-Post-IP
793       X-Originating-IP X-Apparently-From X-SenderIP)
794           A list of header field names from which an originating IP address
795           can be obtained. For example, webmail servers may record a client
796           IP address in X-Originating-IP.
797
798           These IP addresses are virtually appended into the Received: chain,
799           so they are used in RBL checks where appropriate.
800
801           Currently the IP addresses are not added into X-Spam-Relays-*
802           header fields, but they may be in the future.
803
804       clear_originating_ip_headers
805           Empty the list of 'originating IP address' header field names.
806
807       always_trust_envelope_sender ( 0 | 1 )   (default: 0)
808           Trust the envelope sender even if the message has been passed
809           through one or more trusted relays.  See also
810           "envelope_sender_header".
811
812       skip_rbl_checks ( 0 | 1 )   (default: 0)
813           Turning on the skip_rbl_checks setting will disable the DNSEval
814           plugin, which implements Real-time Block List (or: Blackhole List)
815           (RBL) lookups.
816
817           By default, SpamAssassin will run RBL checks. Individual blocklists
818           may be disabled selectively by setting a score of a corresponding
819           rule to 0.
820
821           See also a related configuration parameter skip_uribl_checks, which
822           controls the URIDNSBL plugin (documented in the URIDNSBL man page).
823
824       dns_available { yes | no | test[: domain1 domain2...] }   (default:
825       yes)
826           Tells SpamAssassin whether DNS resolving is available or not. A
827           value yes indicates DNS resolving is available, a value no
828           indicates DNS resolving is not available - both of these values
829           apply unconditionally and skip initial DNS tests, which can be slow
830           or unreliable.
831
832           When the option value is a test (with or without arguments),
833           SpamAssassin will query some domain names on the internet during
834           initialization, attempting to determine if DNS resolving is working
835           or not. A space-separated list of domain names may be specified
836           explicitly, or left to a built-in default of a dozen or so domain
837           names. From an explicit or a default list a subset of three domain
838           names is picked randomly for checking. The test queries for NS
839           records of these domain: if at least one query returns a success
840           then SpamAssassin considers DNS resolving as available, otherwise
841           not.
842
843           The problem is that the test can introduce some startup delay if a
844           network connection is down, and in some cases it can wrongly guess
845           that DNS is unavailable because a test connection failed, what
846           causes disabling several DNS-dependent tests.
847
848           Please note, the DNS test queries for NS records, so specify domain
849           names, not host names.
850
851           Since version 3.4.0 of SpamAssassin a default setting for option
852           dns_available is yes. A default in older versions was test.
853
854       dns_server ip-addr-port  (default: entries provided by Net::DNS)
855           Specifies an IP address of a DNS server, and optionally its port
856           number.  The dns_server directive may be specified multiple times,
857           each entry adding to a list of available resolving name servers.
858           The ip-addr-port argument can either be an IPv4 or IPv6 address,
859           optionally enclosed in brackets, and optionally followed by a colon
860           and a port number. In absence of a port number a standard port
861           number 53 is assumed. When an IPv6 address is specified along with
862           a port number, the address must be enclosed in brackets to avoid
863           parsing ambiguity regarding a colon separator. A scoped link-local
864           IP address is allowed (assuming underlying modules allow it).
865
866           Examples :
867            dns_server 127.0.0.1
868            dns_server 127.0.0.1:53
869            dns_server [127.0.0.1]:53
870            dns_server [::1]:53
871            dns_server fe80::1%lo0
872            dns_server [fe80::1%lo0]:53
873
874           In absence of dns_server directives, the list of name servers is
875           provided by Net::DNS module, which typically obtains the list from
876           /etc/resolv.conf, but this may be platform dependent. Please
877           consult the Net::DNS::Resolver documentation for details.
878
879       clear_dns_servers
880           Empty the list of explicitly configured DNS servers through a
881           dns_server directive, falling back to Net::DNS -supplied defaults.
882
883       dns_local_ports_permit ranges...
884           Add the specified ports or ports ranges to the set of allowed port
885           numbers that can be used as local port numbers when sending DNS
886           queries to a resolver.
887
888           The argument is a whitespace-separated or a comma-separated list of
889           single port numbers n, or port number pairs (i.e. m-n) delimited by
890           a '-', representing a range. Allowed port numbers are between 1 and
891           65535.
892
893           Directives dns_local_ports_permit and dns_local_ports_avoid are
894           processed in order in which they appear in configuration files.
895           Each directive adds (or subtracts) its subsets of ports to a
896           current set of available ports.  Whatever is left in the set by the
897           end of configuration processing is made available to a DNS
898           resolving client code.
899
900           If the resulting set of port numbers is empty (see also the
901           directive dns_local_ports_none), then SpamAssassin does not apply
902           its ports randomization logic, but instead leaves the operating
903           system to choose a suitable free local port number.
904
905           The initial set consists of all port numbers in the range
906           1024-65535.  Note that system config files already modify the set
907           and remove all the IANA registered port numbers and some other
908           ranges, so there is rarely a need to adjust the ranges by site-
909           specific directives.
910
911           See also directives dns_local_ports_permit and
912           dns_local_ports_none.
913
914       dns_local_ports_avoid ranges...
915           Remove specified ports or ports ranges from the set of allowed port
916           numbers that can be used as local port numbers when sending DNS
917           queries to a resolver.
918
919           Please see directive dns_local_ports_permit for details.
920
921       dns_local_ports_none
922           Is a fast shorthand for:
923
924             dns_local_ports_avoid 1-65535
925
926           leaving the set of available DNS query local port numbers empty. In
927           all respects (apart from speed) it is equivalent to the shown
928           directive, and can be freely mixed with dns_local_ports_permit and
929           dns_local_ports_avoid.
930
931           If the resulting set of port numbers is empty, then SpamAssassin
932           does not apply its ports randomization logic, but instead leaves
933           the operating system to choose a suitable free local port number.
934
935           See also directives dns_local_ports_permit and
936           dns_local_ports_avoid.
937
938       dns_test_interval n   (default: 600 seconds)
939           If dns_available is set to test, the dns_test_interval time in
940           number of seconds will tell SpamAssassin how often to retest for
941           working DNS.  A numeric value is optionally suffixed by a time unit
942           (s, m, h, d, w, indicating seconds (default), minutes, hours, days,
943           weeks).
944
945       dns_options opts   (default: norotate, nodns0x20, edns=4096)
946           Provides a (whitespace or comma -separated) list of options
947           applying to DNS resolving. Available options are: rotate, dns0x20
948           and edns (or edns0). Option name may be negated by prepending a no
949           (e.g. norotate, NoEDNS) to counteract a previously enabled option.
950           Option names are not case-sensitive. The dns_options directive may
951           appear in configuration files multiple times, the last setting
952           prevails.
953
954           Option edns (or edsn0) may take a value which specifies a
955           requestor's acceptable UDP payload size according to EDNS0
956           specifications (RFC 6891, ex RFC 2671) e.g. edns=4096. When EDNS0
957           is off (noedns or edns=512) a traditional implied UDP payload size
958           is 512 bytes, which is also a minimum allowed value for this
959           option. When the option is specified but a value is not provided, a
960           conservative default of 1220 bytes is implied. It is recommended to
961           keep edns enabled when using a local recursive DNS server which
962           supports EDNS0 (like most modern DNS servers do), a suitable
963           setting in this case is edns=4096, which is also a default.
964           Allowing UDP payload size larger than 512 bytes can avoid
965           truncation of resource records in large DNS responses (like in TXT
966           records of some SPF and DKIM responses, or when an unreasonable
967           number of A records is published by some domain). The option should
968           be disabled when a recursive DNS server is only reachable through
969           non- RFC 6891 compliant middleboxes (such as some old-fashioned
970           firewall) which bans DNS UDP payload sizes larger than 512 bytes. A
971           suitable value when a non-local recursive DNS server is used and a
972           middlebox does allow EDNS0 but blocks fragmented IP packets is
973           perhaps 1220 bytes, allowing a DNS UDP packet to fit within a
974           single IP packet in most cases (a slightly less conservative range
975           would be 1280-1410 bytes).
976
977           Option rotate causes SpamAssassin to choose a DNS server at random
978           from all servers listed in "/etc/resolv.conf" every
979           dns_test_interval seconds, effectively spreading the load over all
980           currently available DNS servers when there are many spamd workers.
981
982           Option dns0x20 enables randomization of letters in a DNS query
983           label according to draft-vixie-dnsext-dns0x20, decreasing a chance
984           of collisions of responses (by chance or by a malicious intent) by
985           increasing spread as provided by a 16-bit query ID and up to 16
986           bits of a port number, with additional bits as encoded by flipping
987           case (upper/lower) of letters in a query. The number of additional
988           random bits corresponds to the number of letters in a query label.
989           Should work reliably with all mainstream DNS servers - do not turn
990           on if you see frequent info messages "dns: no callback for id:" in
991           the log, or if RBL or URIDNS lookups do not work for no apparent
992           reason.
993
994       dns_query_restriction (allow|deny) domain1 domain2 ...
995           Option allows disabling of rules which would result in a DNS query
996           to one of the listed domains. The first argument must be a literal
997           "allow" or "deny", remaining arguments are domains names.
998
999           Most DNS queries (with some exceptions) are subject to
1000           dns_query_restriction.  A domain to be queried is successively
1001           stripped-off of its leading labels (thus yielding a series of its
1002           parent domains), and on each iteration a check is made against an
1003           associative array generated by dns_query_restriction options.
1004           Search stops at the first match (i.e. the tightest match), and the
1005           matching entry with its "allow" or "deny" value then controls
1006           whether a DNS query is allowed to be launched.
1007
1008           If no match is found an implicit default is to allow a query. The
1009           purpose of an explicit "allow" entry is to be able to override a
1010           previously configured "deny" on the same domain or to override an
1011           entry (possibly yet to be configured in subsequent config
1012           directives) on one of its parent domains.  Thus an 'allow
1013           zen.spamhaus.org' with a 'deny spamhaus.org' would permit DNS
1014           queries on a specific DNS BL zone but deny queries to other zones
1015           under the same parent domain.
1016
1017           Domains are matched case-insensitively, no wildcards are
1018           recognized, there should be no leading or trailing dot.
1019
1020           Specifying a block on querying a domain name has a similar effect
1021           as setting a score of corresponding DNSBL and URIBL rules to zero,
1022           and can be a handy alternative to hunting for such rules when a
1023           site policy does not allow certain DNS block lists to be queried.
1024
1025           Example:
1026             dns_query_restriction deny  dnswl.org surbl.org
1027             dns_query_restriction allow zen.spamhaus.org
1028             dns_query_restriction deny  spamhaus.org mailspike.net
1029           spamcop.net
1030
1031       clear_dns_query_restriction
1032           The option removes any entries entered by previous
1033           'dns_query_restriction' options, leaving the list empty, i.e.
1034           allowing DNS queries for any domain (including any DNS BL zone).
1035
1036   LEARNING OPTIONS
1037       use_learner ( 0 | 1 )         (default: 1)
1038           Whether to use any machine-learning classifiers with SpamAssassin,
1039           such as the default 'BAYES_*' rules.  Setting this to 0 will
1040           disable use of any and all human-trained classifiers.
1041
1042       use_bayes ( 0 | 1 )      (default: 1)
1043           Whether to use the naive-Bayesian-style classifier built into
1044           SpamAssassin.  This is a master on/off switch for all Bayes-related
1045           operations.
1046
1047       use_bayes_rules ( 0 | 1 )          (default: 1)
1048           Whether to use rules using the naive-Bayesian-style classifier
1049           built into SpamAssassin.  This allows you to disable the rules
1050           while leaving auto and manual learning enabled.
1051
1052       bayes_auto_learn ( 0 | 1 )      (default: 1)
1053           Whether SpamAssassin should automatically feed high-scoring mails
1054           (or low-scoring mails, for non-spam) into its learning systems.
1055           The only learning system supported currently is a naive-Bayesian-
1056           style classifier.
1057
1058           See the documentation for the
1059           "Mail::SpamAssassin::Plugin::AutoLearnThreshold" plugin module for
1060           details on how Bayes auto-learning is implemented by default.
1061
1062       bayes_token_sources  (default: header visible invisible uri)
1063           Controls which sources in a mail message can contribute tokens
1064           (e.g. words, phrases, etc.) to a Bayes classifier. The argument is
1065           a space-separated list of keywords: header, visible, invisible,
1066           uri, mimepart), each of which may be prefixed by a no to indicate
1067           its exclusion. Additionally two reserved keywords are allowed: all
1068           and none (or: noall). The list of keywords is processed
1069           sequentially: a keyword all adds all available keywords to a set
1070           being built, a none or noall clears the set, other non-negated
1071           keywords are added to the set, and negated keywords are removed
1072           from the set. Keywords are case-insensitive.
1073
1074           The default set is: header visible invisible uri, which is
1075           equivalent for example to: All NoMIMEpart. The reason why mimepart
1076           is not currently in a default set is that it is a newer source
1077           (introduced with SpamAssassin version 3.4.1) and not much
1078           experience has yet been gathered regarding its usefulness.
1079
1080           See also option "bayes_ignore_header" for a fine-grained control on
1081           individual header fields under the umbrella of a more general
1082           keyword header here.
1083
1084           Keywords imply the following data sources:
1085
1086           header - tokens collected from a message header section
1087           visible - words from visible text (plain or HTML) in a message body
1088           invisible - hidden/invisible text in HTML parts of a message body
1089           uri - URIs collected from a message body
1090           mimepart - digests (hashes) of all MIME parts (textual or non-
1091           textual) of a message, computed after Base64 and quoted-printable
1092           decoding, suffixed by their Content-Type
1093           all - adds all the above keywords to the set being assembled
1094           none or noall - removes all keywords from the set
1095
1096           The "bayes_token_sources" directive may appear multiple times, its
1097           keywords are interpreted sequentially, adding or removing items
1098           from the final set as they appear in their order in
1099           "bayes_token_sources" directive(s).
1100
1101       bayes_ignore_header header_name
1102           If you receive mail filtered by upstream mail systems, like a spam-
1103           filtering ISP or mailing list, and that service adds new headers
1104           (as most of them do), these headers may provide inappropriate cues
1105           to the Bayesian classifier, allowing it to take a "short cut". To
1106           avoid this, list the headers using this setting.  Example:
1107
1108                   bayes_ignore_header X-Upstream-Spamfilter
1109                   bayes_ignore_header X-Upstream-SomethingElse
1110
1111       bayes_ignore_from user@example.com
1112           Bayesian classification and autolearning will not be performed on
1113           mail from the listed addresses.  Program "sa-learn" will also
1114           ignore the listed addresses if it is invoked using the
1115           "--use-ignores" option.  One or more addresses can be listed, see
1116           "whitelist_from".
1117
1118           Spam messages from certain senders may contain many words that
1119           frequently occur in ham.  For example, one might read messages from
1120           a preferred bookstore but also get unwanted spam messages from
1121           other bookstores.  If the unwanted messages are learned as spam
1122           then any messages discussing books, including the preferred
1123           bookstore and antiquarian messages would be in danger of being
1124           marked as spam.  The addresses of the annoying bookstores would be
1125           listed.  (Assuming they were halfway legitimate and didn't send you
1126           mail through myriad affiliates.)
1127
1128           Those who have pieces of spam in legitimate messages or otherwise
1129           receive ham messages containing potentially spammy words might fear
1130           that some spam messages might be in danger of being marked as ham.
1131           The addresses of the spam mailing lists, correspondents, etc.
1132           would be listed.
1133
1134       bayes_ignore_to user@example.com
1135           Bayesian classification and autolearning will not be performed on
1136           mail to the listed addresses.  See "bayes_ignore_from" for details.
1137
1138       bayes_min_ham_num             (Default: 200)
1139       bayes_min_spam_num       (Default: 200)
1140           To be accurate, the Bayes system does not activate until a certain
1141           number of ham (non-spam) and spam have been learned.  The default
1142           is 200 of each ham and spam, but you can tune these up or down with
1143           these two settings.
1144
1145       bayes_learn_during_report         (Default: 1)
1146           The Bayes system will, by default, learn any reported messages
1147           ("spamassassin -r") as spam.  If you do not want this to happen,
1148           set this option to 0.
1149
1150       bayes_sql_override_username
1151           Used by BayesStore::SQL storage implementation.
1152
1153           If this options is set the BayesStore::SQL module will override the
1154           set username with the value given.  This could be useful for
1155           implementing global or group bayes databases.
1156
1157       bayes_use_hapaxes        (default: 1)
1158           Should the Bayesian classifier use hapaxes (words/tokens that occur
1159           only once) when classifying?  This produces significantly better
1160           hit-rates.
1161
1162       bayes_journal_max_size        (default: 102400)
1163           SpamAssassin will opportunistically sync the journal and the
1164           database.  It will do so once a day, but will sync more often if
1165           the journal file size goes above this setting, in bytes.  If set to
1166           0, opportunistic syncing will not occur.
1167
1168       bayes_expiry_max_db_size      (default: 150000)
1169           What should be the maximum size of the Bayes tokens database?  When
1170           expiry occurs, the Bayes system will keep either 75% of the maximum
1171           value, or 100,000 tokens, whichever has a larger value.  150,000
1172           tokens is roughly equivalent to a 8Mb database file.
1173
1174       bayes_auto_expire             (default: 1)
1175           If enabled, the Bayes system will try to automatically expire old
1176           tokens from the database.  Auto-expiry occurs when the number of
1177           tokens in the database surpasses the bayes_expiry_max_db_size
1178           value. If a bayes datastore backend does not implement individual
1179           key/value expirations, the setting is silently ignored.
1180
1181       bayes_token_ttl               (default: 3w, i.e. 3 weeks)
1182           Time-to-live / expiration time in seconds for tokens kept in a
1183           Bayes database.  A numeric value is optionally suffixed by a time
1184           unit (s, m, h, d, w, indicating seconds (default), minutes, hours,
1185           days, weeks).
1186
1187           If bayes_auto_expire is true and a Bayes datastore backend supports
1188           it (currently only Redis), this setting controls deletion of
1189           expired tokens from a bayes database. The value is observed on a
1190           best-effort basis, exact timing promises are not necessarily kept.
1191           If a bayes datastore backend does not implement individual
1192           key/value expirations, the setting is silently ignored.
1193
1194       bayes_seen_ttl                (default: 8d, i.e. 8 days)
1195           Time-to-live / expiration time in seconds for 'seen' entries (i.e.
1196           mail message digests with their status) kept in a Bayes database.
1197           A numeric value is optionally suffixed by a time unit (s, m, h, d,
1198           w, indicating seconds (default), minutes, hours, days, weeks).
1199
1200           If bayes_auto_expire is true and a Bayes datastore backend supports
1201           it (currently only Redis), this setting controls deletion of
1202           expired 'seen' entries from a bayes database. The value is observed
1203           on a best-effort basis, exact timing promises are not necessarily
1204           kept. If a bayes datastore backend does not implement individual
1205           key/value expirations, the setting is silently ignored.
1206
1207       bayes_learn_to_journal   (default: 0)
1208           If this option is set, whenever SpamAssassin does Bayes learning,
1209           it will put the information into the journal instead of directly
1210           into the database.  This lowers contention for locking the database
1211           to execute an update, but will also cause more access to the
1212           journal and cause a delay before the updates are actually committed
1213           to the Bayes database.
1214
1215   MISCELLANEOUS OPTIONS
1216       time_limit n   (default: 300)
1217           Specifies a limit on elapsed time in seconds that SpamAssassin is
1218           allowed to spend before providing a result. The value may be
1219           fractional and must not be negative, zero is interpreted as
1220           unlimited. The default is 300 seconds for consistency with the
1221           spamd default setting of --timeout-child .
1222
1223           This is a best-effort advisory setting, processing will not be
1224           abruptly aborted at an arbitrary point in processing when the time
1225           limit is exceeded, but only on reaching one of locations in the
1226           program flow equipped with a time test. Currently equipped with the
1227           test are the main checking loop, asynchronous DNS lookups, plugins
1228           which are calling external programs.  Rule evaluation is guarded by
1229           starting a timer (alarm) on each set of compiled rules.
1230
1231           When a message is passed to Mail::SpamAssassin::parse, a deadline
1232           time is established as a sum of current time and the "time_limit"
1233           setting.
1234
1235           This deadline may also be specified by a caller through an option
1236           'master_deadline' in $suppl_attrib on a call to parse(), possibly
1237           providing a more accurate deadline taking into account past and
1238           expected future processing of a message in a mail filtering setup.
1239           If both the config option as well as a 'master_deadline' option in
1240           a call are provided, the shorter time limit of the two is used
1241           (since version 3.3.2).  Note that spamd (and possibly third-party
1242           callers of SpamAssassin) will supply the 'master_deadline' option
1243           in a call based on its --timeout-child option (or equivalent),
1244           unlike the command line "spamassassin", which has no such command
1245           line option.
1246
1247           When a time limit is exceeded, most of the remaining tests will be
1248           skipped, as well as auto-learning. Whatever tests fired so far will
1249           determine the final score. The behaviour is similar to short-
1250           circuiting with attribute 'on', as implemented by a Shortcircuit
1251           plugin. A synthetic hit on a rule named TIME_LIMIT_EXCEEDED with a
1252           near-zero default score is generated, so that the report will
1253           reflect the event. A score for TIME_LIMIT_EXCEEDED may be provided
1254           explicitly in a configuration file, for example to achieve
1255           whitelisting or blacklisting effect for messages with long
1256           processing times.
1257
1258           The "time_limit" option is a useful protection against excessive
1259           processing time on certain degenerate or unusually long or complex
1260           mail messages, as well as against some DoS attacks. It is also
1261           needed in time-critical pre-queue filtering setups (e.g. milter,
1262           proxy, integration with MTA), where message processing must finish
1263           before a SMTP client times out.  RFC 5321 prescribes in section
1264           4.5.3.2.6 the 'DATA Termination' time limit of 10 minutes, although
1265           it is not unusual to see some SMTP clients abort sooner on waiting
1266           for a response. A sensible "time_limit" for a pre-queue filtering
1267           setup is maybe 50 seconds, assuming that clients are willing to
1268           wait at least a minute.
1269
1270       lock_method type
1271           Select the file-locking method used to protect database files on-
1272           disk. By default, SpamAssassin uses an NFS-safe locking method on
1273           UNIX; however, if you are sure that the database files you'll be
1274           using for Bayes and AWL storage will never be accessed over NFS, a
1275           non-NFS-safe locking system can be selected.
1276
1277           This will be quite a bit faster, but may risk file corruption if
1278           the files are ever accessed by multiple clients at once, and one or
1279           more of them is accessing them through an NFS filesystem.
1280
1281           Note that different platforms require different locking systems.
1282
1283           The supported locking systems for "type" are as follows:
1284
1285           nfssafe - an NFS-safe locking system
1286           flock - simple UNIX "flock()" locking
1287           win32 - Win32 locking using "sysopen (..., O_CREAT|O_EXCL)".
1288
1289           nfssafe and flock are only available on UNIX, and win32 is only
1290           available on Windows.  By default, SpamAssassin will choose either
1291           nfssafe or win32 depending on the platform in use.
1292
1293       fold_headers ( 0 | 1 )        (default: 1)
1294           By default, headers added by SpamAssassin will be whitespace
1295           folded.  In other words, they will be broken up into multiple lines
1296           instead of one very long one and each continuation line will have a
1297           tabulator prepended to mark it as a continuation of the preceding
1298           one.
1299
1300           The automatic wrapping can be disabled here.  Note that this can
1301           generate very long lines.  RFC 2822 required that header lines do
1302           not exceed 998 characters (not counting the final CRLF).
1303
1304       report_safe_copy_headers header_name ...
1305           If using "report_safe", a few of the headers from the original
1306           message are copied into the wrapper header (From, To, Cc, Subject,
1307           Date, etc.)  If you want to have other headers copied as well, you
1308           can add them using this option.  You can specify multiple headers
1309           on the same line, separated by spaces, or you can just use multiple
1310           lines.
1311
1312       envelope_sender_header Name-Of-Header
1313           SpamAssassin will attempt to discover the address used in the 'MAIL
1314           FROM:' phase of the SMTP transaction that delivered this message,
1315           if this data has been made available by the SMTP server.  This is
1316           used in the "EnvelopeFrom" pseudo-header, and for various rules
1317           such as SPF checking.
1318
1319           By default, various MTAs will use different headers, such as the
1320           following:
1321
1322               X-Envelope-From
1323               Envelope-Sender
1324               X-Sender
1325               Return-Path
1326
1327           SpamAssassin will attempt to use these, if some heuristics (such as
1328           the header placement in the message, or the absence of fetchmail
1329           signatures) appear to indicate that they are safe to use.  However,
1330           it may choose the wrong headers in some mailserver configurations.
1331           (More discussion of this can be found in bug 2142 and bug 4747 in
1332           the SpamAssassin BugZilla.)
1333
1334           To avoid this heuristic failure, the "envelope_sender_header"
1335           setting may be helpful.  Name the header that your MTA or MDA adds
1336           to messages containing the address used at the MAIL FROM step of
1337           the SMTP transaction.
1338
1339           If the header in question contains "<" or ">" characters at the
1340           start and end of the email address in the right-hand side, as in
1341           the SMTP transaction, these will be stripped.
1342
1343           If the header is not found in a message, or if it's value does not
1344           contain an "@" sign, SpamAssassin will issue a warning in the logs
1345           and fall back to its default heuristics.
1346
1347           (Note for MTA developers: we would prefer if the use of a single
1348           header be avoided in future, since that precludes 'downstream' spam
1349           scanning.
1350           "http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived"
1351           details a better proposal, storing the envelope sender at each hop
1352           in the "Received" header.)
1353
1354           example:
1355
1356               envelope_sender_header X-SA-Exim-Mail-From
1357
1358       describe SYMBOLIC_TEST_NAME description ...
1359           Used to describe a test.  This text is shown to users in the
1360           detailed report.
1361
1362           Note that test names which begin with '__' are reserved for meta-
1363           match sub-rules, and are not scored or listed in the 'tests hit'
1364           reports.
1365
1366           Also note that by convention, rule descriptions should be limited
1367           in length to no more than 50 characters.
1368
1369       report_charset CHARSET        (default: unset)
1370           Set the MIME Content-Type charset used for the text/plain report
1371           which is attached to spam mail messages.
1372
1373       report ...some text for a report...
1374           Set the report template which is attached to spam mail messages.
1375           See the "10_default_prefs.cf" configuration file in
1376           "/usr/share/spamassassin" for an example.
1377
1378           If you change this, try to keep it under 78 columns. Each "report"
1379           line appends to the existing template, so use
1380           "clear_report_template" to restart.
1381
1382           Tags can be included as explained above.
1383
1384       clear_report_template
1385           Clear the report template.
1386
1387       report_contact ...text of contact address...
1388           Set what _CONTACTADDRESS_ is replaced with in the above report
1389           text.  By default, this is 'the administrator of that system',
1390           since the hostname of the system the scanner is running on is also
1391           included.
1392
1393       report_hostname ...hostname to use...
1394           Set what _HOSTNAME_ is replaced with in the above report text.  By
1395           default, this is determined dynamically as whatever the host
1396           running SpamAssassin calls itself.
1397
1398       unsafe_report ...some text for a report...
1399           Set the report template which is attached to spam mail messages
1400           which contain a non-text/plain part.  See the "10_default_prefs.cf"
1401           configuration file in "/usr/share/spamassassin" for an example.
1402
1403           Each "unsafe-report" line appends to the existing template, so use
1404           "clear_unsafe_report_template" to restart.
1405
1406           Tags can be used in this template (see above for details).
1407
1408       clear_unsafe_report_template
1409           Clear the unsafe_report template.
1410
1411       mbox_format_from_regex
1412           Set a specific regular expression to be used for mbox file From
1413           separators.
1414
1415           For example, this setting will allow sa-learn to process emails
1416           stored in a kmail 2 mbox:
1417
1418           mbox_format_from_regex /^From \S+  ?[[:upper:]][[:lower:]]{2}(?:,
1419           \d\d [[:upper:]][[:lower:]]{2} \d{4} [0-2]\d:\d\d:\d\d [+-]\d{4}|
1420           [[:upper:]][[:lower:]]{2} [ 1-3]\d [ 0-2]\d:\d\d:\d\d \d{4})/
1421
1422       parse_dkim_uris ( 0 | 1 ) (default: 1)
1423           If this option is set to 1 and the message contains DKIM headers,
1424           the headers will be parsed for URIs to process alongside URIs found
1425           in the body with some rules and modules (ex. URIDNSBL)
1426

RULE DEFINITIONS AND PRIVILEGED SETTINGS

1428       These settings differ from the ones above, in that they are considered
1429       'privileged'.  Only users running "spamassassin" from their
1430       procmailrc's or forward files, or sysadmins editing a file in
1431       "/etc/mail/spamassassin", can use them.   "spamd" users cannot use them
1432       in their "user_prefs" files, for security and efficiency reasons,
1433       unless "allow_user_rules" is enabled (and then, they may only add rules
1434       from below).
1435
1436       allow_user_rules ( 0 | 1 )         (default: 0)
1437           This setting allows users to create rules (and only rules) in their
1438           "user_prefs" files for use with "spamd". It defaults to off,
1439           because this could be a severe security hole. It may be possible
1440           for users to gain root level access if "spamd" is run as root. It
1441           is NOT a good idea, unless you have some other way of ensuring that
1442           users' tests are safe. Don't use this unless you are certain you
1443           know what you are doing. Furthermore, this option causes
1444           spamassassin to recompile all the tests each time it processes a
1445           message for a user with a rule in his/her "user_prefs" file, which
1446           could have a significant effect on server load. It is not
1447           recommended.
1448
1449           Note that it is not currently possible to use "allow_user_rules" to
1450           modify an existing system rule from a "user_prefs" file with
1451           "spamd".
1452
1453       redirector_pattern  /pattern/modifiers
1454           A regex pattern that matches both the redirector site portion, and
1455           the target site portion of a URI.
1456
1457           Note: The target URI portion must be surrounded in parentheses and
1458                 no other part of the pattern may create a backreference.
1459
1460           Example:
1461           http://chkpt.zdnet.com/chkpt/whatever/spammer.domain/yo/dude
1462
1463             redirector_pattern    /^https?:\/\/(?:opt\.)?chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
1464
1465       header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset:
1466       STRING]
1467           Define a test.  "SYMBOLIC_TEST_NAME" is a symbolic test name, such
1468           as 'FROM_ENDS_IN_NUMS'.  "header" is the name of a mail header
1469           field, such as 'Subject', 'To', 'From', etc.  Header field names
1470           are matched case-insensitively (conforming to RFC 5322 section
1471           1.2.2), except for all-capitals metaheader fields such as ALL,
1472           MESSAGEID, ALL-TRUSTED.
1473
1474           Appending a modifier ":raw" to a header field name will inhibit
1475           decoding of quoted-printable or base-64 encoded strings, and will
1476           preserve all whitespace inside the header string.  The ":raw" may
1477           also be applied to pseudo-headers e.g. "ALL:raw" will return a
1478           pristine (unmodified) header section.
1479
1480           Appending a modifier ":addr" to a header field name will cause
1481           everything except the first email address to be removed from the
1482           header field.  It is mainly applicable to header fields 'From',
1483           'Sender', 'To', 'Cc' along with their 'Resent-*' counterparts, and
1484           the 'Return-Path'.
1485
1486           Appending a modifier ":name" to a header field name will cause
1487           everything except the first display name to be removed from the
1488           header field. It is mainly applicable to header fields containing a
1489           single mail address: 'From', 'Sender', along with their
1490           'Resent-From' and 'Resent-Sender' counterparts.
1491
1492           It is syntactically permitted to append more than one modifier to a
1493           header field name, although currently most combinations achieve no
1494           additional effect, for example "From:addr:raw" or "From:raw:addr"
1495           is currently the same as "From:addr" .
1496
1497           For example, appending ":addr" to a header name will result in
1498           example@foo in all of the following cases:
1499
1500           example@foo
1501           example@foo (Foo Blah)
1502           example@foo, example@bar
1503           display: example@foo (Foo Blah), example@bar ;
1504           Foo Blah <example@foo>
1505           "Foo Blah" <example@foo>
1506           "'Foo Blah'" <example@foo>
1507
1508           For example, appending ":name" to a header name will result in "Foo
1509           Blah" (without quotes) in all of the following cases:
1510
1511           example@foo (Foo Blah)
1512           example@foo (Foo Blah), example@bar
1513           display: example@foo (Foo Blah), example@bar ;
1514           Foo Blah <example@foo>
1515           "Foo Blah" <example@foo>
1516           "'Foo Blah'" <example@foo>
1517
1518           There are several special pseudo-headers that can be specified:
1519
1520           "ALL" can be used to mean the text of all the message's headers.
1521           Note that all whitespace inside the headers, at line folds, is
1522           currently compressed into a single space (' ') character. To obtain
1523           a pristine (unmodified) header section, use "ALL:raw" - the :raw
1524           modifier is documented above. Also similar that return headers
1525           added by specific relays: ALL-TRUSTED, ALL-INTERNAL, ALL-UNTRUSTED,
1526           ALL-EXTERNAL.
1527           "ToCc" can be used to mean the contents of both the 'To' and 'Cc'
1528           headers.
1529           "EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of the
1530           SMTP transaction that delivered this message, if this data has been
1531           made available by the SMTP server.  See "envelope_sender_header"
1532           for more information on how to set this.
1533           "MESSAGEID" is a symbol meaning all Message-Id's found in the
1534           message; some mailing list software moves the real 'Message-Id' to
1535           'Resent-Message-Id' or to 'X-Message-Id', then uses its own one in
1536           the 'Message-Id' header. The value returned for this symbol is the
1537           text from all 3 headers, separated by newlines.
1538           "X-Spam-Relays-Untrusted", "X-Spam-Relays-Trusted",
1539           "X-Spam-Relays-Internal" and "X-Spam-Relays-External" represent a
1540           portable, pre-parsed representation of the message's network path,
1541           as recorded in the Received headers, divided into 'trusted' vs
1542           'untrusted' and 'internal' vs 'external' sets.  See
1543           "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1544           details.
1545
1546           "op" is either "=~" (contains regular expression) or "!~" (does not
1547           contain regular expression), and "pattern" is a valid Perl regular
1548           expression, with "modifiers" as regexp modifiers in the usual
1549           style.   Note that multi-line rules are not supported, even if you
1550           use "x" as a modifier.  Also note that the "#" character must be
1551           escaped ("\#") or else it will be considered to be the start of a
1552           comment and not part of the regexp.
1553
1554           If the header specified matches multiple headers, their text will
1555           be concatenated with embedded \n's. Therefore you may wish to use
1556           "/m" if you use "^" or "$" in your regular expression.
1557
1558           If the "[if-unset: STRING]" tag is present, then "STRING" will be
1559           used if the header is not found in the mail message.
1560
1561           Test names must not start with a number, and must contain only
1562           alphanumerics and underscores.  It is suggested that lower-case
1563           characters not be used, and names have a length of no more than 22
1564           characters, as an informal convention.  Dashes are not allowed.
1565
1566           Note that test names which begin with '__' are reserved for meta-
1567           match sub-rules, and are not scored or listed in the 'tests hit'
1568           reports.  Test names which begin with 'T_' are reserved for tests
1569           which are undergoing QA, and these are given a very low score.
1570
1571           If you add or modify a test, please be sure to run a sanity check
1572           afterwards by running "spamassassin --lint".  This will avoid
1573           confusing error messages, or other tests being skipped as a side-
1574           effect.
1575
1576       header SYMBOLIC_TEST_NAME exists:header_field_name
1577           Define a header field existence test.  "header_field_name" is the
1578           name of a header field to test for existence.  Not to be confused
1579           with a test for a nonempty header field body, which can be
1580           implemented by a "header SYMBOLIC_TEST_NAME header =~ /\S/" rule as
1581           described above.
1582
1583       header SYMBOLIC_TEST_NAME eval:name_of_eval_method([arguments])
1584           Define a header eval test.  "name_of_eval_method" is the name of a
1585           method registered by a "Mail::SpamAssassin::Plugin" object.
1586           "arguments" are optional arguments to the function call.
1587
1588       header SYMBOLIC_TEST_NAME eval:check_rbl('set', 'zone' [, 'sub-test'])
1589           Check a DNSBL (a DNS blacklist or whitelist).  This will retrieve
1590           Received: headers from the message, extract the IP addresses,
1591           select which ones are 'untrusted' based on the "trusted_networks"
1592           logic, and query that DNSBL zone.  There's a few things to note:
1593
1594           duplicated or private IPs
1595               Duplicated IPs are only queried once and reserved IPs are not
1596               queried.  Private IPs are those listed in
1597               "https://www.iana.org/assignments/ipv4-address-space",
1598               "http://duxcw.com/faq/network/privip.htm",
1599               "http://duxcw.com/faq/network/autoip.htm", or
1600               "https://tools.ietf.org/html/rfc5735" as private.
1601
1602           the 'set' argument
1603               This is used as a 'zone ID'.  If you want to look up a
1604               multiple-meaning zone like SORBS, you can then query the
1605               results from that zone using it; but all check_rbl_sub() calls
1606               must use that zone ID.
1607
1608               Also, if more than one IP address gets a DNSBL hit for a
1609               particular rule, it does not affect the score because rules
1610               only trigger once per message.
1611
1612           the 'zone' argument
1613               This is the root zone of the DNSBL.
1614
1615               The domain name is considered to be a fully qualified domain
1616               name (i.e. not subject to DNS resolver's search or default
1617               domain options).  No trailing period is needed, and will be
1618               removed if specified.
1619
1620           the 'sub-test' argument
1621               This optional argument behaves the same as the sub-test
1622               argument in "check_rbl_sub()" below.
1623
1624           selecting all IPs except for the originating one
1625               This is accomplished by placing '-notfirsthop' at the end of
1626               the set name.  This is useful for querying against DNS lists
1627               which list dialup IP addresses; the first hop may be a dialup,
1628               but as long as there is at least one more hop, via their
1629               outgoing SMTP server, that's legitimate, and so should not gain
1630               points.  If there is only one hop, that will be queried anyway,
1631               as it should be relaying via its outgoing SMTP server instead
1632               of sending directly to your MX (mail exchange).
1633
1634           selecting IPs by whether they are trusted
1635               When checking a 'nice' DNSBL (a DNS whitelist), you cannot
1636               trust the IP addresses in Received headers that were not added
1637               by trusted relays.  To test the first IP address that can be
1638               trusted, place '-firsttrusted' at the end of the set name.
1639               That should test the IP address of the relay that connected to
1640               the most remote trusted relay.
1641
1642               Note that this requires that SpamAssassin know which relays are
1643               trusted.  For simple cases, SpamAssassin can make a good
1644               estimate.  For complex cases, you may get better results by
1645               setting "trusted_networks" manually.
1646
1647               In addition, you can test all untrusted IP addresses by placing
1648               '-untrusted' at the end of the set name.   Important note --
1649               this does NOT include the IP address from the most recent
1650               'untrusted line', as used in '-firsttrusted' above.  That's
1651               because we're talking about the trustworthiness of the IP
1652               address data, not the source header line, here; and in the case
1653               of the most recent header (the 'firsttrusted'), that data can
1654               be trusted.  See the Wiki page at
1655               "http://wiki.apache.org/spamassassin/TrustedRelays" for more
1656               information on this.
1657
1658           Selecting just the last external IP
1659               By using '-lastexternal' at the end of the set name, you can
1660               select only the external host that connected to your internal
1661               network, or at least the last external host with a public IP.
1662
1663       header SYMBOLIC_TEST_NAME eval:check_rbl_txt('set', 'zone')
1664           Same as check_rbl(), except querying using IN TXT instead of IN A
1665           records.  If the zone supports it, it will result in a line of text
1666           describing why the IP is listed, typically a hyperlink to a
1667           database entry.
1668
1669       header SYMBOLIC_TEST_NAME eval:check_rbl_sub('set', 'sub-test')
1670           Create a sub-test for 'set'.  If you want to look up a multi-
1671           meaning zone like relays.osirusoft.com, you can then query the
1672           results from that zone using the zone ID from the original query.
1673           The sub-test may either be an IPv4 dotted address for RBLs that
1674           return multiple A records, or a non-negative decimal number to
1675           specify a bitmask for RBLs that return a single A record containing
1676           a bitmask of results, or a regular expression.
1677
1678           Note: the set name must be exactly the same for as the main query
1679           rule, including selections like '-notfirsthop' appearing at the end
1680           of the set name.
1681
1682       body SYMBOLIC_TEST_NAME /pattern/modifiers
1683           Define a body pattern test.  "pattern" is a Perl regular
1684           expression.  Note: as per the header tests, "#" must be escaped
1685           ("\#") or else it is considered the beginning of a comment.
1686
1687           The 'body' in this case is the textual parts of the message body;
1688           any non-text MIME parts are stripped, and the message decoded from
1689           Quoted-Printable or Base-64-encoded format if necessary.  Parts
1690           declared as text/html will be rendered from HTML to text.
1691
1692           All body paragraphs (double-newline-separated blocks text) are
1693           turned into a line breaks removed, whitespace normalized single
1694           line.  Any lines longer than 2kB are split into shorter separate
1695           lines (from a boundary when possible), this may unexpectedly
1696           prevent pattern from matching.  Patterns are matched independently
1697           against each of these lines.
1698
1699           Note that by default the message Subject header is considered part
1700           of the body and becomes the first line when running the rules. If
1701           you don't want to match Subject along with body text, use "tflags
1702           RULENAME nosubject".
1703
1704       body SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1705           Define a body eval test.  See above.
1706
1707       uri SYMBOLIC_TEST_NAME /pattern/modifiers
1708           Define a uri pattern test.  "pattern" is a Perl regular expression.
1709           Note: as per the header tests, "#" must be escaped ("\#") or else
1710           it is considered the beginning of a comment.
1711
1712           The 'uri' in this case is a list of all the URIs in the body of the
1713           email, and the test will be run on each and every one of those
1714           URIs, adjusting the score if a match is found. Use this test
1715           instead of one of the body tests when you need to match a URI, as
1716           it is more accurately bound to the start/end points of the URI, and
1717           will also be faster.
1718
1719       rawbody SYMBOLIC_TEST_NAME /pattern/modifiers
1720           Define a raw-body pattern test.  "pattern" is a Perl regular
1721           expression.  Note: as per the header tests, "#" must be escaped
1722           ("\#") or else it is considered the beginning of a comment.
1723
1724           The 'raw body' of a message is the raw data inside all textual
1725           parts. The text will be decoded from base64 or quoted-printable
1726           encoding, but HTML tags and line breaks will still be present.
1727           Multiline expressions will need to be used to match strings that
1728           are broken by line breaks.
1729
1730           Note that the text is split into 2-4kB chunks (from a word boundary
1731           when possible), this may unexpectedly prevent pattern from
1732           matching.  Patterns are matched independently against each of these
1733           chunks.
1734
1735       rawbody SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1736           Define a raw-body eval test.  See above.
1737
1738       full SYMBOLIC_TEST_NAME /pattern/modifiers
1739           Define a full message pattern test.  "pattern" is a Perl regular
1740           expression.  Note: as per the header tests, "#" must be escaped
1741           ("\#") or else it is considered the beginning of a comment.
1742
1743           The full message is the pristine message headers plus the pristine
1744           message body, including all MIME data such as images, other
1745           attachments, MIME boundaries, etc.
1746
1747       full SYMBOLIC_TEST_NAME eval:name_of_eval_method([args])
1748           Define a full message eval test.  See above.
1749
1750       meta SYMBOLIC_TEST_NAME boolean expression
1751           Define a boolean expression test in terms of other tests that have
1752           been hit or not hit.  For example:
1753
1754           meta META1        TEST1 && !(TEST2 || TEST3)
1755
1756           Note that English language operators ("and", "or") will be treated
1757           as rule names, and that there is no "XOR" operator.
1758
1759       meta SYMBOLIC_TEST_NAME boolean arithmetic expression
1760           Can also define an arithmetic expression in terms of other tests,
1761           with an unhit test having the value "0" and a hit test having a
1762           nonzero value.  The value of a hit meta test is that of its
1763           arithmetic expression.  The value of a hit eval test is that
1764           returned by its method.  The value of a hit header, body, rawbody,
1765           uri, or full test which has the "multiple" tflag is the number of
1766           times the test hit.  The value of any other type of hit test is
1767           "1".
1768
1769           For example:
1770
1771           meta META2        (3 * TEST1 - 2 * TEST2) > 0
1772
1773           Note that Perl builtins and functions, like "abs()", can't be used,
1774           and will be treated as rule names.
1775
1776           If you want to define a meta-rule, but do not want its individual
1777           sub-rules to count towards the final score unless the entire meta-
1778           rule matches, give the sub-rules names that start with '__' (two
1779           underscores).  SpamAssassin will ignore these for scoring.
1780
1781       meta SYMBOLIC_TEST_NAME ... rules_matching(RULEGLOB) ...
1782           Special function that will expand to list of matching rulenames.
1783           Can be used anywhere in expressions.  Argument supports glob style
1784           rulename matching (* = anything, ? = one character).  Matching is
1785           case-sensitive.
1786
1787           For example, this will hit if at least two __FOO_* rule hits:
1788
1789            body __FOO_1  /xxx/
1790            body __FOO_2  /yyy/
1791            body __FOO_3  /zzz/
1792            meta FOO_META  rules_matching(__FOO_*) >= 2
1793
1794           Which would be the same as:
1795
1796            meta FOO_META  (__FOO_1 + __FOO_2 + __FOO_3) >= 2
1797
1798       reuse SYMBOLIC_TEST_NAME [ OLD_SYMBOLIC_TEST_NAME_1 ... ]
1799           Defines the name of a test that should be "reused" during the
1800           scoring process. If a message has an X-Spam-Status header that
1801           shows a hit for this rule or any of the old rule names given, a hit
1802           will be added for this rule when mass-check --reuse is used.
1803           Examples:
1804
1805           "reuse SPF_PASS"
1806
1807           "reuse MY_NET_RULE_V2 MY_NET_RULE_V1"
1808
1809           The actual logic for reuse tests is done by
1810           Mail::SpamAssassin::Plugin::Reuse.
1811
1812       tflags SYMBOLIC_TEST_NAME flags
1813           Used to set flags on a test. Parameter is a space-separated list of
1814           flag names or flag name = value pairs.  These flags are used in the
1815           score-determination back end system for details of the test's
1816           behaviour.  Please see "bayes_auto_learn" for more information
1817           about tflag interaction with those systems. The following flags can
1818           be set:
1819
1820           net The test is a network test, and will not be run in the mass
1821               checking system or if -L is used, therefore its score should
1822               not be modified.
1823
1824           nice
1825               The test is intended to compensate for common false positives,
1826               and should be assigned a negative score.
1827
1828           userconf
1829               The test requires user configuration before it can be used
1830               (like language-specific tests).
1831
1832           learn
1833               The test requires training before it can be used.
1834
1835           noautolearn
1836               The test will explicitly be ignored when calculating the score
1837               for learning systems.
1838
1839           autolearn_force
1840               The test will be subject to less stringent autolearn
1841               thresholds.
1842
1843               Normally, SpamAssassin will require 3 points from the header
1844               and 3 points from the body to be auto-learned as spam. This
1845               option keeps the threshold at 6 points total but changes it to
1846               have no regard to the source of the points.
1847
1848           noawl
1849               This flag is specific when using AWL plugin.
1850
1851               Normally, AWL plugin normalizes scores via auto-whitelist. In
1852               some scenarios it works against the system administrator when
1853               trying to add some rules to correct miss-classified email. When
1854               AWL plugin searches the email and finds the noawl flag it will
1855               exit without normalizing the score nor storing the value in db.
1856
1857           multiple
1858               The test will be evaluated multiple times, for use with meta
1859               rules.  Only affects header, body, rawbody, uri, and full
1860               tests.
1861
1862           maxhits=N
1863               If multiple is specified, limit the number of hits found to N.
1864               If the rule is used in a meta that counts the hits (e.g.
1865               __RULENAME > 5), this is a way to avoid wasted extra work (use
1866               "tflags multiple maxhits=6").
1867
1868               For example:
1869
1870                 uri      __KAM_COUNT_URIS /^./
1871                 tflags   __KAM_COUNT_URIS multiple maxhits=16
1872                 describe __KAM_COUNT_URIS A multiple match used to count URIs in a message
1873
1874                 meta __KAM_HAS_0_URIS (__KAM_COUNT_URIS == 0)
1875                 meta __KAM_HAS_1_URIS (__KAM_COUNT_URIS >= 1)
1876                 meta __KAM_HAS_2_URIS (__KAM_COUNT_URIS >= 2)
1877                 meta __KAM_HAS_3_URIS (__KAM_COUNT_URIS >= 3)
1878                 meta __KAM_HAS_4_URIS (__KAM_COUNT_URIS >= 4)
1879                 meta __KAM_HAS_5_URIS (__KAM_COUNT_URIS >= 5)
1880                 meta __KAM_HAS_10_URIS (__KAM_COUNT_URIS >= 10)
1881                 meta __KAM_HAS_15_URIS (__KAM_COUNT_URIS >= 15)
1882
1883           nosubject
1884               Used only for body rules.  If specified, Subject header will
1885               not be a part of the matched body text.  See body for more
1886               info.
1887
1888           ips_only
1889               This flag is specific to rules invoking an URIDNSBL plugin, it
1890               is documented there.
1891
1892           domains_only
1893               This flag is specific to rules invoking an URIDNSBL plugin, it
1894               is documented there.
1895
1896           ns  This flag is specific to rules invoking an URIDNSBL plugin, it
1897               is documented there.
1898
1899           a   This flag is specific to rules invoking an URIDNSBL plugin, it
1900               is documented there.
1901
1902       priority SYMBOLIC_TEST_NAME n
1903           Assign a specific priority to a test.  All tests, except for DNS
1904           and Meta tests, are run in increasing priority value order
1905           (negative priority values are run before positive priority values).
1906           The default test priority is 0 (zero).
1907
1908           The values "-99999999999999" and "-99999999999998" have a special
1909           meaning internally, and should not be used.
1910

ADMINISTRATOR SETTINGS

1912       These settings differ from the ones above, in that they are considered
1913       'more privileged' -- even more than the ones in the PRIVILEGED SETTINGS
1914       section.  No matter what "allow_user_rules" is set to, these can never
1915       be set from a user's "user_prefs" file when spamc/spamd is being used.
1916       However, all settings can be used by local programs run directly by the
1917       user.
1918
1919       version_tag string
1920           This tag is appended to the SA version in the X-Spam-Status header.
1921           You should include it when you modify your ruleset, especially if
1922           you plan to distribute it.  A good choice for string is your last
1923           name or your initials followed by a number which you increase with
1924           each change.
1925
1926           The version_tag will be lowercased, and any non-alphanumeric or
1927           period character will be replaced by an underscore.
1928
1929           e.g.
1930
1931             version_tag myrules1    # version=2.41-myrules1
1932
1933       test SYMBOLIC_TEST_NAME (ok|fail) Some string to test against
1934           Define a regression testing string. You can have more than one
1935           regression test string per symbolic test name. Simply specify a
1936           string that you wish the test to match.
1937
1938           These tests are only run as part of the test suite - they should
1939           not affect the general running of SpamAssassin.
1940
1941       body_part_scan_size               (default: 50000)
1942           Per mime-part scan size limit in bytes for "body" type rules.  The
1943           decoded/stripped mime-part is truncated approx to this size.  Helps
1944           scanning large messages safely, so it's not necessary to skip them
1945           completely. Disabled with 0.
1946
1947       rawbody_part_scan_size               (default: 500000)
1948           Like body_part_scan_size, for "rawbody" type rules.
1949
1950       rbl_timeout t [t_min] [zone]       (default: 15 3)
1951           All DNS queries are made at the beginning of a check and we try to
1952           read the results at the end.  This value specifies the maximum
1953           period of time (in seconds) to wait for a DNS query.  If most of
1954           the DNS queries have succeeded for a particular message, then
1955           SpamAssassin will not wait for the full period to avoid wasting
1956           time on unresponsive server(s), but will shrink the timeout
1957           according to a percentage of queries already completed.  As the
1958           number of queries remaining approaches 0, the timeout value will
1959           gradually approach a t_min value, which is an optional second
1960           parameter and defaults to 0.2 * t.  If t is smaller than t_min, the
1961           initial timeout is set to t_min.  Here is a chart of queries
1962           remaining versus the timeout in seconds, for the default 15 second
1963           / 3 second timeout setting:
1964
1965             queries left  100%  90%  80%  70%  60%  50%  40%  30%  20%  10%   0%
1966             timeout        15   14.9 14.5 13.9 13.1 12.0 10.7  9.1  7.3  5.3  3
1967
1968           For example, if 20 queries are made at the beginning of a message
1969           check and 16 queries have returned (leaving 20%), the remaining 4
1970           queries should finish within 7.3 seconds since their query started
1971           or they will be timed out.  Note that timed out queries are only
1972           aborted when there is nothing else left for SpamAssassin to do -
1973           long evaluation of other rules may grant queries additional time.
1974
1975           If a parameter 'zone' is specified (it must end with a letter,
1976           which distinguishes it from other numeric parametrs), then the
1977           setting only applies to DNS queries against the specified DNS
1978           domain (host, domain or RBL (sub)zone).  Matching is case-
1979           insensitive, the actual domain may be a subdomain of the specified
1980           zone.
1981
1982       util_rb_tld tld1 tld2 ...
1983           This option maintains list of valid TLDs in the RegistryBoundaries
1984           code.  TLDs include things like com, net, org, etc.
1985
1986       util_rb_2tld 2tld-1.tld 2tld-2.tld ...
1987           This option maintains list of valid 2nd-level TLDs in the
1988           RegistryBoundaries code.  2TLDs include things like co.uk, fed.us,
1989           etc.
1990
1991       util_rb_3tld 3tld1.some.tld 3tld2.other.tld ...
1992           This option maintains list of valid 3rd-level TLDs in the
1993           RegistryBoundaries code.  3TLDs include things like demon.co.uk,
1994           plc.co.im, etc.
1995
1996       clear_util_rb
1997           Empty internal list of valid TLDs (including 2nd and 3rd level)
1998           which RegistryBoundaries code uses.  Only useful if you want to
1999           override the standard lists supplied by sa-update.
2000
2001       bayes_path /path/filename     (default: ~/.spamassassin/bayes)
2002           This is the directory and filename for Bayes databases.  Several
2003           databases will be created, with this as the base directory and
2004           filename, with "_toks", "_seen", etc. appended to the base.  The
2005           default setting results in files called
2006           "~/.spamassassin/bayes_seen", "~/.spamassassin/bayes_toks", etc.
2007
2008           By default, each user has their own in their "~/.spamassassin"
2009           directory with mode 0700/0600.  For system-wide SpamAssassin use,
2010           you may want to reduce disk space usage by sharing this across all
2011           users.  However, Bayes appears to be more effective with individual
2012           user databases.
2013
2014       bayes_file_mode          (default: 0700)
2015           The file mode bits used for the Bayesian filtering database files.
2016
2017           Make sure you specify this using the 'x' mode bits set, as it may
2018           also be used to create directories.  However, if a file is created,
2019           the resulting file will not have any execute bits set (the umask is
2020           set to 111). The argument is a string of octal digits, it is
2021           converted to a numeric value internally.
2022
2023       bayes_store_module Name::Of::BayesStore::Module
2024           If this option is set, the module given will be used as an
2025           alternate to the default bayes storage mechanism.  It must conform
2026           to the published storage specification (see
2027           Mail::SpamAssassin::BayesStore). For example, set this to
2028           Mail::SpamAssassin::BayesStore::SQL to use the generic SQL storage
2029           module.
2030
2031       bayes_sql_dsn DBI::databasetype:databasename:hostname:port
2032           Used for BayesStore::SQL storage implementation.
2033
2034           This option give the connect string used to connect to the SQL
2035           based Bayes storage.
2036
2037       bayes_sql_username
2038           Used by BayesStore::SQL storage implementation.
2039
2040           This option gives the username used by the above DSN.
2041
2042       bayes_sql_password
2043           Used by BayesStore::SQL storage implementation.
2044
2045           This option gives the password used by the above DSN.
2046
2047       bayes_sql_username_authorized ( 0 | 1 )  (default: 0)
2048           Whether to call the services_authorized_for_username plugin hook in
2049           BayesSQL.  If the hook does not determine that the user is allowed
2050           to use bayes or is invalid then then database will not be
2051           initialized.
2052
2053           NOTE: By default the user is considered invalid until a plugin
2054           returns a true value.  If you enable this, but do not have a proper
2055           plugin loaded, all users will turn up as invalid.
2056
2057           The username passed into the plugin can be affected by the
2058           bayes_sql_override_username config option.
2059
2060       user_scores_dsn DBI:databasetype:databasename:hostname:port
2061           If you load user scores from an SQL database, this will set the DSN
2062           used to connect.  Example: "DBI:mysql:spamassassin:localhost"
2063
2064           If you load user scores from an LDAP directory, this will set the
2065           DSN used to connect. You have to write the DSN as an LDAP URL, the
2066           components being the host and port to connect to, the base DN for
2067           the search, the scope of the search (base, one or sub), the single
2068           attribute being the multivalued attribute used to hold the
2069           configuration data (space separated pairs of key and value, just as
2070           in a file) and finally the filter being the expression used to
2071           filter out the wanted username. Note that the filter expression is
2072           being used in a sprintf statement with the username as the only
2073           parameter, thus is can hold a single __USERNAME__ expression. This
2074           will be replaced with the username.
2075
2076           Example:
2077           "ldap://localhost:389/dc=koehntopp,dc=de?saconfig?uid=__USERNAME__"
2078
2079       user_scores_sql_username username
2080           The authorized username to connect to the above DSN.
2081
2082       user_scores_sql_password password
2083           The password for the database username, for the above DSN.
2084
2085       user_scores_sql_custom_query query
2086           This option gives you the ability to create a custom SQL query to
2087           retrieve user scores and preferences.  In order to work correctly
2088           your query should return two values, the preference name and value,
2089           in that order.  In addition, there are several "variables" that you
2090           can use as part of your query, these variables will be substituted
2091           for the current values right before the query is run.  The current
2092           allowed variables are:
2093
2094           _TABLE_
2095               The name of the table where user scores and preferences are
2096               stored. Currently hardcoded to userpref, to change this value
2097               you need to create a new custom query with the new table name.
2098
2099           _USERNAME_
2100               The current user's username.
2101
2102           _MAILBOX_
2103               The portion before the @ as derived from the current user's
2104               username.
2105
2106           _DOMAIN_
2107               The portion after the @ as derived from the current user's
2108               username, this value may be null.
2109
2110           The query must be one continuous line in order to parse correctly.
2111
2112           Here are several example queries, please note that these are broken
2113           up for easy reading, in your config it should be one continuous
2114           line.
2115
2116           Current default query:
2117               "SELECT preference, value FROM _TABLE_ WHERE username =
2118               _USERNAME_ OR username = '@GLOBAL' ORDER BY username ASC"
2119
2120           Use global and then domain level defaults:
2121               "SELECT preference, value FROM _TABLE_ WHERE username =
2122               _USERNAME_ OR username = '@GLOBAL' OR username = '@~'||_DOMAIN_
2123               ORDER BY username ASC"
2124
2125           Maybe global prefs should override user prefs:
2126               "SELECT preference, value FROM _TABLE_ WHERE username =
2127               _USERNAME_ OR username = '@GLOBAL' ORDER BY username DESC"
2128
2129       user_scores_ldap_username
2130           This is the Bind DN used to connect to the LDAP server.  It
2131           defaults to the empty string (""), allowing anonymous binding to
2132           work.
2133
2134           Example: "cn=master,dc=koehntopp,dc=de"
2135
2136       user_scores_ldap_password
2137           This is the password used to connect to the LDAP server.  It
2138           defaults to the empty string ("").
2139
2140       user_scores_fallback_to_global        (default: 1)
2141           Fall back to global scores and settings if userprefs can't be
2142           loaded from SQL or LDAP, instead of passing the message through
2143           unprocessed.
2144
2145       loadplugin [Mail::SpamAssassin::Plugin::]ModuleName [/path/module.pm]
2146           Load a SpamAssassin plugin module.  The "ModuleName" is the perl
2147           module name, used to create the plugin object itself.
2148
2149           Module naming is strict, name must only contain alphanumeric
2150           characters or underscores.  File must have .pm extension.
2151
2152           "/path/module.pm" is the file to load, containing the module's perl
2153           code; if it's specified as a relative path, it's considered to be
2154           relative to the current configuration file.  If it is omitted, the
2155           module will be loaded using perl's search path (the @INC array).
2156
2157           See "Mail::SpamAssassin::Plugin" for more details on writing
2158           plugins.
2159
2160       tryplugin ModuleName [/path/module.pm]
2161           Same as "loadplugin", but silently ignored if the .pm file cannot
2162           be found in the filesystem.
2163
2164       ignore_always_matching_regexps         (Default: 0)
2165           Ignore any rule which contains a regexp which always matches.
2166           Currently only catches regexps which contain '||', or which begin
2167           or end with a '|'.  Also ignore rules with "some" combinatorial
2168           explosions.
2169

PREPROCESSING OPTIONS

2171       include filename
2172           Include configuration lines from "filename".   Relative paths are
2173           considered relative to the current configuration file or user
2174           preferences file.
2175
2176       if (boolean perl expression)
2177           Used to support conditional interpretation of the configuration
2178           file. Lines between this and a corresponding "else" or "endif" line
2179           will be ignored unless the expression evaluates as true (in the
2180           perl sense; that is, defined and non-0 and non-empty string).
2181
2182           The conditional accepts a limited subset of perl for security --
2183           just enough to perform basic arithmetic comparisons.  The following
2184           input is accepted:
2185
2186           numbers, whitespace, arithmetic operations and grouping
2187               Namely these characters and ranges:
2188
2189                 ( ) - + * / _ . , < = > ! ~ 0-9 whitespace
2190
2191           version
2192               This will be replaced with the version number of the currently-
2193               running SpamAssassin engine.  Note: The version used is in the
2194               internal SpamAssassin version format which is "x.yyyzzz", where
2195               x is major version, y is minor version, and z is maintenance
2196               version.  So 3.0.0 is 3.000000, and 3.4.80 is 3.004080.
2197
2198           perl_version
2199               (Introduced in 3.4.1)  This will be replaced with the version
2200               number of the currently-running perl engine.  Note: The version
2201               used is in the $] version format which is "x.yyyzzz", where x
2202               is major version, y is minor version, and z is maintenance
2203               version.  So 5.8.8 is 5.008008, and 5.10.0 is 5.010000. Use to
2204               protect rules that incorporate RE syntax elements introduced in
2205               later versions of perl, such as the "++" non-backtracking match
2206               introduced in perl 5.10. For example:
2207
2208                 # Avoid lint error on older perl installs
2209                 # Check SA version first to avoid warnings on checking perl_version on older SA
2210                 if version > 3.004001 && perl_version >= 5.018000
2211                   body  INVALID_RE_SYNTAX_IN_PERL_BEFORE_5_18  /(?[ \p{Thai} & \p{Digit} ])/
2212                 endif
2213
2214               Note that the above will still generate a warning on perl older
2215               than 5.10.0; to avoid that warning do this instead:
2216
2217                 # Avoid lint error on older perl installs
2218                 if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
2219                   body  INVALID_RE_SYNTAX_IN_PERL_5_8  /\w++/
2220                 endif
2221
2222               Warning: a can() test is only defined for perl 5.10.0!
2223
2224           plugin(Name::Of::Plugin)
2225               This is a function call that returns 1 if the plugin named
2226               "Name::Of::Plugin" is loaded, or "undef" otherwise.
2227
2228           has(Name::Of::Package::function_name)
2229               This is a function call that returns 1 if the perl package
2230               named "Name::Of::Package" includes a function called
2231               "function_name", or "undef" otherwise.  Note that packages can
2232               be SpamAssassin plugins or built-in classes, there's no
2233               difference in this respect.  Internally this invokes
2234               UNIVERSAL::can.
2235
2236           can(Name::Of::Package::function_name)
2237               This is a function call that returns 1 if the perl package
2238               named "Name::Of::Package" includes a function called
2239               "function_name" and that function returns a true value when
2240               called with no arguments, otherwise "undef" is returned.
2241
2242               Is similar to "has", except that it also calls the named
2243               function, testing its return value (unlike the perl function
2244               UNIVERSAL::can).  This makes it possible for a 'feature'
2245               function to determine its result value at run time.
2246
2247           If the end of a configuration file is reached while still inside a
2248           "if" scope, a warning will be issued, but parsing will restart on
2249           the next file.
2250
2251           For example:
2252
2253                   if (version > 3.000000)
2254                     header MY_FOO ...
2255                   endif
2256
2257                   loadplugin MyPlugin plugintest.pm
2258
2259                   if plugin (MyPlugin)
2260                     header MY_PLUGIN_FOO  eval:check_for_foo()
2261                     score  MY_PLUGIN_FOO  0.1
2262                   endif
2263
2264       ifplugin PluginModuleName
2265           An alias for "if plugin(PluginModuleName)".
2266
2267       else
2268           Used to support conditional interpretation of the configuration
2269           file. Lines between this and a corresponding "endif" line, will be
2270           ignored unless the conditional expression evaluates as false (in
2271           the perl sense; that is, not defined and not 0 and non-empty
2272           string).
2273
2274       require_version n.nnnnnn
2275           Indicates that the entire file, from this line on, requires a
2276           certain version of SpamAssassin to run.  If a different (older or
2277           newer) version of SpamAssassin tries to read the configuration from
2278           this file, it will output a warning instead, and ignore it.
2279
2280           Note: The version used is in the internal SpamAssassin version
2281           format which is "x.yyyzzz", where x is major version, y is minor
2282           version, and z is maintenance version.  So 3.0.0 is 3.000000, and
2283           3.4.80 is 3.004080.
2284

TEMPLATE TAGS

2286       The following "tags" can be used as placeholders in certain options.
2287       They will be replaced by the corresponding value when they are used.
2288
2289       Some tags can take an argument (in parentheses). The argument is
2290       optional, and the default is shown below.
2291
2292        _YESNO_           "Yes" for spam, "No" for nonspam (=ham)
2293        _YESNO(spam_str,ham_str)_  returns the first argument ("Yes" if missing)
2294                          for spam, and the second argument ("No" if missing) for ham
2295        _YESNOCAPS_       "YES" for spam, "NO" for nonspam (=ham)
2296        _YESNOCAPS(spam_str,ham_str)_  same as _YESNO(...)_, but uppercased
2297        _SCORE(PAD)_      message score, if PAD is included and is either spaces or
2298                          zeroes, then pad scores with that many spaces or zeroes
2299                          (default, none)  ie: _SCORE(0)_ makes 2.4 become 02.4,
2300                          _SCORE(00)_ is 002.4.  12.3 would be 12.3 and 012.3
2301                          respectively.
2302        _REQD_            message threshold
2303        _VERSION_         version (eg. 3.0.0 or 3.1.0-r26142-foo1)
2304        _SUBVERSION_      sub-version/code revision date (eg. 2004-01-10)
2305        _RULESVERSION_    comma-separated list of rules versions, retrieved from
2306                          an '# UPDATE version' comment in rules files; if there is
2307                          more than one set of rules (update channels) the order
2308                          is unspecified (currently sorted by names of files);
2309        _HOSTNAME_        hostname of the machine the mail was processed on
2310        _REMOTEHOSTNAME_  hostname of the machine the mail was sent from, only
2311                          available with spamd
2312        _REMOTEHOSTADDR_  ip address of the machine the mail was sent from, only
2313                          available with spamd
2314        _BAYES_           bayes score
2315        _TOKENSUMMARY_    number of new, neutral, spammy, and hammy tokens found
2316        _BAYESTC_         number of new tokens found
2317        _BAYESTCLEARNED_  number of seen tokens found
2318        _BAYESTCSPAMMY_   number of spammy tokens found
2319        _BAYESTCHAMMY_    number of hammy tokens found
2320        _HAMMYTOKENS(N)_  the N most significant hammy tokens (default, 5)
2321        _SPAMMYTOKENS(N)_ the N most significant spammy tokens (default, 5)
2322        _DATE_            rfc-2822 date of scan
2323        _STARS(*)_        one "*" (use any character) for each full score point
2324                          (note: limited to 50 'stars')
2325        _SENDERDOMAIN_    a domain name of the envelope sender address, lowercased
2326        _AUTHORDOMAIN_    a domain name of the author address (the From header
2327                          field), lowercased;  note that RFC 5322 allows a mail
2328                          message to have multiple authors - currently only the
2329                          domain name of the first email address is returned
2330        _RELAYSTRUSTED_   relays used and deemed to be trusted (see the
2331                          'X-Spam-Relays-Trusted' pseudo-header)
2332        _RELAYSUNTRUSTED_ relays used that can not be trusted (see the
2333                          'X-Spam-Relays-Untrusted' pseudo-header)
2334        _RELAYSINTERNAL_  relays used and deemed to be internal (see the
2335                          'X-Spam-Relays-Internal' pseudo-header)
2336        _RELAYSEXTERNAL_  relays used and deemed to be external (see the
2337                          'X-Spam-Relays-External' pseudo-header)
2338        _LASTEXTERNALIP_  IP address of client in the external-to-internal
2339                          SMTP handover
2340        _LASTEXTERNALRDNS_ reverse-DNS of client in the external-to-internal
2341                          SMTP handover
2342        _LASTEXTERNALHELO_ HELO string used by client in the external-to-internal
2343                          SMTP handover
2344        _AUTOLEARN_       autolearn status ("ham", "no", "spam", "disabled",
2345                          "failed", "unavailable")
2346        _AUTOLEARNSCORE_  portion of message score used by autolearn
2347        _TESTS(,)_        tests hit separated by "," (or other separator)
2348        _TESTSSCORES(,)_  as above, except with scores appended (eg. AWL=-3.0,...)
2349        _SUBTESTS(,)_     subtests (start with "__") hit separated by ","
2350                          (or other separator)
2351        _SUBTESTSCOLLAPSED(,)_ subtests (start with "__") hit separated by ","
2352                          (or other separator) with duplicated rules collapsed
2353        _DCCB_            DCC's "Brand"
2354        _DCCR_            DCC's results
2355        _PYZOR_           Pyzor results
2356        _RBL_             full results for positive RBL queries in DNS URI format
2357        _LANGUAGES_       possible languages of mail
2358        _PREVIEW_         content preview
2359        _REPORT_          terse report of tests hit (for header reports)
2360        _SUBJPREFIX_      subject prefix based on rules, to be prepended to Subject
2361                          header by SpamAssassin caller
2362        _SUMMARY_         summary of tests hit for standard report (for body reports)
2363        _CONTACTADDRESS_  contents of the 'report_contact' setting
2364        _HEADER(NAME)_    includes the value of a message header.  value is the same
2365                          as is found for header rules (see elsewhere in this doc)
2366        _TIMING_          timing breakdown report
2367        _ADDEDHEADERHAM_  resulting header fields as requested by add_header for spam
2368        _ADDEDHEADERSPAM_ resulting header fields as requested by add_header for ham
2369        _ADDEDHEADER_     same as ADDEDHEADERHAM for ham or ADDEDHEADERSPAM for spam
2370
2371       If a tag reference uses the name of a tag which is not in this list or
2372       defined by a loaded plugin, the reference will be left intact and not
2373       replaced by any value.  All template tag names should be restricted to
2374       the character set [A-Za-z0-9(,)].
2375
2376       Additional, plugin specific, template tags can be found in the
2377       documentation for the following plugins:
2378
2379        L<Mail::SpamAssassin::Plugin::ASN>
2380        L<Mail::SpamAssassin::Plugin::AWL>
2381        L<Mail::SpamAssassin::Plugin::TxRep>
2382
2383       The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
2384       argument which specifies a format.  See the HAMMYTOKENS/SPAMMYTOKENS
2385       TAG FORMAT section, below, for details.
2386
2387   HAMMYTOKENS/SPAMMYTOKENS TAG FORMAT
2388       The "HAMMYTOKENS" and "SPAMMYTOKENS" tags have an optional second
2389       argument which specifies a format: "_SPAMMYTOKENS(N,FMT)_",
2390       "_HAMMYTOKENS(N,FMT)_" The following formats are available:
2391
2392       short
2393           Only the tokens themselves are listed.  For example, preference
2394           file entry:
2395
2396           "add_header all Spammy _SPAMMYTOKENS(2,short)_"
2397
2398           Results in message header:
2399
2400           "X-Spam-Spammy: remove.php, UD:jpg"
2401
2402           Indicating that the top two spammy tokens found are "remove.php"
2403           and "UD:jpg".  (The token itself follows the last colon, the text
2404           before the colon indicates something about the token.  "UD" means
2405           the token looks like it might be part of a domain name.)
2406
2407       compact
2408           The token probability, an abbreviated declassification distance
2409           (see example), and the token are listed.  For example, preference
2410           file entry:
2411
2412           "add_header all Spammy _SPAMMYTOKENS(2,compact)_"
2413
2414           Results in message header:
2415
2416           "0.989-6--remove.php, 0.988-+--UD:jpg"
2417
2418           Indicating that the probabilities of the top two tokens are 0.989
2419           and 0.988, respectively.  The first token has a declassification
2420           distance of 6, meaning that if the token had appeared in at least 6
2421           more ham messages it would not be considered spammy.  The "+" for
2422           the second token indicates a declassification distance greater than
2423           9.
2424
2425       long
2426           Probability, declassification distance, number of times seen in a
2427           ham message, number of times seen in a spam message, age and the
2428           token are listed.
2429
2430           For example, preference file entry:
2431
2432           "add_header all Spammy _SPAMMYTOKENS(2,long)_"
2433
2434           Results in message header:
2435
2436           "X-Spam-Spammy: 0.989-6--0h-4s--4d--remove.php,
2437           0.988-33--2h-25s--1d--UD:jpg"
2438
2439           In addition to the information provided by the compact option, the
2440           long option shows that the first token appeared in zero ham
2441           messages and four spam messages, and that it was last seen four
2442           days ago.  The second token appeared in two ham messages, 25 spam
2443           messages and was last seen one day ago.  (Unlike the "compact"
2444           option, the long option shows declassification distances that are
2445           greater than 9.)
2446

LOCALI[SZ]ATION

2448       A line starting with the text "lang xx" will only be interpreted if the
2449       user is in that locale, allowing test descriptions and templates to be
2450       set for that language.
2451
2452       The locales string should specify either both the language and country,
2453       e.g.  "lang pt_BR", or just the language, e.g. "lang de".
2454

SEE ALSO

2456       Mail::SpamAssassin(3) spamassassin(1) spamd(1)
2457
2458
2459
2460perl v5.34.0                      2022-01-22       Mail::SpamAssassin::Conf(3)
Impressum