You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2008/06/12 15:21:01 UTC
svn commit: r667073 [13/13] - in /spamassassin/site/full/3.2.x: ./ doc/
Added: spamassassin/site/full/3.2.x/doc/spamd.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.2.x/doc/spamd.html?rev=667073&view=auto
==============================================================================
--- spamassassin/site/full/3.2.x/doc/spamd.html (added)
+++ spamassassin/site/full/3.2.x/doc/spamd.html Thu Jun 12 06:20:58 2008
@@ -0,0 +1,698 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>spamd - daemonized version of spamassassin</title>
+<link rev="made" href="mailto:jm@minotaur.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#options">OPTIONS</a></li>
+ <li><a href="#see_also">SEE ALSO</a></li>
+ <li><a href="#prerequisites">PREREQUISITES</a></li>
+ <li><a href="#authors">AUTHORS</a></li>
+ <li><a href="#license">LICENSE</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>spamd - daemonized version of spamassassin</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<p>spamd [options]</p>
+<p>Options:</p>
+<pre>
+ -l, --allow-tell Allow learning/reporting
+ -c, --create-prefs Create user preferences files
+ -C path, --configpath=path Path for default config files
+ --siteconfigpath=path Path for site configs
+ --cf='config line' Additional line of configuration
+ -d, --daemonize Daemonize
+ -h, --help Print usage message
+ -i [ipaddr], --listen-ip=ipaddr Listen on the IP ipaddr
+ --ipv4only, --ipv4-only, --ipv4 Disable attempted use of ipv6 for DNS
+ -p port, --port=port Listen on specified port
+ -m num, --max-children=num Allow maximum num children
+ --min-children=num Allow minimum num children
+ --min-spare=num Lower limit for number of spare children
+ --max-spare=num Upper limit for number of spare children
+ --max-conn-per-child=num Maximum connections accepted by child
+ before it is respawned
+ --round-robin Use traditional prefork algorithm
+ --timeout-tcp=secs Connection timeout for client headers
+ --timeout-child=secs Connection timeout for message checks
+ -q, --sql-config Enable SQL config (needs -x)
+ -Q, --setuid-with-sql Enable SQL config (needs -x,
+ enables use of -H)
+ --ldap-config Enable LDAP config (needs -x)
+ --setuid-with-ldap Enable LDAP config (needs -x,
+ enables use of -H)
+ --virtual-config-dir=dir Enable pattern based Virtual configs
+ (needs -x)
+ -r pidfile, --pidfile Write the process id to pidfile
+ -s facility, --syslog=facility Specify the syslog facility
+ --syslog-socket=type How to connect to syslogd
+ -u username, --username=username Run as username
+ -g groupname, --groupname=groupname Run as groupname
+ -v, --vpopmail Enable vpopmail config
+ -x, --nouser-config Disable user config files
+ --auth-ident Use ident to authenticate spamc user
+ --ident-timeout=timeout Timeout for ident connections
+ -A host,..., --allowed-ips=..,.. Limit ip addresses which can connect
+ -D, --debug[=areas] Print debugging messages (for areas)
+ -L, --local Use local tests only (no DNS)
+ -P, --paranoid Die upon user errors
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Run an SSL server
+ --ssl-port port Listen on port for SSL connections
+ --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on given UNIX domain socket
+ --socketowner=name Set UNIX domain socket file's owner
+ --socketgroup=name Set UNIX domain socket file's group
+ --socketmode=mode Set UNIX domain socket file's mode
+ -V, --version Print version and exit</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>The purpose of this program is to provide a daemonized version of the
+spamassassin executable. The goal is improving throughput performance for
+automated mail checking.</p>
+<p>This is intended to be used alongside <code>spamc</code>, a fast, low-overhead C client
+program.</p>
+<p>See the README file in the <code>spamd</code> directory of the SpamAssassin distribution
+for more details.</p>
+<p>Note: Although <code>spamd</code> will check per-user config files for every message, any
+changes to the system-wide config files will require either restarting spamd
+or forcing it to reload itself via <strong>SIGHUP</strong> for the changes to take effect.</p>
+<p>Note: If <code>spamd</code> receives a <strong>SIGHUP</strong>, it internally reloads itself, which
+means that it will change its pid and might not restart at all if its
+environment changed (ie. if it can't change back into its own directory). If
+you plan to use <strong>SIGHUP</strong>, you should always start <code>spamd</code> with the <strong>-r</strong>
+switch to know its current pid.</p>
+<p>
+</p>
+<hr />
+<h1><a name="options">OPTIONS</a></h1>
+<p>Options of the long form can be shortened as long as they remain
+unambiguous. (i.e. <strong>--dae</strong> can be used instead of <strong>--daemonize</strong>)
+Also, boolean options (like <strong>--user-config</strong>) can be negated by
+adding <em>no</em> (<strong>--nouser-config</strong>), however, this is usually unnecessary.</p>
+<dl>
+<dt><strong><a name="item__2dl_2c__2d_2dallow_2dtell"><strong>-l</strong>, <strong>--allow-tell</strong></a></strong><br />
+</dt>
+<dd>
+Allow learning and forgetting (to a local Bayes database), reporting
+and revoking (to a remote database) by spamd. The client issues a TELL
+command to tell what type of message is being processed and whether
+local (learn/forget) or remote (report/revoke) databases should be
+updated.
+</dd>
+<dd>
+<p>Note that spamd always trusts the username passed in (unless
+<strong>--auth-ident</strong> is used) so clients could maliciously learn messages
+for other users. (This is not ususally a concern with an SQL Bayes
+store as users will typically have read-write access directly to the
+database, and can also use <code>sa-learn</code> with the <strong>-u</strong> option to
+achieve the same result.)</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dc_2c__2d_2dcreate_2dprefs"><strong>-c</strong>, <strong>--create-prefs</strong></a></strong><br />
+</dt>
+<dd>
+Create user preferences files if they don't exist (default: don't).
+</dd>
+<p></p>
+<dt><strong><a name="item__2dc_path_2c__2d_2dconfigpath_3dpath"><strong>-C</strong> <em>path</em>, <strong>--configpath</strong>=<em>path</em></a></strong><br />
+</dt>
+<dd>
+Use the specified path for locating the distributed configuration files.
+Ignore the default directories (usually <code>/usr/share/spamassassin</code> or similar).
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsiteconfigpath_3dpath"><strong>--siteconfigpath</strong>=<em>path</em></a></strong><br />
+</dt>
+<dd>
+Use the specified path for locating site-specific configuration files. Ignore
+the default directories (usually <code>/etc/mail/spamassassin</code> or similar).
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dcf_3d_27config_line_27"><strong>--cf='config line'</strong></a></strong><br />
+</dt>
+<dd>
+Add additional lines of configuration directly from the command-line, parsed
+after the configuration files are read. Multiple <strong>--cf</strong> arguments can be
+used, and each will be considered a separate line of configuration.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dd_2c__2d_2ddaemonize"><strong>-d</strong>, <strong>--daemonize</strong></a></strong><br />
+</dt>
+<dd>
+Detach from starting process and run in background (daemonize).
+</dd>
+<p></p>
+<dt><strong><a name="item__2dh_2c__2d_2dhelp"><strong>-h</strong>, <strong>--help</strong></a></strong><br />
+</dt>
+<dd>
+Print a brief help message, then exit without further action.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dv_2c__2d_2dversion"><strong>-V</strong>, <strong>--version</strong></a></strong><br />
+</dt>
+<dd>
+Print version information, then exit without further action.
+</dd>
+<p></p>
+<dt><strong><a name="item__2di__5bipaddress_5d_2c__2d_2dlisten_2dip_5b_3dipa"><strong>-i</strong> [<em>ipaddress</em>], <strong>--listen-ip</strong>[=<em>ipaddress</em>], <strong>--ip-address</strong>[=<em>ipaddress</em>]</a></strong><br />
+</dt>
+<dd>
+Tells spamd to listen on the specified IP address (defaults to 127.0.0.1). If
+you specify no IP address after the switch, spamd will listen on all interfaces.
+(This is equal to the address 0.0.0.0). You can also use a valid hostname which
+will make spamd listen on the first address that name resolves to.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dp_port_2c__2d_2dport_3dport"><strong>-p</strong> <em>port</em>, <strong>--port</strong>=<em>port</em></a></strong><br />
+</dt>
+<dd>
+Optionally specifies the port number for the server to listen on (default: 783).
+</dd>
+<dd>
+<p>If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is not supplied, then this
+port will be used to accept SSL connections instead of unencrypted connections.
+If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is set, then unencrypted
+connections will be accepted on the <strong>--port</strong> at the same time as encrypted
+connections are accepted at <strong>--ssl-port</strong>.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dq_2c__2d_2dsql_2dconfig"><strong>-q</strong>, <strong>--sql-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn on SQL lookups even when per-user config files have been disabled
+with <strong>-x</strong>. this is useful for spamd hosts which don't have user's
+home directories but do want to load user preferences from an SQL
+database.
+</dd>
+<dd>
+<p>If your spamc client does not support sending the <code>User:</code> header,
+like <code>exiscan</code>, then the SQL username used will always be <strong>nobody</strong>.</p>
+</dd>
+<dd>
+<p>This inhibits the <code>setuid()</code> behavior, so the <code>-u</code> option is
+required. If you want the <code>setuid()</code> behaviour, use <code>-Q</code> or
+<code>--setuid-with-sql</code> instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dldap_2dconfig"><strong>--ldap-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn on LDAP lookups. This is completely analog to <code>--sql-config</code>,
+only it is using an LDAP server.
+</dd>
+<dd>
+<p>Like <code>--sql-config</code>, this disables the setuid behavior, and requires
+<code>-u</code>. If you want it, use <a href="#item__2d_2dsetuid_2dwith_2dldap"><code>--setuid-with-ldap</code></a> instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dq_2c__2d_2dsetuid_2dwith_2dsql"><strong>-Q</strong>, <strong>--setuid-with-sql</strong></a></strong><br />
+</dt>
+<dd>
+Turn on SQL lookups even when per-user config files have been disabled
+with <strong>-x</strong> and also setuid to the user. This is useful for spamd hosts
+which want to load user preferences from an SQL database but also wish to
+support the use of <strong>-H</strong> (Helper home directories.)
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsetuid_2dwith_2dldap"><strong>--setuid-with-ldap</strong></a></strong><br />
+</dt>
+<dd>
+Turn on LDAP lookups even when per-user config files have been disabled
+with <strong>-x</strong> and also setuid to the user. This is again completely analog
+to <code>--setuid-with-sql</code>, only it is using an LDAP server.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dvirtual_2dconfig_2ddir_3dpattern"><strong>--virtual-config-dir</strong>=<em>pattern</em></a></strong><br />
+</dt>
+<dd>
+This option specifies where per-user preferences can be found for virtual
+users, for the <strong>-x</strong> switch. The <em>pattern</em> is used as a base pattern for the
+directory name. Any of the following escapes can be used:
+</dd>
+<dl>
+<dt><strong><a name="item__u">%u -- replaced with the full name of the current user, as sent by spamc.</a></strong><br />
+</dt>
+<dt><strong><a name="item__l">%l -- replaced with the 'local part' of the current username. In other
+words, if the username is an email address, this is the part before the <code>@</code>
+sign.</a></strong><br />
+</dt>
+<dt><strong><a name="item__d">%d -- replaced with the 'domain' of the current username. In other
+words, if the username is an email address, this is the part after the <code>@</code>
+sign.</a></strong><br />
+</dt>
+<dt><strong><a name="item_sign">%% -- replaced with a single percent sign (%).</a></strong><br />
+</dt>
+</dl>
+<p>So for example, if <code>/vhome/users/%u/spamassassin</code> is specified, and spamc
+sends a virtual username of <code>jm@example.com</code>, the directory
+<code>/vhome/users/jm@example.com/spamassassin</code> will be used.</p>
+<p>The set of characters allowed in the virtual username for this path are
+restricted to:</p>
+<pre>
+ A-Z a-z 0-9 - + _ . , @ =</pre>
+<p>All others will be replaced by underscores (<code>_</code>).</p>
+<p>This path must be a writable directory. It will be created if it does not
+already exist. If a file called <strong>user_prefs</strong> exists in this directory (note:
+<strong>not</strong> in a <code>.spamassassin</code> subdirectory!), it will be loaded as the user's
+preferences. The Bayes databases for that user will be stored in this directory.</p>
+<p>Note that this <strong>requires</strong> that <strong>-x</strong> is used, and cannot be combined with
+SQL- or LDAP-based configuration.</p>
+<p>The pattern <strong>must</strong> expand to an absolute directory when spamd is running
+daemonized (<strong>-d</strong>).</p>
+<p>Currently, use of this without <strong>-u</strong> is not supported. This inhibits setuid.</p>
+<dt><strong><a name="item__2dr_pidfile_2c__2d_2dpidfile_3dpidfile"><strong>-r</strong> <em>pidfile</em>, <strong>--pidfile</strong>=<em>pidfile</em></a></strong><br />
+</dt>
+<dd>
+Write the process ID of the spamd parent to the file specified by <em>pidfile</em>.
+The file will be unlinked when the parent exits. Note that when running
+with the <strong>-u</strong> option, the file must be writable by that user.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dv_2c__2d_2dvpopmail"><strong>-v</strong>, <strong>--vpopmail</strong></a></strong><br />
+</dt>
+<dd>
+Enable vpopmail config. If specified with with <strong>-u</strong> set to the vpopmail user,
+this allows spamd to lookup/create user_prefs in the vpopmail user's own
+maildir. This option is useful for vpopmail virtual users who do not have an
+entry in the system /etc/passwd file.
+</dd>
+<dd>
+<p>Currently, use of this without <strong>-u</strong> is not supported. This inhibits setuid.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2ds_facility_2c__2d_2dsyslog_3dfacility"><strong>-s</strong> <em>facility</em>, <strong>--syslog</strong>=<em>facility</em></a></strong><br />
+</dt>
+<dd>
+Specify the syslog facility to use (default: mail). If <code>stderr</code> is specified,
+output will be written to stderr. (This is useful if you're running <code>spamd</code>
+under the <code>daemontools</code> package.) With a <em>facility</em> of <code>file</code>, all output
+goes to spamd.log. <em>facility</em> is interpreted as a file name to log to if it
+contains any characters except a-z and 0-9. <code>null</code> disables logging completely
+(used internally).
+</dd>
+<dd>
+<p><table cellspacing="0" cellpadding="0"><tr><td>Examples:
+<tr><td><td>spamd -s mail # use syslog, facility mail (default)
+<tr><td><td>spamd -s ./mail # log to file ./mail
+<tr><td><td>spamd -s stderr 2>/dev/null # log to stderr, throw messages away
+<tr><td><td>spamd -s null # the same as above
+<tr><td><td>spamd -s file # log to file ./spamd.log
+<tr><td><td>spamd -s /var/log/spamd.log # log to file /var/log/spamd.log</table></p>
+</dd>
+<dd>
+<p>If logging to a file is enabled and that log file is rotated, the spamd server
+must be restarted with a SIGHUP. (If the log file is just truncated, this is
+not needed but still recommended.)</p>
+</dd>
+<dd>
+<p>Note that logging to a file does not use locking, so you cannot intermix
+logging from spamd and other processes into the same file. If you want
+to mix logging like this, use syslog instead.</p>
+</dd>
+<dd>
+<p>If you use syslog logging, it is essential to send a SIGHUP to the spamd daemon
+when you restart the syslogd daemon. (This is due to a shortcoming in Perl's
+syslog handling, where the disappearance of the connection to the syslogd is
+considered a fatal error.)</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsyslog_2dsocket_3dtype"><strong>--syslog-socket</strong>=<em>type</em></a></strong><br />
+</dt>
+<dd>
+Specify how spamd should send messages to syslogd. The options are <code>unix</code>,
+<code>inet</code> or <code>none</code>. The default is to try <code>unix</code> first, falling back to
+<code>inet</code> if perl detects errors in its <code>unix</code> support.
+</dd>
+<dd>
+<p>Some platforms, or versions of perl, are shipped with dysfunctional versions of
+the <strong>Sys::Syslog</strong> package which do not support some socket types, so you may
+need to set this. If you get error messages regarding <strong>__PATH_LOG</strong> or similar
+from spamd, try changing this setting.</p>
+</dd>
+<dd>
+<p>The socket type <code>file</code> is used internally and should not be specified. Use
+the <code>-s</code> switch instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2du_username_2c__2d_2dusername_3dusername"><strong>-u</strong> <em>username</em>, <strong>--username</strong>=<em>username</em></a></strong><br />
+</dt>
+<dd>
+Run as the named user. If this option is not set, the default behaviour
+is to <code>setuid()</code> to the user running <code>spamc</code>, if <code>spamd</code> is running
+as root.
+</dd>
+<dd>
+<p>Note: ``--username=root'' is not a valid option. If specified, <code>spamd</code> will
+exit with a fatal error on startup.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dg_groupname_2c__2d_2dgroupname_3dgroupname"><strong>-g</strong> <em>groupname</em>, <strong>--groupname</strong>=<em>groupname</em></a></strong><br />
+</dt>
+<dd>
+Run as the named group if --username is being used. If this option is
+not set when --username is used then the primary group for the user
+given to --username is used.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dx_2c__2d_2dnouser_2dconfig_2c__2d_2duser_2dconf"><strong>-x</strong>, <strong>--nouser-config</strong>, <strong>--user-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn off (on) reading of per-user configuration files (user_prefs) from the
+user's home directory. The default behaviour is to read per-user
+configuration from the user's home directory (<strong>--user-config</strong>).
+</dd>
+<dd>
+<p>This option does not disable or otherwise influence the SQL, LDAP or
+Virtual Config Dir settings.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dauth_2dident"><strong>--auth-ident</strong></a></strong><br />
+</dt>
+<dd>
+Verify the username provided by spamc using ident. This is only
+useful if connections are only allowed from trusted hosts (because an
+identd that lies is trivial to create) and if spamc REALLY SHOULD be
+running as the user it represents. Connections are terminated
+immediately if authentication fails. In this case, spamc will pass
+the mail through unchecked. Failure to connect to an ident server,
+and response timeouts are considered authentication failures. This
+requires that Net::Ident be installed.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dident_2dtimeout_3dtimeout"><strong>--ident-timeout</strong>=<em>timeout</em></a></strong><br />
+</dt>
+<dd>
+Wait at most <em>timeout</em> seconds for a response to ident queries.
+Authentication that takes long that <em>timeout</em> seconds will fail, and
+mail will not be processed. Setting this to 0.0 or less results in no
+timeout, which is STRONGLY discouraged. The default is 5 seconds.
+</dd>
+<p></p>
+<dt><strong><a name="item__2da_host_2c_2e_2e_2e_2c__2d_2dallowed_2dips_3dhos"><strong>-A</strong> <em>host,...</em>, <strong>--allowed-ips</strong>=<em>host,...</em></a></strong><br />
+</dt>
+<dd>
+Specify a list of authorized hosts or networks which can connect to this spamd
+instance. Single IP addresses can be given, ranges of IP addresses in
+address/masklength CIDR format, or ranges of IP addresses by listing 3 or less
+octets with a trailing dot. Hostnames are not supported, only IP addresses.
+This option can be specified multiple times, or can take a list of addresses
+separated by commas. Examples:
+</dd>
+<dd>
+<p><strong>-A 10.11.12.13</strong> -- only allow connections from <code>10.11.12.13</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.11.12.13,10.11.12.14</strong> -- only allow connections from <code>10.11.12.13</code> and
+<code>10.11.12.14</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.200.300.0/24</strong> -- allow connections from any machine in the range
+<code>10.200.300.*</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.</strong> -- allow connections from any machine in the range <code>10.*.*.*</code>.</p>
+</dd>
+<dd>
+<p>By default, connections are only accepted from localhost [127.0.0.1].</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dd__5barea_2c_2e_2e_2e_5d_2c__2d_2ddebug__5barea"><strong>-D</strong> [<em>area,...</em>], <strong>--debug</strong> [<em>area,...</em>]</a></strong><br />
+</dt>
+<dd>
+Produce debugging output. If no areas are listed, all debugging information is
+printed. Diagnostic output can also be enabled for each area individually;
+<em>area</em> is the area of the code to instrument. For example, to produce
+diagnostic output on bayes, learn, and dns, use:
+</dd>
+<dd>
+<pre>
+ spamassassin -D bayes,learn,dns</pre>
+</dd>
+<dd>
+<p>Higher priority informational messages that are suitable for logging in normal
+circumstances are available with an area of ``info''.</p>
+</dd>
+<dd>
+<p>For more information about which areas (also known as channels) are available,
+please see the documentation at:</p>
+</dd>
+<dd>
+<pre>
+ C<<a href="http://wiki.apache.org/spamassassin/DebugChannels>">http://wiki.apache.org/spamassassin/DebugChannels></a>;</pre>
+</dd>
+<p></p>
+<dt><strong><a name="item___2d_2dipv4only_2c__2d_2dipv4_2donly_2c__2d_2dipv4"><strong> --ipv4only</strong>, <strong>--ipv4-only</strong>, <strong>--ipv4</strong></a></strong><br />
+</dt>
+<dd>
+Do not use IPv6 for DNS tests. Use if the existing tests
+for IPv6 availablity produce incorrect results or crashes.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dl_2c__2d_2dlocal"><strong>-L</strong>, <strong>--local</strong></a></strong><br />
+</dt>
+<dd>
+Perform only local tests on all mail. In other words, skip DNS and other
+network tests. Works the same as the <code>-L</code> flag to <code>spamassassin(1)</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dp_2c__2d_2dparanoid"><strong>-P</strong>, <strong>--paranoid</strong></a></strong><br />
+</dt>
+<dd>
+Die on user errors (for the user passed from spamc) instead of falling back to
+user <em>nobody</em> and using the default configuration.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dm_number__2c__2d_2dmax_2dchildren_3dnumber"><strong>-m</strong> <em>number</em> , <strong>--max-children</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the maximum number of children to spawn.
+Spamd will spawn that number of children, then sleep in the background
+until a child dies, wherein it will go and spawn a new child.
+</dd>
+<dd>
+<p>Incoming connections can still occur if all of the children are busy,
+however those connections will be queued waiting for a free child.
+The minimum value is <code>1</code>, the default value is <code>5</code>.</p>
+</dd>
+<dd>
+<p>Please note that there is a OS specific maximum of connections that can be
+queued (Try <code>perl -MSocket -e'print SOMAXCONN'</code> to find this maximum).</p>
+</dd>
+<dd>
+<p>Note that if you run too many servers for the amount of free RAM available, you
+run the danger of hurting performance by causing a high swap load as server
+processes are swapped in and out continually.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmin_2dchildren_3dnumber"><strong>--min-children</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The minimum number of children that will be kept running. The minimum value is
+<code>1</code>, the default value is <code>1</code>. If you have lots of free RAM, you may want to
+increase this.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmin_2dspare_3dnumber"><strong>--min-spare</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The lower limit for the number of spare children allowed to run. A
+spare, or idle, child is one that is not handling a scan request. If
+there are too few spare children available, a new server will be started
+every second or so. The default value is <code>1</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmax_2dspare_3dnumber"><strong>--max-spare</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The upper limit for the number of spare children allowed to run. If there
+are too many spare children, one will be killed every second or so until
+the number of idle children is in the desired range. The default value
+is <code>2</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmax_2dconn_2dper_2dchild_3dnumber"><strong>--max-conn-per-child</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the maximum number of connections each child
+should process before dying and letting the master spamd process spawn
+a new child. The minimum value is <code>1</code>, the default value is <code>200</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dround_2drobin"><strong>--round-robin</strong></a></strong><br />
+</dt>
+<dd>
+By default, <code>spamd</code> will attempt to keep a small number of ``hot'' child
+processes as busy as possible, and keep any others as idle as possible, using
+something similar to the Apache httpd server scaling algorithm. This is
+accomplished by the master process coordinating the activities of the children.
+This switch will disable this scaling algorithm, and the behaviour seen in
+the 3.0.x versions will be used instead, where all processes receive an
+equal load and no scaling takes place.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dtimeout_2dtcp_3dnumber"><strong>--timeout-tcp</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the number of seconds to wait for headers from a
+client (spamc) before closing the connection. The minimum value is <code>1</code>,
+the default value is <code>30</code>, and a value of <code>0</code> will disable socket
+timeouts completely.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dtimeout_2dchild_3dnumber"><strong>--timeout-child</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the number of seconds to wait for a spamd child to
+to process or check a message. The minimum value is <code>1</code>, the default
+value is <code>300</code>, and a value of <code>0</code> will disable child timeouts completely.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dh_directory_2c__2d_2dhelper_2dhome_2ddir_3ddire"><strong>-H</strong> <em>directory</em>, <strong>--helper-home-dir</strong>=<em>directory</em></a></strong><br />
+</dt>
+<dd>
+Specify that external programs such as Razor, DCC, and Pyzor should have
+a HOME environment variable set to a specific directory. The default
+is to use the HOME environment variable setting from the shell running
+spamd. By specifying no argument, spamd will use the spamc caller's
+home directory instead.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl"><strong>--ssl</strong></a></strong><br />
+</dt>
+<dd>
+Accept only SSL connections on the associated port.
+The <strong>IO::Socket::SSL</strong> perl module must be installed.
+</dd>
+<dd>
+<p>If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is not supplied, then
+<strong>--port</strong> port will be used to accept SSL connections instead of unencrypted
+connections. If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is set, then
+unencrypted connections will be accepted on the <strong>--port</strong>, at the same time as
+encrypted connections are accepted at <strong>--ssl-port</strong>.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl_2dport_3dport"><strong>--ssl-port</strong>=<em>port</em></a></strong><br />
+</dt>
+<dd>
+Optionally specifies the port number for the server to listen on for
+SSL connections (default: whatever --port uses). See <strong>--ssl</strong> for
+more details.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl_2dversion_3dsslversion"><strong>--ssl-version</strong>=<em>sslversion</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL protocol version to use, one of
+<strong>sslv2</strong>, <strong>sslv3</strong>, <strong>tlsv1</strong>, or <strong>sslv23</strong>.
+The default, <strong>sslv23</strong>, is the most flexible, accepting a SSLv2 or higher
+hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client
+can accept it.
+Specifying <strong>--ssl-version</strong> implies <strong>--ssl</strong>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dserver_2dkey_keyfile"><strong>--server-key</strong> <em>keyfile</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL key file to use for SSL connections.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dserver_2dcert_certfile"><strong>--server-cert</strong> <em>certfile</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL certificate file to use for SSL connections.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketpath_pathname"><strong>--socketpath</strong> <em>pathname</em></a></strong><br />
+</dt>
+<dd>
+Listen on UNIX domain path <em>pathname</em> instead of a TCP socket.
+</dd>
+<dd>
+<p>Warning: the Perl support on BSD platforms for UNIX domain sockets seems to
+have a bug regarding paths of over 100 bytes or so (SpamAssassin bug 4380). If
+you see a 'could not find newly-created UNIX socket' error message, and the
+path appears truncated, this may be the cause. Try using a shorter path
+to the socket.</p>
+</dd>
+<dd>
+<p>By default, use of <strong>--socketpath</strong> will inhibit SSL connections and unencrypted
+TCP connections. To enable them, specify <strong>--port</strong> and/or <strong>--ssl-port</strong>
+explicitly.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketowner_name"><strong>--socketowner</strong> <em>name</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to be owned by the user named <em>name</em>. Note
+that this requires that spamd be started as <code>root</code>, and if <code>-u</code>
+is used, that user should have write permissions to unlink the file
+later, for when the <code>spamd</code> server is killed.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketgroup_name"><strong>--socketgroup</strong> <em>name</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to be owned by the group named <em>name</em>. See
+<code>--socketowner</code> for notes on ownership and permissions.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketmode_mode"><strong>--socketmode</strong> <em>mode</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to use the octal mode <em>mode</em>. Note that if <code>-u</code> is
+used, that user should have write permissions to unlink the file later, for
+when the <code>spamd</code> server is killed.
+</dd>
+<p></p></dl>
+<p>
+</p>
+<hr />
+<h1><a name="see_also">SEE ALSO</a></h1>
+<p><code>spamc(1)</code>
+<code>spamassassin(1)</code>
+Mail::SpamAssassin::Conf(3)
+Mail::SpamAssassin(3)</p>
+<p>
+</p>
+<hr />
+<h1><a name="prerequisites">PREREQUISITES</a></h1>
+<p><code>Mail::SpamAssassin</code></p>
+<p>
+</p>
+<hr />
+<h1><a name="authors">AUTHORS</a></h1>
+<p>The <code>SpamAssassin(tm)</code> Project (http://spamassassin.apache.org/)</p>
+<p>
+</p>
+<hr />
+<h1><a name="license">LICENSE</a></h1>
+<p>SpamAssassin is distributed under the Apache License, Version 2.0, as
+described in the file <code>LICENSE</code> included with the distribution.</p>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.2.x/doc/spamd.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.2.x/doc/spamd.txt?rev=667073&view=auto
==============================================================================
--- spamassassin/site/full/3.2.x/doc/spamd.txt (added)
+++ spamassassin/site/full/3.2.x/doc/spamd.txt Thu Jun 12 06:20:58 2008
@@ -0,0 +1,511 @@
+NAME
+ spamd - daemonized version of spamassassin
+
+SYNOPSIS
+ spamd [options]
+
+ Options:
+
+ -l, --allow-tell Allow learning/reporting
+ -c, --create-prefs Create user preferences files
+ -C path, --configpath=path Path for default config files
+ --siteconfigpath=path Path for site configs
+ --cf='config line' Additional line of configuration
+ -d, --daemonize Daemonize
+ -h, --help Print usage message
+ -i [ipaddr], --listen-ip=ipaddr Listen on the IP ipaddr
+ --ipv4only, --ipv4-only, --ipv4 Disable attempted use of ipv6 for DNS
+ -p port, --port=port Listen on specified port
+ -m num, --max-children=num Allow maximum num children
+ --min-children=num Allow minimum num children
+ --min-spare=num Lower limit for number of spare children
+ --max-spare=num Upper limit for number of spare children
+ --max-conn-per-child=num Maximum connections accepted by child
+ before it is respawned
+ --round-robin Use traditional prefork algorithm
+ --timeout-tcp=secs Connection timeout for client headers
+ --timeout-child=secs Connection timeout for message checks
+ -q, --sql-config Enable SQL config (needs -x)
+ -Q, --setuid-with-sql Enable SQL config (needs -x,
+ enables use of -H)
+ --ldap-config Enable LDAP config (needs -x)
+ --setuid-with-ldap Enable LDAP config (needs -x,
+ enables use of -H)
+ --virtual-config-dir=dir Enable pattern based Virtual configs
+ (needs -x)
+ -r pidfile, --pidfile Write the process id to pidfile
+ -s facility, --syslog=facility Specify the syslog facility
+ --syslog-socket=type How to connect to syslogd
+ -u username, --username=username Run as username
+ -g groupname, --groupname=groupname Run as groupname
+ -v, --vpopmail Enable vpopmail config
+ -x, --nouser-config Disable user config files
+ --auth-ident Use ident to authenticate spamc user
+ --ident-timeout=timeout Timeout for ident connections
+ -A host,..., --allowed-ips=..,.. Limit ip addresses which can connect
+ -D, --debug[=areas] Print debugging messages (for areas)
+ -L, --local Use local tests only (no DNS)
+ -P, --paranoid Die upon user errors
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Run an SSL server
+ --ssl-port port Listen on port for SSL connections
+ --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on given UNIX domain socket
+ --socketowner=name Set UNIX domain socket file's owner
+ --socketgroup=name Set UNIX domain socket file's group
+ --socketmode=mode Set UNIX domain socket file's mode
+ -V, --version Print version and exit
+
+DESCRIPTION
+ The purpose of this program is to provide a daemonized version of the
+ spamassassin executable. The goal is improving throughput performance
+ for automated mail checking.
+
+ This is intended to be used alongside "spamc", a fast, low-overhead C
+ client program.
+
+ See the README file in the "spamd" directory of the SpamAssassin
+ distribution for more details.
+
+ Note: Although "spamd" will check per-user config files for every
+ message, any changes to the system-wide config files will require either
+ restarting spamd or forcing it to reload itself via SIGHUP for the
+ changes to take effect.
+
+ Note: If "spamd" receives a SIGHUP, it internally reloads itself, which
+ means that it will change its pid and might not restart at all if its
+ environment changed (ie. if it can't change back into its own
+ directory). If you plan to use SIGHUP, you should always start "spamd"
+ with the -r switch to know its current pid.
+
+OPTIONS
+ Options of the long form can be shortened as long as they remain
+ unambiguous. (i.e. --dae can be used instead of --daemonize) Also,
+ boolean options (like --user-config) can be negated by adding *no*
+ (--nouser-config), however, this is usually unnecessary.
+
+ -l, --allow-tell
+ Allow learning and forgetting (to a local Bayes database), reporting
+ and revoking (to a remote database) by spamd. The client issues a
+ TELL command to tell what type of message is being processed and
+ whether local (learn/forget) or remote (report/revoke) databases
+ should be updated.
+
+ Note that spamd always trusts the username passed in (unless
+ --auth-ident is used) so clients could maliciously learn messages
+ for other users. (This is not ususally a concern with an SQL Bayes
+ store as users will typically have read-write access directly to the
+ database, and can also use "sa-learn" with the -u option to achieve
+ the same result.)
+
+ -c, --create-prefs
+ Create user preferences files if they don't exist (default: don't).
+
+ -C *path*, --configpath=*path*
+ Use the specified path for locating the distributed configuration
+ files. Ignore the default directories (usually
+ "/usr/share/spamassassin" or similar).
+
+ --siteconfigpath=*path*
+ Use the specified path for locating site-specific configuration
+ files. Ignore the default directories (usually
+ "/etc/mail/spamassassin" or similar).
+
+ --cf='config line'
+ Add additional lines of configuration directly from the
+ command-line, parsed after the configuration files are read.
+ Multiple --cf arguments can be used, and each will be considered a
+ separate line of configuration.
+
+ -d, --daemonize
+ Detach from starting process and run in background (daemonize).
+
+ -h, --help
+ Print a brief help message, then exit without further action.
+
+ -V, --version
+ Print version information, then exit without further action.
+
+ -i [*ipaddress*], --listen-ip[=*ipaddress*], --ip-address[=*ipaddress*]
+ Tells spamd to listen on the specified IP address (defaults to
+ 127.0.0.1). If you specify no IP address after the switch, spamd
+ will listen on all interfaces. (This is equal to the address
+ 0.0.0.0). You can also use a valid hostname which will make spamd
+ listen on the first address that name resolves to.
+
+ -p *port*, --port=*port*
+ Optionally specifies the port number for the server to listen on
+ (default: 783).
+
+ If the --ssl switch is used, and --ssl-port is not supplied, then
+ this port will be used to accept SSL connections instead of
+ unencrypted connections. If the --ssl switch is used, and --ssl-port
+ is set, then unencrypted connections will be accepted on the --port
+ at the same time as encrypted connections are accepted at
+ --ssl-port.
+
+ -q, --sql-config
+ Turn on SQL lookups even when per-user config files have been
+ disabled with -x. this is useful for spamd hosts which don't have
+ user's home directories but do want to load user preferences from an
+ SQL database.
+
+ If your spamc client does not support sending the "User:" header,
+ like "exiscan", then the SQL username used will always be nobody.
+
+ This inhibits the setuid() behavior, so the "-u" option is required.
+ If you want the setuid() behaviour, use "-Q" or "--setuid-with-sql"
+ instead.
+
+ --ldap-config
+ Turn on LDAP lookups. This is completely analog to "--sql-config",
+ only it is using an LDAP server.
+
+ Like "--sql-config", this disables the setuid behavior, and requires
+ "-u". If you want it, use "--setuid-with-ldap" instead.
+
+ -Q, --setuid-with-sql
+ Turn on SQL lookups even when per-user config files have been
+ disabled with -x and also setuid to the user. This is useful for
+ spamd hosts which want to load user preferences from an SQL database
+ but also wish to support the use of -H (Helper home directories.)
+
+ --setuid-with-ldap
+ Turn on LDAP lookups even when per-user config files have been
+ disabled with -x and also setuid to the user. This is again
+ completely analog to "--setuid-with-sql", only it is using an LDAP
+ server.
+
+ --virtual-config-dir=*pattern*
+ This option specifies where per-user preferences can be found for
+ virtual users, for the -x switch. The *pattern* is used as a base
+ pattern for the directory name. Any of the following escapes can be
+ used:
+
+ %u -- replaced with the full name of the current user, as sent by
+ spamc.
+ %l -- replaced with the 'local part' of the current username. In
+ other words, if the username is an email address, this is the part
+ before the "@" sign.
+ %d -- replaced with the 'domain' of the current username. In other
+ words, if the username is an email address, this is the part after
+ the "@" sign.
+ %% -- replaced with a single percent sign (%).
+
+ So for example, if "/vhome/users/%u/spamassassin" is specified, and
+ spamc sends a virtual username of "jm@example.com", the directory
+ "/vhome/users/jm@example.com/spamassassin" will be used.
+
+ The set of characters allowed in the virtual username for this path
+ are restricted to:
+
+ A-Z a-z 0-9 - + _ . , @ =
+
+ All others will be replaced by underscores ("_").
+
+ This path must be a writable directory. It will be created if it
+ does not already exist. If a file called user_prefs exists in this
+ directory (note: not in a ".spamassassin" subdirectory!), it will be
+ loaded as the user's preferences. The Bayes databases for that user
+ will be stored in this directory.
+
+ Note that this requires that -x is used, and cannot be combined with
+ SQL- or LDAP-based configuration.
+
+ The pattern must expand to an absolute directory when spamd is
+ running daemonized (-d).
+
+ Currently, use of this without -u is not supported. This inhibits
+ setuid.
+
+ -r *pidfile*, --pidfile=*pidfile*
+ Write the process ID of the spamd parent to the file specified by
+ *pidfile*. The file will be unlinked when the parent exits. Note
+ that when running with the -u option, the file must be writable by
+ that user.
+
+ -v, --vpopmail
+ Enable vpopmail config. If specified with with -u set to the
+ vpopmail user, this allows spamd to lookup/create user_prefs in the
+ vpopmail user's own maildir. This option is useful for vpopmail
+ virtual users who do not have an entry in the system /etc/passwd
+ file.
+
+ Currently, use of this without -u is not supported. This inhibits
+ setuid.
+
+ -s *facility*, --syslog=*facility*
+ Specify the syslog facility to use (default: mail). If "stderr" is
+ specified, output will be written to stderr. (This is useful if
+ you're running "spamd" under the "daemontools" package.) With a
+ *facility* of "file", all output goes to spamd.log. *facility* is
+ interpreted as a file name to log to if it contains any characters
+ except a-z and 0-9. "null" disables logging completely (used
+ internally).
+
+ Examples: spamd -s mail # use syslog, facility mail (default) spamd
+ -s ./mail # log to file ./mail spamd -s stderr 2>/dev/null # log to
+ stderr, throw messages away spamd -s null # the same as above spamd
+ -s file # log to file ./spamd.log spamd -s /var/log/spamd.log # log
+ to file /var/log/spamd.log
+
+ If logging to a file is enabled and that log file is rotated, the
+ spamd server must be restarted with a SIGHUP. (If the log file is
+ just truncated, this is not needed but still recommended.)
+
+ Note that logging to a file does not use locking, so you cannot
+ intermix logging from spamd and other processes into the same file.
+ If you want to mix logging like this, use syslog instead.
+
+ If you use syslog logging, it is essential to send a SIGHUP to the
+ spamd daemon when you restart the syslogd daemon. (This is due to a
+ shortcoming in Perl's syslog handling, where the disappearance of
+ the connection to the syslogd is considered a fatal error.)
+
+ --syslog-socket=*type*
+ Specify how spamd should send messages to syslogd. The options are
+ "unix", "inet" or "none". The default is to try "unix" first,
+ falling back to "inet" if perl detects errors in its "unix" support.
+
+ Some platforms, or versions of perl, are shipped with dysfunctional
+ versions of the Sys::Syslog package which do not support some socket
+ types, so you may need to set this. If you get error messages
+ regarding __PATH_LOG or similar from spamd, try changing this
+ setting.
+
+ The socket type "file" is used internally and should not be
+ specified. Use the "-s" switch instead.
+
+ -u *username*, --username=*username*
+ Run as the named user. If this option is not set, the default
+ behaviour is to setuid() to the user running "spamc", if "spamd" is
+ running as root.
+
+ Note: "--username=root" is not a valid option. If specified, "spamd"
+ will exit with a fatal error on startup.
+
+ -g *groupname*, --groupname=*groupname*
+ Run as the named group if --username is being used. If this option
+ is not set when --username is used then the primary group for the
+ user given to --username is used.
+
+ -x, --nouser-config, --user-config
+ Turn off (on) reading of per-user configuration files (user_prefs)
+ from the user's home directory. The default behaviour is to read
+ per-user configuration from the user's home directory
+ (--user-config).
+
+ This option does not disable or otherwise influence the SQL, LDAP or
+ Virtual Config Dir settings.
+
+ --auth-ident
+ Verify the username provided by spamc using ident. This is only
+ useful if connections are only allowed from trusted hosts (because
+ an identd that lies is trivial to create) and if spamc REALLY SHOULD
+ be running as the user it represents. Connections are terminated
+ immediately if authentication fails. In this case, spamc will pass
+ the mail through unchecked. Failure to connect to an ident server,
+ and response timeouts are considered authentication failures. This
+ requires that Net::Ident be installed.
+
+ --ident-timeout=*timeout*
+ Wait at most *timeout* seconds for a response to ident queries.
+ Authentication that takes long that *timeout* seconds will fail, and
+ mail will not be processed. Setting this to 0.0 or less results in
+ no timeout, which is STRONGLY discouraged. The default is 5 seconds.
+
+ -A *host,...*, --allowed-ips=*host,...*
+ Specify a list of authorized hosts or networks which can connect to
+ this spamd instance. Single IP addresses can be given, ranges of IP
+ addresses in address/masklength CIDR format, or ranges of IP
+ addresses by listing 3 or less octets with a trailing dot. Hostnames
+ are not supported, only IP addresses. This option can be specified
+ multiple times, or can take a list of addresses separated by commas.
+ Examples:
+
+ -A 10.11.12.13 -- only allow connections from 10.11.12.13.
+
+ -A 10.11.12.13,10.11.12.14 -- only allow connections from
+ 10.11.12.13 and 10.11.12.14.
+
+ -A 10.200.300.0/24 -- allow connections from any machine in the
+ range "10.200.300.*".
+
+ -A 10. -- allow connections from any machine in the range
+ "10.*.*.*".
+
+ By default, connections are only accepted from localhost
+ [127.0.0.1].
+
+ -D [*area,...*], --debug [*area,...*]
+ Produce debugging output. If no areas are listed, all debugging
+ information is printed. Diagnostic output can also be enabled for
+ each area individually; *area* is the area of the code to
+ instrument. For example, to produce diagnostic output on bayes,
+ learn, and dns, use:
+
+ spamassassin -D bayes,learn,dns
+
+ Higher priority informational messages that are suitable for logging
+ in normal circumstances are available with an area of "info".
+
+ For more information about which areas (also known as channels) are
+ available, please see the documentation at:
+
+ C<http://wiki.apache.org/spamassassin/DebugChannels>
+
+ --ipv4only, --ipv4-only, --ipv4
+ Do not use IPv6 for DNS tests. Use if the existing tests for IPv6
+ availablity produce incorrect results or crashes.
+
+ -L, --local
+ Perform only local tests on all mail. In other words, skip DNS and
+ other network tests. Works the same as the "-L" flag to
+ spamassassin(1).
+
+ -P, --paranoid
+ Die on user errors (for the user passed from spamc) instead of
+ falling back to user *nobody* and using the default configuration.
+
+ -m *number* , --max-children=*number*
+ This option specifies the maximum number of children to spawn. Spamd
+ will spawn that number of children, then sleep in the background
+ until a child dies, wherein it will go and spawn a new child.
+
+ Incoming connections can still occur if all of the children are
+ busy, however those connections will be queued waiting for a free
+ child. The minimum value is 1, the default value is 5.
+
+ Please note that there is a OS specific maximum of connections that
+ can be queued (Try "perl -MSocket -e'print SOMAXCONN'" to find this
+ maximum).
+
+ Note that if you run too many servers for the amount of free RAM
+ available, you run the danger of hurting performance by causing a
+ high swap load as server processes are swapped in and out
+ continually.
+
+ --min-children=*number*
+ The minimum number of children that will be kept running. The
+ minimum value is 1, the default value is 1. If you have lots of free
+ RAM, you may want to increase this.
+
+ --min-spare=*number*
+ The lower limit for the number of spare children allowed to run. A
+ spare, or idle, child is one that is not handling a scan request. If
+ there are too few spare children available, a new server will be
+ started every second or so. The default value is 1.
+
+ --max-spare=*number*
+ The upper limit for the number of spare children allowed to run. If
+ there are too many spare children, one will be killed every second
+ or so until the number of idle children is in the desired range. The
+ default value is 2.
+
+ --max-conn-per-child=*number*
+ This option specifies the maximum number of connections each child
+ should process before dying and letting the master spamd process
+ spawn a new child. The minimum value is 1, the default value is 200.
+
+ --round-robin
+ By default, "spamd" will attempt to keep a small number of "hot"
+ child processes as busy as possible, and keep any others as idle as
+ possible, using something similar to the Apache httpd server scaling
+ algorithm. This is accomplished by the master process coordinating
+ the activities of the children. This switch will disable this
+ scaling algorithm, and the behaviour seen in the 3.0.x versions will
+ be used instead, where all processes receive an equal load and no
+ scaling takes place.
+
+ --timeout-tcp=*number*
+ This option specifies the number of seconds to wait for headers from
+ a client (spamc) before closing the connection. The minimum value is
+ 1, the default value is 30, and a value of 0 will disable socket
+ timeouts completely.
+
+ --timeout-child=*number*
+ This option specifies the number of seconds to wait for a spamd
+ child to to process or check a message. The minimum value is 1, the
+ default value is 300, and a value of 0 will disable child timeouts
+ completely.
+
+ -H *directory*, --helper-home-dir=*directory*
+ Specify that external programs such as Razor, DCC, and Pyzor should
+ have a HOME environment variable set to a specific directory. The
+ default is to use the HOME environment variable setting from the
+ shell running spamd. By specifying no argument, spamd will use the
+ spamc caller's home directory instead.
+
+ --ssl
+ Accept only SSL connections on the associated port. The
+ IO::Socket::SSL perl module must be installed.
+
+ If the --ssl switch is used, and --ssl-port is not supplied, then
+ --port port will be used to accept SSL connections instead of
+ unencrypted connections. If the --ssl switch is used, and --ssl-port
+ is set, then unencrypted connections will be accepted on the --port,
+ at the same time as encrypted connections are accepted at
+ --ssl-port.
+
+ --ssl-port=*port*
+ Optionally specifies the port number for the server to listen on for
+ SSL connections (default: whatever --port uses). See --ssl for more
+ details.
+
+ --ssl-version=*sslversion*
+ Specify the SSL protocol version to use, one of sslv2, sslv3, tlsv1,
+ or sslv23. The default, sslv23, is the most flexible, accepting a
+ SSLv2 or higher hello handshake, then negotiating use of SSLv3 or
+ TLSv1 protocol if the client can accept it. Specifying --ssl-version
+ implies --ssl.
+
+ --server-key *keyfile*
+ Specify the SSL key file to use for SSL connections.
+
+ --server-cert *certfile*
+ Specify the SSL certificate file to use for SSL connections.
+
+ --socketpath *pathname*
+ Listen on UNIX domain path *pathname* instead of a TCP socket.
+
+ Warning: the Perl support on BSD platforms for UNIX domain sockets
+ seems to have a bug regarding paths of over 100 bytes or so
+ (SpamAssassin bug 4380). If you see a 'could not find newly-created
+ UNIX socket' error message, and the path appears truncated, this may
+ be the cause. Try using a shorter path to the socket.
+
+ By default, use of --socketpath will inhibit SSL connections and
+ unencrypted TCP connections. To enable them, specify --port and/or
+ --ssl-port explicitly.
+
+ --socketowner *name*
+ Set UNIX domain socket to be owned by the user named *name*. Note
+ that this requires that spamd be started as "root", and if "-u" is
+ used, that user should have write permissions to unlink the file
+ later, for when the "spamd" server is killed.
+
+ --socketgroup *name*
+ Set UNIX domain socket to be owned by the group named *name*. See
+ "--socketowner" for notes on ownership and permissions.
+
+ --socketmode *mode*
+ Set UNIX domain socket to use the octal mode *mode*. Note that if
+ "-u" is used, that user should have write permissions to unlink the
+ file later, for when the "spamd" server is killed.
+
+SEE ALSO
+ spamc(1) spamassassin(1) Mail::SpamAssassin::Conf(3)
+ Mail::SpamAssassin(3)
+
+PREREQUISITES
+ "Mail::SpamAssassin"
+
+AUTHORS
+ The SpamAssassin(tm) Project (http://spamassassin.apache.org/)
+
+LICENSE
+ SpamAssassin is distributed under the Apache License, Version 2.0, as
+ described in the file "LICENSE" included with the distribution.
+