You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by km...@apache.org on 2014/02/11 18:26:52 UTC
svn commit: r1567225 [15/15] - in /spamassassin/site/full/3.4.x: ./ doc/
Added: spamassassin/site/full/3.4.x/doc/spamc.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/spamc.txt?rev=1567225&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/spamc.txt (added)
+++ spamassassin/site/full/3.4.x/doc/spamc.txt Tue Feb 11 17:26:49 2014
@@ -0,0 +1,294 @@
+NAME
+ spamc - client for spamd
+
+SYNOPSIS
+ spamc [options] < message
+
+DESCRIPTION
+ Spamc is the client half of the spamc/spamd pair. It should be used in
+ place of "spamassassin" in scripts to process mail. It will read the
+ mail from STDIN, and spool it to its connection to spamd, then read the
+ result back and print it to STDOUT. Spamc has extremely low overhead in
+ loading, so it should be much faster to load than the whole spamassassin
+ program.
+
+ See the README file in the spamd directory of the SpamAssassin
+ distribution for more details.
+
+OPTIONS
+ All options detailed below can be passed as command line arguments, or
+ be contained in a configuration file, as described in the CONFIGURATION
+ FILE section below.
+
+ Note that the long options, a la "--long-options", are new as of
+ SpamAssassin 3.2.0, and were not available in earlier versions.
+
+ -B, --bsmtp
+ Assume input is a single BSMTP-formatted message. In other words,
+ spamc will pull out everything between the DATA line and the
+ lone-dot line to feed to spamd, and will place the spamd output back
+ in the same envelope (thus, any SIZE extension in your BSMTP file
+ will cause many problems).
+
+ -c, --check
+ Just check if the message is spam or not. Set process exitcode to 1
+ if message is spam, 0 if not spam or processing failure occurs. Will
+ print score/threshold to stdout (as ints) or 0/0 if there was an
+ error. Combining -c and -E is a no-op, since -c implies the
+ behaviour of -E.
+
+ -d *host[,host2]*, --dest=*host[,host2]*
+ In TCP/IP mode, connect to spamd server on given host (default:
+ localhost). Several hosts can be specified if separated by commas.
+
+ If *host* resolves to multiple addresses, then spamc will fail-over
+ to the other addresses, if the first one cannot be connected to. It
+ will first try all addresses of one host before it tries the next
+ one in the list. Note that this fail-over behaviour is incompatible
+ with -x; if that switch is used, fail-over will not occur.
+
+ -e *command* *[args]*, --pipe-to *command* *[args]*
+ Instead of writing to stdout, pipe the output to *command*'s
+ standard input. Note that there is a very slight chance mail will be
+ lost here, because if the fork-and-exec fails there's no place to
+ put the mail message.
+
+ Note that this must be the LAST command line option, as everything
+ after the -e is taken as arguments to the command (it's like *rxvt*
+ or *xterm*).
+
+ This option is not supported on Win32 platforms.
+
+ -E, --exitcode
+ Filter according to the other options, but set the process exitcode
+ to 1 if message is spam, 0 if not spam or processing failure occurs.
+
+ -F */path/to/file*, --config=*path*
+ Specify a configuration file to read additional command-line flags
+ from. See CONFIGURATION FILE below.
+
+ -h, --help
+ Print this help message and terminate without action.
+
+ -H, --randomize
+ For TCP/IP sockets, randomize the IP addresses returned for the
+ hosts given by the -d switch. This provides for a simple kind of
+ load balancing. It will try only three times though.
+
+ -l, --log-to-stderr
+ Send log messages to stderr, instead of to the syslog.
+
+ -L *learn type*, --learntype=*type*
+ Send message to spamd for learning. The "learn type" can be either
+ spam, ham or forget. The exitcode for spamc will be set to 5 if the
+ message was learned, or 6 if it was already learned, under a
+ condition that a --no-safe-fallback option is selected too.
+
+ Note that the "spamd" must run with the "--allow-tell" option for
+ this to work.
+
+ -C *report type*, --reporttype=*type*
+ Report or revoke a message to one of the configured collaborative
+ filtering databases. The "report type" can be either report or
+ revoke.
+
+ Note that the "spamd" must run with the "--allow-tell" option for
+ this to work.
+
+ -p *port*, --port=*port*
+ In TCP/IP mode, connect to spamd server listening on given port
+ (default: 783).
+
+ -r, --full-spam
+ Just output the SpamAssassin report text to stdout, if the message
+ is spam. If the message is ham (non-spam), nothing will be printed.
+ The first line of the output is the message score and the threshold,
+ in this format:
+
+ score/threshold
+
+ -R, --full
+ Just output the SpamAssassin report text to stdout, for all
+ messages. See -r for details of the output format used.
+
+ -s *max_size*, --max-size=*max_size*
+ Set the maximum message size which will be sent to spamd -- any
+ bigger than this threshold and the message will be returned
+ unprocessed (default: 500 KB). If spamc gets handed a message bigger
+ than this, it won't be passed to spamd. The maximum message size is
+ 256 MB.
+
+ The size is specified in bytes, as a positive integer greater than
+ 0. For example, -s 500000.
+
+ --connect-retries=*retries*
+ Retry connecting to spamd *retries* times. The default is 3 times.
+
+ --retry-sleep=*sleep*
+ Sleep for *sleep* seconds between attempts to connect to spamd. The
+ default is 1 second.
+
+ --filter-retries=*retries*
+ Retry filtering *retries* times if the spamd process fails (usually
+ times out). This differs from --connect-retries in that it times out
+ the transaction after the TCP connection has been established
+ successfully. The default is 1 time (ie. one attempt and no
+ retries).
+
+ --filter-retry-sleep=*sleep*
+ Sleep for *sleep* seconds between failed spamd filtering attempts.
+ The default is 1 second.
+
+ -S, --ssl, --ssl=*sslversion*
+ If spamc was built with support for SSL, encrypt data to and from
+ the spamd process with SSL; spamd must support SSL as well.
+ *sslversion* specifies the SSL protocol version to use, either
+ "sslv3", or "tlsv1". The default, is "sslv3".
+
+ -t *timeout*, --timeout=*timeout*
+ Set the timeout for spamc-to-spamd communications (default: 600, 0
+ disables). If spamd takes longer than this many seconds to reply to
+ a message, spamc will abort the connection and treat this as a
+ failure to connect; in other words the message will be returned
+ unprocessed.
+
+ -n *timeout*, --connect-timeout=*timeout*
+ Set the timeout for spamc-to-spamd connection establishment
+ (default: 600, 0 disables). If spamc takes longer than this many
+ seconds to establish a connection to spamd, spamc will abort the
+ connection and treat this as a failure to connect; in other words
+ the message will be returned unprocessed.
+
+ -u *username*, --username=*username*
+ To have spamd use per-user-config files, run spamc as the user whose
+ config files spamd should load; by default the effective user-ID is
+ sent to spamd. If you're running spamc as some other user, though,
+ (eg. root, mail, nobody, cyrus, etc.) then you may use this flag to
+ override the default.
+
+ -U *socketpath*, --socket=*path*
+ Connect to "spamd" via UNIX domain socket *socketpath* instead of a
+ TCP/IP connection.
+
+ This option is not supported on Win32 platforms.
+
+ -V, --version
+ Report the version of this "spamc" client. If built with SSL
+ support, an additional line will be included noting this, like so:
+
+ SpamAssassin Client version 3.0.0-rc4
+ compiled with SSL support (OpenSSL 0.9.7d 17 Mar 2004)
+
+ -x, --no-safe-fallback
+ Disables the 'safe fallback' error-recovery method, which passes
+ through the unaltered message if an error occurs. Instead, exit with
+ an error code, and let the MTA queue up the mails for a retry later.
+ See also "EXIT CODES".
+
+ This also disables the TCP fail-over behaviour from -d.
+
+ -X, --unavailable-tempfail
+ When disabling 'safe fallback' with -x, this option will turn
+ EX_UNAVAILABLE errors into EX_TEMPFAIL. This may allow your MTA to
+ defer mails with a temporary SMTP error instead of bouncing them
+ with a permanent SMTP error. See also "EXIT CODES".
+
+ -y, --tests
+ Just output the names of the tests hit to stdout, on one line,
+ separated by commas.
+
+ -K Perform a keep-alive check of spamd, instead of a full message
+ check.
+
+ -z Use gzip compression to compress the mail message sent to "spamd".
+ This is useful for long-distance use of spamc over the internet.
+ Note that this relies on "zlib" being installed on the "spamc"
+ client side, and the "Compress::Zlib" perl module on the server
+ side; an error will be returned otherwise.
+
+ --headers
+ Perform a scan, but instead of allowing any part of the message
+ (header and body) to be rewritten, limit rewriting to only the
+ message headers. This is much more efficient in bandwidth usage,
+ since the response message transmitted back from the spamd server
+ will not include the body.
+
+ Note that this only makes sense if you are using "report_safe 0" in
+ the scanning configuration on the remote end; with "report_safe 1",
+ it is likely to result in corrupt messages.
+
+CONFIGURATION FILE
+ The above command-line switches can also be loaded from a configuration
+ file.
+
+ The format of the file is similar to the SpamAssassin rules files; blank
+ lines and lines beginning with "#" are ignored. Any space-separated
+ words are considered additions to the command line, and are prepended.
+ Newlines are treated as equivalent to spaces. Existing command line
+ switches will override any settings in the configuration file.
+
+ If the -F switch is specified, that file will be used. Otherwise,
+ "spamc" will attempt to load spamc.conf in "SYSCONFDIR" (default:
+ /etc/mail/spamassassin). If that file doesn't exist, and the -F switch
+ is not specified, no configuration file will be read.
+
+ Example:
+
+ # spamc global configuration file
+
+ # connect to "server.example.com", port 783
+ -d server.example.com
+ -p 783
+
+ # max message size for scanning = 350k
+ -s 350000
+
+EXIT CODES
+ By default, spamc will use the 'safe fallback' error recovery method.
+ That means, it will always exit with an exit code of 0, even if an error
+ was encountered. If any error occurrs, it will simply pass through the
+ unaltered message.
+
+ The -c and -E options modify this; instead, spamc will use an exit code
+ of 1 if the message is determined to be spam.
+
+ If one of the "-x", "-L" or "-C" options are specified, 'safe fallback'
+ will be disabled, and certain error conditions related to communication
+ between spamc and spamd will result in an error code.
+
+ The exit codes used are as follows:
+
+ EX_USAGE 64 command line usage error
+ EX_DATAERR 65 data format error
+ EX_NOINPUT 66 cannot open input
+ EX_NOUSER 67 addressee unknown
+ EX_NOHOST 68 host name unknown
+ EX_UNAVAILABLE 69 service unavailable
+ EX_SOFTWARE 70 internal software error
+ EX_OSERR 71 system error (e.g., can't fork)
+ EX_OSFILE 72 critical OS file missing
+ EX_CANTCREAT 73 can't create (user) output file
+ EX_IOERR 74 input/output error
+ EX_TEMPFAIL 75 temp failure; user is invited to retry
+ EX_PROTOCOL 76 remote error in protocol
+ EX_NOPERM 77 permission denied
+ EX_CONFIG 78 configuration error
+
+ * The EX_TOOBIG error level is never used. If spamc receives a message
+ that is too big, the exit code will be 0.
+
+ EX_TOOBIG 98 message was too big to process (see --max-size)
+
+SEE ALSO
+ spamd(1) spamassassin(1) Mail::SpamAssassin(3)
+
+PREREQUISITES
+ "Mail::SpamAssassin"
+
+AUTHORS
+ The SpamAssassin(tm) Project <http://spamassassin.apache.org/>
+
+COPYRIGHT
+ SpamAssassin is distributed under the Apache License, Version 2.0, as
+ described in the file "LICENSE" included with the distribution.
+
Added: spamassassin/site/full/3.4.x/doc/spamd.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/spamd.html?rev=1567225&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/spamd.html (added)
+++ spamassassin/site/full/3.4.x/doc/spamd.html Tue Feb 11 17:26:49 2014
@@ -0,0 +1,769 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>spamd - daemonized version of spamassassin</title>
+<link rev="made" href="mailto:root@twm2005-dev.thoughtworthy.com" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#options">OPTIONS</a></li>
+ <li><a href="#see_also">SEE ALSO</a></li>
+ <li><a href="#prerequisites">PREREQUISITES</a></li>
+ <li><a href="#authors">AUTHORS</a></li>
+ <li><a href="#license">LICENSE</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>spamd - daemonized version of spamassassin</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<p>spamd [options]</p>
+<p>Options:</p>
+<pre>
+ -l, --allow-tell Allow learning/reporting
+ -c, --create-prefs Create user preferences files
+ -C path, --configpath=path Path for default config files
+ --siteconfigpath=path Path for site configs
+ --cf='config line' Additional line of configuration
+ -d, --daemonize Daemonize
+ -h, --help Print usage message
+ -i [ip_or_name[:port]], --listen=[ip_or_name[:port]] Listen on IP addr and port
+ -p port, --port=port Listen on specified port, may be overridden by -i
+ -4, --ipv4-only, --ipv4 Use IPv4 where applicable, disables IPv6
+ -6 Use IPv6 where applicable, disables IPv4
+ -A host,..., --allowed-ips=..,.. Restrict to IP addresses which can connect
+ -m num, --max-children=num Allow maximum num children
+ --min-children=num Allow minimum num children
+ --min-spare=num Lower limit for number of spare children
+ --max-spare=num Upper limit for number of spare children
+ --max-conn-per-child=num Maximum connections accepted by child
+ before it is respawned
+ --round-robin Use traditional prefork algorithm
+ --timeout-tcp=secs Connection timeout for client headers
+ --timeout-child=secs Connection timeout for message checks
+ -q, --sql-config Enable SQL config (needs -x)
+ -Q, --setuid-with-sql Enable SQL config (needs -x,
+ enables use of -H)
+ --ldap-config Enable LDAP config (needs -x)
+ --setuid-with-ldap Enable LDAP config (needs -x,
+ enables use of -H)
+ --virtual-config-dir=dir Enable pattern based Virtual configs
+ (needs -x)
+ -r pidfile, --pidfile Write the process id to pidfile
+ -s facility, --syslog=facility Specify the syslog facility
+ --syslog-socket=type How to connect to syslogd
+ --log-timestamp-fmt=fmt strftime(3) format for timestamps, may be
+ empty to disable timestamps, or 'default'
+ -u username, --username=username Run as username
+ -g groupname, --groupname=groupname Run as groupname
+ -v, --vpopmail Enable vpopmail config
+ -x, --nouser-config Disable user config files
+ --auth-ident Use ident to identify spamc user (deprecated)
+ --ident-timeout=timeout Timeout for ident connections
+ -D, --debug[=areas] Print debugging messages (for areas)
+ -L, --local Use local tests only (no DNS)
+ -P, --paranoid Die upon user errors
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Enable SSL on TCP connections
+ --ssl-port port Override --port setting for SSL connections
+ --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on a given UNIX domain socket
+ --socketowner=name Set UNIX domain socket file's owner
+ --socketgroup=name Set UNIX domain socket file's group
+ --socketmode=mode Set UNIX domain socket file's mode
+ -V, --version Print version and exit</pre>
+<p>The --listen option (or -i) may be specified multiple times, its syntax
+is: [ ssl: ] [ host-name-or-IP-address ] [ : port ] or an absolute path
+(filename) of a Unix socket. If port is omitted it defaults to --port or
+to 783. Option --ssl implies a prefix 'ssl:'. An IPv6 address should be
+enclosed in square brackets, e.g. [::1]:783, an IPv4 address may be but
+need not be enclosed in square brackets. An asterisk '*' in place of a
+hostname implies an unspecified address, ('0.0.0.0' or '::'), i.e. it
+binds to all interfaces. An empty option value implies '*'. A default
+is '--listen localhost', which binds to a loopback interface only.</p>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>The purpose of this program is to provide a daemonized version of the
+spamassassin executable. The goal is improving throughput performance for
+automated mail checking.</p>
+<p>This is intended to be used alongside <code>spamc</code>, a fast, low-overhead C client
+program.</p>
+<p>See the README file in the <code>spamd</code> directory of the SpamAssassin distribution
+for more details.</p>
+<p>Note: Although <code>spamd</code> will check per-user config files for every message, any
+changes to the system-wide config files will require either restarting spamd
+or forcing it to reload itself via <strong>SIGHUP</strong> for the changes to take effect.</p>
+<p>Note: If <code>spamd</code> receives a <strong>SIGHUP</strong>, it internally reloads itself, which
+means that it will change its pid and might not restart at all if its
+environment changed (ie. if it can't change back into its own directory). If
+you plan to use <strong>SIGHUP</strong>, you should always start <code>spamd</code> with the <strong>-r</strong>
+switch to know its current pid.</p>
+<p>
+</p>
+<hr />
+<h1><a name="options">OPTIONS</a></h1>
+<p>Options of the long form can be shortened as long as they remain
+unambiguous. (i.e. <strong>--dae</strong> can be used instead of <strong>--daemonize</strong>)
+Also, boolean options (like <strong>--user-config</strong>) can be negated by
+adding <em>no</em> (<strong>--nouser-config</strong>), however, this is usually unnecessary.</p>
+<dl>
+<dt><strong><a name="item__2dl_2c__2d_2dallow_2dtell"><strong>-l</strong>, <strong>--allow-tell</strong></a></strong><br />
+</dt>
+<dd>
+Allow learning and forgetting (to a local Bayes database), reporting
+and revoking (to a remote database) by spamd. The client issues a TELL
+command to tell what type of message is being processed and whether
+local (learn/forget) or remote (report/revoke) databases should be
+updated.
+</dd>
+<dd>
+<p>Note that spamd always trusts the username passed in (unless
+<strong>--auth-ident</strong> is used) so clients could maliciously learn messages
+for other users. (This is not ususally a concern with an SQL Bayes
+store as users will typically have read-write access directly to the
+database, and can also use <code>sa-learn</code> with the <strong>-u</strong> option to
+achieve the same result.)</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dc_2c__2d_2dcreate_2dprefs"><strong>-c</strong>, <strong>--create-prefs</strong></a></strong><br />
+</dt>
+<dd>
+Create user preferences files if they don't exist (default: don't).
+</dd>
+<p></p>
+<dt><strong><a name="item__2dc_path_2c__2d_2dconfigpath_3dpath"><strong>-C</strong> <em>path</em>, <strong>--configpath</strong>=<em>path</em></a></strong><br />
+</dt>
+<dd>
+Use the specified path for locating the distributed configuration files.
+Ignore the default directories (usually <code>/usr/share/spamassassin</code> or similar).
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsiteconfigpath_3dpath"><strong>--siteconfigpath</strong>=<em>path</em></a></strong><br />
+</dt>
+<dd>
+Use the specified path for locating site-specific configuration files. Ignore
+the default directories (usually <code>/etc/mail/spamassassin</code> or similar).
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dcf_3d_27config_line_27"><strong>--cf='config line'</strong></a></strong><br />
+</dt>
+<dd>
+Add additional lines of configuration directly from the command-line, parsed
+after the configuration files are read. Multiple <strong>--cf</strong> arguments can be
+used, and each will be considered a separate line of configuration.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dd_2c__2d_2ddaemonize"><strong>-d</strong>, <strong>--daemonize</strong></a></strong><br />
+</dt>
+<dd>
+Detach from starting process and run in background (daemonize).
+</dd>
+<p></p>
+<dt><strong><a name="item__2dh_2c__2d_2dhelp"><strong>-h</strong>, <strong>--help</strong></a></strong><br />
+</dt>
+<dd>
+Print a brief help message, then exit without further action.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dv_2c__2d_2dversion"><strong>-V</strong>, <strong>--version</strong></a></strong><br />
+</dt>
+<dd>
+Print version information, then exit without further action.
+</dd>
+<p></p>
+<dt><strong><a name="item__2di__5bipaddress_5b_3a_3cport_3e_5d_5d_2c__2d_2dl"><strong>-i</strong> [<em>ipaddress</em>[:<port>]], <strong>--listen</strong>[=<em>ipaddress</em>[:<port>]]</a></strong><br />
+</dt>
+<dd>
+Additional alias names for this option are --listen-ip and --ip-address.
+Tells spamd to listen on the specified IP address, defaults to a loopback
+interface, i.e. <code>--listen localhost</code>). If no value is specified after the
+switch, or if an asterisk '*' stands in place of an <ipaddress>, spamd will
+listen on all interfaces - this is equivalent to address '0.0.0.0' for IPv4
+and to '::' for IPv6. You can also use a valid hostname which will make spamd
+listen on all addresses that a name resolves to. The option may be specified
+multiple times. See also options -4 and -6 for restricting address family
+to IPv4 or to IPv6. If a port is specified it overrides for this socket the
+global --port (and --ssl-port) setting. An IPv6 addresses should be enclosed
+in square brackets, e.g. [::1]:783. For compatibility square brackets on an
+IPv6 address may be omitted if a port number specification is also omitted.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dp_port_2c__2d_2dport_3dport"><strong>-p</strong> <em>port</em>, <strong>--port</strong>=<em>port</em></a></strong><br />
+</dt>
+<dd>
+Optionally specifies the port number for the server to listen on (default: 783).
+</dd>
+<dd>
+<p>If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is not supplied, then this
+port will be used to accept SSL connections instead of unencrypted connections.
+If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is set, then unencrypted
+connections will be accepted on the <strong>--port</strong> at the same time as encrypted
+connections are accepted at <strong>--ssl-port</strong>.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dq_2c__2d_2dsql_2dconfig"><strong>-q</strong>, <strong>--sql-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn on SQL lookups even when per-user config files have been disabled
+with <strong>-x</strong>. this is useful for spamd hosts which don't have user's
+home directories but do want to load user preferences from an SQL
+database.
+</dd>
+<dd>
+<p>If your spamc client does not support sending the <code>User:</code> header,
+like <code>exiscan</code>, then the SQL username used will always be <strong>nobody</strong>.</p>
+</dd>
+<dd>
+<p>This inhibits the <code>setuid()</code> behavior, so the <code>-u</code> option is
+required. If you want the <code>setuid()</code> behaviour, use <code>-Q</code> or
+<code>--setuid-with-sql</code> instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dldap_2dconfig"><strong>--ldap-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn on LDAP lookups. This is completely analog to <code>--sql-config</code>,
+only it is using an LDAP server.
+</dd>
+<dd>
+<p>Like <code>--sql-config</code>, this disables the setuid behavior, and requires
+<code>-u</code>. If you want it, use <a href="#item__2d_2dsetuid_2dwith_2dldap"><code>--setuid-with-ldap</code></a> instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dq_2c__2d_2dsetuid_2dwith_2dsql"><strong>-Q</strong>, <strong>--setuid-with-sql</strong></a></strong><br />
+</dt>
+<dd>
+Turn on SQL lookups even when per-user config files have been disabled
+with <strong>-x</strong> and also setuid to the user. This is useful for spamd hosts
+which want to load user preferences from an SQL database but also wish to
+support the use of <strong>-H</strong> (Helper home directories.)
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsetuid_2dwith_2dldap"><strong>--setuid-with-ldap</strong></a></strong><br />
+</dt>
+<dd>
+Turn on LDAP lookups even when per-user config files have been disabled
+with <strong>-x</strong> and also setuid to the user. This is again completely analog
+to <code>--setuid-with-sql</code>, only it is using an LDAP server.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dvirtual_2dconfig_2ddir_3dpattern"><strong>--virtual-config-dir</strong>=<em>pattern</em></a></strong><br />
+</dt>
+<dd>
+This option specifies where per-user preferences can be found for virtual
+users, for the <strong>-x</strong> switch. The <em>pattern</em> is used as a base pattern for the
+directory name. Any of the following escapes can be used:
+</dd>
+<dl>
+<dt><strong><a name="item__u">%u -- replaced with the full name of the current user, as sent by spamc.</a></strong><br />
+</dt>
+<dt><strong><a name="item__l">%l -- replaced with the 'local part' of the current username. In other
+words, if the username is an email address, this is the part before the <code>@</code>
+sign.</a></strong><br />
+</dt>
+<dt><strong><a name="item__d">%d -- replaced with the 'domain' of the current username. In other
+words, if the username is an email address, this is the part after the <code>@</code>
+sign.</a></strong><br />
+</dt>
+<dt><strong><a name="item_sign">%% -- replaced with a single percent sign (%).</a></strong><br />
+</dt>
+</dl>
+<p>So for example, if <code>/vhome/users/%u/spamassassin</code> is specified, and spamc
+sends a virtual username of <code>jm@example.com</code>, the directory
+<code>/vhome/users/jm@example.com/spamassassin</code> will be used.</p>
+<p>The set of characters allowed in the virtual username for this path are
+restricted to:</p>
+<pre>
+ A-Z a-z 0-9 - + _ . , @ =</pre>
+<p>All others will be replaced by underscores (<code>_</code>).</p>
+<p>This path must be a writable directory. It will be created if it does not
+already exist. If a file called <strong>user_prefs</strong> exists in this directory (note:
+<strong>not</strong> in a <code>.spamassassin</code> subdirectory!), it will be loaded as the user's
+preferences. The Bayes databases for that user will be stored in this directory.</p>
+<p>Note that this <strong>requires</strong> that <strong>-x</strong> is used, and cannot be combined with
+SQL- or LDAP-based configuration.</p>
+<p>The pattern <strong>must</strong> expand to an absolute directory when spamd is running
+daemonized (<strong>-d</strong>).</p>
+<p>Currently, use of this without <strong>-u</strong> is not supported. This inhibits setuid.</p>
+<dt><strong><a name="item__2dr_pidfile_2c__2d_2dpidfile_3dpidfile"><strong>-r</strong> <em>pidfile</em>, <strong>--pidfile</strong>=<em>pidfile</em></a></strong><br />
+</dt>
+<dd>
+Write the process ID of the spamd parent to the file specified by <em>pidfile</em>.
+The file will be unlinked when the parent exits. Note that when running
+with the <strong>-u</strong> option, the file must be writable by that user.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dv_2c__2d_2dvpopmail"><strong>-v</strong>, <strong>--vpopmail</strong></a></strong><br />
+</dt>
+<dd>
+Enable vpopmail config. If specified with with <strong>-u</strong> set to the vpopmail user,
+this allows spamd to lookup/create user_prefs in the vpopmail user's own
+maildir. This option is useful for vpopmail virtual users who do not have an
+entry in the system /etc/passwd file.
+</dd>
+<dd>
+<p>Currently, use of this without <strong>-u</strong> is not supported. This inhibits setuid.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2ds_facility_2c__2d_2dsyslog_3dfacility"><strong>-s</strong> <em>facility</em>, <strong>--syslog</strong>=<em>facility</em></a></strong><br />
+</dt>
+<dd>
+Specify the syslog facility to use (default: mail). If <code>stderr</code> is specified,
+output will be written to stderr. (This is useful if you're running <code>spamd</code>
+under the <code>daemontools</code> package.) With a <em>facility</em> of <code>file</code>, all output
+goes to spamd.log. <em>facility</em> is interpreted as a file name to log to if it
+contains any characters except a-z and 0-9. <code>null</code> disables logging completely
+(used internally).
+</dd>
+<dd>
+<p><table cellspacing="0" cellpadding="0"><tr><td>Examples:
+<tr><td><td>spamd -s mail # use syslog, facility mail (default)
+<tr><td><td>spamd -s ./mail # log to file ./mail
+<tr><td><td>spamd -s stderr 2>/dev/null # log to stderr, throw messages away
+<tr><td><td>spamd -s null # the same as above
+<tr><td><td>spamd -s file # log to file ./spamd.log
+<tr><td><td>spamd -s /var/log/spamd.log # log to file /var/log/spamd.log</table></p>
+</dd>
+<dd>
+<p>If logging to a file is enabled and that log file is rotated, the spamd server
+must be restarted with a SIGHUP. (If the log file is just truncated, this is
+not needed but still recommended.)</p>
+</dd>
+<dd>
+<p>Note that logging to a file does not use locking, so you cannot intermix
+logging from spamd and other processes into the same file. If you want
+to mix logging like this, use syslog instead.</p>
+</dd>
+<dd>
+<p>If you use syslog logging, it is essential to send a SIGHUP to the spamd daemon
+when you restart the syslogd daemon. (This is due to a shortcoming in Perl's
+syslog handling, where the disappearance of the connection to the syslogd is
+considered a fatal error.)</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsyslog_2dsocket_3dtype"><strong>--syslog-socket</strong>=<em>type</em></a></strong><br />
+</dt>
+<dd>
+Specify how spamd should send messages to syslogd. The <em>type</em> can be any
+of the socket types or logging mechanisms as accepted by the subroutine
+Sys::Syslog::setlogsock(). Depending on a version of Sys::Syslog and on the
+underlying operating system, one of the following values (or their subset) can
+be used: <code>native</code>, <code>eventlog</code>, <code>tcp</code>, <code>udp</code>, <code>inet</code>, <code>unix</code>, <code>stream</code>,
+<code>pipe</code>, or <code>console</code>. The value <code>eventlog</code> is specific to Win32 events
+logger and requires a perl module Win32::EventLog to be installed.
+For more information please consult the Sys::Syslog documentation.
+</dd>
+<dd>
+<p>A historical setting --syslog-socket=none is mapped to --syslog=stderr.</p>
+</dd>
+<dd>
+<p>A default for Windows platforms is <code>none</code>, otherwise the default is
+to try <code>unix</code> first, falling back to <code>inet</code> if perl detects errors
+in its <code>unix</code> support.</p>
+</dd>
+<dd>
+<p>Some platforms, or versions of perl, are shipped with old or dysfunctional
+versions of the <strong>Sys::Syslog</strong> module which do not support some socket types,
+so you may need to set this option explicitly. If you get error messages
+regarding <strong>__PATH_LOG</strong> or similar spamd, try changing this setting.</p>
+</dd>
+<dd>
+<p>The socket types <code>file</code> is used internally and should not be specified.
+Use the <code>-s</code> switch instead.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dlog_2dtimestamp_2dfmt_3dformat"><strong>--log-timestamp-fmt</strong>=<em>format</em></a></strong><br />
+</dt>
+<dd>
+The --log-timestamp-fmt option can provide a POSIX <code>strftime(3)</code> format for
+timestamps included in each logged message. Each logger (stderr, file,
+syslog) has its own default value for a timestamp format, which applies when
+--log-timestamp-fmt option is not given, or with --log-timestamp-fmt=default .
+Timestamps can be turned off by specifying an empty string with this
+option, e.g. --log-timestamp-fmt='' or just --log-timestamp-fmt= .
+Typical use: --log-timestamp-fmt='%a %b %e %H:%M:%S %Y' (provides
+localized weekday and month names in the <code>ctime(3)</code> style),
+or '%a, %e %b %Y %H:%M:%S %z (%Z)' for a RFC 2822 format,
+or maybe '%Y-%m-%d %H:%M:%S%z' for an ISO 8601 (EN 28601) format,
+or just '%Y%m%dT%H%M%S' .
+</dd>
+<p></p>
+<dt><strong><a name="item__2du_username_2c__2d_2dusername_3dusername"><strong>-u</strong> <em>username</em>, <strong>--username</strong>=<em>username</em></a></strong><br />
+</dt>
+<dd>
+Run as the named user. If this option is not set, the default behaviour
+is to <code>setuid()</code> to the user running <code>spamc</code>, if <code>spamd</code> is running
+as root.
+</dd>
+<dd>
+<p>Note: ``--username=root'' is not a valid option. If specified, <code>spamd</code> will
+exit with a fatal error on startup.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dg_groupname_2c__2d_2dgroupname_3dgroupname"><strong>-g</strong> <em>groupname</em>, <strong>--groupname</strong>=<em>groupname</em></a></strong><br />
+</dt>
+<dd>
+Run as the named group if --username is being used. If this option is
+not set when --username is used then the primary group for the user
+given to --username is used.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dx_2c__2d_2dnouser_2dconfig_2c__2d_2duser_2dconf"><strong>-x</strong>, <strong>--nouser-config</strong>, <strong>--user-config</strong></a></strong><br />
+</dt>
+<dd>
+Turn off (on) reading of per-user configuration files (user_prefs) from the
+user's home directory. The default behaviour is to read per-user
+configuration from the user's home directory (<strong>--user-config</strong>).
+</dd>
+<dd>
+<p>This option does not disable or otherwise influence the SQL, LDAP or
+Virtual Config Dir settings.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dauth_2dident"><strong>--auth-ident</strong></a></strong><br />
+</dt>
+<dd>
+Verify the username provided by spamc using ident. This is only
+useful if connections are only allowed from trusted hosts (because an
+identd that lies is trivial to create) and if spamc REALLY SHOULD be
+running as the user it represents. Connections are terminated
+immediately if authentication fails. In this case, spamc will pass
+the mail through unchecked. Failure to connect to an ident server,
+and response timeouts are considered authentication failures. This
+requires that Net::Ident be installed. Deprecated.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dident_2dtimeout_3dtimeout"><strong>--ident-timeout</strong>=<em>timeout</em></a></strong><br />
+</dt>
+<dd>
+Wait at most <em>timeout</em> seconds for a response to ident queries.
+Ident query that takes longer that <em>timeout</em> seconds will fail, and
+mail will not be processed. Setting this to 0.0 or less results in no
+timeout, which is STRONGLY discouraged. The default is 5 seconds.
+</dd>
+<p></p>
+<dt><strong><a name="item__2da_host_2c_2e_2e_2e_2c__2d_2dallowed_2dips_3dhos"><strong>-A</strong> <em>host,...</em>, <strong>--allowed-ips</strong>=<em>host,...</em></a></strong><br />
+</dt>
+<dd>
+Specify a comma-separated list of authorized hosts or networks which
+can connect to this spamd instance. Each element of the list is either a
+single IP addresses, or a range of IP addresses in address/masklength CIDR
+notation, or ranges of IPv4 addresses by specifying 3 or less octets with
+a trailing dot. Hostnames are not supported, only IPv4 or IPv6 addresses.
+This option can be specified multiple times, or can take a list of addresses
+separated by commas. IPv6 addresses may be (but need not be) enclosed
+in square brackets for consistency with option <strong>--listen</strong>. Examples:
+</dd>
+<dd>
+<p><strong>-A 10.11.12.13</strong> -- only allow connections from <code>10.11.12.13</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.11.12.13,10.11.12.14</strong> -- only allow connections from <code>10.11.12.13</code> and
+<code>10.11.12.14</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.200.300.0/24</strong> -- allow connections from any machine in the range
+<code>10.200.300.*</code>.</p>
+</dd>
+<dd>
+<p><strong>-A 10.</strong> -- allow connections from any machine in the range <code>10.*.*.*</code>.</p>
+</dd>
+<dd>
+<p><strong>-A [2001:db8::]/32,192.0.2.0/24,::1,127.0.0.0/8</strong> -- only accept
+connections from specified test networks and from localhost.</p>
+</dd>
+<dd>
+<p>In absence of the <strong>-A</strong> option, connections are only accepted from
+IP address 127.0.0.1 or ::1, i.e. from localhost on a loopback interface.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2dd__5barea_2c_2e_2e_2e_5d_2c__2d_2ddebug__5barea"><strong>-D</strong> [<em>area,...</em>], <strong>--debug</strong> [<em>area,...</em>]</a></strong><br />
+</dt>
+<dd>
+Produce debugging output. If no areas are listed, all debugging information is
+printed. Diagnostic output can also be enabled for each area individually;
+<em>area</em> is the area of the code to instrument. For example, to produce
+diagnostic output on bayes, learn, and dns, use:
+</dd>
+<dd>
+<pre>
+ spamassassin -D bayes,learn,dns</pre>
+</dd>
+<dd>
+<p>Higher priority informational messages that are suitable for logging in normal
+circumstances are available with an area of ``info''.</p>
+</dd>
+<dd>
+<p>For more information about which areas (also known as channels) are available,
+please see the documentation at:</p>
+</dd>
+<dd>
+<pre>
+ C<<a href="http://wiki.apache.org/spamassassin/DebugChannels>">http://wiki.apache.org/spamassassin/DebugChannels></a>;</pre>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d4_2c__2d_2dipv4only_2c__2d_2dipv4_2donly_2c__2d"><strong>-4</strong>, <strong>--ipv4only</strong>, <strong>--ipv4-only</strong>, <strong>--ipv4</strong></a></strong><br />
+</dt>
+<dd>
+Use IPv4 where applicable, do not use IPv6.
+The option affects a set of listen sockets (see option <code>--listen</code>)
+and disables IPv6 for DNS tests.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d6"><strong>-6</strong></a></strong><br />
+</dt>
+<dd>
+Use IPv6 where applicable, do not use IPv4.
+The option affects a set of listen sockets (see option <code>--listen</code>)
+and disables IPv4 for DNS tests. Installing a module IO::Socket::IP
+is recommended if spamd is expected to receive requests over IPv6.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dl_2c__2d_2dlocal"><strong>-L</strong>, <strong>--local</strong></a></strong><br />
+</dt>
+<dd>
+Perform only local tests on all mail. In other words, skip DNS and other
+network tests. Works the same as the <code>-L</code> flag to <code>spamassassin(1)</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dp_2c__2d_2dparanoid"><strong>-P</strong>, <strong>--paranoid</strong></a></strong><br />
+</dt>
+<dd>
+Die on user errors (for the user passed from spamc) instead of falling back to
+user <em>nobody</em> and using the default configuration.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dm_number__2c__2d_2dmax_2dchildren_3dnumber"><strong>-m</strong> <em>number</em> , <strong>--max-children</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the maximum number of children to spawn.
+Spamd will spawn that number of children, then sleep in the background
+until a child dies, wherein it will go and spawn a new child.
+</dd>
+<dd>
+<p>Incoming connections can still occur if all of the children are busy,
+however those connections will be queued waiting for a free child.
+The minimum value is <code>1</code>, the default value is <code>5</code>.</p>
+</dd>
+<dd>
+<p>Please note that there is a OS specific maximum of connections that can be
+queued (Try <code>perl -MSocket -e'print SOMAXCONN'</code> to find this maximum).</p>
+</dd>
+<dd>
+<p>Note that if you run too many servers for the amount of free RAM available, you
+run the danger of hurting performance by causing a high swap load as server
+processes are swapped in and out continually.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmin_2dchildren_3dnumber"><strong>--min-children</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The minimum number of children that will be kept running. The minimum value is
+<code>1</code>, the default value is <code>1</code>. If you have lots of free RAM, you may want to
+increase this.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmin_2dspare_3dnumber"><strong>--min-spare</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The lower limit for the number of spare children allowed to run. A
+spare, or idle, child is one that is not handling a scan request. If
+there are too few spare children available, a new server will be started
+every second or so. The default value is <code>1</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmax_2dspare_3dnumber"><strong>--max-spare</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+The upper limit for the number of spare children allowed to run. If there
+are too many spare children, one will be killed every second or so until
+the number of idle children is in the desired range. The default value
+is <code>2</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dmax_2dconn_2dper_2dchild_3dnumber"><strong>--max-conn-per-child</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the maximum number of connections each child
+should process before dying and letting the master spamd process spawn
+a new child. The minimum value is <code>1</code>, the default value is <code>200</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dround_2drobin"><strong>--round-robin</strong></a></strong><br />
+</dt>
+<dd>
+By default, <code>spamd</code> will attempt to keep a small number of ``hot'' child
+processes as busy as possible, and keep any others as idle as possible, using
+something similar to the Apache httpd server scaling algorithm. This is
+accomplished by the master process coordinating the activities of the children.
+This switch will disable this scaling algorithm, and the behaviour seen in
+the 3.0.x versions will be used instead, where all processes receive an
+equal load and no scaling takes place.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dtimeout_2dtcp_3dnumber"><strong>--timeout-tcp</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the number of seconds to wait for headers from a
+client (spamc) before closing the connection. The minimum value is <code>1</code>,
+the default value is <code>30</code>, and a value of <code>0</code> will disable socket
+timeouts completely.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dtimeout_2dchild_3dnumber"><strong>--timeout-child</strong>=<em>number</em></a></strong><br />
+</dt>
+<dd>
+This option specifies the number of seconds to wait for a spamd child to
+process or check a message. The minimum value is <code>1</code>, the default
+value is <code>300</code>, and a value of <code>0</code> will disable child timeouts completely.
+</dd>
+<p></p>
+<dt><strong><a name="item__2dh_directory_2c__2d_2dhelper_2dhome_2ddir_3ddire"><strong>-H</strong> <em>directory</em>, <strong>--helper-home-dir</strong>=<em>directory</em></a></strong><br />
+</dt>
+<dd>
+Specify that external programs such as Razor, DCC, and Pyzor should have
+a HOME environment variable set to a specific directory. The default
+is to use the HOME environment variable setting from the shell running
+spamd. By specifying no argument, spamd will use the spamc caller's
+home directory instead.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl"><strong>--ssl</strong></a></strong><br />
+</dt>
+<dd>
+Accept only SSL connections on the associated port.
+The <strong>IO::Socket::SSL</strong> perl module must be installed.
+</dd>
+<dd>
+<p>If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is not supplied, then
+<strong>--port</strong> port will be used to accept SSL connections instead of unencrypted
+connections. If the <strong>--ssl</strong> switch is used, and <strong>--ssl-port</strong> is set, then
+unencrypted connections will be accepted on the <strong>--port</strong>, at the same time as
+encrypted connections are accepted at <strong>--ssl-port</strong>.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl_2dport_3dport"><strong>--ssl-port</strong>=<em>port</em></a></strong><br />
+</dt>
+<dd>
+Optionally specifies the port number for the server to listen on for
+SSL connections (default: whatever --port uses). See <strong>--ssl</strong> for
+more details.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dssl_2dversion_3dsslversion"><strong>--ssl-version</strong>=<em>sslversion</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL protocol version to use, one of <strong>sslv3</strong> or <strong>tlsv1</strong>.
+The default, <strong>sslv3</strong>, is the most flexible, accepting a SSLv3 or
+higher hello handshake, then negotiating use of SSLv3 or TLSv1
+protocol if the client can accept it. Specifying <strong>--ssl-version</strong>
+implies <strong>--ssl</strong>.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dserver_2dkey_keyfile"><strong>--server-key</strong> <em>keyfile</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL key file to use for SSL connections.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dserver_2dcert_certfile"><strong>--server-cert</strong> <em>certfile</em></a></strong><br />
+</dt>
+<dd>
+Specify the SSL certificate file to use for SSL connections.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketpath_pathname"><strong>--socketpath</strong> <em>pathname</em></a></strong><br />
+</dt>
+<dd>
+Listen on a UNIX domain socket at path <em>pathname</em>, in addition to
+sockets specified with a <code>--listen</code> option. This option is provided
+for compatibility with older versions of spamd. Starting with version
+3.4.0 the <code>--listen</code> option can also take a UNIX domain socket as its
+value (an absolute path name). Unlike <code>--socketpath</code>, the <code>--listen</code>
+option may be specified multiple times if spamd needs to listen on
+multiple UNIX or INET or INET6 sockets.
+</dd>
+<dd>
+<p>Warning: the Perl support on BSD platforms for UNIX domain sockets seems to
+have a bug regarding paths of over 100 bytes or so (SpamAssassin bug 4380).
+If you see a 'could not find newly-created UNIX socket' error message, and
+the path appears truncated, this may be the cause. Try using a shorter path
+to the socket.</p>
+</dd>
+<dd>
+<p>By default, use of <strong>--socketpath</strong> without <strong>--listen</strong> will inhibit
+SSL connections and unencrypted TCP connections. To add other sockets,
+specify them with <strong>--listen</strong>, e.g. '--listen=:' or '--listen=*:'</p>
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketowner_name"><strong>--socketowner</strong> <em>name</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to be owned by the user named <em>name</em>. Note
+that this requires that spamd be started as <code>root</code>, and if <code>-u</code>
+is used, that user should have write permissions to unlink the file
+later, for when the <code>spamd</code> server is killed.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketgroup_name"><strong>--socketgroup</strong> <em>name</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to be owned by the group named <em>name</em>. See
+<code>--socketowner</code> for notes on ownership and permissions.
+</dd>
+<p></p>
+<dt><strong><a name="item__2d_2dsocketmode_mode"><strong>--socketmode</strong> <em>mode</em></a></strong><br />
+</dt>
+<dd>
+Set UNIX domain socket to use the octal mode <em>mode</em>. Note that if <code>-u</code> is
+used, that user should have write permissions to unlink the file later, for
+when the <code>spamd</code> server is killed.
+</dd>
+<p></p></dl>
+<p>
+</p>
+<hr />
+<h1><a name="see_also">SEE ALSO</a></h1>
+<p><code>spamc(1)</code>
+<code>spamassassin(1)</code>
+Mail::SpamAssassin::Conf(3)
+Mail::SpamAssassin(3)</p>
+<p>
+</p>
+<hr />
+<h1><a name="prerequisites">PREREQUISITES</a></h1>
+<p><code>Mail::SpamAssassin</code></p>
+<p>
+</p>
+<hr />
+<h1><a name="authors">AUTHORS</a></h1>
+<p>The <code>SpamAssassin(tm)</code> Project (http://spamassassin.apache.org/)</p>
+<p>
+</p>
+<hr />
+<h1><a name="license">LICENSE</a></h1>
+<p>SpamAssassin is distributed under the Apache License, Version 2.0, as
+described in the file <code>LICENSE</code> included with the distribution.</p>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.4.x/doc/spamd.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/spamd.txt?rev=1567225&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/spamd.txt (added)
+++ spamassassin/site/full/3.4.x/doc/spamd.txt Tue Feb 11 17:26:49 2014
@@ -0,0 +1,577 @@
+NAME
+ spamd - daemonized version of spamassassin
+
+SYNOPSIS
+ spamd [options]
+
+ Options:
+
+ -l, --allow-tell Allow learning/reporting
+ -c, --create-prefs Create user preferences files
+ -C path, --configpath=path Path for default config files
+ --siteconfigpath=path Path for site configs
+ --cf='config line' Additional line of configuration
+ -d, --daemonize Daemonize
+ -h, --help Print usage message
+ -i [ip_or_name[:port]], --listen=[ip_or_name[:port]] Listen on IP addr and port
+ -p port, --port=port Listen on specified port, may be overridden by -i
+ -4, --ipv4-only, --ipv4 Use IPv4 where applicable, disables IPv6
+ -6 Use IPv6 where applicable, disables IPv4
+ -A host,..., --allowed-ips=..,.. Restrict to IP addresses which can connect
+ -m num, --max-children=num Allow maximum num children
+ --min-children=num Allow minimum num children
+ --min-spare=num Lower limit for number of spare children
+ --max-spare=num Upper limit for number of spare children
+ --max-conn-per-child=num Maximum connections accepted by child
+ before it is respawned
+ --round-robin Use traditional prefork algorithm
+ --timeout-tcp=secs Connection timeout for client headers
+ --timeout-child=secs Connection timeout for message checks
+ -q, --sql-config Enable SQL config (needs -x)
+ -Q, --setuid-with-sql Enable SQL config (needs -x,
+ enables use of -H)
+ --ldap-config Enable LDAP config (needs -x)
+ --setuid-with-ldap Enable LDAP config (needs -x,
+ enables use of -H)
+ --virtual-config-dir=dir Enable pattern based Virtual configs
+ (needs -x)
+ -r pidfile, --pidfile Write the process id to pidfile
+ -s facility, --syslog=facility Specify the syslog facility
+ --syslog-socket=type How to connect to syslogd
+ --log-timestamp-fmt=fmt strftime(3) format for timestamps, may be
+ empty to disable timestamps, or 'default'
+ -u username, --username=username Run as username
+ -g groupname, --groupname=groupname Run as groupname
+ -v, --vpopmail Enable vpopmail config
+ -x, --nouser-config Disable user config files
+ --auth-ident Use ident to identify spamc user (deprecated)
+ --ident-timeout=timeout Timeout for ident connections
+ -D, --debug[=areas] Print debugging messages (for areas)
+ -L, --local Use local tests only (no DNS)
+ -P, --paranoid Die upon user errors
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
+ --ssl Enable SSL on TCP connections
+ --ssl-port port Override --port setting for SSL connections
+ --ssl-version sslversion Specify SSL protocol version to use
+ --server-key keyfile Specify an SSL keyfile
+ --server-cert certfile Specify an SSL certificate
+ --socketpath=path Listen on a given UNIX domain socket
+ --socketowner=name Set UNIX domain socket file's owner
+ --socketgroup=name Set UNIX domain socket file's group
+ --socketmode=mode Set UNIX domain socket file's mode
+ -V, --version Print version and exit
+
+ The --listen option (or -i) may be specified multiple times, its syntax
+ is: [ ssl: ] [ host-name-or-IP-address ] [ : port ] or an absolute path
+ (filename) of a Unix socket. If port is omitted it defaults to --port or
+ to 783. Option --ssl implies a prefix 'ssl:'. An IPv6 address should be
+ enclosed in square brackets, e.g. [::1]:783, an IPv4 address may be but
+ need not be enclosed in square brackets. An asterisk '*' in place of a
+ hostname implies an unspecified address, ('0.0.0.0' or '::'), i.e. it
+ binds to all interfaces. An empty option value implies '*'. A default is
+ '--listen localhost', which binds to a loopback interface only.
+
+DESCRIPTION
+ The purpose of this program is to provide a daemonized version of the
+ spamassassin executable. The goal is improving throughput performance
+ for automated mail checking.
+
+ This is intended to be used alongside "spamc", a fast, low-overhead C
+ client program.
+
+ See the README file in the "spamd" directory of the SpamAssassin
+ distribution for more details.
+
+ Note: Although "spamd" will check per-user config files for every
+ message, any changes to the system-wide config files will require either
+ restarting spamd or forcing it to reload itself via SIGHUP for the
+ changes to take effect.
+
+ Note: If "spamd" receives a SIGHUP, it internally reloads itself, which
+ means that it will change its pid and might not restart at all if its
+ environment changed (ie. if it can't change back into its own
+ directory). If you plan to use SIGHUP, you should always start "spamd"
+ with the -r switch to know its current pid.
+
+OPTIONS
+ Options of the long form can be shortened as long as they remain
+ unambiguous. (i.e. --dae can be used instead of --daemonize) Also,
+ boolean options (like --user-config) can be negated by adding *no*
+ (--nouser-config), however, this is usually unnecessary.
+
+ -l, --allow-tell
+ Allow learning and forgetting (to a local Bayes database), reporting
+ and revoking (to a remote database) by spamd. The client issues a
+ TELL command to tell what type of message is being processed and
+ whether local (learn/forget) or remote (report/revoke) databases
+ should be updated.
+
+ Note that spamd always trusts the username passed in (unless
+ --auth-ident is used) so clients could maliciously learn messages
+ for other users. (This is not ususally a concern with an SQL Bayes
+ store as users will typically have read-write access directly to the
+ database, and can also use "sa-learn" with the -u option to achieve
+ the same result.)
+
+ -c, --create-prefs
+ Create user preferences files if they don't exist (default: don't).
+
+ -C *path*, --configpath=*path*
+ Use the specified path for locating the distributed configuration
+ files. Ignore the default directories (usually
+ "/usr/share/spamassassin" or similar).
+
+ --siteconfigpath=*path*
+ Use the specified path for locating site-specific configuration
+ files. Ignore the default directories (usually
+ "/etc/mail/spamassassin" or similar).
+
+ --cf='config line'
+ Add additional lines of configuration directly from the
+ command-line, parsed after the configuration files are read.
+ Multiple --cf arguments can be used, and each will be considered a
+ separate line of configuration.
+
+ -d, --daemonize
+ Detach from starting process and run in background (daemonize).
+
+ -h, --help
+ Print a brief help message, then exit without further action.
+
+ -V, --version
+ Print version information, then exit without further action.
+
+ -i [*ipaddress*[:<port>]], --listen[=*ipaddress*[:<port>]]
+ Additional alias names for this option are --listen-ip and
+ --ip-address. Tells spamd to listen on the specified IP address,
+ defaults to a loopback interface, i.e. "--listen localhost"). If no
+ value is specified after the switch, or if an asterisk '*' stands in
+ place of an <ipaddress>, spamd will listen on all interfaces - this
+ is equivalent to address '0.0.0.0' for IPv4 and to '::' for IPv6.
+ You can also use a valid hostname which will make spamd listen on
+ all addresses that a name resolves to. The option may be specified
+ multiple times. See also options -4 and -6 for restricting address
+ family to IPv4 or to IPv6. If a port is specified it overrides for
+ this socket the global --port (and --ssl-port) setting. An IPv6
+ addresses should be enclosed in square brackets, e.g. [::1]:783. For
+ compatibility square brackets on an IPv6 address may be omitted if a
+ port number specification is also omitted.
+
+ -p *port*, --port=*port*
+ Optionally specifies the port number for the server to listen on
+ (default: 783).
+
+ If the --ssl switch is used, and --ssl-port is not supplied, then
+ this port will be used to accept SSL connections instead of
+ unencrypted connections. If the --ssl switch is used, and --ssl-port
+ is set, then unencrypted connections will be accepted on the --port
+ at the same time as encrypted connections are accepted at
+ --ssl-port.
+
+ -q, --sql-config
+ Turn on SQL lookups even when per-user config files have been
+ disabled with -x. this is useful for spamd hosts which don't have
+ user's home directories but do want to load user preferences from an
+ SQL database.
+
+ If your spamc client does not support sending the "User:" header,
+ like "exiscan", then the SQL username used will always be nobody.
+
+ This inhibits the setuid() behavior, so the "-u" option is required.
+ If you want the setuid() behaviour, use "-Q" or "--setuid-with-sql"
+ instead.
+
+ --ldap-config
+ Turn on LDAP lookups. This is completely analog to "--sql-config",
+ only it is using an LDAP server.
+
+ Like "--sql-config", this disables the setuid behavior, and requires
+ "-u". If you want it, use "--setuid-with-ldap" instead.
+
+ -Q, --setuid-with-sql
+ Turn on SQL lookups even when per-user config files have been
+ disabled with -x and also setuid to the user. This is useful for
+ spamd hosts which want to load user preferences from an SQL database
+ but also wish to support the use of -H (Helper home directories.)
+
+ --setuid-with-ldap
+ Turn on LDAP lookups even when per-user config files have been
+ disabled with -x and also setuid to the user. This is again
+ completely analog to "--setuid-with-sql", only it is using an LDAP
+ server.
+
+ --virtual-config-dir=*pattern*
+ This option specifies where per-user preferences can be found for
+ virtual users, for the -x switch. The *pattern* is used as a base
+ pattern for the directory name. Any of the following escapes can be
+ used:
+
+ %u -- replaced with the full name of the current user, as sent by
+ spamc.
+ %l -- replaced with the 'local part' of the current username. In
+ other words, if the username is an email address, this is the part
+ before the "@" sign.
+ %d -- replaced with the 'domain' of the current username. In other
+ words, if the username is an email address, this is the part after
+ the "@" sign.
+ %% -- replaced with a single percent sign (%).
+
+ So for example, if "/vhome/users/%u/spamassassin" is specified, and
+ spamc sends a virtual username of "jm@example.com", the directory
+ "/vhome/users/jm@example.com/spamassassin" will be used.
+
+ The set of characters allowed in the virtual username for this path
+ are restricted to:
+
+ A-Z a-z 0-9 - + _ . , @ =
+
+ All others will be replaced by underscores ("_").
+
+ This path must be a writable directory. It will be created if it
+ does not already exist. If a file called user_prefs exists in this
+ directory (note: not in a ".spamassassin" subdirectory!), it will be
+ loaded as the user's preferences. The Bayes databases for that user
+ will be stored in this directory.
+
+ Note that this requires that -x is used, and cannot be combined with
+ SQL- or LDAP-based configuration.
+
+ The pattern must expand to an absolute directory when spamd is
+ running daemonized (-d).
+
+ Currently, use of this without -u is not supported. This inhibits
+ setuid.
+
+ -r *pidfile*, --pidfile=*pidfile*
+ Write the process ID of the spamd parent to the file specified by
+ *pidfile*. The file will be unlinked when the parent exits. Note
+ that when running with the -u option, the file must be writable by
+ that user.
+
+ -v, --vpopmail
+ Enable vpopmail config. If specified with with -u set to the
+ vpopmail user, this allows spamd to lookup/create user_prefs in the
+ vpopmail user's own maildir. This option is useful for vpopmail
+ virtual users who do not have an entry in the system /etc/passwd
+ file.
+
+ Currently, use of this without -u is not supported. This inhibits
+ setuid.
+
+ -s *facility*, --syslog=*facility*
+ Specify the syslog facility to use (default: mail). If "stderr" is
+ specified, output will be written to stderr. (This is useful if
+ you're running "spamd" under the "daemontools" package.) With a
+ *facility* of "file", all output goes to spamd.log. *facility* is
+ interpreted as a file name to log to if it contains any characters
+ except a-z and 0-9. "null" disables logging completely (used
+ internally).
+
+ Examples: spamd -s mail # use syslog, facility mail (default) spamd
+ -s ./mail # log to file ./mail spamd -s stderr 2>/dev/null # log to
+ stderr, throw messages away spamd -s null # the same as above spamd
+ -s file # log to file ./spamd.log spamd -s /var/log/spamd.log # log
+ to file /var/log/spamd.log
+
+ If logging to a file is enabled and that log file is rotated, the
+ spamd server must be restarted with a SIGHUP. (If the log file is
+ just truncated, this is not needed but still recommended.)
+
+ Note that logging to a file does not use locking, so you cannot
+ intermix logging from spamd and other processes into the same file.
+ If you want to mix logging like this, use syslog instead.
+
+ If you use syslog logging, it is essential to send a SIGHUP to the
+ spamd daemon when you restart the syslogd daemon. (This is due to a
+ shortcoming in Perl's syslog handling, where the disappearance of
+ the connection to the syslogd is considered a fatal error.)
+
+ --syslog-socket=*type*
+ Specify how spamd should send messages to syslogd. The *type* can be
+ any of the socket types or logging mechanisms as accepted by the
+ subroutine Sys::Syslog::setlogsock(). Depending on a version of
+ Sys::Syslog and on the underlying operating system, one of the
+ following values (or their subset) can be used: "native",
+ "eventlog", "tcp", "udp", "inet", "unix", "stream", "pipe", or
+ "console". The value "eventlog" is specific to Win32 events logger
+ and requires a perl module Win32::EventLog to be installed. For more
+ information please consult the Sys::Syslog documentation.
+
+ A historical setting --syslog-socket=none is mapped to
+ --syslog=stderr.
+
+ A default for Windows platforms is "none", otherwise the default is
+ to try "unix" first, falling back to "inet" if perl detects errors
+ in its "unix" support.
+
+ Some platforms, or versions of perl, are shipped with old or
+ dysfunctional versions of the Sys::Syslog module which do not
+ support some socket types, so you may need to set this option
+ explicitly. If you get error messages regarding __PATH_LOG or
+ similar spamd, try changing this setting.
+
+ The socket types "file" is used internally and should not be
+ specified. Use the "-s" switch instead.
+
+ --log-timestamp-fmt=*format*
+ The --log-timestamp-fmt option can provide a POSIX strftime(3)
+ format for timestamps included in each logged message. Each logger
+ (stderr, file, syslog) has its own default value for a timestamp
+ format, which applies when --log-timestamp-fmt option is not given,
+ or with --log-timestamp-fmt=default . Timestamps can be turned off
+ by specifying an empty string with this option, e.g.
+ --log-timestamp-fmt='' or just --log-timestamp-fmt= . Typical use:
+ --log-timestamp-fmt='%a %b %e %H:%M:%S %Y' (provides localized
+ weekday and month names in the ctime(3) style), or '%a, %e %b %Y
+ %H:%M:%S %z (%Z)' for a RFC 2822 format, or maybe '%Y-%m-%d
+ %H:%M:%S%z' for an ISO 8601 (EN 28601) format, or just
+ '%Y%m%dT%H%M%S' .
+
+ -u *username*, --username=*username*
+ Run as the named user. If this option is not set, the default
+ behaviour is to setuid() to the user running "spamc", if "spamd" is
+ running as root.
+
+ Note: "--username=root" is not a valid option. If specified, "spamd"
+ will exit with a fatal error on startup.
+
+ -g *groupname*, --groupname=*groupname*
+ Run as the named group if --username is being used. If this option
+ is not set when --username is used then the primary group for the
+ user given to --username is used.
+
+ -x, --nouser-config, --user-config
+ Turn off (on) reading of per-user configuration files (user_prefs)
+ from the user's home directory. The default behaviour is to read
+ per-user configuration from the user's home directory
+ (--user-config).
+
+ This option does not disable or otherwise influence the SQL, LDAP or
+ Virtual Config Dir settings.
+
+ --auth-ident
+ Verify the username provided by spamc using ident. This is only
+ useful if connections are only allowed from trusted hosts (because
+ an identd that lies is trivial to create) and if spamc REALLY SHOULD
+ be running as the user it represents. Connections are terminated
+ immediately if authentication fails. In this case, spamc will pass
+ the mail through unchecked. Failure to connect to an ident server,
+ and response timeouts are considered authentication failures. This
+ requires that Net::Ident be installed. Deprecated.
+
+ --ident-timeout=*timeout*
+ Wait at most *timeout* seconds for a response to ident queries.
+ Ident query that takes longer that *timeout* seconds will fail, and
+ mail will not be processed. Setting this to 0.0 or less results in
+ no timeout, which is STRONGLY discouraged. The default is 5 seconds.
+
+ -A *host,...*, --allowed-ips=*host,...*
+ Specify a comma-separated list of authorized hosts or networks which
+ can connect to this spamd instance. Each element of the list is
+ either a single IP addresses, or a range of IP addresses in
+ address/masklength CIDR notation, or ranges of IPv4 addresses by
+ specifying 3 or less octets with a trailing dot. Hostnames are not
+ supported, only IPv4 or IPv6 addresses. This option can be specified
+ multiple times, or can take a list of addresses separated by commas.
+ IPv6 addresses may be (but need not be) enclosed in square brackets
+ for consistency with option --listen. Examples:
+
+ -A 10.11.12.13 -- only allow connections from 10.11.12.13.
+
+ -A 10.11.12.13,10.11.12.14 -- only allow connections from
+ 10.11.12.13 and 10.11.12.14.
+
+ -A 10.200.300.0/24 -- allow connections from any machine in the
+ range "10.200.300.*".
+
+ -A 10. -- allow connections from any machine in the range
+ "10.*.*.*".
+
+ -A [2001:db8::]/32,192.0.2.0/24,::1,127.0.0.0/8 -- only accept
+ connections from specified test networks and from localhost.
+
+ In absence of the -A option, connections are only accepted from IP
+ address 127.0.0.1 or ::1, i.e. from localhost on a loopback
+ interface.
+
+ -D [*area,...*], --debug [*area,...*]
+ Produce debugging output. If no areas are listed, all debugging
+ information is printed. Diagnostic output can also be enabled for
+ each area individually; *area* is the area of the code to
+ instrument. For example, to produce diagnostic output on bayes,
+ learn, and dns, use:
+
+ spamassassin -D bayes,learn,dns
+
+ Higher priority informational messages that are suitable for logging
+ in normal circumstances are available with an area of "info".
+
+ For more information about which areas (also known as channels) are
+ available, please see the documentation at:
+
+ C<http://wiki.apache.org/spamassassin/DebugChannels>
+
+ -4, --ipv4only, --ipv4-only, --ipv4
+ Use IPv4 where applicable, do not use IPv6. The option affects a set
+ of listen sockets (see option "--listen") and disables IPv6 for DNS
+ tests.
+
+ -6 Use IPv6 where applicable, do not use IPv4. The option affects a set
+ of listen sockets (see option "--listen") and disables IPv4 for DNS
+ tests. Installing a module IO::Socket::IP is recommended if spamd is
+ expected to receive requests over IPv6.
+
+ -L, --local
+ Perform only local tests on all mail. In other words, skip DNS and
+ other network tests. Works the same as the "-L" flag to
+ spamassassin(1).
+
+ -P, --paranoid
+ Die on user errors (for the user passed from spamc) instead of
+ falling back to user *nobody* and using the default configuration.
+
+ -m *number* , --max-children=*number*
+ This option specifies the maximum number of children to spawn. Spamd
+ will spawn that number of children, then sleep in the background
+ until a child dies, wherein it will go and spawn a new child.
+
+ Incoming connections can still occur if all of the children are
+ busy, however those connections will be queued waiting for a free
+ child. The minimum value is 1, the default value is 5.
+
+ Please note that there is a OS specific maximum of connections that
+ can be queued (Try "perl -MSocket -e'print SOMAXCONN'" to find this
+ maximum).
+
+ Note that if you run too many servers for the amount of free RAM
+ available, you run the danger of hurting performance by causing a
+ high swap load as server processes are swapped in and out
+ continually.
+
+ --min-children=*number*
+ The minimum number of children that will be kept running. The
+ minimum value is 1, the default value is 1. If you have lots of free
+ RAM, you may want to increase this.
+
+ --min-spare=*number*
+ The lower limit for the number of spare children allowed to run. A
+ spare, or idle, child is one that is not handling a scan request. If
+ there are too few spare children available, a new server will be
+ started every second or so. The default value is 1.
+
+ --max-spare=*number*
+ The upper limit for the number of spare children allowed to run. If
+ there are too many spare children, one will be killed every second
+ or so until the number of idle children is in the desired range. The
+ default value is 2.
+
+ --max-conn-per-child=*number*
+ This option specifies the maximum number of connections each child
+ should process before dying and letting the master spamd process
+ spawn a new child. The minimum value is 1, the default value is 200.
+
+ --round-robin
+ By default, "spamd" will attempt to keep a small number of "hot"
+ child processes as busy as possible, and keep any others as idle as
+ possible, using something similar to the Apache httpd server scaling
+ algorithm. This is accomplished by the master process coordinating
+ the activities of the children. This switch will disable this
+ scaling algorithm, and the behaviour seen in the 3.0.x versions will
+ be used instead, where all processes receive an equal load and no
+ scaling takes place.
+
+ --timeout-tcp=*number*
+ This option specifies the number of seconds to wait for headers from
+ a client (spamc) before closing the connection. The minimum value is
+ 1, the default value is 30, and a value of 0 will disable socket
+ timeouts completely.
+
+ --timeout-child=*number*
+ This option specifies the number of seconds to wait for a spamd
+ child to process or check a message. The minimum value is 1, the
+ default value is 300, and a value of 0 will disable child timeouts
+ completely.
+
+ -H *directory*, --helper-home-dir=*directory*
+ Specify that external programs such as Razor, DCC, and Pyzor should
+ have a HOME environment variable set to a specific directory. The
+ default is to use the HOME environment variable setting from the
+ shell running spamd. By specifying no argument, spamd will use the
+ spamc caller's home directory instead.
+
+ --ssl
+ Accept only SSL connections on the associated port. The
+ IO::Socket::SSL perl module must be installed.
+
+ If the --ssl switch is used, and --ssl-port is not supplied, then
+ --port port will be used to accept SSL connections instead of
+ unencrypted connections. If the --ssl switch is used, and --ssl-port
+ is set, then unencrypted connections will be accepted on the --port,
+ at the same time as encrypted connections are accepted at
+ --ssl-port.
+
+ --ssl-port=*port*
+ Optionally specifies the port number for the server to listen on for
+ SSL connections (default: whatever --port uses). See --ssl for more
+ details.
+
+ --ssl-version=*sslversion*
+ Specify the SSL protocol version to use, one of sslv3 or tlsv1. The
+ default, sslv3, is the most flexible, accepting a SSLv3 or higher
+ hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if
+ the client can accept it. Specifying --ssl-version implies --ssl.
+
+ --server-key *keyfile*
+ Specify the SSL key file to use for SSL connections.
+
+ --server-cert *certfile*
+ Specify the SSL certificate file to use for SSL connections.
+
+ --socketpath *pathname*
+ Listen on a UNIX domain socket at path *pathname*, in addition to
+ sockets specified with a "--listen" option. This option is provided
+ for compatibility with older versions of spamd. Starting with
+ version 3.4.0 the "--listen" option can also take a UNIX domain
+ socket as its value (an absolute path name). Unlike "--socketpath",
+ the "--listen" option may be specified multiple times if spamd needs
+ to listen on multiple UNIX or INET or INET6 sockets.
+
+ Warning: the Perl support on BSD platforms for UNIX domain sockets
+ seems to have a bug regarding paths of over 100 bytes or so
+ (SpamAssassin bug 4380). If you see a 'could not find newly-created
+ UNIX socket' error message, and the path appears truncated, this may
+ be the cause. Try using a shorter path to the socket.
+
+ By default, use of --socketpath without --listen will inhibit SSL
+ connections and unencrypted TCP connections. To add other sockets,
+ specify them with --listen, e.g. '--listen=:' or '--listen=*:'
+
+ --socketowner *name*
+ Set UNIX domain socket to be owned by the user named *name*. Note
+ that this requires that spamd be started as "root", and if "-u" is
+ used, that user should have write permissions to unlink the file
+ later, for when the "spamd" server is killed.
+
+ --socketgroup *name*
+ Set UNIX domain socket to be owned by the group named *name*. See
+ "--socketowner" for notes on ownership and permissions.
+
+ --socketmode *mode*
+ Set UNIX domain socket to use the octal mode *mode*. Note that if
+ "-u" is used, that user should have write permissions to unlink the
+ file later, for when the "spamd" server is killed.
+
+SEE ALSO
+ spamc(1) spamassassin(1) Mail::SpamAssassin::Conf(3)
+ Mail::SpamAssassin(3)
+
+PREREQUISITES
+ "Mail::SpamAssassin"
+
+AUTHORS
+ The SpamAssassin(tm) Project (http://spamassassin.apache.org/)
+
+LICENSE
+ SpamAssassin is distributed under the Apache License, Version 2.0, as
+ described in the file "LICENSE" included with the distribution.
+