You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2010/03/19 17:21:04 UTC
svn commit: r925305 [9/14] - in /spamassassin/site/full/3.3.x: ./ doc/
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,272 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::AWL - Normalize scores via auto-whitelist</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#template_tags">TEMPLATE TAGS</a></li>
+ <li><a href="#user_preferences">USER PREFERENCES</a></li>
+ <li><a href="#administrator_settings">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::AWL - Normalize scores via auto-whitelist</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<p>To try this out, add this or uncomment this line in init.pre:</p>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::AWL</pre>
+<p>Use the supplied 60_awl.cf file (ie you don't have to do anything) or
+add these lines to a .cf file:</p>
+<pre>
+ header AWL eval:check_from_in_auto_whitelist()
+ describe AWL From: address is in the auto white-list
+ tflags AWL userconf noautolearn
+ priority AWL 1000</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>This plugin module provides support for the auto-whitelist. It keeps
+track of the average SpamAssassin score for senders. Senders are
+tracked using a combination of their From: address and their IP address.
+It then uses that average score to reduce the variability in scoring
+from message to message and modifies the final score by pushing the
+result towards the historical average. This improves the accuracy of
+filtering for most email.</p>
+<p>
+</p>
+<hr />
+<h1><a name="template_tags">TEMPLATE TAGS</a></h1>
+<p>This plugin module adds the following <code>tags</code> that can be used as
+placeholders in certain options. See <code>Mail::SpamAssassin::Conf</code>
+for more information on TEMPLATE TAGS.</p>
+<pre>
+ _AWL_ AWL modifier
+ _AWLMEAN_ Mean score on which AWL modification is based
+ _AWLCOUNT_ Number of messages on which AWL modification is based
+ _AWLPRESCORE_ Score before AWL</pre>
+<p>
+</p>
+<hr />
+<h1><a name="user_preferences">USER PREFERENCES</a></h1>
+<p>The following options can be used in both site-wide (<code>local.cf</code>) and
+user-specific (<code>user_prefs</code>) configuration files to customize how
+SpamAssassin handles incoming email messages.</p>
+<dl>
+<dt><strong><a name="item_use_auto_whitelist">use_auto_whitelist ( 0 | 1 ) (default: 1)</a></strong><br />
+</dt>
+<dd>
+Whether to use auto-whitelists. Auto-whitelists track the long-term
+average score for each sender and then shift the score of new messages
+toward that long-term average. This can increase or decrease the score
+for messages, depending on the long-term behavior of the particular
+correspondent.
+</dd>
+<dd>
+<p>For more information about the auto-whitelist system, please look
+at the the <code>Automatic Whitelist System</code> section of the README file.
+The auto-whitelist is not intended as a general-purpose replacement
+for static whitelist entries added to your config files.</p>
+</dd>
+<dd>
+<p>Note that certain tests are ignored when determining the final
+message score:</p>
+</dd>
+<dd>
+<pre>
+ - rules with tflags set to 'noautolearn'</pre>
+</dd>
+<p></p>
+<dt><strong><a name="item_n">auto_whitelist_factor n (default: 0.5, range [0..1])</a></strong><br />
+</dt>
+<dd>
+How much towards the long-term mean for the sender to regress a message.
+Basically, the algorithm is to track the long-term mean score of messages for
+the sender (<code>mean</code>), and then once we have otherwise fully calculated the
+score for this message (<code>score</code>), we calculate the final score for the
+message as:
+</dd>
+<dd>
+<p><code>finalscore</code> = <code>score</code> + (<code>mean</code> - <code>score</code>) * <code>factor</code></p>
+</dd>
+<dd>
+<p>So if <code>factor</code> = 0.5, then we'll move to half way between the calculated
+score and the mean. If <code>factor</code> = 0.3, then we'll move about 1/3 of the way
+from the score toward the mean. <code>factor</code> = 1 means just use the long-term
+mean; <code>factor</code> = 0 mean just use the calculated score.</p>
+</dd>
+<p></p>
+<dt><strong>auto_whitelist_ipv4_mask_len n (default: 16, range [0..32])</strong><br />
+</dt>
+<dd>
+The AWL database keeps only the specified number of most-significant bits
+of an IPv4 address in its fields, so that different individual IP addresses
+within a subnet belonging to the same owner are managed under a single
+database record. As we have no information available on the allocated
+address ranges of senders, this CIDR mask length is only an approximation.
+The default is 16 bits, corresponding to a former class B. Increase the
+number if a finer granularity is desired, e.g. to 24 (class C) or 32.
+A value 0 is allowed but is not particularly useful, as it would treat the
+whole internet as a single organization. The number need not be a multiple
+of 8, any split is allowed.
+</dd>
+<p></p>
+<dt><strong>auto_whitelist_ipv6_mask_len n (default: 48, range [0..128])</strong><br />
+</dt>
+<dd>
+The AWL database keeps only the specified number of most-significant bits
+of an IPv6 address in its fields, so that different individual IP addresses
+within a subnet belonging to the same owner are managed under a single
+database record. As we have no information available on the allocated address
+ranges of senders, this CIDR mask length is only an approximation. The default
+is 48 bits, corresponding to an address range commonly allocated to individual
+(smaller) organizations. Increase the number for a finer granularity, e.g.
+to 64 or 96 or 128, or decrease for wider ranges, e.g. 32. A value 0 is
+allowed but is not particularly useful, as it would treat the whole internet
+as a single organization. The number need not be a multiple of 4, any split
+is allowed.
+</dd>
+<p></p>
+<dt><strong><a name="item_user_awl_sql_override_username">user_awl_sql_override_username</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>If this option is set the SQLBasedAddrList module will override the set
+username with the value given. This can be useful for implementing global
+or group based auto-whitelist databases.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_auto_whitelist_distinguish_signed">auto_whitelist_distinguish_signed</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>If this option is set the SQLBasedAddrList module will keep separate
+database entries for DKIM-validated e-mail addresses and for non-validated
+ones. A pre-requisite when setting this option is that a field awl.signedby
+exists in a SQL table, otherwise SQL operations will fail (which is why we
+need this option at all - for compatibility with pre-3.3.0 database schema).
+A plugin DKIM should also be enabled, as otherwise there is no benefit from
+turning on this option.</p>
+</dd>
+<p></p></dl>
+<p>
+</p>
+<hr />
+<h1><a name="administrator_settings">ADMINISTRATOR SETTINGS</a></h1>
+<p>These settings differ from the ones above, in that they are considered 'more
+privileged' -- even more than the ones in the <strong>PRIVILEGED SETTINGS</strong> section.
+No matter what <code>allow_user_rules</code> is set to, these can never be set from a
+user's <code>user_prefs</code> file.</p>
+<dl>
+<dt><strong><a name="item_module">auto_whitelist_factory module (default: Mail::SpamAssassin::DBBasedAddrList)</a></strong><br />
+</dt>
+<dd>
+Select alternative whitelist factory module.
+</dd>
+<p></p>
+<dt><strong><a name="item_filename">auto_whitelist_path /path/filename (default: ~/.spamassassin/auto-whitelist)</a></strong><br />
+</dt>
+<dd>
+This is the automatic-whitelist directory and filename. By default, each user
+has their own whitelist database in their <code>~/.spamassassin</code> directory with
+mode 0700. For system-wide SpamAssassin use, you may want to share this
+across all users, although that is not recommended.
+</dd>
+<p></p>
+<dt><strong><a name="item_auto_whitelist_db_modules_module__2e_2e_2e__28defa">auto_whitelist_db_modules Module ... (default: see below)</a></strong><br />
+</dt>
+<dd>
+What database modules should be used for the auto-whitelist storage database
+file. The first named module that can be loaded from the perl include path
+will be used. The format is:
+</dd>
+<dd>
+<pre>
+ PreferredModuleName SecondBest ThirdBest ...</pre>
+</dd>
+<dd>
+<p>ie. a space-separated list of perl module names. The default is:</p>
+</dd>
+<dd>
+<pre>
+ DB_File GDBM_File SDBM_File</pre>
+</dd>
+<dd>
+<p>NDBM_File is no longer supported, since it appears to have bugs that
+preclude its use for the AWL (see SpamAssassin bug 4353).</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_auto_whitelist_file_mode">auto_whitelist_file_mode (default: 0700)</a></strong><br />
+</dt>
+<dd>
+The file mode bits used for the automatic-whitelist directory or file.
+</dd>
+<dd>
+<p>Make sure you specify this using the 'x' mode bits set, as it may also be used
+to create directories. However, if a file is created, the resulting file will
+not have any execute bits set (the umask is set to 111).</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_user_awl_dsn_dbi_3adatabasetype_3adatabasename_3ah">user_awl_dsn DBI:databasetype:databasename:hostname:port</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>This will set the DSN used to connect. Example:
+<code>DBI:mysql:spamassassin:localhost</code></p>
+</dd>
+<p></p>
+<dt><strong><a name="item_user_awl_sql_username_username">user_awl_sql_username username</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>The authorized username to connect to the above DSN.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_user_awl_sql_password_password">user_awl_sql_password password</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>The password for the database username, for the above DSN.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_user_awl_sql_table_tablename">user_awl_sql_table tablename</a></strong><br />
+</dt>
+<dd>
+Used by the SQLBasedAddrList storage implementation.
+</dd>
+<dd>
+<p>The table user auto-whitelists are stored in, for the above DSN.</p>
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AWL.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,180 @@
+NAME
+ Mail::SpamAssassin::Plugin::AWL - Normalize scores via auto-whitelist
+
+SYNOPSIS
+ To try this out, add this or uncomment this line in init.pre:
+
+ loadplugin Mail::SpamAssassin::Plugin::AWL
+
+ Use the supplied 60_awl.cf file (ie you don't have to do anything) or
+ add these lines to a .cf file:
+
+ header AWL eval:check_from_in_auto_whitelist()
+ describe AWL From: address is in the auto white-list
+ tflags AWL userconf noautolearn
+ priority AWL 1000
+
+DESCRIPTION
+ This plugin module provides support for the auto-whitelist. It keeps
+ track of the average SpamAssassin score for senders. Senders are tracked
+ using a combination of their From: address and their IP address. It then
+ uses that average score to reduce the variability in scoring from
+ message to message and modifies the final score by pushing the result
+ towards the historical average. This improves the accuracy of filtering
+ for most email.
+
+TEMPLATE TAGS
+ This plugin module adds the following "tags" that can be used as
+ placeholders in certain options. See "Mail::SpamAssassin::Conf" for more
+ information on TEMPLATE TAGS.
+
+ _AWL_ AWL modifier
+ _AWLMEAN_ Mean score on which AWL modification is based
+ _AWLCOUNT_ Number of messages on which AWL modification is based
+ _AWLPRESCORE_ Score before AWL
+
+USER PREFERENCES
+ The following options can be used in both site-wide ("local.cf") and
+ user-specific ("user_prefs") configuration files to customize how
+ SpamAssassin handles incoming email messages.
+
+ use_auto_whitelist ( 0 | 1 ) (default: 1)
+ Whether to use auto-whitelists. Auto-whitelists track the long-term
+ average score for each sender and then shift the score of new
+ messages toward that long-term average. This can increase or
+ decrease the score for messages, depending on the long-term behavior
+ of the particular correspondent.
+
+ For more information about the auto-whitelist system, please look at
+ the the "Automatic Whitelist System" section of the README file. The
+ auto-whitelist is not intended as a general-purpose replacement for
+ static whitelist entries added to your config files.
+
+ Note that certain tests are ignored when determining the final
+ message score:
+
+ - rules with tflags set to 'noautolearn'
+
+ auto_whitelist_factor n (default: 0.5, range [0..1])
+ How much towards the long-term mean for the sender to regress a
+ message. Basically, the algorithm is to track the long-term mean
+ score of messages for the sender ("mean"), and then once we have
+ otherwise fully calculated the score for this message ("score"), we
+ calculate the final score for the message as:
+
+ "finalscore" = "score" + ("mean" - "score") * "factor"
+
+ So if "factor" = 0.5, then we'll move to half way between the
+ calculated score and the mean. If "factor" = 0.3, then we'll move
+ about 1/3 of the way from the score toward the mean. "factor" = 1
+ means just use the long-term mean; "factor" = 0 mean just use the
+ calculated score.
+
+ auto_whitelist_ipv4_mask_len n (default: 16, range [0..32])
+ The AWL database keeps only the specified number of most-significant
+ bits of an IPv4 address in its fields, so that different individual
+ IP addresses within a subnet belonging to the same owner are managed
+ under a single database record. As we have no information available
+ on the allocated address ranges of senders, this CIDR mask length is
+ only an approximation. The default is 16 bits, corresponding to a
+ former class B. Increase the number if a finer granularity is
+ desired, e.g. to 24 (class C) or 32. A value 0 is allowed but is not
+ particularly useful, as it would treat the whole internet as a
+ single organization. The number need not be a multiple of 8, any
+ split is allowed.
+
+ auto_whitelist_ipv6_mask_len n (default: 48, range [0..128])
+ The AWL database keeps only the specified number of most-significant
+ bits of an IPv6 address in its fields, so that different individual
+ IP addresses within a subnet belonging to the same owner are managed
+ under a single database record. As we have no information available
+ on the allocated address ranges of senders, this CIDR mask length is
+ only an approximation. The default is 48 bits, corresponding to an
+ address range commonly allocated to individual (smaller)
+ organizations. Increase the number for a finer granularity, e.g. to
+ 64 or 96 or 128, or decrease for wider ranges, e.g. 32. A value 0 is
+ allowed but is not particularly useful, as it would treat the whole
+ internet as a single organization. The number need not be a multiple
+ of 4, any split is allowed.
+
+ user_awl_sql_override_username
+ Used by the SQLBasedAddrList storage implementation.
+
+ If this option is set the SQLBasedAddrList module will override the
+ set username with the value given. This can be useful for
+ implementing global or group based auto-whitelist databases.
+
+ auto_whitelist_distinguish_signed
+ Used by the SQLBasedAddrList storage implementation.
+
+ If this option is set the SQLBasedAddrList module will keep separate
+ database entries for DKIM-validated e-mail addresses and for
+ non-validated ones. A pre-requisite when setting this option is that
+ a field awl.signedby exists in a SQL table, otherwise SQL operations
+ will fail (which is why we need this option at all - for
+ compatibility with pre-3.3.0 database schema). A plugin DKIM should
+ also be enabled, as otherwise there is no benefit from turning on
+ this option.
+
+ADMINISTRATOR SETTINGS
+ These settings differ from the ones above, in that they are considered
+ 'more privileged' -- even more than the ones in the PRIVILEGED SETTINGS
+ section. No matter what "allow_user_rules" is set to, these can never be
+ set from a user's "user_prefs" file.
+
+ auto_whitelist_factory module (default:
+ Mail::SpamAssassin::DBBasedAddrList)
+ Select alternative whitelist factory module.
+
+ auto_whitelist_path /path/filename (default:
+ ~/.spamassassin/auto-whitelist)
+ This is the automatic-whitelist directory and filename. By default,
+ each user has their own whitelist database in their
+ "~/.spamassassin" directory with mode 0700. For system-wide
+ SpamAssassin use, you may want to share this across all users,
+ although that is not recommended.
+
+ auto_whitelist_db_modules Module ... (default: see below)
+ What database modules should be used for the auto-whitelist storage
+ database file. The first named module that can be loaded from the
+ perl include path will be used. The format is:
+
+ PreferredModuleName SecondBest ThirdBest ...
+
+ ie. a space-separated list of perl module names. The default is:
+
+ DB_File GDBM_File SDBM_File
+
+ NDBM_File is no longer supported, since it appears to have bugs that
+ preclude its use for the AWL (see SpamAssassin bug 4353).
+
+ auto_whitelist_file_mode (default: 0700)
+ The file mode bits used for the automatic-whitelist directory or
+ file.
+
+ Make sure you specify this using the 'x' mode bits set, as it may
+ also be used to create directories. However, if a file is created,
+ the resulting file will not have any execute bits set (the umask is
+ set to 111).
+
+ user_awl_dsn DBI:databasetype:databasename:hostname:port
+ Used by the SQLBasedAddrList storage implementation.
+
+ This will set the DSN used to connect. Example:
+ "DBI:mysql:spamassassin:localhost"
+
+ user_awl_sql_username username
+ Used by the SQLBasedAddrList storage implementation.
+
+ The authorized username to connect to the above DSN.
+
+ user_awl_sql_password password
+ Used by the SQLBasedAddrList storage implementation.
+
+ The password for the database username, for the above DSN.
+
+ user_awl_sql_table tablename
+ Used by the SQLBasedAddrList storage implementation.
+
+ The table user auto-whitelists are stored in, for the above DSN.
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,57 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::AccessDB - check message against Access Database</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::AccessDB - check message against Access Database</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::AccessDB</pre>
+<pre>
+ header ACCESSDB eval:check_access_database('/etc/mail/access.db')
+ describe ACCESSDB Message would have been caught by accessdb
+ tflags ACCESSDB userconf
+ score ACCESSDB 2</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>Many MTAs support access databases, such as Sendmail, Postfix, etc.
+This plugin does similar checks to see whether a message would have
+been flagged.</p>
+<p>The rule returns false if an entry isn't found, or the entry has a RHS of
+<em>OK</em> or <em>SKIP</em>.</p>
+<p>The rule returns true if an entry exists and has a RHS of <em>REJECT</em>, <em>ERROR</em>,
+or <em>DISCARD</em>.</p>
+<p>Note: only the first word (split on non-word characters) of the RHS
+is checked, so <code>error:5.7.1:...</code> means <code>ERROR</code>.</p>
+<p><strong>AccessDB Pointers:</strong></p>
+<pre>
+ <a href="http://www.faqs.org/docs/securing/chap22sec178.html">http://www.faqs.org/docs/securing/chap22sec178.html</a>
+ <a href="http://www.postfix.org/access.5.html">http://www.postfix.org/access.5.html</a></pre>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AccessDB.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,31 @@
+NAME
+ Mail::SpamAssassin::Plugin::AccessDB - check message against Access
+ Database
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::AccessDB
+
+ header ACCESSDB eval:check_access_database('/etc/mail/access.db')
+ describe ACCESSDB Message would have been caught by accessdb
+ tflags ACCESSDB userconf
+ score ACCESSDB 2
+
+DESCRIPTION
+ Many MTAs support access databases, such as Sendmail, Postfix, etc. This
+ plugin does similar checks to see whether a message would have been
+ flagged.
+
+ The rule returns false if an entry isn't found, or the entry has a RHS
+ of *OK* or *SKIP*.
+
+ The rule returns true if an entry exists and has a RHS of *REJECT*,
+ *ERROR*, or *DISCARD*.
+
+ Note: only the first word (split on non-word characters) of the RHS is
+ checked, so "error:5.7.1:..." means "ERROR".
+
+ AccessDB Pointers:
+
+ http://www.faqs.org/docs/securing/chap22sec178.html
+ http://www.postfix.org/access.5.html
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,52 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>AntiVirus - simple anti-virus tests</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>AntiVirus - simple anti-virus tests</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::AntiVirus</pre>
+<pre>
+ body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
+ body MIME_SUSPECT_NAME eval:check_suspect_name()</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>The MICROSOFT_EXECUTABLE rule works by checking for 3 possibilities in
+the message in any application/* or text/* part in the message:</p>
+<dl>
+<dt><strong><a name="item__2d_in_text_parts_2c_look_for_a_uuencoded_executab">- in text parts, look for a uuencoded executable start string</a></strong><br />
+</dt>
+<dt><strong><a name="item__2d_in_application_parts_2c_look_for_filenames_end">- in application parts, look for filenames ending in an executable extension</a></strong><br />
+</dt>
+<dt><strong><a name="item__2d_in_application_parts_2c_look_for_a_base64_enco">- in application parts, look for a base64 encoded executable start string</a></strong><br />
+</dt>
+</dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AntiVirus.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,19 @@
+NAME
+ AntiVirus - simple anti-virus tests
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::AntiVirus
+
+ body MICROSOFT_EXECUTABLE eval:check_microsoft_executable()
+ body MIME_SUSPECT_NAME eval:check_suspect_name()
+
+DESCRIPTION
+ The MICROSOFT_EXECUTABLE rule works by checking for 3 possibilities in
+ the message in any application/* or text/* part in the message:
+
+ - in text parts, look for a uuencoded executable start string
+ - in application parts, look for filenames ending in an executable
+ extension
+ - in application parts, look for a base64 encoded executable start
+ string
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,82 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#user_options">USER OPTIONS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>This plugin implements the threshold-based auto-learning discriminator
+for SpamAssassin's Bayes subsystem. Auto-learning is a mechanism
+whereby high-scoring mails (or low-scoring mails, for non-spam) are fed
+into its learning systems without user intervention, during scanning.</p>
+<p>Note that certain tests are ignored when determining whether a message
+should be trained upon:</p>
+<ul>
+<li><strong><a name="item_rules_with_tflags_set_to__27learn_27__28the_bayesi">rules with tflags set to 'learn' (the Bayesian rules)</a></strong><br />
+</li>
+<li><strong><a name="item_rules_with_tflags_set_to__27userconf_27__28user_co">rules with tflags set to 'userconf' (user configuration)</a></strong><br />
+</li>
+<li><strong><a name="item_rules_with_tflags_set_to__27noautolearn_27">rules with tflags set to 'noautolearn'</a></strong><br />
+</li>
+</ul>
+<p>Also note that auto-learning occurs using scores from either scoreset 0
+or 1, depending on what scoreset is used during message check. It is
+likely that the message check and auto-learn scores will be different.</p>
+<p>
+</p>
+<hr />
+<h1><a name="user_options">USER OPTIONS</a></h1>
+<p>The following configuration settings are used to control auto-learning:</p>
+<dl>
+<dt><strong><a name="item_nn">bayes_auto_learn_threshold_nonspam n.nn (default: 0.1)</a></strong><br />
+</dt>
+<dd>
+The score threshold below which a mail has to score, to be fed into
+SpamAssassin's learning systems automatically as a non-spam message.
+</dd>
+<p></p>
+<dt><strong>bayes_auto_learn_threshold_spam n.nn (default: 12.0)</strong><br />
+</dt>
+<dd>
+The score threshold above which a mail has to score, to be fed into
+SpamAssassin's learning systems automatically as a spam message.
+</dd>
+<dd>
+<p>Note: SpamAssassin requires at least 3 points from the header, and 3
+points from the body to auto-learn as spam. Therefore, the minimum
+working value for this option is 6.</p>
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,39 @@
+NAME
+ Mail::SpamAssassin::Plugin::AutoLearnThreshold - threshold-based
+ discriminator for Bayes auto-learning
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
+
+DESCRIPTION
+ This plugin implements the threshold-based auto-learning discriminator
+ for SpamAssassin's Bayes subsystem. Auto-learning is a mechanism whereby
+ high-scoring mails (or low-scoring mails, for non-spam) are fed into its
+ learning systems without user intervention, during scanning.
+
+ Note that certain tests are ignored when determining whether a message
+ should be trained upon:
+
+ * rules with tflags set to 'learn' (the Bayesian rules)
+ * rules with tflags set to 'userconf' (user configuration)
+ * rules with tflags set to 'noautolearn'
+
+ Also note that auto-learning occurs using scores from either scoreset 0
+ or 1, depending on what scoreset is used during message check. It is
+ likely that the message check and auto-learn scores will be different.
+
+USER OPTIONS
+ The following configuration settings are used to control auto-learning:
+
+ bayes_auto_learn_threshold_nonspam n.nn (default: 0.1)
+ The score threshold below which a mail has to score, to be fed into
+ SpamAssassin's learning systems automatically as a non-spam message.
+
+ bayes_auto_learn_threshold_spam n.nn (default: 12.0)
+ The score threshold above which a mail has to score, to be fed into
+ SpamAssassin's learning systems automatically as a spam message.
+
+ Note: SpamAssassin requires at least 3 points from the header, and 3
+ points from the body to auto-learn as spam. Therefore, the minimum
+ working value for this option is 6.
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,49 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::Bayes - determine spammishness using a Bayesian classifier</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#methods">METHODS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::Bayes - determine spammishness using a Bayesian classifier</p>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>This is a Bayesian-style probabilistic classifier, using an algorithm based on
+the one detailed in Paul Graham's <em>A Plan For Spam</em> paper at:</p>
+<pre>
+ <a href="http://www.paulgraham.com/spam.html">http://www.paulgraham.com/spam.html</a></pre>
+<p>It also incorporates some other aspects taken from Graham Robinson's webpage
+on the subject at:</p>
+<pre>
+ <a href="http://radio.weblogs.com/0101454/stories/2002/09/16/spamDetection.html">http://radio.weblogs.com/0101454/stories/2002/09/16/spamDetection.html</a></pre>
+<p>And the chi-square probability combiner as described here:</p>
+<pre>
+ <a href="http://www.linuxjournal.com/print.php?sid=6467">http://www.linuxjournal.com/print.php?sid=6467</a></pre>
+<p>The results are incorporated into SpamAssassin as the BAYES_* rules.</p>
+<p>
+</p>
+<hr />
+<h1><a name="methods">METHODS</a></h1>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Bayes.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,22 @@
+NAME
+ Mail::SpamAssassin::Plugin::Bayes - determine spammishness using a
+ Bayesian classifier
+
+DESCRIPTION
+ This is a Bayesian-style probabilistic classifier, using an algorithm
+ based on the one detailed in Paul Graham's *A Plan For Spam* paper at:
+
+ http://www.paulgraham.com/spam.html
+
+ It also incorporates some other aspects taken from Graham Robinson's
+ webpage on the subject at:
+
+ http://radio.weblogs.com/0101454/stories/2002/09/16/spamDetection.html
+
+ And the chi-square probability combiner as described here:
+
+ http://www.linuxjournal.com/print.php?sid=6467
+
+ The results are incorporated into SpamAssassin as the BAYES_* rules.
+
+METHODS
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor - extract "bases" from body ruleset</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor - extract ``bases'' from body ruleset</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<p>This is a plugin to extract ``base'' strings from SpamAssassin 'body' rules,
+suitable for use in Rule2XSBody rules or other parallel matching algorithms.</p>
+<dl>
+<dt><strong><a name="item_my">my ($cleanregexp) = fixup_re($regexp);</a></strong><br />
+</dt>
+<dd>
+Converts encoded characters in a regular expression pattern into their
+equivalent characters
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_BodyRuleBaseExtractor.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,13 @@
+NAME
+ Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor - extract "bases" from
+ body ruleset
+
+SYNOPSIS
+ This is a plugin to extract "base" strings from SpamAssassin 'body'
+ rules, suitable for use in Rule2XSBody rules or other parallel matching
+ algorithms.
+
+ my ($cleanregexp) = fixup_re($regexp);
+ Converts encoded characters in a regular expression pattern into
+ their equivalent characters
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::Check - primary message check functionality</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::Check - primary message check functionality</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<p>loadplugin Mail::SpamAssassin::Plugin::Check</p>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>This plugin provides the primary message check functionality.</p>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Check.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,9 @@
+NAME
+ Mail::SpamAssassin::Plugin::Check - primary message check functionality
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Check
+
+DESCRIPTION
+ This plugin provides the primary message check functionality.
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,173 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::DCC - perform DCC check of messages</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#tags">TAGS</a></li>
+ <li><a href="#user_options">USER OPTIONS</a></li>
+ <li><a href="#administrator_options">ADMINISTRATOR OPTIONS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::DCC - perform DCC check of messages</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::DCC</pre>
+<pre>
+ full DCC_CHECK eval:check_dcc()
+ full DCC_CHECK_50_79 eval:check_dcc_reputation_range('50','79')</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>The DCC or Distributed Checksum Clearinghouse is a system of servers
+collecting and counting checksums of millions of mail messages.
+TheSpamAssassin.pm counts can be used by SpamAssassin to detect and
+reject or filter spam.</p>
+<p>Because simplistic checksums of spam can be easily defeated, the main
+DCC checksums are fuzzy and ignore aspects of messages. The fuzzy
+checksums are changed as spam evolves.</p>
+<p>Note that DCC is disabled by default in <code>init.pre</code> because it is not
+open source. See the DCC license for more details.</p>
+<p>See <a href="http://www.rhyolite.com/anti-spam/dcc/">http://www.rhyolite.com/anti-spam/dcc/</a> for more information about
+DCC.</p>
+<p>
+</p>
+<hr />
+<h1><a name="tags">TAGS</a></h1>
+<p>The following tags are added to the set, available for use in reports,
+header fields, other plugins, etc.:</p>
+<pre>
+ _DCCB_ DCC server ID in a response
+ _DCCR_ response from DCC - header field body in X-DCC-*-Metrics
+ _DCCREP_ response from DCC - DCC reputation in percents (0..100)</pre>
+<p>Tag _DCCREP_ provides a nonempty value only with commercial DCC systems.
+This is the percentage of spam vs. ham sent from the first untrusted relay.</p>
+<p>
+</p>
+<hr />
+<h1><a name="user_options">USER OPTIONS</a></h1>
+<dl>
+<dt><strong><a name="item_use_dcc">use_dcc (0|1) (default: 1)</a></strong><br />
+</dt>
+<dd>
+Whether to use DCC, if it is available.
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_body_max_number">dcc_body_max NUMBER</a></strong><br />
+</dt>
+<dt><strong><a name="item_dcc_fuz1_max_number">dcc_fuz1_max NUMBER</a></strong><br />
+</dt>
+<dt><strong><a name="item_dcc_fuz2_max_number">dcc_fuz2_max NUMBER</a></strong><br />
+</dt>
+<dd>
+This option sets how often a message's body/fuz1/fuz2 checksum must have been
+reported to the DCC server before SpamAssassin will consider the DCC check as
+matched.
+</dd>
+<dd>
+<p>As nearly all DCC clients are auto-reporting these checksums, you should set
+this to a relatively high value, e.g. <code>999999</code> (this is DCC's MANY count).</p>
+</dd>
+<dd>
+<p>The default is <code>999999</code> for all these options.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_rep_percent_number">dcc_rep_percent NUMBER</a></strong><br />
+</dt>
+<dd>
+Only commercial DCC systems provide DCC reputation information. This is the
+percentage of spam vs. ham sent from the first untrusted relay. It will hit
+on new spam from spam sources. Default is <code>90</code>.
+</dd>
+<p></p></dl>
+<p>
+</p>
+<hr />
+<h1><a name="administrator_options">ADMINISTRATOR OPTIONS</a></h1>
+<dl>
+<dt><strong><a name="item_n">dcc_timeout n (default: 8)</a></strong><br />
+</dt>
+<dd>
+How many seconds you wait for DCC to complete, before scanning continues
+without the DCC results.
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_home_string">dcc_home STRING</a></strong><br />
+</dt>
+<dd>
+This option tells SpamAssassin where to find the dcc homedir.
+If not given, it will try to get dcc to specify one, and if that fails it
+will try dcc's own default homedir of '/var/dcc'.
+If <code>dcc_path</code> is not specified, it will default to looking in
+<code>dcc_home/bin</code> for dcc client instead of relying on SpamAssassin to find it
+in the current PATH. If it isn't found there, it will look in the current
+PATH. If a <code>dccifd</code> socket is found in <code>dcc_home</code> or specified explicitly,
+it will use that interface instead of <code>dccproc</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_dccifd_path_string">dcc_dccifd_path STRING</a></strong><br />
+</dt>
+<dd>
+This option tells SpamAssassin where to find the dccifd socket. If
+<code>dcc_dccifd_path</code> is not specified, it will default to looking for a socket
+named <code>dccifd</code> in a directory <code>dcc_home</code>. The <code>dcc_dccifd_path</code> can be
+a Unix socket name (absolute path), or an INET socket specification in a form
+<code>[host]:port</code> or <code>host:port</code>, where a host can be an IPv4 or IPv6 address
+or a host name, and port is a TCP port number. In case of an IPv6 address the
+brackets are required syntax. If a <code>dccifd</code> socket is found, the plugin will
+use it instead of <code>dccproc</code>.
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_path_string">dcc_path STRING</a></strong><br />
+</dt>
+<dd>
+This option tells SpamAssassin specifically where to find the <code>dccproc</code>
+client instead of relying on SpamAssassin to find it in the current PATH.
+Note that if <em>taint mode</em> is enabled in the Perl interpreter, you should
+use this, as the current PATH will have been cleared.
+</dd>
+<p></p>
+<dt><strong><a name="item_dcc_options_options">dcc_options options</a></strong><br />
+</dt>
+<dd>
+Specify additional options to the <code>dccproc(8)</code> command. Please note that only
+characters in the range [0-9A-Za-z ,._/-] are allowed for security reasons.
+</dd>
+<dd>
+<p>The default is <code>undef</code>.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_dccifd_options_options">dccifd_options options</a></strong><br />
+</dt>
+<dd>
+Specify additional options to send to the <code>dccifd(8)</code> daemon. Please note that only
+characters in the range [0-9A-Za-z ,._/-] are allowed for security reasons.
+</dd>
+<dd>
+<p>The default is <code>undef</code>.</p>
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DCC.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,106 @@
+NAME
+ Mail::SpamAssassin::Plugin::DCC - perform DCC check of messages
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::DCC
+
+ full DCC_CHECK eval:check_dcc()
+ full DCC_CHECK_50_79 eval:check_dcc_reputation_range('50','79')
+
+DESCRIPTION
+ The DCC or Distributed Checksum Clearinghouse is a system of servers
+ collecting and counting checksums of millions of mail messages.
+ TheSpamAssassin.pm counts can be used by SpamAssassin to detect and
+ reject or filter spam.
+
+ Because simplistic checksums of spam can be easily defeated, the main
+ DCC checksums are fuzzy and ignore aspects of messages. The fuzzy
+ checksums are changed as spam evolves.
+
+ Note that DCC is disabled by default in "init.pre" because it is not
+ open source. See the DCC license for more details.
+
+ See http://www.rhyolite.com/anti-spam/dcc/ for more information about
+ DCC.
+
+TAGS
+ The following tags are added to the set, available for use in reports,
+ header fields, other plugins, etc.:
+
+ _DCCB_ DCC server ID in a response
+ _DCCR_ response from DCC - header field body in X-DCC-*-Metrics
+ _DCCREP_ response from DCC - DCC reputation in percents (0..100)
+
+ Tag _DCCREP_ provides a nonempty value only with commercial DCC systems.
+ This is the percentage of spam vs. ham sent from the first untrusted
+ relay.
+
+USER OPTIONS
+ use_dcc (0|1) (default: 1)
+ Whether to use DCC, if it is available.
+
+ dcc_body_max NUMBER
+ dcc_fuz1_max NUMBER
+ dcc_fuz2_max NUMBER
+ This option sets how often a message's body/fuz1/fuz2 checksum must
+ have been reported to the DCC server before SpamAssassin will
+ consider the DCC check as matched.
+
+ As nearly all DCC clients are auto-reporting these checksums, you
+ should set this to a relatively high value, e.g. 999999 (this is
+ DCC's MANY count).
+
+ The default is 999999 for all these options.
+
+ dcc_rep_percent NUMBER
+ Only commercial DCC systems provide DCC reputation information. This
+ is the percentage of spam vs. ham sent from the first untrusted
+ relay. It will hit on new spam from spam sources. Default is 90.
+
+ADMINISTRATOR OPTIONS
+ dcc_timeout n (default: 8)
+ How many seconds you wait for DCC to complete, before scanning
+ continues without the DCC results.
+
+ dcc_home STRING
+ This option tells SpamAssassin where to find the dcc homedir. If not
+ given, it will try to get dcc to specify one, and if that fails it
+ will try dcc's own default homedir of '/var/dcc'. If "dcc_path" is
+ not specified, it will default to looking in "dcc_home/bin" for dcc
+ client instead of relying on SpamAssassin to find it in the current
+ PATH. If it isn't found there, it will look in the current PATH. If
+ a "dccifd" socket is found in "dcc_home" or specified explicitly, it
+ will use that interface instead of "dccproc".
+
+ dcc_dccifd_path STRING
+ This option tells SpamAssassin where to find the dccifd socket. If
+ "dcc_dccifd_path" is not specified, it will default to looking for a
+ socket named "dccifd" in a directory "dcc_home". The
+ "dcc_dccifd_path" can be a Unix socket name (absolute path), or an
+ INET socket specification in a form "[host]:port" or "host:port",
+ where a host can be an IPv4 or IPv6 address or a host name, and port
+ is a TCP port number. In case of an IPv6 address the brackets are
+ required syntax. If a "dccifd" socket is found, the plugin will use
+ it instead of "dccproc".
+
+ dcc_path STRING
+ This option tells SpamAssassin specifically where to find the
+ "dccproc" client instead of relying on SpamAssassin to find it in
+ the current PATH. Note that if *taint mode* is enabled in the Perl
+ interpreter, you should use this, as the current PATH will have been
+ cleared.
+
+ dcc_options options
+ Specify additional options to the dccproc(8) command. Please note
+ that only characters in the range [0-9A-Za-z ,._/-] are allowed for
+ security reasons.
+
+ The default is "undef".
+
+ dccifd_options options
+ Specify additional options to send to the dccifd(8) daemon. Please
+ note that only characters in the range [0-9A-Za-z ,._/-] are allowed
+ for security reasons.
+
+ The default is "undef".
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,359 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#tags">TAGS</a></li>
+ <li><a href="#see_also">SEE ALSO</a></li>
+ <li><a href="#user_settings">USER SETTINGS</a></li>
+ <li><a href="#administrator_settings">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]</pre>
+<p>Taking into account signatures from any signing domains:</p>
+<pre>
+ full DKIM_SIGNED eval:check_dkim_signed()
+ full DKIM_VALID eval:check_dkim_valid()
+ full DKIM_VALID_AU eval:check_dkim_valid_author_sig()</pre>
+<p>Taking into account signatures from specified signing domains only:
+(quotes may be omitted on domain names consisting only of letters, digits,
+dots, and minus characters)</p>
+<pre>
+ full DKIM_SIGNED_MY1 eval:check_dkim_signed('dom1','dom2',...)
+ full DKIM_VALID_MY1 eval:check_dkim_valid('dom1','dom2',...)
+ full DKIM_VALID_AU_MY1 eval:check_dkim_valid_author_sig('d1','d2',...)</pre>
+<pre>
+ full __DKIM_DEPENDABLE eval:check_dkim_dependable()</pre>
+<p>Author Domain Signing Practices (ADSP) from any author domains:</p>
+<pre>
+ header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N')
+ header DKIM_ADSP_ALL eval:check_dkim_adsp('A')
+ header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D')
+ header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1')
+ header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2')
+ header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3')</pre>
+<p>Author Domain Signing Practices (ADSP) from specified author domains only:</p>
+<pre>
+ header DKIM_ADSP_MY1 eval:check_dkim_adsp('*','dom1','dom2',...)</pre>
+<pre>
+ describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
+ describe DKIM_VALID Message has at least one valid DKIM or DK signature
+ describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
+ describe __DKIM_DEPENDABLE A validation failure not attributable to truncation</pre>
+<pre>
+ describe DKIM_ADSP_NXDOMAIN Domain not in DNS and no valid author domain signature
+ describe DKIM_ADSP_ALL Domain signs all mail, no valid author domain signature
+ describe DKIM_ADSP_DISCARD Domain signs all mail and suggests discarding mail with no valid author domain signature, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_LOW adsp_override is CUSTOM_LOW, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_MED adsp_override is CUSTOM_MED, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_HIGH adsp_override is CUSTOM_HIGH, no valid author domain signature</pre>
+<p>For compatibility with pre-3.3.0 versions, the following are synonyms:</p>
+<pre>
+ OLD: eval:check_dkim_verified = NEW: eval:check_dkim_valid
+ OLD: eval:check_dkim_signall = NEW: eval:check_dkim_adsp('A')
+ OLD: eval:check_dkim_signsome = NEW: redundant, semantically always true</pre>
+<p>The __DKIM_DEPENDABLE eval rule deserves an explanation. The rule yields true
+when signatures are supplied by a caller, OR ELSE when signatures are obtained
+by this plugin AND either there are no signatures OR a rule __TRUNCATED was
+false. In other words: __DKIM_DEPENDABLE is true when failed signatures can
+not be attributed to message truncation when feeding a message to SpamAssassin.
+It can be consulted to prevent false positives on large but truncated messages
+with poor man's implementation of ADSP by hand-crafted rules.</p>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>This SpamAssassin plugin implements DKIM lookups as described by the RFC 4871,
+as well as historical DomainKeys lookups, as described by RFC 4870, thanks
+to the support for both types of signatures by newer versions of module
+Mail::DKIM.</p>
+<p>It requires the <code>Mail::DKIM</code> CPAN module to operate. Many thanks to Jason Long
+for that module.</p>
+<p>
+</p>
+<hr />
+<h1><a name="tags">TAGS</a></h1>
+<p>The following tags are added to the set, available for use in reports,
+header fields, other plugins, etc.:</p>
+<pre>
+ _DKIMIDENTITY_
+ Agent or User Identifier (AUID) (the 'i' tag) from valid signatures;</pre>
+<pre>
+ _DKIMDOMAIN_
+ Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;</pre>
+<p>Identities and domains from signatures which failed verification are not
+included in these tags. Duplicates are eliminated (e.g. when there are two or
+more valid signatures from the same signer, only one copy makes it into a tag).
+Note that there may be more than one signature in a message - currently they
+are provided as a space-separated list, although this behaviour may change.</p>
+<p>
+</p>
+<hr />
+<h1><a name="see_also">SEE ALSO</a></h1>
+<p><code>Mail::DKIM</code>, <code>Mail::SpamAssassin::Plugin</code></p>
+<pre>
+ <a href="http://jason.long.name/dkimproxy/">http://jason.long.name/dkimproxy/</a>
+ <a href="http://tools.ietf.org/rfc/rfc4871.txt">http://tools.ietf.org/rfc/rfc4871.txt</a>
+ <a href="http://tools.ietf.org/rfc/rfc4870.txt">http://tools.ietf.org/rfc/rfc4870.txt</a>
+ <a href="http://tools.ietf.org/rfc/rfc5617.txt">http://tools.ietf.org/rfc/rfc5617.txt</a>
+ <a href="http://ietf.org/html.charters/dkim-charter.html">http://ietf.org/html.charters/dkim-charter.html</a></pre>
+<p>
+</p>
+<hr />
+<h1><a name="user_settings">USER SETTINGS</a></h1>
+<dl>
+<dt><strong><a name="item_whitelist_from_dkim_author_40example_2ecom__5bsign">whitelist_from_dkim <a href="mailto:author@example.com">author@example.com</a> [signing-domain]</a></strong><br />
+</dt>
+<dd>
+Works similarly to whitelist_from, except that in addition to matching
+an author address (From) to the pattern in the first parameter, the message
+must also carry a Domain Keys Identified Mail (DKIM) signature made by a
+signing domain (SDID, i.e. the d= tag) that is acceptable to us.
+</dd>
+<dd>
+<p>Only one whitelist entry is allowed per line, as in <code>whitelist_from_rcvd</code>.
+Multiple <code>whitelist_from_dkim</code> lines are allowed. File-glob style characters
+are allowed for the From address (the first parameter), just like with
+<code>whitelist_from_rcvd</code>. The second parameter does not accept wildcards.</p>
+</dd>
+<dd>
+<p>If no signing-domain parameter is specified, the only acceptable signature
+will be an Author Domain Signature (sometimes called first-party signature)
+which is a signature where the signing domain (SDID) of a signature matches
+the domain of the author's address (i.e. the address in a From header field).</p>
+</dd>
+<dd>
+<p>Since this whitelist requires a DKIM check to be made, network tests must
+be enabled.</p>
+</dd>
+<dd>
+<p>Examples of whitelisting based on an author domain signature (first-party):</p>
+</dd>
+<dd>
+<pre>
+ whitelist_from_dkim joe@example.com
+ whitelist_from_dkim *@corp.example.com
+ whitelist_from_dkim *@*.example.com</pre>
+</dd>
+<dd>
+<p>Examples of whitelisting based on third-party signatures:</p>
+</dd>
+<dd>
+<pre>
+ whitelist_from_dkim jane@example.net example.org
+ whitelist_from_dkim rick@info.example.net example.net
+ whitelist_from_dkim *@info.example.net example.net
+ whitelist_from_dkim *@* remailer.example.com</pre>
+</dd>
+<p></p>
+<dt><strong><a name="item_def_whitelist_from_dkim_author_40example_2ecom__5b">def_whitelist_from_dkim <a href="mailto:author@example.com">author@example.com</a> [signing-domain]</a></strong><br />
+</dt>
+<dd>
+Same as <code>whitelist_from_dkim</code>, but used for the default whitelist entries
+in the SpamAssassin distribution. The whitelist score is lower, because
+these are often targets for abuse of public mailers which sign their mail.
+</dd>
+<p></p>
+<dt><strong><a name="item_adsp_override_domain__5bsigning_2dpractices_5d">adsp_override domain [signing-practices]</a></strong><br />
+</dt>
+<dd>
+Currently few domains publish their signing practices (RFC 5617 - ADSP),
+partly because the ADSP rfc is rather new, partly because they think
+hardly any recipient bothers to check it, and partly for fear that some
+recipients might lose mail due to problems in their signature validation
+procedures or mail mangling by mailers beyond their control.
+</dd>
+<dd>
+<p>Nevertheless, recipients could benefit by knowing signing practices of a
+sending (author's) domain, for example to recognize forged mail claiming
+to be from certain domains which are popular targets for phishing, like
+financial institutions. Unfortunately, as signing practices are seldom
+published or are weak, it is hardly justifiable to look them up in DNS.</p>
+</dd>
+<dd>
+<p>To overcome this chicken-or-the-egg problem, the <code>adsp_override</code> mechanism
+allows recipients using SpamAssassin to override published or defaulted
+ADSP for certain domains. This makes it possible to manually specify a
+stronger (or weaker) signing practices than a signing domain is willing
+to publish (explicitly or by default), and also save on a DNS lookup.</p>
+</dd>
+<dd>
+<p>Note that ADSP (published or overridden) is only consulted for messages
+which do not contain a valid DKIM signature from the author's domain.</p>
+</dd>
+<dd>
+<p>According to RFC 5617, signing practices can be one of the following:
+<code>unknown</code>, <code>all</code> and <code>discardable</code>.</p>
+</dd>
+<dd>
+<p><code>unknown</code>: The domain might sign some or all email - messages from the
+domain may or may not have an Author Domain Signature. This is a default
+if a domain exists in DNS but no ADSP record is found.</p>
+</dd>
+<dd>
+<p><code>all</code>: All mail from the domain is signed with an Author Domain Signature.</p>
+</dd>
+<dd>
+<p><code>discardable</code>: All mail from the domain is signed with an Author Domain
+Signature. Furthermore, if a message arrives without a valid Author Domain
+Signature, the domain encourages the <code>recipient(s)</code> to discard it.</p>
+</dd>
+<dd>
+<p>ADSP lookup can also determine that a domain is ``out of scope'', i.e., the
+domain does not exist (NXDOMAIN) in the DNS.</p>
+</dd>
+<dd>
+<p>To override domain's signing practices in a SpamAssassin configuration file,
+specify an <code>adsp_override</code> directive for each sending domain to be overridden.</p>
+</dd>
+<dd>
+<p>Its first argument is a domain name. Author's domain is matched against it,
+matching is case insensitive. This is not a regular expression or a file-glob
+style wildcard, but limited wildcarding is still available: if this argument
+starts by a ``*.'' (or is a sole ``*''), author's domain matches if it is a
+subdomain (to one or more levels) of the argument. Otherwise (with no leading
+asterisk) the match must be exact (not a subdomain).</p>
+</dd>
+<dd>
+<p>An optional second parameter is one of the following keywords
+(case-insensitive): <code>nxdomain</code>, <code>unknown</code>, <code>all</code>, <code>discardable</code>,
+<code>custom_low</code>, <code>custom_med</code>, <code>custom_high</code>.</p>
+</dd>
+<dd>
+<p>Absence of this second parameter implies <code>discardable</code>. If a domain is not
+listed by a <code>adsp_override</code> directive nor does it explicitly publish any
+ADSP record, then <code>unknown</code> is implied for valid domains, and <code>nxdomain</code>
+for domains not existing in DNS. (Note: domain validity is only checked with
+versions of Mail::DKIM 0.37 or later (actually since 0.36_5), the <code>nxdomain</code>
+would never turn up with older versions).</p>
+</dd>
+<dd>
+<p>The strong setting <code>discardable</code> is useful for domains which are known
+to always sign their mail and to always send it directly to recipients
+(not to mailing lists), and are frequent targets of fishing attempts,
+such as financial institutions. The <code>discardable</code> is also appropriate
+for domains which are known never to send any mail.</p>
+</dd>
+<dd>
+<p>When a message does not contain a valid signature by the author's domain
+(the domain in a From header field), the signing practices pertaining
+to author's domain determine which of the following rules fire and
+contributes its score: DKIM_ADSP_NXDOMAIN, DKIM_ADSP_ALL, DKIM_ADSP_DISCARD,
+DKIM_ADSP_CUSTOM_LOW, DKIM_ADSP_CUSTOM_MED, DKIM_ADSP_CUSTOM_HIGH. Not more
+than one of these rules can fire for messages that have one author (but see
+below). The last three can only result from a 'signing-practices' as given
+in a <code>adsp_override</code> directive (not from a DNS lookup), and can serve as
+a convenient means of providing a different score if scores assigned to
+DKIM_ADSP_ALL or DKIM_ADSP_DISCARD are not considered suitable for some
+domains.</p>
+</dd>
+<dd>
+<p>RFC 5322 permits a message to have more than one author - multiple addresses
+may be listed in a single From header field. RFC 5617 defines that a message
+with multiple authors has multiple signing domain signing practices, but does
+not prescribe how these should be combined. In presence of multiple signing
+practices, more than one of the DKIM_ADSP_* rules may fire.</p>
+</dd>
+<dd>
+<p>As a precaution against firing DKIM_ADSP_* rules when there is a known local
+reason for a signature verification failure, the domain's ADSP is considered
+'unknown' when DNS lookups are disabled or a DNS lookup encountered a temporary
+problem on fetching a public key from the author's domain. Similarly, ADSP
+is considered 'unknown' when this plugin did its own signature verification
+(signatures were not passed to SA by a caller) and a metarule __TRUNCATED was
+triggered, indicating the caller intentionally passed a truncated message to
+SpamAssassin, which was a likely reason for a signature verification failure.</p>
+</dd>
+<dd>
+<p>Example:</p>
+</dd>
+<dd>
+<pre>
+ adsp_override *.mydomain.example.com discardable
+ adsp_override *.neversends.example.com discardable</pre>
+</dd>
+<dd>
+<pre>
+ adsp_override ebay.com
+ adsp_override *.ebay.com
+ adsp_override ebay.co.uk
+ adsp_override *.ebay.co.uk
+ adsp_override paypal.com
+ adsp_override *.paypal.com
+ adsp_override amazon.com
+ adsp_override ealerts.bankofamerica.com
+ adsp_override americangreetings.com
+ adsp_override egreetings.com
+ adsp_override bluemountain.com
+ adsp_override hallmark.com all
+ adsp_override *.hallmark.com all
+ adsp_override youtube.com custom_high
+ adsp_override google.com custom_low
+ adsp_override gmail.com custom_low
+ adsp_override googlemail.com custom_low
+ adsp_override yahoo.com custom_low
+ adsp_override yahoo.com.au custom_low
+ adsp_override yahoo.se custom_low</pre>
+</dd>
+<dd>
+<pre>
+ adsp_override junkmailerkbw0rr.com nxdomain
+ adsp_override junkmailerd2hlsg.com nxdomain</pre>
+</dd>
+<dd>
+<pre>
+ # effectively disables ADSP network DNS lookups for all other domains:
+ adsp_override * unknown</pre>
+</dd>
+<dd>
+<pre>
+ score DKIM_ADSP_ALL 2.5
+ score DKIM_ADSP_DISCARD 25
+ score DKIM_ADSP_NXDOMAIN 3</pre>
+</dd>
+<dd>
+<pre>
+ score DKIM_ADSP_CUSTOM_LOW 1
+ score DKIM_ADSP_CUSTOM_MED 3.5
+ score DKIM_ADSP_CUSTOM_HIGH 8</pre>
+</dd>
+<p></p></dl>
+<p>
+</p>
+<hr />
+<h1><a name="administrator_settings">ADMINISTRATOR SETTINGS</a></h1>
+<dl>
+<dt><strong><a name="item_n">dkim_timeout n (default: 5)</a></strong><br />
+</dt>
+<dd>
+How many seconds to wait for a DKIM query to complete, before
+scanning continues without the DKIM result.
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.txt?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.txt (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_DKIM.txt Fri Mar 19 16:21:00 2010
@@ -0,0 +1,292 @@
+NAME
+ Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::DKIM [/path/to/DKIM.pm]
+
+ Taking into account signatures from any signing domains:
+
+ full DKIM_SIGNED eval:check_dkim_signed()
+ full DKIM_VALID eval:check_dkim_valid()
+ full DKIM_VALID_AU eval:check_dkim_valid_author_sig()
+
+ Taking into account signatures from specified signing domains only:
+ (quotes may be omitted on domain names consisting only of letters,
+ digits, dots, and minus characters)
+
+ full DKIM_SIGNED_MY1 eval:check_dkim_signed('dom1','dom2',...)
+ full DKIM_VALID_MY1 eval:check_dkim_valid('dom1','dom2',...)
+ full DKIM_VALID_AU_MY1 eval:check_dkim_valid_author_sig('d1','d2',...)
+
+ full __DKIM_DEPENDABLE eval:check_dkim_dependable()
+
+ Author Domain Signing Practices (ADSP) from any author domains:
+
+ header DKIM_ADSP_NXDOMAIN eval:check_dkim_adsp('N')
+ header DKIM_ADSP_ALL eval:check_dkim_adsp('A')
+ header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D')
+ header DKIM_ADSP_CUSTOM_LOW eval:check_dkim_adsp('1')
+ header DKIM_ADSP_CUSTOM_MED eval:check_dkim_adsp('2')
+ header DKIM_ADSP_CUSTOM_HIGH eval:check_dkim_adsp('3')
+
+ Author Domain Signing Practices (ADSP) from specified author domains
+ only:
+
+ header DKIM_ADSP_MY1 eval:check_dkim_adsp('*','dom1','dom2',...)
+
+ describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
+ describe DKIM_VALID Message has at least one valid DKIM or DK signature
+ describe DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain
+ describe __DKIM_DEPENDABLE A validation failure not attributable to truncation
+
+ describe DKIM_ADSP_NXDOMAIN Domain not in DNS and no valid author domain signature
+ describe DKIM_ADSP_ALL Domain signs all mail, no valid author domain signature
+ describe DKIM_ADSP_DISCARD Domain signs all mail and suggests discarding mail with no valid author domain signature, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_LOW adsp_override is CUSTOM_LOW, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_MED adsp_override is CUSTOM_MED, no valid author domain signature
+ describe DKIM_ADSP_CUSTOM_HIGH adsp_override is CUSTOM_HIGH, no valid author domain signature
+
+ For compatibility with pre-3.3.0 versions, the following are synonyms:
+
+ OLD: eval:check_dkim_verified = NEW: eval:check_dkim_valid
+ OLD: eval:check_dkim_signall = NEW: eval:check_dkim_adsp('A')
+ OLD: eval:check_dkim_signsome = NEW: redundant, semantically always true
+
+ The __DKIM_DEPENDABLE eval rule deserves an explanation. The rule yields
+ true when signatures are supplied by a caller, OR ELSE when signatures
+ are obtained by this plugin AND either there are no signatures OR a rule
+ __TRUNCATED was false. In other words: __DKIM_DEPENDABLE is true when
+ failed signatures can not be attributed to message truncation when
+ feeding a message to SpamAssassin. It can be consulted to prevent false
+ positives on large but truncated messages with poor man's implementation
+ of ADSP by hand-crafted rules.
+
+DESCRIPTION
+ This SpamAssassin plugin implements DKIM lookups as described by the RFC
+ 4871, as well as historical DomainKeys lookups, as described by RFC
+ 4870, thanks to the support for both types of signatures by newer
+ versions of module Mail::DKIM.
+
+ It requires the "Mail::DKIM" CPAN module to operate. Many thanks to
+ Jason Long for that module.
+
+TAGS
+ The following tags are added to the set, available for use in reports,
+ header fields, other plugins, etc.:
+
+ _DKIMIDENTITY_
+ Agent or User Identifier (AUID) (the 'i' tag) from valid signatures;
+
+ _DKIMDOMAIN_
+ Signing Domain Identifier (SDID) (the 'd' tag) from valid signatures;
+
+ Identities and domains from signatures which failed verification are not
+ included in these tags. Duplicates are eliminated (e.g. when there are
+ two or more valid signatures from the same signer, only one copy makes
+ it into a tag). Note that there may be more than one signature in a
+ message - currently they are provided as a space-separated list,
+ although this behaviour may change.
+
+SEE ALSO
+ "Mail::DKIM", "Mail::SpamAssassin::Plugin"
+
+ http://jason.long.name/dkimproxy/
+ http://tools.ietf.org/rfc/rfc4871.txt
+ http://tools.ietf.org/rfc/rfc4870.txt
+ http://tools.ietf.org/rfc/rfc5617.txt
+ http://ietf.org/html.charters/dkim-charter.html
+
+USER SETTINGS
+ whitelist_from_dkim author@example.com [signing-domain]
+ Works similarly to whitelist_from, except that in addition to
+ matching an author address (From) to the pattern in the first
+ parameter, the message must also carry a Domain Keys Identified Mail
+ (DKIM) signature made by a signing domain (SDID, i.e. the d= tag)
+ that is acceptable to us.
+
+ Only one whitelist entry is allowed per line, as in
+ "whitelist_from_rcvd". Multiple "whitelist_from_dkim" lines are
+ allowed. File-glob style characters are allowed for the From address
+ (the first parameter), just like with "whitelist_from_rcvd". The
+ second parameter does not accept wildcards.
+
+ If no signing-domain parameter is specified, the only acceptable
+ signature will be an Author Domain Signature (sometimes called
+ first-party signature) which is a signature where the signing domain
+ (SDID) of a signature matches the domain of the author's address
+ (i.e. the address in a From header field).
+
+ Since this whitelist requires a DKIM check to be made, network tests
+ must be enabled.
+
+ Examples of whitelisting based on an author domain signature
+ (first-party):
+
+ whitelist_from_dkim joe@example.com
+ whitelist_from_dkim *@corp.example.com
+ whitelist_from_dkim *@*.example.com
+
+ Examples of whitelisting based on third-party signatures:
+
+ whitelist_from_dkim jane@example.net example.org
+ whitelist_from_dkim rick@info.example.net example.net
+ whitelist_from_dkim *@info.example.net example.net
+ whitelist_from_dkim *@* remailer.example.com
+
+ def_whitelist_from_dkim author@example.com [signing-domain]
+ Same as "whitelist_from_dkim", but used for the default whitelist
+ entries in the SpamAssassin distribution. The whitelist score is
+ lower, because these are often targets for abuse of public mailers
+ which sign their mail.
+
+ adsp_override domain [signing-practices]
+ Currently few domains publish their signing practices (RFC 5617 -
+ ADSP), partly because the ADSP rfc is rather new, partly because
+ they think hardly any recipient bothers to check it, and partly for
+ fear that some recipients might lose mail due to problems in their
+ signature validation procedures or mail mangling by mailers beyond
+ their control.
+
+ Nevertheless, recipients could benefit by knowing signing practices
+ of a sending (author's) domain, for example to recognize forged mail
+ claiming to be from certain domains which are popular targets for
+ phishing, like financial institutions. Unfortunately, as signing
+ practices are seldom published or are weak, it is hardly justifiable
+ to look them up in DNS.
+
+ To overcome this chicken-or-the-egg problem, the "adsp_override"
+ mechanism allows recipients using SpamAssassin to override published
+ or defaulted ADSP for certain domains. This makes it possible to
+ manually specify a stronger (or weaker) signing practices than a
+ signing domain is willing to publish (explicitly or by default), and
+ also save on a DNS lookup.
+
+ Note that ADSP (published or overridden) is only consulted for
+ messages which do not contain a valid DKIM signature from the
+ author's domain.
+
+ According to RFC 5617, signing practices can be one of the
+ following: "unknown", "all" and "discardable".
+
+ "unknown": The domain might sign some or all email - messages from
+ the domain may or may not have an Author Domain Signature. This is a
+ default if a domain exists in DNS but no ADSP record is found.
+
+ "all": All mail from the domain is signed with an Author Domain
+ Signature.
+
+ "discardable": All mail from the domain is signed with an Author
+ Domain Signature. Furthermore, if a message arrives without a valid
+ Author Domain Signature, the domain encourages the recipient(s) to
+ discard it.
+
+ ADSP lookup can also determine that a domain is "out of scope",
+ i.e., the domain does not exist (NXDOMAIN) in the DNS.
+
+ To override domain's signing practices in a SpamAssassin
+ configuration file, specify an "adsp_override" directive for each
+ sending domain to be overridden.
+
+ Its first argument is a domain name. Author's domain is matched
+ against it, matching is case insensitive. This is not a regular
+ expression or a file-glob style wildcard, but limited wildcarding is
+ still available: if this argument starts by a "*." (or is a sole
+ "*"), author's domain matches if it is a subdomain (to one or more
+ levels) of the argument. Otherwise (with no leading asterisk) the
+ match must be exact (not a subdomain).
+
+ An optional second parameter is one of the following keywords
+ (case-insensitive): "nxdomain", "unknown", "all", "discardable",
+ "custom_low", "custom_med", "custom_high".
+
+ Absence of this second parameter implies "discardable". If a domain
+ is not listed by a "adsp_override" directive nor does it explicitly
+ publish any ADSP record, then "unknown" is implied for valid
+ domains, and "nxdomain" for domains not existing in DNS. (Note:
+ domain validity is only checked with versions of Mail::DKIM 0.37 or
+ later (actually since 0.36_5), the "nxdomain" would never turn up
+ with older versions).
+
+ The strong setting "discardable" is useful for domains which are
+ known to always sign their mail and to always send it directly to
+ recipients (not to mailing lists), and are frequent targets of
+ fishing attempts, such as financial institutions. The "discardable"
+ is also appropriate for domains which are known never to send any
+ mail.
+
+ When a message does not contain a valid signature by the author's
+ domain (the domain in a From header field), the signing practices
+ pertaining to author's domain determine which of the following rules
+ fire and contributes its score: DKIM_ADSP_NXDOMAIN, DKIM_ADSP_ALL,
+ DKIM_ADSP_DISCARD, DKIM_ADSP_CUSTOM_LOW, DKIM_ADSP_CUSTOM_MED,
+ DKIM_ADSP_CUSTOM_HIGH. Not more than one of these rules can fire for
+ messages that have one author (but see below). The last three can
+ only result from a 'signing-practices' as given in a "adsp_override"
+ directive (not from a DNS lookup), and can serve as a convenient
+ means of providing a different score if scores assigned to
+ DKIM_ADSP_ALL or DKIM_ADSP_DISCARD are not considered suitable for
+ some domains.
+
+ RFC 5322 permits a message to have more than one author - multiple
+ addresses may be listed in a single From header field. RFC 5617
+ defines that a message with multiple authors has multiple signing
+ domain signing practices, but does not prescribe how these should be
+ combined. In presence of multiple signing practices, more than one
+ of the DKIM_ADSP_* rules may fire.
+
+ As a precaution against firing DKIM_ADSP_* rules when there is a
+ known local reason for a signature verification failure, the
+ domain's ADSP is considered 'unknown' when DNS lookups are disabled
+ or a DNS lookup encountered a temporary problem on fetching a public
+ key from the author's domain. Similarly, ADSP is considered
+ 'unknown' when this plugin did its own signature verification
+ (signatures were not passed to SA by a caller) and a metarule
+ __TRUNCATED was triggered, indicating the caller intentionally
+ passed a truncated message to SpamAssassin, which was a likely
+ reason for a signature verification failure.
+
+ Example:
+
+ adsp_override *.mydomain.example.com discardable
+ adsp_override *.neversends.example.com discardable
+
+ adsp_override ebay.com
+ adsp_override *.ebay.com
+ adsp_override ebay.co.uk
+ adsp_override *.ebay.co.uk
+ adsp_override paypal.com
+ adsp_override *.paypal.com
+ adsp_override amazon.com
+ adsp_override ealerts.bankofamerica.com
+ adsp_override americangreetings.com
+ adsp_override egreetings.com
+ adsp_override bluemountain.com
+ adsp_override hallmark.com all
+ adsp_override *.hallmark.com all
+ adsp_override youtube.com custom_high
+ adsp_override google.com custom_low
+ adsp_override gmail.com custom_low
+ adsp_override googlemail.com custom_low
+ adsp_override yahoo.com custom_low
+ adsp_override yahoo.com.au custom_low
+ adsp_override yahoo.se custom_low
+
+ adsp_override junkmailerkbw0rr.com nxdomain
+ adsp_override junkmailerd2hlsg.com nxdomain
+
+ # effectively disables ADSP network DNS lookups for all other domains:
+ adsp_override * unknown
+
+ score DKIM_ADSP_ALL 2.5
+ score DKIM_ADSP_DISCARD 25
+ score DKIM_ADSP_NXDOMAIN 3
+
+ score DKIM_ADSP_CUSTOM_LOW 1
+ score DKIM_ADSP_CUSTOM_MED 3.5
+ score DKIM_ADSP_CUSTOM_HIGH 8
+
+ADMINISTRATOR SETTINGS
+ dkim_timeout n (default: 5)
+ How many seconds to wait for a DKIM query to complete, before
+ scanning continues without the DKIM result.
+
Added: spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Hashcash.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Hashcash.html?rev=925305&view=auto
==============================================================================
--- spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Hashcash.html (added)
+++ spamassassin/site/full/3.3.x/doc/Mail_SpamAssassin_Plugin_Hashcash.html Fri Mar 19 16:21:00 2010
@@ -0,0 +1,99 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Mail::SpamAssassin::Plugin::Hashcash - perform hashcash verification tests</title>
+<link rev="made" href="mailto:jm@spamassassin.zones.apache.org" />
+</head>
+
+<body style="background-color: white">
+
+<p><a name="__index__"></a></p>
+<!-- INDEX BEGIN -->
+
+<ul>
+
+ <li><a href="#name">NAME</a></li>
+ <li><a href="#synopsis">SYNOPSIS</a></li>
+ <li><a href="#description">DESCRIPTION</a></li>
+ <li><a href="#user_settings">USER SETTINGS</a></li>
+</ul>
+<!-- INDEX END -->
+
+<hr />
+<p>
+</p>
+<h1><a name="name">NAME</a></h1>
+<p>Mail::SpamAssassin::Plugin::Hashcash - perform hashcash verification tests</p>
+<p>
+</p>
+<hr />
+<h1><a name="synopsis">SYNOPSIS</a></h1>
+<pre>
+ loadplugin Mail::SpamAssassin::Plugin::Hashcash</pre>
+<p>
+</p>
+<hr />
+<h1><a name="description">DESCRIPTION</a></h1>
+<p>Hashcash is a payment system for email where CPU cycles used as the
+basis for an e-cash system. This plugin makes it possible to use valid
+hashcash tokens added by mail programs as a bonus for messages.</p>
+<p>
+</p>
+<hr />
+<h1><a name="user_settings">USER SETTINGS</a></h1>
+<dl>
+<dt><strong><a name="item_use_hashcash__7b_1__7c_0__7d__28default_3a_1_29">use_hashcash { 1 | 0 } (default: 1)</a></strong><br />
+</dt>
+<dd>
+Whether to use hashcash, if it is available.
+</dd>
+<p></p>
+<dt><strong><a name="item_hashcash_accept_add_40ress_2ecom__2e_2e_2e">hashcash_accept <a href="mailto:add@ress.com">add@ress.com</a> ...</a></strong><br />
+</dt>
+<dd>
+Used to specify addresses that we accept HashCash tokens for. You should set
+it to match all the addresses that you may receive mail at.
+</dd>
+<dd>
+<p>Like whitelist and blacklist entries, the addresses are file-glob-style
+patterns, so <code>friend@somewhere.com</code>, <code>*@isp.com</code>, or <code>*.domain.net</code> will all
+work. Specifically, <code>*</code> and <code>?</code> are allowed, but all other metacharacters
+are not. Regular expressions are not used for security reasons.</p>
+</dd>
+<dd>
+<p>The sequence <code>%u</code> is replaced with the current user's username, which
+is useful for ISPs or multi-user domains.</p>
+</dd>
+<dd>
+<p>Multiple addresses per line, separated by spaces, is OK. Multiple
+<code>hashcash_accept</code> lines is also OK.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_file">hashcash_doublespend_path /path/to/file (default: ~/.spamassassin/hashcash_seen)</a></strong><br />
+</dt>
+<dd>
+Path for HashCash double-spend database. HashCash tokens are only usable once,
+so their use is tracked in this database to avoid providing a loophole.
+</dd>
+<dd>
+<p>By default, each user has their own, in their <code>~/.spamassassin</code> directory with
+mode 0700/0600. Note that once a token is 'spent' it is written to this file,
+and double-spending of a hashcash token makes it invalid, so this is not
+suitable for sharing between multiple users.</p>
+</dd>
+<p></p>
+<dt><strong><a name="item_hashcash_doublespend_file_mode">hashcash_doublespend_file_mode (default: 0700)</a></strong><br />
+</dt>
+<dd>
+The file mode bits used for the HashCash double-spend database file.
+</dd>
+<dd>
+<p>Make sure you specify this using the 'x' mode bits set, as it may also be used
+to create directories. However, if a file is created, the resulting file will
+not have any execute bits set (the umask is set to 111).</p>
+</dd>
+<p></p></dl>
+
+</body>
+
+</html>