|
After installation, you have to do some
configuration before running the plugin:
You can modify the /etc/spamfilter/spamcatcher.conf
file as you like. You must specify at least the license
key which was provided when you downloaded the software.
All other values are optional. During initialization
the Sendmail plugin reads configuration options specified
in the /etc/spamfilter/spamcatcher.conf file. The
following lists the valid options. If options are
not explicitly set they will assume their default
value.
Some options have their outgoing versions
for outgoing messages. They start with "outgoing_".
For example, for SubjectChange option, outgoing version
is outgoing_SubjectChange. An outgoing message is
defined as a message which has at least one outgoing
recipient, i.e. a recipient whose domain or hostname
is not in either /etc/mail/relay-domains or /etc/mail/local-host-names.
By default, outgoing messages are not processed. FilterOutgoingMail
option needs to be turned on for outgoing messages
to be processed. There are also certain option values
specific to outgoing messages, they are listed below.
By default, plugin needs to be run as
user "spamfilter". If you try to run the plugin as
root, plugin will run as user "spamfilter". If you
intend to run the plugin as some user other than root
or spamfilter, then you have to change the configuration
accordingly, i.e. UserName and Connection values below.
Also, you have to change the owner of the directory
/etc/spamfilter so that plugin will be able to update
the rules. e.g. $ chown -R spamfilter /etc/spamfilter
Note: 1, yes, ON, on means option is
turned on and 0, no, OFF, off means option is turned
off.
| Option
Name |
Valid
Values |
Default
|
Description |
 |
| approved_ip_list |
IP range1,
IP range2 |
NONE |
This option allows specifying
IPs which should be always approved. |
 |
|
| auto_training_threshold |
low:high |
1-99 |
Sets a threshold for auto-training.
|
|
|
| AutoTrainWithOGM |
1, 0 |
0 |
Whether to train with outgoing
messages. |
|
|
| blocked_ip_list |
IP range1,
IP range2 |
NONE |
This option allows specifying
IPs which should be always blocked. |
|
|
| blocked_charset_list |
charset1:offset1 |
NONE |
Allows blocking by character set.
|
|
|
| blocked_country_list |
countryCode1:offset1,
countryCode2:offset2 |
NONE |
Allows blocking by country. |
|
|
| Conn |
|
local:/etc/ spamfilter/
spamfilter.sock |
Indicates the local port on which
to create a listening socket for the filter. Must
be in a directory where the user can write to.
|
|
|
| dbg_logfile |
<filename> |
NONE |
Redirect log output to a file
in the conf directory. |
|
|
| enable_country_training |
yes
| no |
yes |
Controls whether country routing
information should be considered when training
and scoring messages. |
|
|
| enable_domain_cache |
yes
| no |
yes |
Enables usage of a domain reputation
cache. If enabled, domains are extracted from
messages and compared against a domain reputation
cache. |
|
|
| enable_fingerprint_cache |
yes
| no |
yes |
Enables usage of a fingerprint
cache. |
|
|
| enable_rules |
yes
| no |
yes |
Controls whether heuristic rules
are used (like earlier versions). |
|
|
| enable_spamcompiler |
yes
| no |
yes |
Speeds up rules processing but
requires a little bit more memory. |
|
|
| enable_training_updates |
yes
| no |
yes |
Controls whether the word and
rules database can be modified or is read-only
after initial load. |
|
|
| enable_word_training |
yes
| no |
yes |
Controls use of Bayesian Word
Token analysis. |
|
|
ExtensionCheck
outgoing_ExtensionCheck |
1, 0 |
0 |
Whether to check file extensions
for attachments to accept or reject.
File extensions used: vbs, shs, pif, scr, cpl,
bat, com, reg, bas, inf, vb, vbe |
|
|
| extended_rules |
yes
| no |
yes |
Enable the extended rule set for
higher accuracy. Note that with this option enabled
the program may take several minutes to initialize.
|
|
|
| extended_rules2 |
yes
| no |
yes |
Enable use of a second extension
to the rule set. |
|
|
| full_training_weight |
yes
| no |
no |
Controls whether to give full
weight to training data. If this option is set
to "yes", then scoring will be based solely on
training data. If option is "no", then both rules
and training data will be used. |
|
|
| FilterOutgoingMail |
1, 0 |
0 |
Whether to filter outgoing messages,
i.e. messages coming from connections listed in
/etc/mail/local-host-names and /etc/mail/relay-domains. |
|
|
| home_country_list |
us,
ca, kr,... |
NONE |
This option allows specifying
a list of countries which are considered "home"
countries. Messages routed through a country which
is not on this list will be scored more aggressively.
If this option is empty then no penalty will occur. |
|
|
| HostNameCheck |
1, 0 |
0 |
Whether to verify MTA host names.
If non-zero, and the hostname supplied by the
opposing MTA in the "Helo" MTA negotiation phase
is not resolvable to a DNS A RR, then the connect
attempt is rejected. |
|
|
| ignored_ip_list
|
IP range1,
IP range2 |
NONE |
This option allows specifying
IPs which should be excluded from the RBL checks
and ignored. |
|
|
MaxNumberOfRcpts
outgoing_MaxNumberOfRcpts |
2 ..
2^32-1 |
20 |
Maximum number of recipients allowed
for a legit message. If number of recipients are
more than this value and if "RejectIfTooManyRcpts"
is on, message will be rejected. |
|
|
| max_word_entries
|
an integer |
50000 |
Specifies the # of word tokens
to cache at any time. |
|
|
| message_readsize
|
an integer |
100000000 |
Instructs the SDK not to read
more than a configurable number of bytes from
the message buffer when processing rules. |
|
|
| message_scansize
|
an integer |
20000 |
Instructs the SDK not to read
more than X bytes when computing the message fingerprint. |
|
|
| min_training |
an integer |
100 |
Initially, only the rule weights
are used to compute the spam score. Training data
will only be considered once a minimum set of
training data has been reached. |
|
|
| netcheck |
yes
| no |
no |
Whether to communicate with the
Mailshell SpamLabs to determine scoring. |
|
|
| netcheck_threshold |
low:high |
1:99 |
Allows running netchecks conditionally
based on the score. |
|
|
| OutgoingMailSpamOffset |
-1 ..
-100 |
-1 |
An integer spam offset value for
training with outgoing messages. Scores of a message
is adjusted based on this value. If negative,
message is considered more likely to be ham. |
|
|
| pcre_match_limit |
0 to
2^32 - 1 |
1500 |
The PCRE implementation is recursive,
which can lead to running out of thread stackspace.
This optional value allows limiting the depth
of recursion. Lowering this option can prevent
running out of thread stack space, but will also
result in lower accuracy. |
|
|
| proxy_host |
host:port |
None |
Specify the host name and port
number of a HTTP or HTTPS proxy to connect to
the Mailshell servers. |
| Example:
proxy_host=squid.corp.com:8080 |
|
|
| proxy_userpwd |
username:
password |
None |
Specify the user name and password
of a HTTP or HTTPS proxy to connect to the Mailshell
servers. |
| Example:
proxy_userpwd=joe:mypassword |
|
|
| rbl_list |
|
None |
Specifies a list of Realtime Blackhole
List (RBL) servers to query when analyzing messages.
Format: rbl_list=server: response:offset,server2:
response2:offset2,...
rbl_list expects a comma separated list of RBL
entries. In turn, each RBL entry consists of up
to 3 colon separated items. Those items are:
1) server-name of an RBL server
2) response-the response given by an RBL server
when an IP address is listed e.g. 127.0.0.2, 127.0.0.3,
127.0.0.4, etc. This is optional. The default
is that all responses apply.
3) offset-The numeric offset to apply to the spam
score if an IP address is listed on this RBL server.
This is optional. The default is an offset of
100. |
| Example:
rbl_list=bl.spamcop.net::40,bl.spamcop.net:127.0.0.3:75
|
|
|
| rbl_max_ips |
an integer |
4 |
Allows limiting how many IP addresses
are queried against the RBL server. |
|
|
| rbl_multihit |
yes|no |
no |
Allows control over limiting further
RBL queries once an IP address is found on any
RBL query. |
|
|
| rbl_threshold |
low:high |
1:99 |
Since RBL checks can introduce
latency and a decrease in performance, this option
allows running RBLs check conditionally based
on the score prior to RBL checks. |
|
|
| rbl_timeout |
RuleID
#:weight # |
NONE |
Allows setting a maximum timeout
for finishing all RBL queries. |
|
|
RejectIfTooManyRcpts
outgoing_RejectIfTooManyRcpts |
1, 0 |
0 |
Whether or not to reject a message
based on the number of its recipients. |
|
|
| RejectIfSndrNotVerified |
1, 0 |
0 |
Whether to reject a message if
sender address can not be verified. |
|
|
RejectionThreshold
outgoing_RejectionThreshold |
1 ..
100 to turn it on |
off |
Indicates the spam threshold which
forces the mail to be rejected. Mail messages
that have spam probabilities equal to or above
this value will be rejected. If no value is specified
by the user, spam messages will be delivered.
|
|
|
| ruleupdate |
0, 600
.. 2^32-1 |
3600 |
How often to retrieve new rules
from the Mailshell SpamLabs. The value is specified
in units of integral seconds. Note that a value
of "0" disables this feature and rule files will
not be updated. |
|
|
| scan_attachments
|
yes|no |
no |
This controls whether the SDK will
scan and consider attachments when computing the
spam score. |
|
|
| SendmailPluginLicense
|
xxxxx-xxxxx-xxxxx-
xxxxx |
|
License key value. |
|
|
| SenderAddressCheck
|
1,0 |
0 |
Whether to verify sender addresses.
Whether to check if one can successfully reply
to the incoming message. |
|
|
| SenderAddressSpamOffset
|
1 ..
100 |
50 |
An integer spam offset value. Scores
of a message is adjusted based on this value.
If positive, message is considered more likely
to be spam. A value >= 200 causes it to be blacklisted.
Negative values mean message is less likely to
be spam. A value <= -200 results in whitelisting.
|
|
|
| sntimeout |
0 ..
2^32-1 |
5 |
Limit how long single request to
the Mailshell SpamLabs can take. The value is
specified in units of integral seconds. Note that
a value of "0" disables this feature and no limit
will be placed. |
|
|
SpamThreshold
outgoing_SpamThreshold |
1-100
|
90 |
Indicates the spam threshold which
distinguishes between spam and ham messages.
|
|
|
| spoofed_sender_list
|
Address:
IP range: offset |
NONE |
Allows blocking of spammers who
spoof select domains. |
| Example:
spoofed_sender_list=corp1.com:223.34.122.1:100
|
|
|
SubjectChange
outgoing_SubjectChange |
|
[Spamcatcher] |
Value used to change the subject
if message is spam. |
|
|
TagMessageIfSpam
outgoing_TagMessageIfSpam |
1, 0 |
1 |
Whether to add/change headers
and change subject if message is spam. |
|
|
| training_write_buffer |
an integer |
1000 |
While training, the SDK will process
a configurable amount of messages before writing
the training database to disk. This option determines
how many messages to process before writing to
disk. |
|
|
| use_both_mimesections
|
yes|no |
yes |
The SDK will analyze both text/plain
and text/html MIME sections in a message. If additional
performance is desired, it is possible to only
analyze one section. If this option is set to
"no", then only one section will be analyzed. |
|
|
| use_score_offsets
|
yes,no |
no |
Enable the Training Database. |
|
|
| use_score_history
|
yes,no |
no |
Enable the tracking of historical
scores for repeat senders. This can improve accuracy
but it is still experimental. |
|
|
| UserName |
Any
user other than root. |
spamfilter |
User name plugin will be started
by. |
|
|
| use_https |
yes
| no |
no |
Communication between the SDK and
the Mailshell SpamLabs is always encrypted. This
encrypted communication can be sent over standard
HTTP (port 80) or over HTTPS (port 443). If this
option is set to "no", then HTTP is used. If set
to "yes", then HTTPS is used. |
|
|
| Verbose_Header |
0 - don't add any headers
1 - add X-SpamCatcher-1 header
2 - add X-SpamCatcher-Summary header
3 - add both headers
|
0 - don't add any
headers |
Whether to add headers or not
to the message. |
|
|
|
| verbose |
yes | no |
no |
Enables increased verbose logging. |
|
|
Additional configuration files:
Unfiltered Users List:
Mailshell Sendmail Plugin will
accept a list of recipient addresses whose messages
never will be processed by the filter. The control
file for Unfiltered Users is located at /etc/spamfilter/scunfilteredusers
and will contain one line per recipient. Each line
can contain an email address. Addresses are of the
format mailbox@domain. Examples:
user@isp.com
user2@yahoo.com
Approved Senders List:
The Mailshell Spam Engine will
accept a list of sender addresses or domains whose
messages never will be considered spam.
The control file for Approved Senders is located
at /etc/mail/spamfilter/approvedsenders and will
contain one line per sender. Each line can contain
an email address or a domain. Addresses are of the
format mailbox@domain and domains are simply of
the format domain. Examples:
user@isp.com
spammer.net
Leading and trailing white space is ignored. Lines
beginning with the # character are considered comments.
Blocked Senders List:
The Mailshell Spam Engine will
accept a list of sender addresses or domains whose
messages are always considered spam.
The control file for Blocked Senders is located
at /etc/spamfilter/blockedsenders and will contain
one line per sender. Each line can contain an email
address or a domain. Addresses are of the format
mailbox@domain and domains are simply of the format
domain. Examples:
user@isp.com
spammer.net
Leading and trailing white space is ignored. Lines
beginning with the # character are considered comments.
Precedence of Approved and Blocked
Addresses:
When an address matches entries
in both the Approved Senders and Blocked Senders
lists, the following priority will be observed.
Email addresses will take precedence over domains,
e.g. if you block the domain host.net but approve
the specific address joe@host.net, mail from the
latter sender will be approved. In addition, approved
addresses will take precedence over blocked addresses
if identical entries exist on both the Approved
Senders and Blocked Senders lists.
Additional Notes:
1. Any rules in rule_weights
will override rule training for that rule.
2. IP address priority: approved_ip_list, blocked_ip_list,
ignored_ip_list, blocked_country_list, rbl_list,
netcheck, extended_rules.
3. By default, all approved_* and blocked_* lists
will call auto-training if triggered.
4. If enable_rules is off, then all scores will
be zero (0) until min_training is reached.
5. Country information is added to the training
database only if enable_word_training is on.
6. The country database is not loaded if blocked_country_list
is empty and enable_word_training is off or enable_country_training=no.
7. Score of 0 is reserved for approved lists and
a score of 100 is reserved for blocked lists.
8. If you do not want to use any of the Mailshell
training data files or the country data file, you
can delete them. This can save memory and improve
performance.
9. If all of the RBLs in the rbl_list have the same
offset and rbl_multihit is off, then all received
headers up to rbl_max_ips are queried against each
of the RBLs list in parallel and the first hit is
the final result. Otherwise, some optimizations
can be performed.
10. If any of the RBLs in the rbl_list have a different
offset and rbl_multihit is off, then all received
headers up to rbl_max_ips are queried against each
of the RBLs list in parallel. The first hit in the
same offset block as RBL list #1 (contiguous list
with the same offset as list #1) is the final result.
If timeout is reached, the first hit in the beginning
of the list is the final result.
11. The Mailshell Outlook addin searches for a "X-SpamCatcher-1"
header in the message. If it is found, then the
score is extracted from "X-SpamCatcher-1" instead
of recomputed. This saves processing time on the
clients and supports central administration.
This product includes
software developed by Neal Horman, which is Neal Horman
- http://www.wanlink.com Copyright (c) 2003 Neal Horman.
All Rights Reserved.
|
