/
Conf.pm
5473 lines (4266 loc) · 179 KB
/
Conf.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
=head1 NAME
Mail::SpamAssassin::Conf - SpamAssassin configuration file
=head1 SYNOPSIS
# a comment
rewrite_header Subject *****SPAM*****
full PARA_A_2_C_OF_1618 /Paragraph .a.{0,10}2.{0,10}C. of S. 1618/i
describe PARA_A_2_C_OF_1618 Claims compliance with senate bill 1618
header FROM_HAS_MIXED_NUMS From =~ /\d+[a-z]+\d+\S*@/i
describe FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
score A_HREF_TO_REMOVE 2.0
lang es describe FROM_FORGED_HOTMAIL Forzado From: simula ser de hotmail.com
lang pt_BR report O programa detetor de Spam ZOE [...]
=head1 DESCRIPTION
SpamAssassin is configured using traditional UNIX-style configuration files,
loaded from the C</usr/share/spamassassin> and C</etc/mail/spamassassin>
directories.
The following web page lists the most important configuration settings
used to configure SpamAssassin; novices are encouraged to read it first:
http://wiki.apache.org/spamassassin/ImportantInitialConfigItems
=head1 FILE FORMAT
The C<#> character starts a comment, which continues until end of line.
B<NOTE:> if the C<#> character is to be used as part of a rule or
configuration option, it must be escaped with a backslash. i.e.: C<\#>
Whitespace in the files is not significant, but please note that starting a
line with whitespace is deprecated, as we reserve its use for multi-line rule
definitions, at some point in the future.
Currently, each rule or configuration setting must fit on one-line; multi-line
settings are not supported yet.
File and directory paths can use C<~> to refer to the user's home
directory, but no other shell-style path extensions such as globing or
C<~user/> are supported.
Where appropriate below, default values are listed in parentheses.
Test names ("SYMBOLIC_TEST_NAME") can only contain alphanumerics/underscores,
can not start with digit, and must be less than 128 characters.
=head1 USER PREFERENCES
The following options can be used in both site-wide (C<local.cf>) and
user-specific (C<user_prefs>) configuration files to customize how
SpamAssassin handles incoming email messages.
=cut
package Mail::SpamAssassin::Conf;
use strict;
use warnings;
# use bytes;
use re 'taint';
use Mail::SpamAssassin::NetSet;
use Mail::SpamAssassin::Constants qw(:sa :ip);
use Mail::SpamAssassin::Conf::Parser;
use Mail::SpamAssassin::Logger;
use Mail::SpamAssassin::Util qw(untaint_var idn_to_ascii compile_regexp);
use File::Spec;
our @ISA = qw();
our $COLLECT_REGRESSION_TESTS; # Used only for unit tests.
# odd => eval test. Not constants so they can be shared with Parser
# TODO: move to Constants.pm?
our $TYPE_HEAD_TESTS = 0x0008;
our $TYPE_HEAD_EVALS = 0x0009;
our $TYPE_BODY_TESTS = 0x000a;
our $TYPE_BODY_EVALS = 0x000b;
our $TYPE_FULL_TESTS = 0x000c;
our $TYPE_FULL_EVALS = 0x000d;
our $TYPE_RAWBODY_TESTS = 0x000e;
our $TYPE_RAWBODY_EVALS = 0x000f;
our $TYPE_URI_TESTS = 0x0010;
our $TYPE_URI_EVALS = 0x0011;
our $TYPE_META_TESTS = 0x0012;
our $TYPE_RBL_EVALS = 0x0013;
our $TYPE_EMPTY_TESTS = 0x0014;
my @rule_types = ("body_tests", "uri_tests", "uri_evals",
"head_tests", "head_evals", "body_evals", "full_tests",
"full_evals", "rawbody_tests", "rawbody_evals",
"rbl_evals", "meta_tests");
# Map internal ruletype to descriptive ruletype string
our %TYPE_AS_STRING = (
$TYPE_HEAD_TESTS => 'header',
$TYPE_HEAD_EVALS => 'header',
$TYPE_BODY_TESTS => 'body',
$TYPE_BODY_EVALS => 'body',
$TYPE_FULL_TESTS => 'full',
$TYPE_FULL_EVALS => 'full',
$TYPE_RAWBODY_TESTS => 'rawbody',
$TYPE_RAWBODY_EVALS => 'rawbody',
$TYPE_URI_TESTS => 'uri',
$TYPE_URI_EVALS => 'uri',
$TYPE_META_TESTS => 'meta',
$TYPE_RBL_EVALS => 'header',
$TYPE_EMPTY_TESTS => 'empty',
);
#Removed $VERSION per BUG 6422
#$VERSION = 'bogus'; # avoid CPAN.pm picking up version strings later
# these are variables instead of constants so that other classes can
# access them; if they're constants, they'd have to go in Constants.pm
# TODO: move to Constants.pm?
our $CONF_TYPE_STRING = 1;
our $CONF_TYPE_BOOL = 2;
our $CONF_TYPE_NUMERIC = 3;
our $CONF_TYPE_HASH_KEY_VALUE = 4;
our $CONF_TYPE_ADDRLIST = 5;
our $CONF_TYPE_TEMPLATE = 6;
our $CONF_TYPE_NOARGS = 7;
our $CONF_TYPE_STRINGLIST = 8;
our $CONF_TYPE_IPADDRLIST = 9;
our $CONF_TYPE_DURATION = 10;
our $MISSING_REQUIRED_VALUE = '-99999999999999'; # string expected by parser
our $INVALID_VALUE = '-99999999999998';
our $INVALID_HEADER_FIELD_NAME = '-99999999999997';
# set to "1" by the test suite code, to record regression tests
# $Mail::SpamAssassin::Conf::COLLECT_REGRESSION_TESTS = 1;
# search for "sub new {" to find the start of the code
###########################################################################
sub set_default_commands {
my($self) = @_;
# see "perldoc Mail::SpamAssassin::Conf::Parser" for details on this fmt.
# push each config item like this, to avoid a POD bug; it can't just accept
# ( { ... }, { ... }, { ...} ) otherwise POD parsing dies.
my @cmds;
=head2 SCORING OPTIONS
=over 4
=item required_score n.nn (default: 5)
Set the score required before a mail is considered spam. C<n.nn> can
be an integer or a real number. 5.0 is the default setting, and is
quite aggressive; it would be suitable for a single-user setup, but if
you're an ISP installing SpamAssassin, you should probably set the
default to be more conservative, like 8.0 or 10.0. It is not
recommended to automatically delete or discard messages marked as
spam, as your users B<will> complain, but if you choose to do so, only
delete messages with an exceptionally high score such as 15.0 or
higher. This option was previously known as C<required_hits> and that
name is still accepted, but is deprecated.
=cut
push (@cmds, {
setting => 'required_score',
aliases => ['required_hits'], # backward compatible
default => 5,
type => $CONF_TYPE_NUMERIC,
});
=item score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]
Assign scores (the number of points for a hit) to a given test.
Scores can be positive or negative real numbers or integers.
C<SYMBOLIC_TEST_NAME> is the symbolic name used by SpamAssassin for
that test; for example, 'FROM_ENDS_IN_NUMS'.
If only one valid score is listed, then that score is always used
for a test.
If four valid scores are listed, then the score that is used depends
on how SpamAssassin is being used. The first score is used when
both Bayes and network tests are disabled (score set 0). The second
score is used when Bayes is disabled, but network tests are enabled
(score set 1). The third score is used when Bayes is enabled and
network tests are disabled (score set 2). The fourth score is used
when Bayes is enabled and network tests are enabled (score set 3).
Setting a rule's score to 0 will disable that rule from running.
If any of the score values are surrounded by parenthesis '()', then
all of the scores in the line are considered to be relative to the
already set score. ie: '(3)' means increase the score for this
rule by 3 points in all score sets. '(3) (0) (3) (0)' means increase
the score for this rule by 3 in score sets 0 and 2 only.
If no score is given for a test by the end of the configuration,
a default score is assigned: a score of 1.0 is used for all tests,
except those whose names begin with 'T_' (this is used to indicate a
rule in testing) which receive 0.01.
Note that test names which begin with '__' are indirect rules used
to compose meta-match rules and can also act as prerequisites to
other rules. They are not scored or listed in the 'tests hit'
reports, but assigning a score of 0 to an indirect rule will disable
it from running.
=cut
push (@cmds, {
setting => 'score',
code => sub {
my ($self, $key, $value, $line) = @_;
my($rule, @scores) = split(/\s+/, $value);
unless (defined $value && $value !~ /^$/ &&
(scalar @scores == 1 || scalar @scores == 4)) {
info("config: score: requires a symbolic rule name and 1 or 4 scores");
return $MISSING_REQUIRED_VALUE;
}
# Figure out if we're doing relative scores, remove the parens if we are
my $relative = 0;
foreach (@scores) {
local ($1);
if (s/^\((-?\d+(?:\.\d+)?)\)$/$1/) {
$relative = 1;
}
unless (/^-?\d+(?:\.\d+)?$/) {
info("config: score: the non-numeric score ($_) is not valid, " .
"a numeric score is required");
return $INVALID_VALUE;
}
}
if ($relative && !exists $self->{scoreset}->[0]->{$rule}) {
info("config: score: relative score without previous setting in " .
"configuration");
return $INVALID_VALUE;
}
# If we're only passed 1 score, copy it to the other scoresets
if (@scores) {
if (@scores != 4) {
@scores = ( $scores[0], $scores[0], $scores[0], $scores[0] );
}
# Set the actual scoreset values appropriately
for my $index (0..3) {
my $score = $relative ?
$self->{scoreset}->[$index]->{$rule} + $scores[$index] :
$scores[$index];
$self->{scoreset}->[$index]->{$rule} = $score + 0.0;
}
}
}
});
=back
=head2 WHITELIST AND BLACKLIST OPTIONS
=over 4
=item welcomelist_from user@example.com
Previously whitelist_from which will work interchangeably until 4.1.
Used to whitelist sender addresses which send mail that is often tagged
(incorrectly) as spam.
Use of this setting is not recommended, since it blindly trusts the message,
which is routinely and easily forged by spammers and phish senders. The
recommended solution is to instead use C<welcomelist_auth> or other authenticated
whitelisting methods, or C<welcomelist_from_rcvd>.
Whitelist and blacklist addresses are now file-glob-style patterns, so
C<friend@somewhere.com>, C<*@isp.com>, or C<*.domain.net> will all work.
Specifically, C<*> and C<?> are allowed, but all other metacharacters
are not. Regular expressions are not used for security reasons.
Matching is case-insensitive.
Multiple addresses per line, separated by spaces, is OK. Multiple
C<welcomelist_from> lines are also OK.
The headers checked for whitelist addresses are as follows: if C<Resent-From>
is set, use that; otherwise check all addresses taken from the following
set of headers:
Envelope-Sender
Resent-Sender
X-Envelope-From
From
In addition, the "envelope sender" data, taken from the SMTP envelope data
where this is available, is looked up. See C<envelope_sender_header>.
e.g.
welcomelist_from joe@example.com fred@example.com
welcomelist_from *@example.com
=cut
push (@cmds, {
setting => 'welcomelist_from',
type => $CONF_TYPE_ADDRLIST,
aliases => ['whitelist_from'], # backward compatible - to be removed for 4.1
});
=item unwhitelist_from user@example.com
Used to remove a default welcomelist_from (previously whitelist_from) entry, so for example a distribution
welcomelist_from can be overridden in a local.cf file, or an individual user can
override a welcomelist_from entry in their own C<user_prefs> file.
The specified email address has to match exactly (although case-insensitively)
the address previously used in a welcomelist_from line, which implies that a
wildcard only matches literally the same wildcard (not 'any' address).
e.g.
unwhitelist_from joe@example.com fred@example.com
unwhitelist_from *@example.com
=cut
push (@cmds, {
command => 'unwhitelist_from',
setting => 'welcomelist_from',
type => $CONF_TYPE_ADDRLIST,
code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
});
=item welcomelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
Previously whitelist_from_rcvd which will work interchangeably until 4.1.
Works similarly to welcomelist_from (previously whitelist_from), except that in addition to matching
a sender address, a relay's rDNS name or its IP address must match too
for the whitelisting rule to fire. The first parameter is a sender's e-mail
address to whitelist, and the second is a string to match the relay's rDNS,
or its IP address. Matching is case-insensitive.
This second parameter is matched against a TCP-info information field as
provided in a FROM clause of a trace information (i.e. in a Received header
field, see RFC 5321). Only the Received header fields inserted by trusted
hosts are considered. This parameter can either be a full hostname, or a
domain component of that hostname, or an IP address (optionally followed
by a slash and a prefix length) in square brackets. The address prefix
(mask) length with a slash may stand within brackets along with an address,
or may follow the bracketed address. Reverse DNS lookup is done by an MTA,
not by SpamAssassin.
For backward compatibility as an alternative to a CIDR notation, an IPv4
address in brackets may be truncated on classful boundaries to cover whole
subnets, e.g. C<[10.1.2.3]>, C<[10.1.2]>, C<[10.1]>, C<[10]>.
In other words, if the host that connected to your MX had an IP address
192.0.2.123 that mapped to 'sendinghost.example.org', you should specify
C<sendinghost.example.org>, or C<example.org>, or C<[192.0.2.123]>, or
C<[192.0.2.0/24]>, or C<[192.0.2]> here.
Note that this requires that C<internal_networks> be correct. For simple
cases, it will be, but for a complex network you may get better results
by setting that parameter.
It also requires that your mail exchangers be configured to perform DNS
reverse lookups on the connecting host's IP address, and to record the
result in the generated Received header field according to RFC 5321.
e.g.
welcomelist_from_rcvd joe@example.com example.com
welcomelist_from_rcvd *@* mail.example.org
welcomelist_from_rcvd *@axkit.org [192.0.2.123]
welcomelist_from_rcvd *@axkit.org [192.0.2.0/24]
welcomelist_from_rcvd *@axkit.org [192.0.2.0]/24
welcomelist_from_rcvd *@axkit.org [2001:db8:1234::/48]
welcomelist_from_rcvd *@axkit.org [2001:db8:1234::]/48
=item def_welcomelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
Previously def_whitelist_from_rcvd which will work interchangeably until 4.1.
Same as C<welcomelist_from_rcvd>, but used for the default welcomelist entries
in the SpamAssassin distribution. The welcomelist score is lower, because
these are often targets for spammer spoofing.
=cut
push (@cmds, {
setting => 'welcomelist_from_rcvd',
aliases => ['whitelist_from_rcvd'], # backward compatible - to be removed for 4.1
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
unless (defined $value && $value !~ /^$/) {
return $MISSING_REQUIRED_VALUE;
}
unless ($value =~ /^\S+\s+\S+$/) {
return $INVALID_VALUE;
}
$self->{parser}->add_to_addrlist_rcvd ('welcomelist_from_rcvd',
split(/\s+/, $value));
}
});
push (@cmds, {
setting => 'def_welcomelist_from_rcvd',
aliases => ['def_whitelist_from_rcvd'],
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
unless (defined $value && $value !~ /^$/) {
return $MISSING_REQUIRED_VALUE;
}
unless ($value =~ /^\S+\s+\S+$/) {
return $INVALID_VALUE;
}
$self->{parser}->add_to_addrlist_rcvd ('def_welcomelist_from_rcvd',
split(/\s+/, $value));
}
});
=item whitelist_allows_relays user@example.com
Specify addresses which are in C<welcomelist_from_rcvd> that sometimes
send through a mail relay other than the listed ones. By default mail
with a From address that is in C<welcomelist_from_rcvd> that does not match
the relay will trigger a forgery rule. Including the address in
C<whitelist_allows_relay> prevents that.
Whitelist and blacklist addresses are now file-glob-style patterns, so
C<friend@somewhere.com>, C<*@isp.com>, or C<*.domain.net> will all work.
Specifically, C<*> and C<?> are allowed, but all other metacharacters
are not. Regular expressions are not used for security reasons.
Matching is case-insensitive.
Multiple addresses per line, separated by spaces, is OK. Multiple
C<whitelist_allows_relays> lines are also OK.
The specified email address does not have to match exactly the address
previously used in a welcomelist_from_rcvd line as it is compared to the
address in the header.
e.g.
whitelist_allows_relays joe@example.com fred@example.com
whitelist_allows_relays *@example.com
=cut
push (@cmds, {
setting => 'whitelist_allows_relays',
type => $CONF_TYPE_ADDRLIST,
});
=item unwelcomelist_from_rcvd user@example.com
Previously unwhitelist_from_rcvd which will work interchangeably until 4.1.
Used to remove a default welcomelist_from_rcvd (previously whitelist_from_rcvd) or def_welcomelist_from_rcvd (previously def_whitelist_from_rcvd)
entry, so for example a distribution welcomelist_from_rcvd can be overridden
in a local.cf file, or an individual user can override a welcomelist_from_rcvd
entry in their own C<user_prefs> file.
The specified email address has to match exactly the address previously
used in a welcomelist_from_rcvd line.
e.g.
unwelcomelist_from_rcvd joe@example.com fred@example.com
unwelcomelist_from_rcvd *@axkit.org
=cut
push (@cmds, {
setting => 'unwelcomelist_from_rcvd',
aliases => ['unwhitelist_from_rcvd'],
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
unless (defined $value && $value !~ /^$/) {
return $MISSING_REQUIRED_VALUE;
}
unless ($value =~ /^(?:\S+(?:\s+\S+)*)$/) {
return $INVALID_VALUE;
}
$self->{parser}->remove_from_addrlist_rcvd('welcomelist_from_rcvd',
split (/\s+/, $value));
$self->{parser}->remove_from_addrlist_rcvd('def_welcomelist_from_rcvd',
split (/\s+/, $value));
}
});
=item blacklist_from user@example.com
Used to specify addresses which send mail that is often tagged (incorrectly) as
non-spam, but which the user doesn't want. Same format as C<welcomelist_from>.
=cut
push (@cmds, {
setting => 'blacklist_from',
type => $CONF_TYPE_ADDRLIST,
});
=item unblacklist_from user@example.com
Used to remove a default blacklist_from entry, so for example a
distribution blacklist_from can be overridden in a local.cf file, or
an individual user can override a blacklist_from entry in their own
C<user_prefs> file. The specified email address has to match exactly
the address previously used in a blacklist_from line.
e.g.
unblacklist_from joe@example.com fred@example.com
unblacklist_from *@spammer.com
=cut
push (@cmds, {
command => 'unblacklist_from',
setting => 'blacklist_from',
type => $CONF_TYPE_ADDRLIST,
code => \&Mail::SpamAssassin::Conf::Parser::remove_addrlist_value
});
=item welcomelist_to user@example.com
Previously whitelist_to which will work interchangeably until 4.1.
If the given address appears as a recipient in the message headers
(Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
be listed as allowed. Useful if you're deploying SpamAssassin system-wide,
and don't want some users to have their mail filtered. Same format
as C<welcomelist_from>.
There are three levels of To-welcomelisting, C<welcomelist_to>, C<more_spam_to>
and C<all_spam_to>. Users in the first level may still get some spammish
mails blocked, but users in C<all_spam_to> should never get mail blocked.
The headers checked for welcomelist addresses are as follows: if C<Resent-To> or
C<Resent-Cc> are set, use those; otherwise check all addresses taken from the
following set of headers:
To
Cc
Apparently-To
Delivered-To
Envelope-Recipients
Apparently-Resent-To
X-Envelope-To
Envelope-To
X-Delivered-To
X-Original-To
X-Rcpt-To
X-Real-To
=item more_spam_to user@example.com
See above.
=item all_spam_to user@example.com
See above.
=cut
push (@cmds, {
setting => 'welcomelist_to',
type => $CONF_TYPE_ADDRLIST,
aliases => ['whitelist_to'], # backward compatible - to be removed for 4.1
});
push (@cmds, {
setting => 'more_spam_to',
type => $CONF_TYPE_ADDRLIST,
});
push (@cmds, {
setting => 'all_spam_to',
type => $CONF_TYPE_ADDRLIST,
});
=item blacklist_to user@example.com
If the given address appears as a recipient in the message headers
(Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will
be blacklisted. Same format as C<blacklist_from>.
=cut
push (@cmds, {
setting => 'blacklist_to',
type => $CONF_TYPE_ADDRLIST,
});
=item welcomelist_auth user@example.com
Previously whitelist_auth which will work interchangeably until 4.1.
Used to specify addresses which send mail that is often tagged (incorrectly) as
spam. This is different from C<welcomelist_from> and C<welcomelist_from_rcvd> in
that it first verifies that the message was sent by an authorized sender for
the address, before whitelisting.
Authorization is performed using one of the installed sender-authorization
schemes: SPF (using C<Mail::SpamAssassin::Plugin::SPF>), or DKIM (using
C<Mail::SpamAssassin::Plugin::DKIM>). Note that those plugins must be active,
and working, for this to operate.
Using C<welcomelist_auth> is roughly equivalent to specifying duplicate
C<whitelist_from_spf>, C<whitelist_from_dk>, and C<whitelist_from_dkim> lines
for each of the addresses specified.
e.g.
welcomelist_auth joe@example.com fred@example.com
welcomelist_auth *@example.com
=item def_welcomelist_auth user@example.com
Previously def_whitelist_auth which will work interchangeably until 4.1.
Same as C<welcomelist_auth>, but used for the default welcomelist entries
in the SpamAssassin distribution. The welcomelist score is lower, because
these are often targets for spammer spoofing.
=cut
push (@cmds, {
setting => 'welcomelist_auth',
aliases => ['whitelist_auth'], # backward compatible - to be removed for 4.1
type => $CONF_TYPE_ADDRLIST,
});
push (@cmds, {
setting => 'def_welcomelist_auth',
aliases => ['def_whitelist_auth'], # backward compatible - to be removed for 4.1
type => $CONF_TYPE_ADDRLIST,
});
=item unwhitelist_auth user@example.com
Previously unwhitelist_auth which will work interchangeably until 4.1.
Used to remove a C<welcomelist_auth> or C<def_welcomelist_auth> entry. The
specified email address has to match exactly the address previously used.
e.g.
unwelcomelist_auth joe@example.com fred@example.com
unwelcomelist_auth *@example.com
=cut
push (@cmds, {
setting => 'unwelcomelist_auth',
aliases => ['unwhitelist_auth'],
type => $CONF_TYPE_ADDRLIST,
code => sub {
my ($self, $key, $value, $line) = @_;
unless (defined $value && $value !~ /^$/) {
return $MISSING_REQUIRED_VALUE;
}
unless ($value =~ /^(?:\S+(?:\s+\S+)*)$/) {
return $INVALID_VALUE;
}
$self->{parser}->remove_from_addrlist('welcomelist_auth',
split (/\s+/, $value));
$self->{parser}->remove_from_addrlist('def_welcomelist_auth',
split (/\s+/, $value));
}
});
=item enlist_uri_host (listname) host ...
Adds one or more host names or domain names to a named list of URI domains.
The named list can then be consulted through a check_uri_host_listed()
eval rule implemented by the WLBLEval plugin, which takes the list name as
an argument. Parenthesis around a list name are literal - a required syntax.
Host names may optionally be prefixed by an exclamation mark '!', which
produces false as a result if this entry matches. This makes it easier
to exclude some subdomains when their superdomain is listed, for example:
enlist_uri_host (MYLIST) !sub1.example.com !sub2.example.com example.com
No wildcards are supported, but subdomains do match implicitly. Lists
are independent. Search for each named list starts by looking up the
full hostname first, then leading fields are progressively stripped off
(e.g.: sub.example.com, example.com, com) until a match is found or we run
out of fields. The first matching entry (the most specific) determines if a
lookup yielded a true (no '!' prefix) or a false (with a '!' prefix) result.
If an URL found in a message contains an IP address in place of a host name,
the given list must specify the exact same IP address (instead of a host name)
in order to match.
Use the delist_uri_host directive to neutralize previous enlist_uri_host
settings.
Enlisting to lists named 'BLACK' and 'WHITE' have their shorthand directives
blacklist_uri_host and whitelist_uri_host and corresponding default rules,
but the names 'BLACK' and 'WHITE' are otherwise not special or reserved.
=cut
push (@cmds, {
command => 'enlist_uri_host',
setting => 'uri_host_lists',
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my($conf, $key, $value, $line) = @_;
local($1,$2);
if ($value !~ /^ \( (.+?) \) \s+ (.+) \z/sx) {
return $MISSING_REQUIRED_VALUE;
}
my $listname = $1; # corresponds to arg in check_uri_host_in_wblist()
# note: must not factor out dereferencing, as otherwise
# subhashes would spring up in a copy and be lost
foreach my $host ( split(/\s+/, lc $2) ) {
my $v = $host =~ s/^!// ? 0 : 1;
$conf->{uri_host_lists}{$listname}{$host} = $v;
}
}
});
=item delist_uri_host [ (listname) ] host ...
Removes one or more specified host names from a named list of URI domains.
Removing an unlisted name is ignored (is not an error). Listname is optional,
if specified then just the named list is affected, otherwise hosts are
removed from all URI host lists created so far. Parenthesis around a list
name are a required syntax.
Note that directives in configuration files are processed in sequence,
the delist_uri_host only applies to previously listed entries and has
no effect on enlisted entries in yet-to-be-processed directives.
For convenience (similarity to the enlist_uri_host directive) hostnames
may be prefixed by a an exclamation mark, which is stripped off from each
name and has no meaning here.
=cut
push (@cmds, {
command => 'delist_uri_host',
setting => 'uri_host_lists',
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my($conf, $key, $value, $line) = @_;
local($1,$2);
if ($value !~ /^ (?: \( (.+?) \) \s+ )? (.+) \z/sx) {
return $MISSING_REQUIRED_VALUE;
}
my @listnames = defined $1 ? $1 : keys %{$conf->{uri_host_lists}};
my @args = split(/\s+/, lc $2);
foreach my $listname (@listnames) {
foreach my $host (@args) {
my $v = $host =~ s/^!// ? 0 : 1;
delete $conf->{uri_host_lists}{$listname}{$host};
}
}
}
});
=item enlist_addrlist (listname) user@example.com
Adds one or more addresses to a named list of addresses.
The named list can then be consulted through a check_from_in_list() or a
check_to_in_list() eval rule implemented by the WLBLEval plugin, which takes
the list name as an argument. Parenthesis around a list name are literal - a
required syntax.
Listed addresses are file-glob-style patterns, so C<friend@somewhere.com>,
C<*@isp.com>, or C<*.domain.net> will all work.
Specifically, C<*> and C<?> are allowed, but all other metacharacters
are not. Regular expressions are not used for security reasons.
Matching is case-insensitive.
Multiple addresses per line, separated by spaces, is OK. Multiple
C<enlist_addrlist> lines are also OK.
Enlisting an address to the list named blacklist_to is synonymous to using the
directive blacklist_to
Enlisting an address to the list named blacklist_from is synonymous to using the
directive blacklist_from
Enlisting an address to the list named welcomelist_to is synonymous to using the
directive welcomelist_to
Enlisting an address to the list named welcomelist_from (previously whitelist_from) is synonymous to using the
directive welcomelist_from
e.g.
enlist_addrlist (PAYPAL_ADDRESS) service@paypal.com
enlist_addrlist (PAYPAL_ADDRESS) *@paypal.co.uk
=cut
push (@cmds, {
setting => 'enlist_addrlist',
type => $CONF_TYPE_ADDRLIST,
code => sub {
my($conf, $key, $value, $line) = @_;
local($1,$2);
if ($value !~ /^ \( (.+?) \) \s+ (.+) \z/sx) {
return $MISSING_REQUIRED_VALUE;
}
my $listname = $1; # corresponds to arg in check_uri_host_in_wblist()
# note: must not factor out dereferencing, as otherwise
# subhashes would spring up in a copy and be lost
$conf->{parser}->add_to_addrlist ($listname, split(/\s+/, $value));
}
});
=item blacklist_uri_host host-or-domain ...
Is a shorthand for a directive: enlist_uri_host (BLACK) host ...
Please see directives enlist_uri_host and delist_uri_host for details.
=cut
push (@cmds, {
command => 'blacklist_uri_host',
setting => 'uri_host_lists',
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my($conf, $key, $value, $line) = @_;
foreach my $host ( split(/\s+/, lc $value) ) {
my $v = $host =~ s/^!// ? 0 : 1;
$conf->{uri_host_lists}{'BLACK'}{$host} = $v;
}
}
});
=item whitelist_uri_host host-or-domain ...
Is a shorthand for a directive: enlist_uri_host (BLACK) host ...
Please see directives enlist_uri_host and delist_uri_host for details.
=cut
push (@cmds, {
command => 'whitelist_uri_host',
setting => 'uri_host_lists',
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my($conf, $key, $value, $line) = @_;
foreach my $host ( split(/\s+/, lc $value) ) {
my $v = $host =~ s/^!// ? 0 : 1;
$conf->{uri_host_lists}{'WHITE'}{$host} = $v;
}
}
});
=back
=head2 BASIC MESSAGE TAGGING OPTIONS
=over 4
=item rewrite_header { subject | from | to } STRING
By default, suspected spam messages will not have the C<Subject>,
C<From> or C<To> lines tagged to indicate spam. By setting this option,
the header will be tagged with C<STRING> to indicate that a message is
spam. For the From or To headers, this will take the form of an RFC 2822
comment following the address in parentheses. For the Subject header,
this will be prepended to the original subject. Note that you should
only use the _REQD_ and _SCORE_ tags when rewriting the Subject header
if C<report_safe> is 0. Otherwise, you may not be able to remove
the SpamAssassin markup via the normal methods. More information
about tags is explained below in the B<TEMPLATE TAGS> section.
Parentheses are not permitted in STRING if rewriting the From or To headers.
(They will be converted to square brackets.)
If C<rewrite_header subject> is used, but the message being rewritten
does not already contain a C<Subject> header, one will be created.
A null value for C<STRING> will remove any existing rewrite for the specified
header.
=cut
push (@cmds, {
setting => 'rewrite_header',
type => $CONF_TYPE_HASH_KEY_VALUE,
code => sub {
my ($self, $key, $value, $line) = @_;
my($hdr, $string) = split(/\s+/, $value, 2);
$hdr = ucfirst(lc($hdr));
if ($hdr =~ /^$/) {
return $MISSING_REQUIRED_VALUE;
}
# We only deal with From, Subject, and To ...
elsif ($hdr =~ /^(?:From|Subject|To)$/) {
unless (defined $string && $string =~ /\S/) {
delete $self->{rewrite_header}->{$hdr};
return;
}
if ($hdr ne 'Subject') {
$string =~ tr/()/[]/;
}
$self->{rewrite_header}->{$hdr} = $string;
return;
}
else {
# if we get here, note the issue, then we'll fail through for an error.
info("config: rewrite_header: ignoring $hdr, not From, Subject, or To");
return $INVALID_VALUE;
}
}
});
=item subjprefix
Add a prefix in emails Subject if a rule is matched.
To enable this option "rewrite_header Subject" config
option must be enabled as well.
The check C<if can(Mail::SpamAssassin::Conf::feature_subjprefix)>
should be used to silence warnings in previous
SpamAssassin versions.
To be able to use this feature a C<add_header all Subjprefix _SUBJPREFIX_>
configuration line could be needed when the glue between the MTA and SpamAssassin
rewrites the email content.
Here is an example on how to use this feature:
rewrite_header Subject *****SPAM*****
add_header all Subjprefix _SUBJPREFIX_
body OLEMACRO_MALICE eval:check_olemacro_malice()
describe OLEMACRO_MALICE Dangerous Office Macro
score OLEMACRO_MALICE 5.0
if can(Mail::SpamAssassin::Conf::feature_subjprefix)
subjprefix OLEMACRO_MALICE [VIRUS]
endif
=cut
push (@cmds, {
command => 'subjprefix',
setting => 'subjprefix',
is_frequent => 1,
type => $CONF_TYPE_HASH_KEY_VALUE,
});
=item add_header { spam | ham | all } header_name string
Customized headers can be added to the specified type of messages (spam,
ham, or "all" to add to either). All headers begin with C<X-Spam->
(so a C<header_name> Foo will generate a header called X-Spam-Foo).
header_name is restricted to the character set [A-Za-z0-9_-].
The order of C<add_header> configuration options is preserved, inserted
headers will follow this order of declarations. When combining C<add_header>
with C<clear_headers> and C<remove_header>, keep in mind that C<add_header>
appends a new header to the current list, after first removing any existing
header fields of the same name. Note also that C<add_header>, C<clear_headers>
and C<remove_header> may appear in multiple .cf files, which are interpreted