Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,177 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#REQUIREMENT">REQUIREMENT</a></li>
+ <li><a href="#USER-PREFERENCES">USER PREFERENCES</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::OLEVBMacro - search attached documents for evidence of containing an OLE Macro</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+
+ ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+ body OLEMACRO eval:check_olemacro()
+ describe OLEMACRO Attachment has an Office Macro
+
+ body OLEMACRO_MALICE eval:check_olemacro_malice()
+ describe OLEMACRO_MALICE Potentially malicious Office Macro
+
+ body OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
+ describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted
+
+ body OLEMACRO_RENAME eval:check_olemacro_renamed()
+ describe OLEMACRO_RENAME Has an Office doc that has been renamed
+
+ body OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
+ describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip
+
+ body OLEMACRO_CSV eval:check_olemacro_csv()
+ describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin detects OLE Macro inside documents attached to emails. It can detect documents inside zip files as well as encrypted documents.</p>
+
+<h1 id="REQUIREMENT">REQUIREMENT</h1>
+
+<p>This plugin requires Archive::Zip and IO::String perl modules.</p>
+
+<h1 id="USER-PREFERENCES">USER PREFERENCES</h1>
+
+<p>The following options can be used in both site-wide (<code>local.cf</code>) and user-specific (<code>user_prefs</code>) configuration files to customize how the module handles attached documents</p>
+
+<dl>
+
+<dt id="olemacro_num_mime-default:-5">olemacro_num_mime (default: 5)</dt>
+<dd>
+
+<p>Configure the maximum number of matching MIME parts the plugin will scan</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_num_zip-default:-8">olemacro_num_zip (default: 8)</dt>
+<dd>
+
+<p>Configure the maximum number of matching zip members the plugin will scan</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_zip_depth-default:-2">olemacro_zip_depth (default: 2)</dt>
+<dd>
+
+<p>Depth to recurse within Zip files</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_extended_scan-0-1-default:-0">olemacro_extended_scan ( 0 | 1 ) (default: 0)</dt>
+<dd>
+
+<p>Scan more files for potential macros, the <code>olemacro_skip_exts</code> parameter will still be honored. This parameter is off by default, this option is needed only to run <code>eval:check_olemacro_renamed</code> rule. If this is turned on consider adjusting values for <code>olemacro_num_mime</code> and <code>olemacro_num_zip</code> and prepare for more CPU overhead</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_prefer_contentdisposition-0-1-default:-1">olemacro_prefer_contentdisposition ( 0 | 1 ) (default: 1)</dt>
+<dd>
+
+<p>Choose if the content-disposition header filename be preferred if ambiguity is encountered whilst trying to get filename</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_max_file-default:-1024000">olemacro_max_file (default: 1024000)</dt>
+<dd>
+
+<p>Configure the largest file that the plugin will decode from the MIME objects</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_exts-default:-:doc-docx-dot-pot-ppa-pps-ppt-rtf-sldm-xl-xla-xls-xlsx-xlt-xltx-xslb">olemacro_exts (default: (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure the extensions the plugin targets for macro scanning</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_macro_exts-default:-:docm-dotm-ppam-potm-ppst-ppsm-pptm-sldm-xlm-xlam-xlsb-xlsm-xltm-xltx-xps">olemacro_macro_exts (default: (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|xps)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure the extensions the plugin treats as containing a macro</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_skip_exts-default:-:dotx-potx-ppsx-pptx-sldx-xltx">olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure extensions for the plugin to skip entirely, these should only be guaranteed macro free files</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_skip_ctypes-default:-:text">olemacro_skip_ctypes (default: ^(?:text\/))</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure content types for the plugin to skip entirely, these should only be guaranteed macro free</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_zips-default:-:zip">olemacro_zips (default: (?:zip)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure extensions for the plugin to target as zip files, files listed in configs above are also tested for zip</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,93 @@
+NAME
+ Mail::SpamAssassin::Plugin::OLEVBMacro - search attached documents for
+ evidence of containing an OLE Macro
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+
+ ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+ body OLEMACRO eval:check_olemacro()
+ describe OLEMACRO Attachment has an Office Macro
+
+ body OLEMACRO_MALICE eval:check_olemacro_malice()
+ describe OLEMACRO_MALICE Potentially malicious Office Macro
+
+ body OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
+ describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted
+
+ body OLEMACRO_RENAME eval:check_olemacro_renamed()
+ describe OLEMACRO_RENAME Has an Office doc that has been renamed
+
+ body OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
+ describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip
+
+ body OLEMACRO_CSV eval:check_olemacro_csv()
+ describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected
+ endif
+
+DESCRIPTION
+ This plugin detects OLE Macro inside documents attached to emails. It
+ can detect documents inside zip files as well as encrypted documents.
+
+REQUIREMENT
+ This plugin requires Archive::Zip and IO::String perl modules.
+
+USER PREFERENCES
+ The following options can be used in both site-wide ("local.cf") and
+ user-specific ("user_prefs") configuration files to customize how the
+ module handles attached documents
+
+ olemacro_num_mime (default: 5)
+ Configure the maximum number of matching MIME parts the plugin will
+ scan
+
+ olemacro_num_zip (default: 8)
+ Configure the maximum number of matching zip members the plugin will
+ scan
+
+ olemacro_zip_depth (default: 2)
+ Depth to recurse within Zip files
+
+ olemacro_extended_scan ( 0 | 1 ) (default: 0)
+ Scan more files for potential macros, the "olemacro_skip_exts"
+ parameter will still be honored. This parameter is off by default,
+ this option is needed only to run "eval:check_olemacro_renamed"
+ rule. If this is turned on consider adjusting values for
+ "olemacro_num_mime" and "olemacro_num_zip" and prepare for more CPU
+ overhead
+
+ olemacro_prefer_contentdisposition ( 0 | 1 ) (default: 1)
+ Choose if the content-disposition header filename be preferred if
+ ambiguity is encountered whilst trying to get filename
+
+ olemacro_max_file (default: 1024000)
+ Configure the largest file that the plugin will decode from the MIME
+ objects
+
+ olemacro_exts (default:
+ (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$
+ )
+ Set the case-insensitive regexp used to configure the extensions the
+ plugin targets for macro scanning
+
+ olemacro_macro_exts (default:
+ (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|
+ xps)$)
+ Set the case-insensitive regexp used to configure the extensions the
+ plugin treats as containing a macro
+
+ olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$)
+ Set the case-insensitive regexp used to configure extensions for the
+ plugin to skip entirely, these should only be guaranteed macro free
+ files
+
+ olemacro_skip_ctypes (default: ^(?:text\/))
+ Set the case-insensitive regexp used to configure content types for
+ the plugin to skip entirely, these should only be guaranteed macro
+ free
+
+ olemacro_zips (default: (?:zip)$)
+ Set the case-insensitive regexp used to configure extensions for the
+ plugin to target as zip files, files listed in configs above are
+ also tested for zip
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,27 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::OneLineBodyRuleType - spamassassin body test plugin</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,4 @@
+NAME
+ Mail::SpamAssassin::Plugin::OneLineBodyRuleType - spamassassin body test
+ plugin
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,146 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::PDFInfo - PDFInfo Plugin for SpamAssassin</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::PDFInfo</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin helps detected spam using attached PDF files</p>
+
+<dl>
+
+<dt id="See-Usage:-below---more-documentation-see-20_pdfinfo.cf">See "Usage:" below - more documentation see 20_pdfinfo.cf</dt>
+<dd>
+
+<pre><code> Original info kept for history. For later changes see SVN repo
+ -------------------------------------------------------
+ PDFInfo Plugin for SpamAssassin
+ Version: 0.8
+ Info: $Id: PDFInfo.pm 904 2007-08-12 01:36:23Z root $
+ Created: 2007-08-10
+ Modified: 2007-08-10
+ By: Dallas Engelken
+
+ Changes:
+ 0.8 - added .fdf detection (thanks John Lundin) [axb]
+ 0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
+ 0.6 - added support for tags - PDFCOUNT, PDFVERSION, PDFPRODUCER, etc.
+ - fixed issue on perl 5.6.1 where pdf_match_details() failed to call
+ _find_pdf_mime_parts(), resulting in no detection of pdf mime parts.
+ - quoted-printable support - requires MIME::QuotedPrint (which should be in everyones
+ install as a part of the MIME-Base64 package which is a SA req)
+ - added simple pdf_is_empty_body() function with counts the body bytes minus the
+ subject line. can add optional <bytes> param if you need to allow for a few bytes.
+ 0.5 - fix warns for undef $pdf_tags
+ - remove { } and \ before running eval in pdf_match_details to avoid eval error
+ 0.4 - added pdf_is_encrypted() function
+ - added option to look for image HxW on same line
+ 0.3 - added 2nd fuzzy md5 which uses pdf tag layout as data
+ - renamed pdf_image_named() to pdf_named()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - renamed pdf_image_name_regex() to pdf_name_regex()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - changed pdf_image_count() a bit and added pdf_count().
+ - pdf_count() checks how many pdf attachments there are on the mail
+ - pdf_image_count() checks how many images are found within all pdfs in the mail.
+ - removed the restriction of the pdf containing an image in order to md5 it.
+ - added pdf_match_details() function to check the following 'details'
+ - author: Author of PDF if specified
+ - producer: Software used to produce PDF
+ - creator: Software used to produce PDF, usually similar to producer
+ - title: Title of PDF
+ - created: Creation Date
+ - modified: Last Modified
+ 0.2 - support PDF octet-stream
+ 0.1 - just ported over the imageinfo code, and renamed to pdfinfo.
+ - removed all support for png, gif, and jpg from the code.
+ - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
+
+ Usage:
+
+ pdf_count()
+
+ body RULENAME eval:pdf_count(<min>,[max])
+ min: required, message contains at least x pdf mime parts
+ max: optional, if specified, must not contain more than x pdf mime parts
+
+ pdf_image_count()
+
+ body RULENAME eval:pdf_image_count(<min>,[max])
+ min: required, message contains at least x images in pdf attachments.
+ max: optional, if specified, must not contain more than x pdf images
+
+ pdf_pixel_coverage()
+
+ body RULENAME eval:pdf_pixel_coverage(<min>,[max])
+ min: required, message contains at least this much pixel area
+ max: optional, if specified, message must not contain more than this much pixel area
+
+ pdf_named()
+
+ body RULENAME eval:pdf_named(<string>)
+ string: exact file name match, if you need partial match, see pdf_name_regex()
+
+ pdf_name_regex()
+
+ body RULENAME eval:pdf_name_regex(<regex>)
+ regex: regular expression, see examples in ruleset
+
+ pdf_match_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex
+
+ pdf_match_fuzzy_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex - see ruleset for obtaining the fuzzy md5
+
+ pdf_match_details()
+
+ body RULENAME eval:pdf_match_details(<detail>,<regex>);
+ detail: author, creator, created, modified, producer, title
+ regex: regular expression, see examples in ruleset
+
+ pdf_is_encrypted()
+
+ body RULENAME eval:pdf_is_encrypted()
+
+ pdf_is_empty_body()
+
+ body RULENAME eval:pdf_is_empty_body(<bytes>)
+ bytes: maximum byte count to allow and still consider it empty
+
+ NOTE: See the ruleset for more examples that are not documented here.</code></pre>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,111 @@
+NAME
+ Mail::SpamAssassin::Plugin::PDFInfo - PDFInfo Plugin for SpamAssassin
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::PDFInfo
+
+DESCRIPTION
+ This plugin helps detected spam using attached PDF files
+
+ See "Usage:" below - more documentation see 20_pdfinfo.cf
+ Original info kept for history. For later changes see SVN repo
+ -------------------------------------------------------
+ PDFInfo Plugin for SpamAssassin
+ Version: 0.8
+ Info: $Id: PDFInfo.pm 904 2007-08-12 01:36:23Z root $
+ Created: 2007-08-10
+ Modified: 2007-08-10
+ By: Dallas Engelken
+
+ Changes:
+ 0.8 - added .fdf detection (thanks John Lundin) [axb]
+ 0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
+ 0.6 - added support for tags - PDFCOUNT, PDFVERSION, PDFPRODUCER, etc.
+ - fixed issue on perl 5.6.1 where pdf_match_details() failed to call
+ _find_pdf_mime_parts(), resulting in no detection of pdf mime parts.
+ - quoted-printable support - requires MIME::QuotedPrint (which should be in everyones
+ install as a part of the MIME-Base64 package which is a SA req)
+ - added simple pdf_is_empty_body() function with counts the body bytes minus the
+ subject line. can add optional <bytes> param if you need to allow for a few bytes.
+ 0.5 - fix warns for undef $pdf_tags
+ - remove { } and \ before running eval in pdf_match_details to avoid eval error
+ 0.4 - added pdf_is_encrypted() function
+ - added option to look for image HxW on same line
+ 0.3 - added 2nd fuzzy md5 which uses pdf tag layout as data
+ - renamed pdf_image_named() to pdf_named()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - renamed pdf_image_name_regex() to pdf_name_regex()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - changed pdf_image_count() a bit and added pdf_count().
+ - pdf_count() checks how many pdf attachments there are on the mail
+ - pdf_image_count() checks how many images are found within all pdfs in the mail.
+ - removed the restriction of the pdf containing an image in order to md5 it.
+ - added pdf_match_details() function to check the following 'details'
+ - author: Author of PDF if specified
+ - producer: Software used to produce PDF
+ - creator: Software used to produce PDF, usually similar to producer
+ - title: Title of PDF
+ - created: Creation Date
+ - modified: Last Modified
+ 0.2 - support PDF octet-stream
+ 0.1 - just ported over the imageinfo code, and renamed to pdfinfo.
+ - removed all support for png, gif, and jpg from the code.
+ - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
+
+ Usage:
+
+ pdf_count()
+
+ body RULENAME eval:pdf_count(<min>,[max])
+ min: required, message contains at least x pdf mime parts
+ max: optional, if specified, must not contain more than x pdf mime parts
+
+ pdf_image_count()
+
+ body RULENAME eval:pdf_image_count(<min>,[max])
+ min: required, message contains at least x images in pdf attachments.
+ max: optional, if specified, must not contain more than x pdf images
+
+ pdf_pixel_coverage()
+
+ body RULENAME eval:pdf_pixel_coverage(<min>,[max])
+ min: required, message contains at least this much pixel area
+ max: optional, if specified, message must not contain more than this much pixel area
+
+ pdf_named()
+
+ body RULENAME eval:pdf_named(<string>)
+ string: exact file name match, if you need partial match, see pdf_name_regex()
+
+ pdf_name_regex()
+
+ body RULENAME eval:pdf_name_regex(<regex>)
+ regex: regular expression, see examples in ruleset
+
+ pdf_match_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex
+
+ pdf_match_fuzzy_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex - see ruleset for obtaining the fuzzy md5
+
+ pdf_match_details()
+
+ body RULENAME eval:pdf_match_details(<detail>,<regex>);
+ detail: author, creator, created, modified, producer, title
+ regex: regular expression, see examples in ruleset
+
+ pdf_is_encrypted()
+
+ body RULENAME eval:pdf_is_encrypted()
+
+ pdf_is_empty_body()
+
+ body RULENAME eval:pdf_is_empty_body(<bytes>)
+ bytes: maximum byte count to allow and still consider it empty
+
+ NOTE: See the ruleset for more examples that are not documented here.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,79 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#OPTIONS">OPTIONS</a></li>
+ <li><a href="#DOWNLOAD">DOWNLOAD</a></li>
+ <li><a href="#SEE-ALSO">SEE ALSO</a></li>
+ <li><a href="#AUTHOR">AUTHOR</a></li>
+ <li><a href="#COPYRIGHT-AND-LICENSE">COPYRIGHT AND LICENSE</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>PhishTag - SpamAssassin plugin for redirecting links in incoming emails.</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::PhishTag
+
+ trigger_ratio 0.1
+ trigger_target RULE_NAME http://www.antiphishing.org/consumer_recs.html</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>PhishTag enables administrators to rewrite links in emails that trigger certain tests, preferably anti-phishing blacklist tests. The plugin will inhibit the blocking of a portion of the emails that trigger the test by SpamAssassin, and let them pass to the users' inbox after the rewrite. It is useful in providing training to email users about company policies and general email usage.</p>
+
+<h1 id="OPTIONS">OPTIONS</h1>
+
+<p>The following options can be set by modifying the configuration file.</p>
+
+<ul>
+
+<li><p>trigger_ratio percentage_value</p>
+
+<p>Sets the probability in percentage that a positive test will trigger the email rewrite, e.g. 0.1 will rewrite on the average 1 in 1000 emails that match the trigger.</p>
+
+</li>
+<li><p>trigger_target RULE_NAME http_url</p>
+
+<p>The name of the test which would trigger the email rewrite; all the URLs will be replaced by http_url.</p>
+
+</li>
+</ul>
+
+<h1 id="DOWNLOAD">DOWNLOAD</h1>
+
+<p>The source of this plugin is available at: http://umut.topkara.org/PhishTag/PhishTag.pm a sample configuration file is also available: http://umut.topkara.org/PhishTag/PhishTag.cf</p>
+
+<h1 id="SEE-ALSO">SEE ALSO</h1>
+
+<p>Check the list of tests performed by SpamAssassin to modify the configuration file to match your needs from https://spamassassin.apache.org/tests.html</p>
+
+<h1 id="AUTHOR">AUTHOR</h1>
+
+<p>Umut Topkara, 2008, <umut@topkara.org> http://umut.topkara.org</p>
+
+<h1 id="COPYRIGHT-AND-LICENSE">COPYRIGHT AND LICENSE</h1>
+
+<p>This plugin is free software; you can redistribute it and/or modify it under the same terms as SpamAssassin itself, either version 3.2.4 or, at your option, any later version of SpamAssassin you may have available.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,49 @@
+NAME
+ PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::PhishTag
+
+ trigger_ratio 0.1
+ trigger_target RULE_NAME http://www.antiphishing.org/consumer_recs.html
+
+DESCRIPTION
+ PhishTag enables administrators to rewrite links in emails that trigger
+ certain tests, preferably anti-phishing blacklist tests. The plugin will
+ inhibit the blocking of a portion of the emails that trigger the test by
+ SpamAssassin, and let them pass to the users' inbox after the rewrite.
+ It is useful in providing training to email users about company policies
+ and general email usage.
+
+OPTIONS
+ The following options can be set by modifying the configuration file.
+
+ * trigger_ratio percentage_value
+
+ Sets the probability in percentage that a positive test will trigger
+ the email rewrite, e.g. 0.1 will rewrite on the average 1 in 1000
+ emails that match the trigger.
+
+ * trigger_target RULE_NAME http_url
+
+ The name of the test which would trigger the email rewrite; all the
+ URLs will be replaced by http_url.
+
+DOWNLOAD
+ The source of this plugin is available at:
+ http://umut.topkara.org/PhishTag/PhishTag.pm a sample configuration file
+ is also available: http://umut.topkara.org/PhishTag/PhishTag.cf
+
+SEE ALSO
+ Check the list of tests performed by SpamAssassin to modify the
+ configuration file to match your needs from
+ https://spamassassin.apache.org/tests.html
+
+AUTHOR
+ Umut Topkara, 2008, <umut@topkara.org> http://umut.topkara.org
+
+COPYRIGHT AND LICENSE
+ This plugin is free software; you can redistribute it and/or modify it
+ under the same terms as SpamAssassin itself, either version 3.2.4 or, at
+ your option, any later version of SpamAssassin you may have available.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,48 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+ ifplugin Mail::SpamAssassin::Plugin::Phishing
+ phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
+ phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
+ body URI_PHISHING eval:check_phishing()
+ describe URI_PHISHING Url match phishing in feed
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin finds uris used in phishing campaigns detected by OpenPhish or PhishTank feeds.</p>
+
+<p>The Openphish free feed is updated every 6 hours and can be downloaded from https://openphish.com/feed.txt. The Premium Openphish feed is not currently supported.</p>
+
+<p>The PhishTank free feed is updated every 1 hours and can be downloaded from http://data.phishtank.com/data/online-valid.csv. To avoid download limits a registration is required.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,25 @@
+NAME
+ Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+ ifplugin Mail::SpamAssassin::Plugin::Phishing
+ phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
+ phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
+ body URI_PHISHING eval:check_phishing()
+ describe URI_PHISHING Url match phishing in feed
+ endif
+
+DESCRIPTION
+ This plugin finds uris used in phishing campaigns detected by OpenPhish
+ or PhishTank feeds.
+
+ The Openphish free feed is updated every 6 hours and can be downloaded
+ from https://openphish.com/feed.txt. The Premium Openphish feed is not
+ currently supported.
+
+ The PhishTank free feed is updated every 1 hours and can be downloaded
+ from http://data.phishtank.com/data/online-valid.csv. To avoid download
+ limits a registration is required.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,91 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-OPTIONS">USER OPTIONS</a></li>
+ <li><a href="#ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Pyzor - perform Pyzor check of messages</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Pyzor</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages.</p>
+
+<p>See http://pyzor.org/ for more information about Pyzor.</p>
+
+<h1 id="USER-OPTIONS">USER OPTIONS</h1>
+
+<dl>
+
+<dt id="use_pyzor-0-1-default:-1">use_pyzor (0|1) (default: 1)</dt>
+<dd>
+
+<p>Whether to use Pyzor, if it is available.</p>
+
+</dd>
+<dt id="pyzor_max-NUMBER-default:-5">pyzor_max NUMBER (default: 5)</dt>
+<dd>
+
+<p>This option sets how often a message's body checksum must have been reported to the Pyzor server before SpamAssassin will consider the Pyzor check as matched.</p>
+
+<p>As most clients should not be auto-reporting these checksums, you should set this to a relatively low value, e.g. <code>5</code>.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</h1>
+
+<dl>
+
+<dt id="pyzor_timeout-n-default:-3.5">pyzor_timeout n (default: 3.5)</dt>
+<dd>
+
+<p>How many seconds you wait for Pyzor to complete, before scanning continues without the Pyzor results. A numeric value is optionally suffixed by a time unit (s, m, h, d, w, indicating seconds (default), minutes, hours, days, weeks).</p>
+
+<p>You can configure Pyzor to have its own per-server timeout. Set this plugin's timeout with that in mind. This plugin's timeout is a maximum ceiling. If Pyzor takes longer than this to complete its communication with all servers, no results are used by SpamAssassin.</p>
+
+<p>Pyzor servers do not yet synchronize their servers, so it can be beneficial to check and report to more than one. See the pyzor-users mailing list for alternate servers that are not published via 'pyzor discover'.</p>
+
+<p>If you are using multiple Pyzor servers, a good rule of thumb would be to set the SpamAssassin plugin's timeout to be the same or just a bit more than the per-server Pyzor timeout (e.g., 3.5 and 2 for two Pyzor servers). If more than one of your Pyzor servers is always timing out, consider removing one of them.</p>
+
+</dd>
+<dt id="pyzor_options-options">pyzor_options options</dt>
+<dd>
+
+<p>Specify additional options to the pyzor(1) command. Please note that only characters in the range [0-9A-Za-z ,._/-] are allowed for security reasons.</p>
+
+</dd>
+<dt id="pyzor_path-STRING">pyzor_path STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin specifically where to find the <code>pyzor</code> client instead of relying on SpamAssassin to find it in the current PATH. Note that if <i>taint mode</i> is enabled in the Perl interpreter, you should use this, as the current PATH will have been cleared.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,59 @@
+NAME
+ Mail::SpamAssassin::Plugin::Pyzor - perform Pyzor check of messages
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Pyzor
+
+DESCRIPTION
+ Pyzor is a collaborative, networked system to detect and block spam
+ using identifying digests of messages.
+
+ See http://pyzor.org/ for more information about Pyzor.
+
+USER OPTIONS
+ use_pyzor (0|1) (default: 1)
+ Whether to use Pyzor, if it is available.
+
+ pyzor_max NUMBER (default: 5)
+ This option sets how often a message's body checksum must have been
+ reported to the Pyzor server before SpamAssassin will consider the
+ Pyzor check as matched.
+
+ As most clients should not be auto-reporting these checksums, you
+ should set this to a relatively low value, e.g. 5.
+
+ADMINISTRATOR OPTIONS
+ pyzor_timeout n (default: 3.5)
+ How many seconds you wait for Pyzor to complete, before scanning
+ continues without the Pyzor results. A numeric value is optionally
+ suffixed by a time unit (s, m, h, d, w, indicating seconds
+ (default), minutes, hours, days, weeks).
+
+ You can configure Pyzor to have its own per-server timeout. Set this
+ plugin's timeout with that in mind. This plugin's timeout is a
+ maximum ceiling. If Pyzor takes longer than this to complete its
+ communication with all servers, no results are used by SpamAssassin.
+
+ Pyzor servers do not yet synchronize their servers, so it can be
+ beneficial to check and report to more than one. See the pyzor-users
+ mailing list for alternate servers that are not published via 'pyzor
+ discover'.
+
+ If you are using multiple Pyzor servers, a good rule of thumb would
+ be to set the SpamAssassin plugin's timeout to be the same or just a
+ bit more than the per-server Pyzor timeout (e.g., 3.5 and 2 for two
+ Pyzor servers). If more than one of your Pyzor servers is always
+ timing out, consider removing one of them.
+
+ pyzor_options options
+ Specify additional options to the pyzor(1) command. Please note that
+ only characters in the range [0-9A-Za-z ,._/-] are allowed for
+ security reasons.
+
+ pyzor_path STRING
+ This option tells SpamAssassin specifically where to find the
+ "pyzor" client instead of relying on SpamAssassin to find it in the
+ current PATH. Note that if *taint mode* is enabled in the Perl
+ interpreter, you should use this, as the current PATH will have been
+ cleared.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,71 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-SETTINGS">USER SETTINGS</a></li>
+ <li><a href="#ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Razor2 - perform Razor check of messages</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Razor2</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>Vipul's Razor is a distributed, collaborative, spam detection and filtering network based on user submissions of spam. Detection is done with signatures that efficiently spot mutating spam content and user input is validated through reputation assignments.</p>
+
+<p>See http://razor.sourceforge.net/ for more information about Razor.</p>
+
+<h1 id="USER-SETTINGS">USER SETTINGS</h1>
+
+<dl>
+
+<dt id="use_razor2-0-1-default:-1">use_razor2 (0|1) (default: 1)</dt>
+<dd>
+
+<p>Whether to use Razor2, if it is available.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</h1>
+
+<dl>
+
+<dt id="razor_timeout-n-default:-5">razor_timeout n (default: 5)</dt>
+<dd>
+
+<p>How many seconds you wait for Razor to complete before you go on without the results</p>
+
+</dd>
+<dt id="razor_config-filename">razor_config filename</dt>
+<dd>
+
+<p>Define the filename used to store Razor's configuration settings. Currently this is left to Razor to decide.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,27 @@
+NAME
+ Mail::SpamAssassin::Plugin::Razor2 - perform Razor check of messages
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Razor2
+
+DESCRIPTION
+ Vipul's Razor is a distributed, collaborative, spam detection and
+ filtering network based on user submissions of spam. Detection is done
+ with signatures that efficiently spot mutating spam content and user
+ input is validated through reputation assignments.
+
+ See http://razor.sourceforge.net/ for more information about Razor.
+
+USER SETTINGS
+ use_razor2 (0|1) (default: 1)
+ Whether to use Razor2, if it is available.
+
+ADMINISTRATOR SETTINGS
+ razor_timeout n (default: 5)
+ How many seconds you wait for Razor to complete before you go on
+ without the results
+
+ razor_config filename
+ Define the filename used to store Razor's configuration settings.
+ Currently this is left to Razor to decide.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,91 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#REQUIREMENT">REQUIREMENT</a></li>
+ <li><a href="#USER-PREFERENCES">USER PREFERENCES</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>RelayCountry - add message metadata indicating the country code of each relay</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::RelayCountry</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>The RelayCountry plugin attempts to determine the domain country codes of each relay used in the delivery path of messages and add that information to the message metadata.</p>
+
+<p>Following metadata headers and tags are added:</p>
+
+<pre><code> X-Relay-Countries _RELAYCOUNTRY_
+ All untrusted relays. Contains all relays starting from the
+ trusted_networks border. This method has been used by default since
+ early SA versions.
+
+ X-Relay-Countries-External _RELAYCOUNTRYEXT_
+ All external relays. Contains all relays starting from the
+ internal_networks border. Could be useful in some cases when
+ trusted/msa_networks extend beyond the internal border and those
+ need to be checked too.
+
+ X-Relay-Countries-All _RELAYCOUNTRYALL_
+ All possible relays (internal + external).
+
+ X-Relay-Countries-Auth _RELAYCOUNTRYAUTH_
+ Auth will contain all relays starting from the first relay that used
+ authentication. For example, this could be used to check for hacked
+ local users coming in from unexpected countries. If there are no
+ authenticated relays, this will be empty.</code></pre>
+
+<h1 id="REQUIREMENT">REQUIREMENT</h1>
+
+<p>This plugin requires the GeoIP2, Geo::IP, IP::Country::DB_File or IP::Country::Fast module from CPAN. For backward compatibility IP::Country::Fast is used as fallback if no db_type is specified in the config file.</p>
+
+<h1 id="USER-PREFERENCES">USER PREFERENCES</h1>
+
+<p>The following options can be used in both site-wide (<code>local.cf</code>) and user-specific (<code>user_prefs</code>) configuration files to customize how SpamAssassin handles incoming email messages.</p>
+
+<dl>
+
+<dt id="country_db_type-STRING">country_db_type STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin which type of Geo database to use. Valid database types are GeoIP, GeoIP2, DB_File and Fast.</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="country_db_path-STRING">country_db_path STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin where to find MaxMind GeoIP2 or IP::Country::DB_File database.</p>
+
+<p>If not defined, GeoIP2 default search includes: /usr/local/share/GeoIP/GeoIP2-Country.mmdb /usr/share/GeoIP/GeoIP2-Country.mmdb /var/lib/GeoIP/GeoIP2-Country.mmdb /usr/local/share/GeoIP/GeoLite2-Country.mmdb /usr/share/GeoIP/GeoLite2-Country.mmdb /var/lib/GeoIP/GeoLite2-Country.mmdb (and same paths again for -City.mmdb, which also has country functionality)</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,62 @@
+NAME
+ RelayCountry - add message metadata indicating the country code of each
+ relay
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+
+DESCRIPTION
+ The RelayCountry plugin attempts to determine the domain country codes
+ of each relay used in the delivery path of messages and add that
+ information to the message metadata.
+
+ Following metadata headers and tags are added:
+
+ X-Relay-Countries _RELAYCOUNTRY_
+ All untrusted relays. Contains all relays starting from the
+ trusted_networks border. This method has been used by default since
+ early SA versions.
+
+ X-Relay-Countries-External _RELAYCOUNTRYEXT_
+ All external relays. Contains all relays starting from the
+ internal_networks border. Could be useful in some cases when
+ trusted/msa_networks extend beyond the internal border and those
+ need to be checked too.
+
+ X-Relay-Countries-All _RELAYCOUNTRYALL_
+ All possible relays (internal + external).
+
+ X-Relay-Countries-Auth _RELAYCOUNTRYAUTH_
+ Auth will contain all relays starting from the first relay that used
+ authentication. For example, this could be used to check for hacked
+ local users coming in from unexpected countries. If there are no
+ authenticated relays, this will be empty.
+
+REQUIREMENT
+ This plugin requires the GeoIP2, Geo::IP, IP::Country::DB_File or
+ IP::Country::Fast module from CPAN. For backward compatibility
+ IP::Country::Fast is used as fallback if no db_type is specified in the
+ config file.
+
+USER PREFERENCES
+ The following options can be used in both site-wide ("local.cf") and
+ user-specific ("user_prefs") configuration files to customize how
+ SpamAssassin handles incoming email messages.
+
+ country_db_type STRING
+ This option tells SpamAssassin which type of Geo database to use.
+ Valid database types are GeoIP, GeoIP2, DB_File and Fast.
+
+ country_db_path STRING
+ This option tells SpamAssassin where to find MaxMind GeoIP2 or
+ IP::Country::DB_File database.
+
+ If not defined, GeoIP2 default search includes:
+ /usr/local/share/GeoIP/GeoIP2-Country.mmdb
+ /usr/share/GeoIP/GeoIP2-Country.mmdb
+ /var/lib/GeoIP/GeoIP2-Country.mmdb
+ /usr/local/share/GeoIP/GeoLite2-Country.mmdb
+ /usr/share/GeoIP/GeoLite2-Country.mmdb
+ /var/lib/GeoIP/GeoLite2-Country.mmdb (and same paths again for
+ -City.mmdb, which also has country functionality)
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,100 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#RULE-DEFINITIONS-AND-PRIVILEGED-SETTINGS">RULE DEFINITIONS AND PRIVILEGED SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules</p>
+
+<p>The plugin allows rules to contain regular expression tags to be used in regular expression rules. The tags make it much easier to maintain complicated rules.</p>
+
+<p>Warning: This plugin relies on data structures specific to this version of SpamAssasin; it is not guaranteed to work with other versions of SpamAssassin.</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
+ replace_start <
+ replace_end >
+
+ replace_tag A [a@]
+ replace_tag G [gk]
+ replace_tag I [il|!1y\?\xcc\xcd\xce\xcf\xec\xed\xee\xef]
+ replace_tag R [r3]
+ replace_tag V (?:[vu]|\\\/)
+ replace_tag SP [\s~_-]
+
+ body VIAGRA_OBFU /(?!viagra)<V>+<SP>*<I>+<SP>*<A>+<SP>*<G>+<SP>*<R>+<SP>*<A>+/i
+ describe VIAGRA_OBFU Attempt to obfuscate "viagra"
+
+ replace_rules VIAGRA_OBFU</code></pre>
+
+<h1 id="RULE-DEFINITIONS-AND-PRIVILEGED-SETTINGS">RULE DEFINITIONS AND PRIVILEGED SETTINGS</h1>
+
+<dl>
+
+<dt id="replace_tag-tagname-expression">replace_tag tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname.</p>
+
+<p>Note: It is not recommended to put quantifiers inside the tag, it's better to put them inside the rule itself for greater flexibility.</p>
+
+</dd>
+<dt id="replace_pre-tagname-expression">replace_pre tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed before each tag that is replaced.</p>
+
+</dd>
+<dt id="replace_inter-tagname-expression">replace_inter tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed between each two immediately adjacent tags that are replaced.</p>
+
+</dd>
+<dt id="replace_post-tagname-expression">replace_post tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed after each tag that is replaced.</p>
+
+</dd>
+<dt id="replace_rules-list_of_tests">replace_rules list_of_tests</dt>
+<dd>
+
+<p>Specify a list of symbolic test names (separated by whitespace) of tests which should be modified using replacement tags. Only simple regular expression body, header, uri, full, rawbody tests are supported.</p>
+
+</dd>
+<dt id="replace_start-string">replace_start string</dt>
+<dd>
+
+</dd>
+<dt id="replace_end-string">replace_end string</dt>
+<dd>
+
+<p>String(s) which indicate the start and end of a tag inside a rule. Only tags enclosed by the start and end strings are found and replaced.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,60 @@
+NAME
+ Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules
+
+ The plugin allows rules to contain regular expression tags to be used in
+ regular expression rules. The tags make it much easier to maintain
+ complicated rules.
+
+ Warning: This plugin relies on data structures specific to this version
+ of SpamAssasin; it is not guaranteed to work with other versions of
+ SpamAssassin.
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
+ replace_start <
+ replace_end >
+
+ replace_tag A [a@]
+ replace_tag G [gk]
+ replace_tag I [il|!1y\?\xcc\xcd\xce\xcf\xec\xed\xee\xef]
+ replace_tag R [r3]
+ replace_tag V (?:[vu]|\\\/)
+ replace_tag SP [\s~_-]
+
+ body VIAGRA_OBFU /(?!viagra)<V>+<SP>*<I>+<SP>*<A>+<SP>*<G>+<SP>*<R>+<SP>*<A>+/i
+ describe VIAGRA_OBFU Attempt to obfuscate "viagra"
+
+ replace_rules VIAGRA_OBFU
+
+RULE DEFINITIONS AND PRIVILEGED SETTINGS
+ replace_tag tagname expression
+ Assign a valid regular expression to tagname.
+
+ Note: It is not recommended to put quantifiers inside the tag, it's
+ better to put them inside the rule itself for greater flexibility.
+
+ replace_pre tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed before each tag that is replaced.
+
+ replace_inter tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed between each two immediately adjacent tags that are replaced.
+
+ replace_post tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed after each tag that is replaced.
+
+ replace_rules list_of_tests
+ Specify a list of symbolic test names (separated by whitespace) of
+ tests which should be modified using replacement tags. Only simple
+ regular expression body, header, uri, full, rawbody tests are
+ supported.
+
+ replace_start string
+ replace_end string
+ String(s) which indicate the start and end of a tag inside a rule.
+ Only tags enclosed by the start and end strings are found and
+ replaced.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,75 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::ResourceLimits - Limit the memory and/or CPU of child spamd processes</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> # This plugin is for admin only and cannot be specified in user config.
+ loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+ # Sets to RLIMIT_CPU from BSD::Resource. The quota is based on max CPU Time seconds.
+ resource_limit_cpu 120
+
+ # Sets to RLIMIT_RSS and RLIMIT_AS via BSD::Resource.
+ resource_limit_cpu 536870912</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This module leverages BSD::Resource to assure your spamd child processes do not exceed specified CPU or memory limit. If this happens, the child process will die. See the <a>BSD::Resource</a> for more details.</p>
+
+<p>NOTE: Because this plugin uses BSD::Resource, it will not function on Windows.</p>
+
+<h1 id="ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</h1>
+
+<dl>
+
+<dt id="resource_limit_cpu-120-default:-0-or-no-limit">resource_limit_cpu 120 (default: 0 or no limit)</dt>
+<dd>
+
+<p>How many cpu cycles are allowed on this process before it dies.</p>
+
+</dd>
+<dt id="resource_limit_mem-536870912-default:-0-or-no-limit">resource_limit_mem 536870912 (default: 0 or no limit)</dt>
+<dd>
+
+<p>The maximum number of bytes of memory allowed both for:</p>
+
+<ul>
+
+<li><p>(virtual) address space bytes</p>
+
+</li>
+<li><p>resident set size</p>
+
+</li>
+</ul>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,33 @@
+NAME
+ Mail::SpamAssassin::Plugin::ResourceLimits - Limit the memory and/or CPU
+ of child spamd processes
+
+SYNOPSIS
+ # This plugin is for admin only and cannot be specified in user config.
+ loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+ # Sets to RLIMIT_CPU from BSD::Resource. The quota is based on max CPU Time seconds.
+ resource_limit_cpu 120
+
+ # Sets to RLIMIT_RSS and RLIMIT_AS via BSD::Resource.
+ resource_limit_cpu 536870912
+
+DESCRIPTION
+ This module leverages BSD::Resource to assure your spamd child processes
+ do not exceed specified CPU or memory limit. If this happens, the child
+ process will die. See the BSD::Resource for more details.
+
+ NOTE: Because this plugin uses BSD::Resource, it will not function on
+ Windows.
+
+ADMINISTRATOR SETTINGS
+ resource_limit_cpu 120 (default: 0 or no limit)
+ How many cpu cycles are allowed on this process before it dies.
+
+ resource_limit_mem 536870912 (default: 0 or no limit)
+ The maximum number of bytes of memory allowed both for:
+
+ * (virtual) address space bytes
+
+ * resident set size
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,43 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Reuse - For reusing old rule hits during a mass-check</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Reuse
+
+ ifplugin Mail::SpamAssassin::Plugin::Reuse
+
+ reuse NETWORK_RULE [ NETWORK_RULE_OLD_NAME ]
+
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>The purpose of this plugin is to work in conjunction with <b>mass-check --reuse</b> to map rules hit in input messages to rule hits in the mass-check output.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,18 @@
+NAME
+ Mail::SpamAssassin::Plugin::Reuse - For reusing old rule hits during a
+ mass-check
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Reuse
+
+ ifplugin Mail::SpamAssassin::Plugin::Reuse
+
+ reuse NETWORK_RULE [ NETWORK_RULE_OLD_NAME ]
+
+ endif
+
+DESCRIPTION
+ The purpose of this plugin is to work in conjunction with mass-check
+ --reuse to map rules hit in input messages to rule hits in the
+ mass-check output.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,39 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Rule2XSBody - speed up SpamAssassin by compiling regexps</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin will use native-code object files representing the ruleset, in order to provide significant speedups in rule evaluation.</p>
+
+<p>Note that <code>sa-compile</code> must be run in advance, in order to compile the ruleset using <code>re2c</code> and the C compiler. See the <code>sa-compile</code> documentation for more details.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,15 @@
+NAME
+ Mail::SpamAssassin::Plugin::Rule2XSBody - speed up SpamAssassin by
+ compiling regexps
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
+
+DESCRIPTION
+ This plugin will use native-code object files representing the ruleset,
+ in order to provide significant speedups in rule evaluation.
+
+ Note that "sa-compile" must be run in advance, in order to compile the
+ ruleset using "re2c" and the C compiler. See the "sa-compile"
+ documentation for more details.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,118 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-SETTINGS">USER SETTINGS</a></li>
+ <li><a href="#ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::SPF - perform SPF verification tests</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::SPF</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin checks a message against Sender Policy Framework (SPF) records published by the domain owners in DNS to fight email address forgery and make it easier to identify spams.</p>
+
+<h1 id="USER-SETTINGS">USER SETTINGS</h1>
+
+<dl>
+
+<dt id="whitelist_from_spf-user-example.com">whitelist_from_spf user@example.com</dt>
+<dd>
+
+<p>Works similarly to whitelist_from, except that in addition to matching a sender address, a check against the domain's SPF record must pass. The first parameter is an address to whitelist, and the second is a string to match the relay's rDNS.</p>
+
+<p>Just like whitelist_from, multiple addresses per line, separated by spaces, are OK. Multiple <code>whitelist_from_spf</code> lines are also OK.</p>
+
+<p>The headers checked for whitelist_from_spf addresses are the same headers used for SPF checks (Envelope-From, Return-Path, X-Envelope-From, etc).</p>
+
+<p>Since this whitelist requires an SPF check to be made, network tests must be enabled. It is also required that your trust path be correctly configured. See the section on <code>trusted_networks</code> for more info on trust paths.</p>
+
+<p>e.g.</p>
+
+<pre><code> whitelist_from_spf joe@example.com fred@example.com
+ whitelist_from_spf *@example.com</code></pre>
+
+</dd>
+<dt id="def_whitelist_from_spf-user-example.com">def_whitelist_from_spf user@example.com</dt>
+<dd>
+
+<p>Same as <code>whitelist_from_spf</code>, but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for spammer spoofing.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</h1>
+
+<dl>
+
+<dt id="spf_timeout-n-default:-5">spf_timeout n (default: 5)</dt>
+<dd>
+
+<p>How many seconds to wait for an SPF query to complete, before scanning continues without the SPF result. A numeric value is optionally suffixed by a time unit (s, m, h, d, w, indicating seconds (default), minutes, hours, days, weeks).</p>
+
+</dd>
+<dt id="do_not_use_mail_spf-0-1-default:-0">do_not_use_mail_spf (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default the plugin will try to use the Mail::SPF module for SPF checks if it can be loaded. If Mail::SPF cannot be used the plugin will fall back to using the legacy Mail::SPF::Query module if it can be loaded.</p>
+
+<p>Use this option to stop the plugin from using Mail::SPF and cause it to try to use Mail::SPF::Query instead.</p>
+
+</dd>
+<dt id="do_not_use_mail_spf_query-0-1-default:-0">do_not_use_mail_spf_query (0|1) (default: 0)</dt>
+<dd>
+
+<p>As above, but instead stop the plugin from trying to use Mail::SPF::Query and cause it to only try to use Mail::SPF.</p>
+
+</dd>
+<dt id="ignore_received_spf_header-0-1-default:-0">ignore_received_spf_header (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default, to avoid unnecessary DNS lookups, the plugin will try to use the SPF results found in any <code>Received-SPF</code> headers it finds in the message that could only have been added by an internal relay.</p>
+
+<p>Set this option to 1 to ignore any <code>Received-SPF</code> headers present and to have the plugin perform the SPF check itself.</p>
+
+<p>Note that unless the plugin finds an <code>identity=helo</code>, or some unsupported identity, it will assume that the result is a mfrom SPF check result. The only identities supported are <code>mfrom</code>, <code>mailfrom</code> and <code>helo</code>.</p>
+
+</dd>
+<dt id="use_newest_received_spf_header-0-1-default:-0">use_newest_received_spf_header (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default, when using <code>Received-SPF</code> headers, the plugin will attempt to use the oldest (bottom most) <code>Received-SPF</code> headers, that were added by internal relays, that it can parse results from since they are the most likely to be accurate. This is done so that if you have an incoming mail setup where one of your primary MXes doesn't know about a secondary MX (or your MXes don't know about some sort of forwarding relay that SA considers trusted+internal) but SA is aware of the actual domain boundary (internal_networks setting) SA will use the results that are most accurate.</p>
+
+<p>Use this option to start with the newest (top most) <code>Received-SPF</code> headers, working downwards until results are successfully parsed.</p>
+
+</dd>
+<dt id="has_check_for_spf_errors">has_check_for_spf_errors</dt>
+<dd>
+
+<p>Adds capability check for "if can()" for check_for_spf_permerror, check_for_spf_temperror, check_for_spf_helo_permerror and check_for_spf_helo_permerror</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,92 @@
+NAME
+ Mail::SpamAssassin::Plugin::SPF - perform SPF verification tests
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::SPF
+
+DESCRIPTION
+ This plugin checks a message against Sender Policy Framework (SPF)
+ records published by the domain owners in DNS to fight email address
+ forgery and make it easier to identify spams.
+
+USER SETTINGS
+ whitelist_from_spf user@example.com
+ Works similarly to whitelist_from, except that in addition to
+ matching a sender address, a check against the domain's SPF record
+ must pass. The first parameter is an address to whitelist, and the
+ second is a string to match the relay's rDNS.
+
+ Just like whitelist_from, multiple addresses per line, separated by
+ spaces, are OK. Multiple "whitelist_from_spf" lines are also OK.
+
+ The headers checked for whitelist_from_spf addresses are the same
+ headers used for SPF checks (Envelope-From, Return-Path,
+ X-Envelope-From, etc).
+
+ Since this whitelist requires an SPF check to be made, network tests
+ must be enabled. It is also required that your trust path be
+ correctly configured. See the section on "trusted_networks" for more
+ info on trust paths.
+
+ e.g.
+
+ whitelist_from_spf joe@example.com fred@example.com
+ whitelist_from_spf *@example.com
+
+ def_whitelist_from_spf user@example.com
+ Same as "whitelist_from_spf", but used for the default whitelist
+ entries in the SpamAssassin distribution. The whitelist score is
+ lower, because these are often targets for spammer spoofing.
+
+ADMINISTRATOR OPTIONS
+ spf_timeout n (default: 5)
+ How many seconds to wait for an SPF query to complete, before
+ scanning continues without the SPF result. A numeric value is
+ optionally suffixed by a time unit (s, m, h, d, w, indicating
+ seconds (default), minutes, hours, days, weeks).
+
+ do_not_use_mail_spf (0|1) (default: 0)
+ By default the plugin will try to use the Mail::SPF module for SPF
+ checks if it can be loaded. If Mail::SPF cannot be used the plugin
+ will fall back to using the legacy Mail::SPF::Query module if it can
+ be loaded.
+
+ Use this option to stop the plugin from using Mail::SPF and cause it
+ to try to use Mail::SPF::Query instead.
+
+ do_not_use_mail_spf_query (0|1) (default: 0)
+ As above, but instead stop the plugin from trying to use
+ Mail::SPF::Query and cause it to only try to use Mail::SPF.
+
+ ignore_received_spf_header (0|1) (default: 0)
+ By default, to avoid unnecessary DNS lookups, the plugin will try to
+ use the SPF results found in any "Received-SPF" headers it finds in
+ the message that could only have been added by an internal relay.
+
+ Set this option to 1 to ignore any "Received-SPF" headers present
+ and to have the plugin perform the SPF check itself.
+
+ Note that unless the plugin finds an "identity=helo", or some
+ unsupported identity, it will assume that the result is a mfrom SPF
+ check result. The only identities supported are "mfrom", "mailfrom"
+ and "helo".
+
+ use_newest_received_spf_header (0|1) (default: 0)
+ By default, when using "Received-SPF" headers, the plugin will
+ attempt to use the oldest (bottom most) "Received-SPF" headers, that
+ were added by internal relays, that it can parse results from since
+ they are the most likely to be accurate. This is done so that if you
+ have an incoming mail setup where one of your primary MXes doesn't
+ know about a secondary MX (or your MXes don't know about some sort
+ of forwarding relay that SA considers trusted+internal) but SA is
+ aware of the actual domain boundary (internal_networks setting) SA
+ will use the results that are most accurate.
+
+ Use this option to start with the newest (top most) "Received-SPF"
+ headers, working downwards until results are successfully parsed.
+
+ has_check_for_spf_errors
+ Adds capability check for "if can()" for check_for_spf_permerror,
+ check_for_spf_temperror, check_for_spf_helo_permerror and
+ check_for_spf_helo_permerror
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,134 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#CONFIGURATION-SETTINGS">CONFIGURATION SETTINGS</a></li>
+ <li><a href="#TAGS">TAGS</a></li>
+ <li><a href="#SEE-ALSO">SEE ALSO</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Shortcircuit - short-circuit evaluation for certain rules</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+ report Content analysis details: (_SCORE_ points, _REQD_ required, s/c _SCTYPE_)
+
+ add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin implements simple, test-based shortcircuiting. Shortcircuiting a test will force all other pending rules to be skipped, if that test is hit. In addition, a symbolic rule, <code>SHORTCIRCUIT</code>, will fire.</p>
+
+<p>Recommended usage is to use <code>priority</code> to set rules with strong S/O values (ie. 1.0) to be run first, and make instant spam or ham classification based on that.</p>
+
+<h1 id="CONFIGURATION-SETTINGS">CONFIGURATION SETTINGS</h1>
+
+<p>The following configuration settings are used to control shortcircuiting:</p>
+
+<dl>
+
+<dt id="shortcircuit-SYMBOLIC_TEST_NAME-ham-spam-on-off">shortcircuit SYMBOLIC_TEST_NAME {ham|spam|on|off}</dt>
+<dd>
+
+<p>Shortcircuiting a test will force all other pending rules to be skipped, if that test is hit.</p>
+
+<p>Recommended usage is to use <code>priority</code> to set rules with strong S/O values (ie. 1.0) to be run first, and make instant spam or ham classification based on that.</p>
+
+<p>To override a test that uses shortcircuiting, you can set the classification type to <code>off</code>.</p>
+
+<dl>
+
+<dt id="on">on</dt>
+<dd>
+
+<p>Shortcircuits the rest of the tests, but does not make a strict classification of spam or ham. Rather, it uses the default score for the rule being shortcircuited. This would allow you, for example, to define a rule such as</p>
+
+<pre><code> body TEST /test/
+ describe TEST test rule that scores barely over spam threshold
+ score TEST 5.5
+ priority TEST -100
+ shortcircuit TEST on</code></pre>
+
+<p>The result of a message hitting the above rule would be a final score of 5.5, as opposed to 100 (default) if it were classified as spam.</p>
+
+</dd>
+<dt id="off">off</dt>
+<dd>
+
+<p>Disables shortcircuiting on said rule.</p>
+
+</dd>
+<dt id="spam">spam</dt>
+<dd>
+
+<p>Shortcircuit the rule using a set of defaults; override the default score of this rule with the score from <code>shortcircuit_spam_score</code>, set the <code>noautolearn</code> tflag, and set priority to <code>-100</code>. In other words, equivalent to:</p>
+
+<pre><code> shortcircuit TEST on
+ priority TEST -100
+ score TEST 100
+ tflags TEST noautolearn</code></pre>
+
+</dd>
+<dt id="ham">ham</dt>
+<dd>
+
+<p>Shortcircuit the rule using a set of defaults; override the default score of this rule with the score from <code>shortcircuit_ham_score</code>, set the <code>noautolearn</code> and <code>nice</code> tflags, and set priority to <code>-100</code>. In other words, equivalent to:</p>
+
+<pre><code> shortcircuit TEST on
+ priority TEST -100
+ score TEST -100
+ tflags TEST noautolearn nice</code></pre>
+
+</dd>
+</dl>
+
+</dd>
+<dt id="shortcircuit_spam_score-n.nn-default:-100">shortcircuit_spam_score n.nn (default: 100)</dt>
+<dd>
+
+<p>When shortcircuit is used on a rule, and the shortcircuit classification type is set to <code>spam</code>, this value should be applied in place of the default score for that rule.</p>
+
+</dd>
+<dt id="shortcircuit_ham_score-n.nn-default:--100">shortcircuit_ham_score n.nn (default: -100)</dt>
+<dd>
+
+<p>When shortcircuit is used on a rule, and the shortcircuit classification type is set to <code>ham</code>, this value should be applied in place of the default score for that rule.</p>
+
+</dd>
+</dl>
+
+<h1 id="TAGS">TAGS</h1>
+
+<p>The following tags are added to the set available for use in reports, headers etc.:</p>
+
+<pre><code> _SC_ shortcircuit status (classification and rule name)
+ _SCRULE_ rulename that caused the shortcircuit
+ _SCTYPE_ shortcircuit classification ("spam", "ham", "default", "none")</code></pre>
+
+<h1 id="SEE-ALSO">SEE ALSO</h1>
+
+<p><code>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3109</code></p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,95 @@
+NAME
+ Mail::SpamAssassin::Plugin::Shortcircuit - short-circuit evaluation for
+ certain rules
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+ report Content analysis details: (_SCORE_ points, _REQD_ required, s/c _SCTYPE_)
+
+ add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"
+
+DESCRIPTION
+ This plugin implements simple, test-based shortcircuiting.
+ Shortcircuiting a test will force all other pending rules to be skipped,
+ if that test is hit. In addition, a symbolic rule, "SHORTCIRCUIT", will
+ fire.
+
+ Recommended usage is to use "priority" to set rules with strong S/O
+ values (ie. 1.0) to be run first, and make instant spam or ham
+ classification based on that.
+
+CONFIGURATION SETTINGS
+ The following configuration settings are used to control
+ shortcircuiting:
+
+ shortcircuit SYMBOLIC_TEST_NAME {ham|spam|on|off}
+ Shortcircuiting a test will force all other pending rules to be
+ skipped, if that test is hit.
+
+ Recommended usage is to use "priority" to set rules with strong S/O
+ values (ie. 1.0) to be run first, and make instant spam or ham
+ classification based on that.
+
+ To override a test that uses shortcircuiting, you can set the
+ classification type to "off".
+
+ on Shortcircuits the rest of the tests, but does not make a strict
+ classification of spam or ham. Rather, it uses the default score
+ for the rule being shortcircuited. This would allow you, for
+ example, to define a rule such as
+
+ body TEST /test/
+ describe TEST test rule that scores barely over spam threshold
+ score TEST 5.5
+ priority TEST -100
+ shortcircuit TEST on
+
+ The result of a message hitting the above rule would be a final
+ score of 5.5, as opposed to 100 (default) if it were classified
+ as spam.
+
+ off Disables shortcircuiting on said rule.
+
+ spam
+ Shortcircuit the rule using a set of defaults; override the
+ default score of this rule with the score from
+ "shortcircuit_spam_score", set the "noautolearn" tflag, and set
+ priority to -100. In other words, equivalent to:
+
+ shortcircuit TEST on
+ priority TEST -100
+ score TEST 100
+ tflags TEST noautolearn
+
+ ham Shortcircuit the rule using a set of defaults; override the
+ default score of this rule with the score from
+ "shortcircuit_ham_score", set the "noautolearn" and "nice"
+ tflags, and set priority to -100. In other words, equivalent to:
+
+ shortcircuit TEST on
+ priority TEST -100
+ score TEST -100
+ tflags TEST noautolearn nice
+
+ shortcircuit_spam_score n.nn (default: 100)
+ When shortcircuit is used on a rule, and the shortcircuit
+ classification type is set to "spam", this value should be applied
+ in place of the default score for that rule.
+
+ shortcircuit_ham_score n.nn (default: -100)
+ When shortcircuit is used on a rule, and the shortcircuit
+ classification type is set to "ham", this value should be applied in
+ place of the default score for that rule.
+
+TAGS
+ The following tags are added to the set available for use in reports,
+ headers etc.:
+
+ _SC_ shortcircuit status (classification and rule name)
+ _SCRULE_ rulename that caused the shortcircuit
+ _SCTYPE_ shortcircuit classification ("spam", "ham", "default", "none")
+
+SEE ALSO
+ "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3109"
+
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,177 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#REQUIREMENT">REQUIREMENT</a></li>
+ <li><a href="#USER-PREFERENCES">USER PREFERENCES</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::OLEVBMacro - search attached documents for evidence of containing an OLE Macro</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+
+ ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+ body OLEMACRO eval:check_olemacro()
+ describe OLEMACRO Attachment has an Office Macro
+
+ body OLEMACRO_MALICE eval:check_olemacro_malice()
+ describe OLEMACRO_MALICE Potentially malicious Office Macro
+
+ body OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
+ describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted
+
+ body OLEMACRO_RENAME eval:check_olemacro_renamed()
+ describe OLEMACRO_RENAME Has an Office doc that has been renamed
+
+ body OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
+ describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip
+
+ body OLEMACRO_CSV eval:check_olemacro_csv()
+ describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin detects OLE Macro inside documents attached to emails. It can detect documents inside zip files as well as encrypted documents.</p>
+
+<h1 id="REQUIREMENT">REQUIREMENT</h1>
+
+<p>This plugin requires Archive::Zip and IO::String perl modules.</p>
+
+<h1 id="USER-PREFERENCES">USER PREFERENCES</h1>
+
+<p>The following options can be used in both site-wide (<code>local.cf</code>) and user-specific (<code>user_prefs</code>) configuration files to customize how the module handles attached documents</p>
+
+<dl>
+
+<dt id="olemacro_num_mime-default:-5">olemacro_num_mime (default: 5)</dt>
+<dd>
+
+<p>Configure the maximum number of matching MIME parts the plugin will scan</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_num_zip-default:-8">olemacro_num_zip (default: 8)</dt>
+<dd>
+
+<p>Configure the maximum number of matching zip members the plugin will scan</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_zip_depth-default:-2">olemacro_zip_depth (default: 2)</dt>
+<dd>
+
+<p>Depth to recurse within Zip files</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_extended_scan-0-1-default:-0">olemacro_extended_scan ( 0 | 1 ) (default: 0)</dt>
+<dd>
+
+<p>Scan more files for potential macros, the <code>olemacro_skip_exts</code> parameter will still be honored. This parameter is off by default, this option is needed only to run <code>eval:check_olemacro_renamed</code> rule. If this is turned on consider adjusting values for <code>olemacro_num_mime</code> and <code>olemacro_num_zip</code> and prepare for more CPU overhead</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_prefer_contentdisposition-0-1-default:-1">olemacro_prefer_contentdisposition ( 0 | 1 ) (default: 1)</dt>
+<dd>
+
+<p>Choose if the content-disposition header filename be preferred if ambiguity is encountered whilst trying to get filename</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_max_file-default:-1024000">olemacro_max_file (default: 1024000)</dt>
+<dd>
+
+<p>Configure the largest file that the plugin will decode from the MIME objects</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_exts-default:-:doc-docx-dot-pot-ppa-pps-ppt-rtf-sldm-xl-xla-xls-xlsx-xlt-xltx-xslb">olemacro_exts (default: (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure the extensions the plugin targets for macro scanning</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_macro_exts-default:-:docm-dotm-ppam-potm-ppst-ppsm-pptm-sldm-xlm-xlam-xlsb-xlsm-xltm-xltx-xps">olemacro_macro_exts (default: (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|xps)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure the extensions the plugin treats as containing a macro</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_skip_exts-default:-:dotx-potx-ppsx-pptx-sldx-xltx">olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure extensions for the plugin to skip entirely, these should only be guaranteed macro free files</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_skip_ctypes-default:-:text">olemacro_skip_ctypes (default: ^(?:text\/))</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure content types for the plugin to skip entirely, these should only be guaranteed macro free</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="olemacro_zips-default:-:zip">olemacro_zips (default: (?:zip)$)</dt>
+<dd>
+
+<p>Set the case-insensitive regexp used to configure extensions for the plugin to target as zip files, files listed in configs above are also tested for zip</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OLEVBMacro.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,93 @@
+NAME
+ Mail::SpamAssassin::Plugin::OLEVBMacro - search attached documents for
+ evidence of containing an OLE Macro
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+
+ ifplugin Mail::SpamAssassin::Plugin::OLEVBMacro
+ body OLEMACRO eval:check_olemacro()
+ describe OLEMACRO Attachment has an Office Macro
+
+ body OLEMACRO_MALICE eval:check_olemacro_malice()
+ describe OLEMACRO_MALICE Potentially malicious Office Macro
+
+ body OLEMACRO_ENCRYPTED eval:check_olemacro_encrypted()
+ describe OLEMACRO_ENCRYPTED Has an Office doc that is encrypted
+
+ body OLEMACRO_RENAME eval:check_olemacro_renamed()
+ describe OLEMACRO_RENAME Has an Office doc that has been renamed
+
+ body OLEMACRO_ZIP_PW eval:check_olemacro_zip_password()
+ describe OLEMACRO_ZIP_PW Has an Office doc that is password protected in a zip
+
+ body OLEMACRO_CSV eval:check_olemacro_csv()
+ describe OLEMACRO_CSV Malicious csv file that tries to exec cmd.exe detected
+ endif
+
+DESCRIPTION
+ This plugin detects OLE Macro inside documents attached to emails. It
+ can detect documents inside zip files as well as encrypted documents.
+
+REQUIREMENT
+ This plugin requires Archive::Zip and IO::String perl modules.
+
+USER PREFERENCES
+ The following options can be used in both site-wide ("local.cf") and
+ user-specific ("user_prefs") configuration files to customize how the
+ module handles attached documents
+
+ olemacro_num_mime (default: 5)
+ Configure the maximum number of matching MIME parts the plugin will
+ scan
+
+ olemacro_num_zip (default: 8)
+ Configure the maximum number of matching zip members the plugin will
+ scan
+
+ olemacro_zip_depth (default: 2)
+ Depth to recurse within Zip files
+
+ olemacro_extended_scan ( 0 | 1 ) (default: 0)
+ Scan more files for potential macros, the "olemacro_skip_exts"
+ parameter will still be honored. This parameter is off by default,
+ this option is needed only to run "eval:check_olemacro_renamed"
+ rule. If this is turned on consider adjusting values for
+ "olemacro_num_mime" and "olemacro_num_zip" and prepare for more CPU
+ overhead
+
+ olemacro_prefer_contentdisposition ( 0 | 1 ) (default: 1)
+ Choose if the content-disposition header filename be preferred if
+ ambiguity is encountered whilst trying to get filename
+
+ olemacro_max_file (default: 1024000)
+ Configure the largest file that the plugin will decode from the MIME
+ objects
+
+ olemacro_exts (default:
+ (?:doc|docx|dot|pot|ppa|pps|ppt|rtf|sldm|xl|xla|xls|xlsx|xlt|xltx|xslb)$
+ )
+ Set the case-insensitive regexp used to configure the extensions the
+ plugin targets for macro scanning
+
+ olemacro_macro_exts (default:
+ (?:docm|dotm|ppam|potm|ppst|ppsm|pptm|sldm|xlm|xlam|xlsb|xlsm|xltm|xltx|
+ xps)$)
+ Set the case-insensitive regexp used to configure the extensions the
+ plugin treats as containing a macro
+
+ olemacro_skip_exts (default: (?:dotx|potx|ppsx|pptx|sldx|xltx)$)
+ Set the case-insensitive regexp used to configure extensions for the
+ plugin to skip entirely, these should only be guaranteed macro free
+ files
+
+ olemacro_skip_ctypes (default: ^(?:text\/))
+ Set the case-insensitive regexp used to configure content types for
+ the plugin to skip entirely, these should only be guaranteed macro
+ free
+
+ olemacro_zips (default: (?:zip)$)
+ Set the case-insensitive regexp used to configure extensions for the
+ plugin to target as zip files, files listed in configs above are
+ also tested for zip
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,27 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::OneLineBodyRuleType - spamassassin body test plugin</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_OneLineBodyRuleType.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,4 @@
+NAME
+ Mail::SpamAssassin::Plugin::OneLineBodyRuleType - spamassassin body test
+ plugin
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,146 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::PDFInfo - PDFInfo Plugin for SpamAssassin</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::PDFInfo</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin helps detected spam using attached PDF files</p>
+
+<dl>
+
+<dt id="See-Usage:-below---more-documentation-see-20_pdfinfo.cf">See "Usage:" below - more documentation see 20_pdfinfo.cf</dt>
+<dd>
+
+<pre><code> Original info kept for history. For later changes see SVN repo
+ -------------------------------------------------------
+ PDFInfo Plugin for SpamAssassin
+ Version: 0.8
+ Info: $Id: PDFInfo.pm 904 2007-08-12 01:36:23Z root $
+ Created: 2007-08-10
+ Modified: 2007-08-10
+ By: Dallas Engelken
+
+ Changes:
+ 0.8 - added .fdf detection (thanks John Lundin) [axb]
+ 0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
+ 0.6 - added support for tags - PDFCOUNT, PDFVERSION, PDFPRODUCER, etc.
+ - fixed issue on perl 5.6.1 where pdf_match_details() failed to call
+ _find_pdf_mime_parts(), resulting in no detection of pdf mime parts.
+ - quoted-printable support - requires MIME::QuotedPrint (which should be in everyones
+ install as a part of the MIME-Base64 package which is a SA req)
+ - added simple pdf_is_empty_body() function with counts the body bytes minus the
+ subject line. can add optional <bytes> param if you need to allow for a few bytes.
+ 0.5 - fix warns for undef $pdf_tags
+ - remove { } and \ before running eval in pdf_match_details to avoid eval error
+ 0.4 - added pdf_is_encrypted() function
+ - added option to look for image HxW on same line
+ 0.3 - added 2nd fuzzy md5 which uses pdf tag layout as data
+ - renamed pdf_image_named() to pdf_named()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - renamed pdf_image_name_regex() to pdf_name_regex()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - changed pdf_image_count() a bit and added pdf_count().
+ - pdf_count() checks how many pdf attachments there are on the mail
+ - pdf_image_count() checks how many images are found within all pdfs in the mail.
+ - removed the restriction of the pdf containing an image in order to md5 it.
+ - added pdf_match_details() function to check the following 'details'
+ - author: Author of PDF if specified
+ - producer: Software used to produce PDF
+ - creator: Software used to produce PDF, usually similar to producer
+ - title: Title of PDF
+ - created: Creation Date
+ - modified: Last Modified
+ 0.2 - support PDF octet-stream
+ 0.1 - just ported over the imageinfo code, and renamed to pdfinfo.
+ - removed all support for png, gif, and jpg from the code.
+ - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
+
+ Usage:
+
+ pdf_count()
+
+ body RULENAME eval:pdf_count(<min>,[max])
+ min: required, message contains at least x pdf mime parts
+ max: optional, if specified, must not contain more than x pdf mime parts
+
+ pdf_image_count()
+
+ body RULENAME eval:pdf_image_count(<min>,[max])
+ min: required, message contains at least x images in pdf attachments.
+ max: optional, if specified, must not contain more than x pdf images
+
+ pdf_pixel_coverage()
+
+ body RULENAME eval:pdf_pixel_coverage(<min>,[max])
+ min: required, message contains at least this much pixel area
+ max: optional, if specified, message must not contain more than this much pixel area
+
+ pdf_named()
+
+ body RULENAME eval:pdf_named(<string>)
+ string: exact file name match, if you need partial match, see pdf_name_regex()
+
+ pdf_name_regex()
+
+ body RULENAME eval:pdf_name_regex(<regex>)
+ regex: regular expression, see examples in ruleset
+
+ pdf_match_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex
+
+ pdf_match_fuzzy_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex - see ruleset for obtaining the fuzzy md5
+
+ pdf_match_details()
+
+ body RULENAME eval:pdf_match_details(<detail>,<regex>);
+ detail: author, creator, created, modified, producer, title
+ regex: regular expression, see examples in ruleset
+
+ pdf_is_encrypted()
+
+ body RULENAME eval:pdf_is_encrypted()
+
+ pdf_is_empty_body()
+
+ body RULENAME eval:pdf_is_empty_body(<bytes>)
+ bytes: maximum byte count to allow and still consider it empty
+
+ NOTE: See the ruleset for more examples that are not documented here.</code></pre>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PDFInfo.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,111 @@
+NAME
+ Mail::SpamAssassin::Plugin::PDFInfo - PDFInfo Plugin for SpamAssassin
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::PDFInfo
+
+DESCRIPTION
+ This plugin helps detected spam using attached PDF files
+
+ See "Usage:" below - more documentation see 20_pdfinfo.cf
+ Original info kept for history. For later changes see SVN repo
+ -------------------------------------------------------
+ PDFInfo Plugin for SpamAssassin
+ Version: 0.8
+ Info: $Id: PDFInfo.pm 904 2007-08-12 01:36:23Z root $
+ Created: 2007-08-10
+ Modified: 2007-08-10
+ By: Dallas Engelken
+
+ Changes:
+ 0.8 - added .fdf detection (thanks John Lundin) [axb]
+ 0.7 - fixed empty body/pdf count buglet(thanks Jeremy) [axb]
+ 0.6 - added support for tags - PDFCOUNT, PDFVERSION, PDFPRODUCER, etc.
+ - fixed issue on perl 5.6.1 where pdf_match_details() failed to call
+ _find_pdf_mime_parts(), resulting in no detection of pdf mime parts.
+ - quoted-printable support - requires MIME::QuotedPrint (which should be in everyones
+ install as a part of the MIME-Base64 package which is a SA req)
+ - added simple pdf_is_empty_body() function with counts the body bytes minus the
+ subject line. can add optional <bytes> param if you need to allow for a few bytes.
+ 0.5 - fix warns for undef $pdf_tags
+ - remove { } and \ before running eval in pdf_match_details to avoid eval error
+ 0.4 - added pdf_is_encrypted() function
+ - added option to look for image HxW on same line
+ 0.3 - added 2nd fuzzy md5 which uses pdf tag layout as data
+ - renamed pdf_image_named() to pdf_named()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - renamed pdf_image_name_regex() to pdf_name_regex()
+ - PDF images are encapsulated and have no names. We are matching the PDF file name.
+ - changed pdf_image_count() a bit and added pdf_count().
+ - pdf_count() checks how many pdf attachments there are on the mail
+ - pdf_image_count() checks how many images are found within all pdfs in the mail.
+ - removed the restriction of the pdf containing an image in order to md5 it.
+ - added pdf_match_details() function to check the following 'details'
+ - author: Author of PDF if specified
+ - producer: Software used to produce PDF
+ - creator: Software used to produce PDF, usually similar to producer
+ - title: Title of PDF
+ - created: Creation Date
+ - modified: Last Modified
+ 0.2 - support PDF octet-stream
+ 0.1 - just ported over the imageinfo code, and renamed to pdfinfo.
+ - removed all support for png, gif, and jpg from the code.
+ - prepended pdf_ to all function names to avoid conflicts with ImageInfo in SA 3.2.
+
+ Usage:
+
+ pdf_count()
+
+ body RULENAME eval:pdf_count(<min>,[max])
+ min: required, message contains at least x pdf mime parts
+ max: optional, if specified, must not contain more than x pdf mime parts
+
+ pdf_image_count()
+
+ body RULENAME eval:pdf_image_count(<min>,[max])
+ min: required, message contains at least x images in pdf attachments.
+ max: optional, if specified, must not contain more than x pdf images
+
+ pdf_pixel_coverage()
+
+ body RULENAME eval:pdf_pixel_coverage(<min>,[max])
+ min: required, message contains at least this much pixel area
+ max: optional, if specified, message must not contain more than this much pixel area
+
+ pdf_named()
+
+ body RULENAME eval:pdf_named(<string>)
+ string: exact file name match, if you need partial match, see pdf_name_regex()
+
+ pdf_name_regex()
+
+ body RULENAME eval:pdf_name_regex(<regex>)
+ regex: regular expression, see examples in ruleset
+
+ pdf_match_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex
+
+ pdf_match_fuzzy_md5()
+
+ body RULENAME eval:pdf_match_md5(<string>)
+ string: 32-byte md5 hex - see ruleset for obtaining the fuzzy md5
+
+ pdf_match_details()
+
+ body RULENAME eval:pdf_match_details(<detail>,<regex>);
+ detail: author, creator, created, modified, producer, title
+ regex: regular expression, see examples in ruleset
+
+ pdf_is_encrypted()
+
+ body RULENAME eval:pdf_is_encrypted()
+
+ pdf_is_empty_body()
+
+ body RULENAME eval:pdf_is_empty_body(<bytes>)
+ bytes: maximum byte count to allow and still consider it empty
+
+ NOTE: See the ruleset for more examples that are not documented here.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,79 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#OPTIONS">OPTIONS</a></li>
+ <li><a href="#DOWNLOAD">DOWNLOAD</a></li>
+ <li><a href="#SEE-ALSO">SEE ALSO</a></li>
+ <li><a href="#AUTHOR">AUTHOR</a></li>
+ <li><a href="#COPYRIGHT-AND-LICENSE">COPYRIGHT AND LICENSE</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>PhishTag - SpamAssassin plugin for redirecting links in incoming emails.</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::PhishTag
+
+ trigger_ratio 0.1
+ trigger_target RULE_NAME http://www.antiphishing.org/consumer_recs.html</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>PhishTag enables administrators to rewrite links in emails that trigger certain tests, preferably anti-phishing blacklist tests. The plugin will inhibit the blocking of a portion of the emails that trigger the test by SpamAssassin, and let them pass to the users' inbox after the rewrite. It is useful in providing training to email users about company policies and general email usage.</p>
+
+<h1 id="OPTIONS">OPTIONS</h1>
+
+<p>The following options can be set by modifying the configuration file.</p>
+
+<ul>
+
+<li><p>trigger_ratio percentage_value</p>
+
+<p>Sets the probability in percentage that a positive test will trigger the email rewrite, e.g. 0.1 will rewrite on the average 1 in 1000 emails that match the trigger.</p>
+
+</li>
+<li><p>trigger_target RULE_NAME http_url</p>
+
+<p>The name of the test which would trigger the email rewrite; all the URLs will be replaced by http_url.</p>
+
+</li>
+</ul>
+
+<h1 id="DOWNLOAD">DOWNLOAD</h1>
+
+<p>The source of this plugin is available at: http://umut.topkara.org/PhishTag/PhishTag.pm a sample configuration file is also available: http://umut.topkara.org/PhishTag/PhishTag.cf</p>
+
+<h1 id="SEE-ALSO">SEE ALSO</h1>
+
+<p>Check the list of tests performed by SpamAssassin to modify the configuration file to match your needs from https://spamassassin.apache.org/tests.html</p>
+
+<h1 id="AUTHOR">AUTHOR</h1>
+
+<p>Umut Topkara, 2008, <umut@topkara.org> http://umut.topkara.org</p>
+
+<h1 id="COPYRIGHT-AND-LICENSE">COPYRIGHT AND LICENSE</h1>
+
+<p>This plugin is free software; you can redistribute it and/or modify it under the same terms as SpamAssassin itself, either version 3.2.4 or, at your option, any later version of SpamAssassin you may have available.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_PhishTag.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,49 @@
+NAME
+ PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::PhishTag
+
+ trigger_ratio 0.1
+ trigger_target RULE_NAME http://www.antiphishing.org/consumer_recs.html
+
+DESCRIPTION
+ PhishTag enables administrators to rewrite links in emails that trigger
+ certain tests, preferably anti-phishing blacklist tests. The plugin will
+ inhibit the blocking of a portion of the emails that trigger the test by
+ SpamAssassin, and let them pass to the users' inbox after the rewrite.
+ It is useful in providing training to email users about company policies
+ and general email usage.
+
+OPTIONS
+ The following options can be set by modifying the configuration file.
+
+ * trigger_ratio percentage_value
+
+ Sets the probability in percentage that a positive test will trigger
+ the email rewrite, e.g. 0.1 will rewrite on the average 1 in 1000
+ emails that match the trigger.
+
+ * trigger_target RULE_NAME http_url
+
+ The name of the test which would trigger the email rewrite; all the
+ URLs will be replaced by http_url.
+
+DOWNLOAD
+ The source of this plugin is available at:
+ http://umut.topkara.org/PhishTag/PhishTag.pm a sample configuration file
+ is also available: http://umut.topkara.org/PhishTag/PhishTag.cf
+
+SEE ALSO
+ Check the list of tests performed by SpamAssassin to modify the
+ configuration file to match your needs from
+ https://spamassassin.apache.org/tests.html
+
+AUTHOR
+ Umut Topkara, 2008, <umut@topkara.org> http://umut.topkara.org
+
+COPYRIGHT AND LICENSE
+ This plugin is free software; you can redistribute it and/or modify it
+ under the same terms as SpamAssassin itself, either version 3.2.4 or, at
+ your option, any later version of SpamAssassin you may have available.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,48 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+ ifplugin Mail::SpamAssassin::Plugin::Phishing
+ phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
+ phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
+ body URI_PHISHING eval:check_phishing()
+ describe URI_PHISHING Url match phishing in feed
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin finds uris used in phishing campaigns detected by OpenPhish or PhishTank feeds.</p>
+
+<p>The Openphish free feed is updated every 6 hours and can be downloaded from https://openphish.com/feed.txt. The Premium Openphish feed is not currently supported.</p>
+
+<p>The PhishTank free feed is updated every 1 hours and can be downloaded from http://data.phishtank.com/data/online-valid.csv. To avoid download limits a registration is required.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Phishing.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,25 @@
+NAME
+ Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Phishing
+
+ ifplugin Mail::SpamAssassin::Plugin::Phishing
+ phishing_openphish_feed /etc/mail/spamassassin/openphish-feed.txt
+ phishing_phishtank_feed /etc/mail/spamassassin/phishtank-feed.csv
+ body URI_PHISHING eval:check_phishing()
+ describe URI_PHISHING Url match phishing in feed
+ endif
+
+DESCRIPTION
+ This plugin finds uris used in phishing campaigns detected by OpenPhish
+ or PhishTank feeds.
+
+ The Openphish free feed is updated every 6 hours and can be downloaded
+ from https://openphish.com/feed.txt. The Premium Openphish feed is not
+ currently supported.
+
+ The PhishTank free feed is updated every 1 hours and can be downloaded
+ from http://data.phishtank.com/data/online-valid.csv. To avoid download
+ limits a registration is required.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,91 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-OPTIONS">USER OPTIONS</a></li>
+ <li><a href="#ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Pyzor - perform Pyzor check of messages</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Pyzor</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages.</p>
+
+<p>See http://pyzor.org/ for more information about Pyzor.</p>
+
+<h1 id="USER-OPTIONS">USER OPTIONS</h1>
+
+<dl>
+
+<dt id="use_pyzor-0-1-default:-1">use_pyzor (0|1) (default: 1)</dt>
+<dd>
+
+<p>Whether to use Pyzor, if it is available.</p>
+
+</dd>
+<dt id="pyzor_max-NUMBER-default:-5">pyzor_max NUMBER (default: 5)</dt>
+<dd>
+
+<p>This option sets how often a message's body checksum must have been reported to the Pyzor server before SpamAssassin will consider the Pyzor check as matched.</p>
+
+<p>As most clients should not be auto-reporting these checksums, you should set this to a relatively low value, e.g. <code>5</code>.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</h1>
+
+<dl>
+
+<dt id="pyzor_timeout-n-default:-3.5">pyzor_timeout n (default: 3.5)</dt>
+<dd>
+
+<p>How many seconds you wait for Pyzor to complete, before scanning continues without the Pyzor results. A numeric value is optionally suffixed by a time unit (s, m, h, d, w, indicating seconds (default), minutes, hours, days, weeks).</p>
+
+<p>You can configure Pyzor to have its own per-server timeout. Set this plugin's timeout with that in mind. This plugin's timeout is a maximum ceiling. If Pyzor takes longer than this to complete its communication with all servers, no results are used by SpamAssassin.</p>
+
+<p>Pyzor servers do not yet synchronize their servers, so it can be beneficial to check and report to more than one. See the pyzor-users mailing list for alternate servers that are not published via 'pyzor discover'.</p>
+
+<p>If you are using multiple Pyzor servers, a good rule of thumb would be to set the SpamAssassin plugin's timeout to be the same or just a bit more than the per-server Pyzor timeout (e.g., 3.5 and 2 for two Pyzor servers). If more than one of your Pyzor servers is always timing out, consider removing one of them.</p>
+
+</dd>
+<dt id="pyzor_options-options">pyzor_options options</dt>
+<dd>
+
+<p>Specify additional options to the pyzor(1) command. Please note that only characters in the range [0-9A-Za-z ,._/-] are allowed for security reasons.</p>
+
+</dd>
+<dt id="pyzor_path-STRING">pyzor_path STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin specifically where to find the <code>pyzor</code> client instead of relying on SpamAssassin to find it in the current PATH. Note that if <i>taint mode</i> is enabled in the Perl interpreter, you should use this, as the current PATH will have been cleared.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Pyzor.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,59 @@
+NAME
+ Mail::SpamAssassin::Plugin::Pyzor - perform Pyzor check of messages
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Pyzor
+
+DESCRIPTION
+ Pyzor is a collaborative, networked system to detect and block spam
+ using identifying digests of messages.
+
+ See http://pyzor.org/ for more information about Pyzor.
+
+USER OPTIONS
+ use_pyzor (0|1) (default: 1)
+ Whether to use Pyzor, if it is available.
+
+ pyzor_max NUMBER (default: 5)
+ This option sets how often a message's body checksum must have been
+ reported to the Pyzor server before SpamAssassin will consider the
+ Pyzor check as matched.
+
+ As most clients should not be auto-reporting these checksums, you
+ should set this to a relatively low value, e.g. 5.
+
+ADMINISTRATOR OPTIONS
+ pyzor_timeout n (default: 3.5)
+ How many seconds you wait for Pyzor to complete, before scanning
+ continues without the Pyzor results. A numeric value is optionally
+ suffixed by a time unit (s, m, h, d, w, indicating seconds
+ (default), minutes, hours, days, weeks).
+
+ You can configure Pyzor to have its own per-server timeout. Set this
+ plugin's timeout with that in mind. This plugin's timeout is a
+ maximum ceiling. If Pyzor takes longer than this to complete its
+ communication with all servers, no results are used by SpamAssassin.
+
+ Pyzor servers do not yet synchronize their servers, so it can be
+ beneficial to check and report to more than one. See the pyzor-users
+ mailing list for alternate servers that are not published via 'pyzor
+ discover'.
+
+ If you are using multiple Pyzor servers, a good rule of thumb would
+ be to set the SpamAssassin plugin's timeout to be the same or just a
+ bit more than the per-server Pyzor timeout (e.g., 3.5 and 2 for two
+ Pyzor servers). If more than one of your Pyzor servers is always
+ timing out, consider removing one of them.
+
+ pyzor_options options
+ Specify additional options to the pyzor(1) command. Please note that
+ only characters in the range [0-9A-Za-z ,._/-] are allowed for
+ security reasons.
+
+ pyzor_path STRING
+ This option tells SpamAssassin specifically where to find the
+ "pyzor" client instead of relying on SpamAssassin to find it in the
+ current PATH. Note that if *taint mode* is enabled in the Perl
+ interpreter, you should use this, as the current PATH will have been
+ cleared.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,71 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-SETTINGS">USER SETTINGS</a></li>
+ <li><a href="#ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Razor2 - perform Razor check of messages</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Razor2</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>Vipul's Razor is a distributed, collaborative, spam detection and filtering network based on user submissions of spam. Detection is done with signatures that efficiently spot mutating spam content and user input is validated through reputation assignments.</p>
+
+<p>See http://razor.sourceforge.net/ for more information about Razor.</p>
+
+<h1 id="USER-SETTINGS">USER SETTINGS</h1>
+
+<dl>
+
+<dt id="use_razor2-0-1-default:-1">use_razor2 (0|1) (default: 1)</dt>
+<dd>
+
+<p>Whether to use Razor2, if it is available.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</h1>
+
+<dl>
+
+<dt id="razor_timeout-n-default:-5">razor_timeout n (default: 5)</dt>
+<dd>
+
+<p>How many seconds you wait for Razor to complete before you go on without the results</p>
+
+</dd>
+<dt id="razor_config-filename">razor_config filename</dt>
+<dd>
+
+<p>Define the filename used to store Razor's configuration settings. Currently this is left to Razor to decide.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Razor2.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,27 @@
+NAME
+ Mail::SpamAssassin::Plugin::Razor2 - perform Razor check of messages
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Razor2
+
+DESCRIPTION
+ Vipul's Razor is a distributed, collaborative, spam detection and
+ filtering network based on user submissions of spam. Detection is done
+ with signatures that efficiently spot mutating spam content and user
+ input is validated through reputation assignments.
+
+ See http://razor.sourceforge.net/ for more information about Razor.
+
+USER SETTINGS
+ use_razor2 (0|1) (default: 1)
+ Whether to use Razor2, if it is available.
+
+ADMINISTRATOR SETTINGS
+ razor_timeout n (default: 5)
+ How many seconds you wait for Razor to complete before you go on
+ without the results
+
+ razor_config filename
+ Define the filename used to store Razor's configuration settings.
+ Currently this is left to Razor to decide.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,91 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#REQUIREMENT">REQUIREMENT</a></li>
+ <li><a href="#USER-PREFERENCES">USER PREFERENCES</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>RelayCountry - add message metadata indicating the country code of each relay</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::RelayCountry</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>The RelayCountry plugin attempts to determine the domain country codes of each relay used in the delivery path of messages and add that information to the message metadata.</p>
+
+<p>Following metadata headers and tags are added:</p>
+
+<pre><code> X-Relay-Countries _RELAYCOUNTRY_
+ All untrusted relays. Contains all relays starting from the
+ trusted_networks border. This method has been used by default since
+ early SA versions.
+
+ X-Relay-Countries-External _RELAYCOUNTRYEXT_
+ All external relays. Contains all relays starting from the
+ internal_networks border. Could be useful in some cases when
+ trusted/msa_networks extend beyond the internal border and those
+ need to be checked too.
+
+ X-Relay-Countries-All _RELAYCOUNTRYALL_
+ All possible relays (internal + external).
+
+ X-Relay-Countries-Auth _RELAYCOUNTRYAUTH_
+ Auth will contain all relays starting from the first relay that used
+ authentication. For example, this could be used to check for hacked
+ local users coming in from unexpected countries. If there are no
+ authenticated relays, this will be empty.</code></pre>
+
+<h1 id="REQUIREMENT">REQUIREMENT</h1>
+
+<p>This plugin requires the GeoIP2, Geo::IP, IP::Country::DB_File or IP::Country::Fast module from CPAN. For backward compatibility IP::Country::Fast is used as fallback if no db_type is specified in the config file.</p>
+
+<h1 id="USER-PREFERENCES">USER PREFERENCES</h1>
+
+<p>The following options can be used in both site-wide (<code>local.cf</code>) and user-specific (<code>user_prefs</code>) configuration files to customize how SpamAssassin handles incoming email messages.</p>
+
+<dl>
+
+<dt id="country_db_type-STRING">country_db_type STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin which type of Geo database to use. Valid database types are GeoIP, GeoIP2, DB_File and Fast.</p>
+
+</dd>
+</dl>
+
+<dl>
+
+<dt id="country_db_path-STRING">country_db_path STRING</dt>
+<dd>
+
+<p>This option tells SpamAssassin where to find MaxMind GeoIP2 or IP::Country::DB_File database.</p>
+
+<p>If not defined, GeoIP2 default search includes: /usr/local/share/GeoIP/GeoIP2-Country.mmdb /usr/share/GeoIP/GeoIP2-Country.mmdb /var/lib/GeoIP/GeoIP2-Country.mmdb /usr/local/share/GeoIP/GeoLite2-Country.mmdb /usr/share/GeoIP/GeoLite2-Country.mmdb /var/lib/GeoIP/GeoLite2-Country.mmdb (and same paths again for -City.mmdb, which also has country functionality)</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_RelayCountry.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,62 @@
+NAME
+ RelayCountry - add message metadata indicating the country code of each
+ relay
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::RelayCountry
+
+DESCRIPTION
+ The RelayCountry plugin attempts to determine the domain country codes
+ of each relay used in the delivery path of messages and add that
+ information to the message metadata.
+
+ Following metadata headers and tags are added:
+
+ X-Relay-Countries _RELAYCOUNTRY_
+ All untrusted relays. Contains all relays starting from the
+ trusted_networks border. This method has been used by default since
+ early SA versions.
+
+ X-Relay-Countries-External _RELAYCOUNTRYEXT_
+ All external relays. Contains all relays starting from the
+ internal_networks border. Could be useful in some cases when
+ trusted/msa_networks extend beyond the internal border and those
+ need to be checked too.
+
+ X-Relay-Countries-All _RELAYCOUNTRYALL_
+ All possible relays (internal + external).
+
+ X-Relay-Countries-Auth _RELAYCOUNTRYAUTH_
+ Auth will contain all relays starting from the first relay that used
+ authentication. For example, this could be used to check for hacked
+ local users coming in from unexpected countries. If there are no
+ authenticated relays, this will be empty.
+
+REQUIREMENT
+ This plugin requires the GeoIP2, Geo::IP, IP::Country::DB_File or
+ IP::Country::Fast module from CPAN. For backward compatibility
+ IP::Country::Fast is used as fallback if no db_type is specified in the
+ config file.
+
+USER PREFERENCES
+ The following options can be used in both site-wide ("local.cf") and
+ user-specific ("user_prefs") configuration files to customize how
+ SpamAssassin handles incoming email messages.
+
+ country_db_type STRING
+ This option tells SpamAssassin which type of Geo database to use.
+ Valid database types are GeoIP, GeoIP2, DB_File and Fast.
+
+ country_db_path STRING
+ This option tells SpamAssassin where to find MaxMind GeoIP2 or
+ IP::Country::DB_File database.
+
+ If not defined, GeoIP2 default search includes:
+ /usr/local/share/GeoIP/GeoIP2-Country.mmdb
+ /usr/share/GeoIP/GeoIP2-Country.mmdb
+ /var/lib/GeoIP/GeoIP2-Country.mmdb
+ /usr/local/share/GeoIP/GeoLite2-Country.mmdb
+ /usr/share/GeoIP/GeoLite2-Country.mmdb
+ /var/lib/GeoIP/GeoLite2-Country.mmdb (and same paths again for
+ -City.mmdb, which also has country functionality)
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,100 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#RULE-DEFINITIONS-AND-PRIVILEGED-SETTINGS">RULE DEFINITIONS AND PRIVILEGED SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules</p>
+
+<p>The plugin allows rules to contain regular expression tags to be used in regular expression rules. The tags make it much easier to maintain complicated rules.</p>
+
+<p>Warning: This plugin relies on data structures specific to this version of SpamAssasin; it is not guaranteed to work with other versions of SpamAssassin.</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
+ replace_start <
+ replace_end >
+
+ replace_tag A [a@]
+ replace_tag G [gk]
+ replace_tag I [il|!1y\?\xcc\xcd\xce\xcf\xec\xed\xee\xef]
+ replace_tag R [r3]
+ replace_tag V (?:[vu]|\\\/)
+ replace_tag SP [\s~_-]
+
+ body VIAGRA_OBFU /(?!viagra)<V>+<SP>*<I>+<SP>*<A>+<SP>*<G>+<SP>*<R>+<SP>*<A>+/i
+ describe VIAGRA_OBFU Attempt to obfuscate "viagra"
+
+ replace_rules VIAGRA_OBFU</code></pre>
+
+<h1 id="RULE-DEFINITIONS-AND-PRIVILEGED-SETTINGS">RULE DEFINITIONS AND PRIVILEGED SETTINGS</h1>
+
+<dl>
+
+<dt id="replace_tag-tagname-expression">replace_tag tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname.</p>
+
+<p>Note: It is not recommended to put quantifiers inside the tag, it's better to put them inside the rule itself for greater flexibility.</p>
+
+</dd>
+<dt id="replace_pre-tagname-expression">replace_pre tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed before each tag that is replaced.</p>
+
+</dd>
+<dt id="replace_inter-tagname-expression">replace_inter tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed between each two immediately adjacent tags that are replaced.</p>
+
+</dd>
+<dt id="replace_post-tagname-expression">replace_post tagname expression</dt>
+<dd>
+
+<p>Assign a valid regular expression to tagname. The expression will be placed after each tag that is replaced.</p>
+
+</dd>
+<dt id="replace_rules-list_of_tests">replace_rules list_of_tests</dt>
+<dd>
+
+<p>Specify a list of symbolic test names (separated by whitespace) of tests which should be modified using replacement tags. Only simple regular expression body, header, uri, full, rawbody tests are supported.</p>
+
+</dd>
+<dt id="replace_start-string">replace_start string</dt>
+<dd>
+
+</dd>
+<dt id="replace_end-string">replace_end string</dt>
+<dd>
+
+<p>String(s) which indicate the start and end of a tag inside a rule. Only tags enclosed by the start and end strings are found and replaced.</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ReplaceTags.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,60 @@
+NAME
+ Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules
+
+ The plugin allows rules to contain regular expression tags to be used in
+ regular expression rules. The tags make it much easier to maintain
+ complicated rules.
+
+ Warning: This plugin relies on data structures specific to this version
+ of SpamAssasin; it is not guaranteed to work with other versions of
+ SpamAssassin.
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
+
+ replace_start <
+ replace_end >
+
+ replace_tag A [a@]
+ replace_tag G [gk]
+ replace_tag I [il|!1y\?\xcc\xcd\xce\xcf\xec\xed\xee\xef]
+ replace_tag R [r3]
+ replace_tag V (?:[vu]|\\\/)
+ replace_tag SP [\s~_-]
+
+ body VIAGRA_OBFU /(?!viagra)<V>+<SP>*<I>+<SP>*<A>+<SP>*<G>+<SP>*<R>+<SP>*<A>+/i
+ describe VIAGRA_OBFU Attempt to obfuscate "viagra"
+
+ replace_rules VIAGRA_OBFU
+
+RULE DEFINITIONS AND PRIVILEGED SETTINGS
+ replace_tag tagname expression
+ Assign a valid regular expression to tagname.
+
+ Note: It is not recommended to put quantifiers inside the tag, it's
+ better to put them inside the rule itself for greater flexibility.
+
+ replace_pre tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed before each tag that is replaced.
+
+ replace_inter tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed between each two immediately adjacent tags that are replaced.
+
+ replace_post tagname expression
+ Assign a valid regular expression to tagname. The expression will be
+ placed after each tag that is replaced.
+
+ replace_rules list_of_tests
+ Specify a list of symbolic test names (separated by whitespace) of
+ tests which should be modified using replacement tags. Only simple
+ regular expression body, header, uri, full, rawbody tests are
+ supported.
+
+ replace_start string
+ replace_end string
+ String(s) which indicate the start and end of a tag inside a rule.
+ Only tags enclosed by the start and end strings are found and
+ replaced.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,75 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::ResourceLimits - Limit the memory and/or CPU of child spamd processes</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> # This plugin is for admin only and cannot be specified in user config.
+ loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+ # Sets to RLIMIT_CPU from BSD::Resource. The quota is based on max CPU Time seconds.
+ resource_limit_cpu 120
+
+ # Sets to RLIMIT_RSS and RLIMIT_AS via BSD::Resource.
+ resource_limit_cpu 536870912</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This module leverages BSD::Resource to assure your spamd child processes do not exceed specified CPU or memory limit. If this happens, the child process will die. See the <a>BSD::Resource</a> for more details.</p>
+
+<p>NOTE: Because this plugin uses BSD::Resource, it will not function on Windows.</p>
+
+<h1 id="ADMINISTRATOR-SETTINGS">ADMINISTRATOR SETTINGS</h1>
+
+<dl>
+
+<dt id="resource_limit_cpu-120-default:-0-or-no-limit">resource_limit_cpu 120 (default: 0 or no limit)</dt>
+<dd>
+
+<p>How many cpu cycles are allowed on this process before it dies.</p>
+
+</dd>
+<dt id="resource_limit_mem-536870912-default:-0-or-no-limit">resource_limit_mem 536870912 (default: 0 or no limit)</dt>
+<dd>
+
+<p>The maximum number of bytes of memory allowed both for:</p>
+
+<ul>
+
+<li><p>(virtual) address space bytes</p>
+
+</li>
+<li><p>resident set size</p>
+
+</li>
+</ul>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ResourceLimits.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,33 @@
+NAME
+ Mail::SpamAssassin::Plugin::ResourceLimits - Limit the memory and/or CPU
+ of child spamd processes
+
+SYNOPSIS
+ # This plugin is for admin only and cannot be specified in user config.
+ loadplugin Mail::SpamAssassin::Plugin::ResourceLimits
+
+ # Sets to RLIMIT_CPU from BSD::Resource. The quota is based on max CPU Time seconds.
+ resource_limit_cpu 120
+
+ # Sets to RLIMIT_RSS and RLIMIT_AS via BSD::Resource.
+ resource_limit_cpu 536870912
+
+DESCRIPTION
+ This module leverages BSD::Resource to assure your spamd child processes
+ do not exceed specified CPU or memory limit. If this happens, the child
+ process will die. See the BSD::Resource for more details.
+
+ NOTE: Because this plugin uses BSD::Resource, it will not function on
+ Windows.
+
+ADMINISTRATOR SETTINGS
+ resource_limit_cpu 120 (default: 0 or no limit)
+ How many cpu cycles are allowed on this process before it dies.
+
+ resource_limit_mem 536870912 (default: 0 or no limit)
+ The maximum number of bytes of memory allowed both for:
+
+ * (virtual) address space bytes
+
+ * resident set size
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,43 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Reuse - For reusing old rule hits during a mass-check</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Reuse
+
+ ifplugin Mail::SpamAssassin::Plugin::Reuse
+
+ reuse NETWORK_RULE [ NETWORK_RULE_OLD_NAME ]
+
+ endif</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>The purpose of this plugin is to work in conjunction with <b>mass-check --reuse</b> to map rules hit in input messages to rule hits in the mass-check output.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Reuse.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,18 @@
+NAME
+ Mail::SpamAssassin::Plugin::Reuse - For reusing old rule hits during a
+ mass-check
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Reuse
+
+ ifplugin Mail::SpamAssassin::Plugin::Reuse
+
+ reuse NETWORK_RULE [ NETWORK_RULE_OLD_NAME ]
+
+ endif
+
+DESCRIPTION
+ The purpose of this plugin is to work in conjunction with mass-check
+ --reuse to map rules hit in input messages to rule hits in the
+ mass-check output.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,39 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Rule2XSBody - speed up SpamAssassin by compiling regexps</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin will use native-code object files representing the ruleset, in order to provide significant speedups in rule evaluation.</p>
+
+<p>Note that <code>sa-compile</code> must be run in advance, in order to compile the ruleset using <code>re2c</code> and the C compiler. See the <code>sa-compile</code> documentation for more details.</p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Rule2XSBody.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,15 @@
+NAME
+ Mail::SpamAssassin::Plugin::Rule2XSBody - speed up SpamAssassin by
+ compiling regexps
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
+
+DESCRIPTION
+ This plugin will use native-code object files representing the ruleset,
+ in order to provide significant speedups in rule evaluation.
+
+ Note that "sa-compile" must be run in advance, in order to compile the
+ ruleset using "re2c" and the C compiler. See the "sa-compile"
+ documentation for more details.
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,118 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#USER-SETTINGS">USER SETTINGS</a></li>
+ <li><a href="#ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::SPF - perform SPF verification tests</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::SPF</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin checks a message against Sender Policy Framework (SPF) records published by the domain owners in DNS to fight email address forgery and make it easier to identify spams.</p>
+
+<h1 id="USER-SETTINGS">USER SETTINGS</h1>
+
+<dl>
+
+<dt id="whitelist_from_spf-user-example.com">whitelist_from_spf user@example.com</dt>
+<dd>
+
+<p>Works similarly to whitelist_from, except that in addition to matching a sender address, a check against the domain's SPF record must pass. The first parameter is an address to whitelist, and the second is a string to match the relay's rDNS.</p>
+
+<p>Just like whitelist_from, multiple addresses per line, separated by spaces, are OK. Multiple <code>whitelist_from_spf</code> lines are also OK.</p>
+
+<p>The headers checked for whitelist_from_spf addresses are the same headers used for SPF checks (Envelope-From, Return-Path, X-Envelope-From, etc).</p>
+
+<p>Since this whitelist requires an SPF check to be made, network tests must be enabled. It is also required that your trust path be correctly configured. See the section on <code>trusted_networks</code> for more info on trust paths.</p>
+
+<p>e.g.</p>
+
+<pre><code> whitelist_from_spf joe@example.com fred@example.com
+ whitelist_from_spf *@example.com</code></pre>
+
+</dd>
+<dt id="def_whitelist_from_spf-user-example.com">def_whitelist_from_spf user@example.com</dt>
+<dd>
+
+<p>Same as <code>whitelist_from_spf</code>, but used for the default whitelist entries in the SpamAssassin distribution. The whitelist score is lower, because these are often targets for spammer spoofing.</p>
+
+</dd>
+</dl>
+
+<h1 id="ADMINISTRATOR-OPTIONS">ADMINISTRATOR OPTIONS</h1>
+
+<dl>
+
+<dt id="spf_timeout-n-default:-5">spf_timeout n (default: 5)</dt>
+<dd>
+
+<p>How many seconds to wait for an SPF query to complete, before scanning continues without the SPF result. A numeric value is optionally suffixed by a time unit (s, m, h, d, w, indicating seconds (default), minutes, hours, days, weeks).</p>
+
+</dd>
+<dt id="do_not_use_mail_spf-0-1-default:-0">do_not_use_mail_spf (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default the plugin will try to use the Mail::SPF module for SPF checks if it can be loaded. If Mail::SPF cannot be used the plugin will fall back to using the legacy Mail::SPF::Query module if it can be loaded.</p>
+
+<p>Use this option to stop the plugin from using Mail::SPF and cause it to try to use Mail::SPF::Query instead.</p>
+
+</dd>
+<dt id="do_not_use_mail_spf_query-0-1-default:-0">do_not_use_mail_spf_query (0|1) (default: 0)</dt>
+<dd>
+
+<p>As above, but instead stop the plugin from trying to use Mail::SPF::Query and cause it to only try to use Mail::SPF.</p>
+
+</dd>
+<dt id="ignore_received_spf_header-0-1-default:-0">ignore_received_spf_header (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default, to avoid unnecessary DNS lookups, the plugin will try to use the SPF results found in any <code>Received-SPF</code> headers it finds in the message that could only have been added by an internal relay.</p>
+
+<p>Set this option to 1 to ignore any <code>Received-SPF</code> headers present and to have the plugin perform the SPF check itself.</p>
+
+<p>Note that unless the plugin finds an <code>identity=helo</code>, or some unsupported identity, it will assume that the result is a mfrom SPF check result. The only identities supported are <code>mfrom</code>, <code>mailfrom</code> and <code>helo</code>.</p>
+
+</dd>
+<dt id="use_newest_received_spf_header-0-1-default:-0">use_newest_received_spf_header (0|1) (default: 0)</dt>
+<dd>
+
+<p>By default, when using <code>Received-SPF</code> headers, the plugin will attempt to use the oldest (bottom most) <code>Received-SPF</code> headers, that were added by internal relays, that it can parse results from since they are the most likely to be accurate. This is done so that if you have an incoming mail setup where one of your primary MXes doesn't know about a secondary MX (or your MXes don't know about some sort of forwarding relay that SA considers trusted+internal) but SA is aware of the actual domain boundary (internal_networks setting) SA will use the results that are most accurate.</p>
+
+<p>Use this option to start with the newest (top most) <code>Received-SPF</code> headers, working downwards until results are successfully parsed.</p>
+
+</dd>
+<dt id="has_check_for_spf_errors">has_check_for_spf_errors</dt>
+<dd>
+
+<p>Adds capability check for "if can()" for check_for_spf_permerror, check_for_spf_temperror, check_for_spf_helo_permerror and check_for_spf_helo_permerror</p>
+
+</dd>
+</dl>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_SPF.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,92 @@
+NAME
+ Mail::SpamAssassin::Plugin::SPF - perform SPF verification tests
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::SPF
+
+DESCRIPTION
+ This plugin checks a message against Sender Policy Framework (SPF)
+ records published by the domain owners in DNS to fight email address
+ forgery and make it easier to identify spams.
+
+USER SETTINGS
+ whitelist_from_spf user@example.com
+ Works similarly to whitelist_from, except that in addition to
+ matching a sender address, a check against the domain's SPF record
+ must pass. The first parameter is an address to whitelist, and the
+ second is a string to match the relay's rDNS.
+
+ Just like whitelist_from, multiple addresses per line, separated by
+ spaces, are OK. Multiple "whitelist_from_spf" lines are also OK.
+
+ The headers checked for whitelist_from_spf addresses are the same
+ headers used for SPF checks (Envelope-From, Return-Path,
+ X-Envelope-From, etc).
+
+ Since this whitelist requires an SPF check to be made, network tests
+ must be enabled. It is also required that your trust path be
+ correctly configured. See the section on "trusted_networks" for more
+ info on trust paths.
+
+ e.g.
+
+ whitelist_from_spf joe@example.com fred@example.com
+ whitelist_from_spf *@example.com
+
+ def_whitelist_from_spf user@example.com
+ Same as "whitelist_from_spf", but used for the default whitelist
+ entries in the SpamAssassin distribution. The whitelist score is
+ lower, because these are often targets for spammer spoofing.
+
+ADMINISTRATOR OPTIONS
+ spf_timeout n (default: 5)
+ How many seconds to wait for an SPF query to complete, before
+ scanning continues without the SPF result. A numeric value is
+ optionally suffixed by a time unit (s, m, h, d, w, indicating
+ seconds (default), minutes, hours, days, weeks).
+
+ do_not_use_mail_spf (0|1) (default: 0)
+ By default the plugin will try to use the Mail::SPF module for SPF
+ checks if it can be loaded. If Mail::SPF cannot be used the plugin
+ will fall back to using the legacy Mail::SPF::Query module if it can
+ be loaded.
+
+ Use this option to stop the plugin from using Mail::SPF and cause it
+ to try to use Mail::SPF::Query instead.
+
+ do_not_use_mail_spf_query (0|1) (default: 0)
+ As above, but instead stop the plugin from trying to use
+ Mail::SPF::Query and cause it to only try to use Mail::SPF.
+
+ ignore_received_spf_header (0|1) (default: 0)
+ By default, to avoid unnecessary DNS lookups, the plugin will try to
+ use the SPF results found in any "Received-SPF" headers it finds in
+ the message that could only have been added by an internal relay.
+
+ Set this option to 1 to ignore any "Received-SPF" headers present
+ and to have the plugin perform the SPF check itself.
+
+ Note that unless the plugin finds an "identity=helo", or some
+ unsupported identity, it will assume that the result is a mfrom SPF
+ check result. The only identities supported are "mfrom", "mailfrom"
+ and "helo".
+
+ use_newest_received_spf_header (0|1) (default: 0)
+ By default, when using "Received-SPF" headers, the plugin will
+ attempt to use the oldest (bottom most) "Received-SPF" headers, that
+ were added by internal relays, that it can parse results from since
+ they are the most likely to be accurate. This is done so that if you
+ have an incoming mail setup where one of your primary MXes doesn't
+ know about a secondary MX (or your MXes don't know about some sort
+ of forwarding relay that SA considers trusted+internal) but SA is
+ aware of the actual domain boundary (internal_networks setting) SA
+ will use the results that are most accurate.
+
+ Use this option to start with the newest (top most) "Received-SPF"
+ headers, working downwards until results are successfully parsed.
+
+ has_check_for_spf_errors
+ Adds capability check for "if can()" for check_for_spf_permerror,
+ check_for_spf_temperror, check_for_spf_helo_permerror and
+ check_for_spf_helo_permerror
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.html Wed Dec 11 22:18:49 2019
@@ -0,0 +1,134 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body style="background-color: white">
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#CONFIGURATION-SETTINGS">CONFIGURATION SETTINGS</a></li>
+ <li><a href="#TAGS">TAGS</a></li>
+ <li><a href="#SEE-ALSO">SEE ALSO</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>Mail::SpamAssassin::Plugin::Shortcircuit - short-circuit evaluation for certain rules</p>
+
+<h1 id="SYNOPSIS">SYNOPSIS</h1>
+
+<pre><code> loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+ report Content analysis details: (_SCORE_ points, _REQD_ required, s/c _SCTYPE_)
+
+ add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"</code></pre>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>This plugin implements simple, test-based shortcircuiting. Shortcircuiting a test will force all other pending rules to be skipped, if that test is hit. In addition, a symbolic rule, <code>SHORTCIRCUIT</code>, will fire.</p>
+
+<p>Recommended usage is to use <code>priority</code> to set rules with strong S/O values (ie. 1.0) to be run first, and make instant spam or ham classification based on that.</p>
+
+<h1 id="CONFIGURATION-SETTINGS">CONFIGURATION SETTINGS</h1>
+
+<p>The following configuration settings are used to control shortcircuiting:</p>
+
+<dl>
+
+<dt id="shortcircuit-SYMBOLIC_TEST_NAME-ham-spam-on-off">shortcircuit SYMBOLIC_TEST_NAME {ham|spam|on|off}</dt>
+<dd>
+
+<p>Shortcircuiting a test will force all other pending rules to be skipped, if that test is hit.</p>
+
+<p>Recommended usage is to use <code>priority</code> to set rules with strong S/O values (ie. 1.0) to be run first, and make instant spam or ham classification based on that.</p>
+
+<p>To override a test that uses shortcircuiting, you can set the classification type to <code>off</code>.</p>
+
+<dl>
+
+<dt id="on">on</dt>
+<dd>
+
+<p>Shortcircuits the rest of the tests, but does not make a strict classification of spam or ham. Rather, it uses the default score for the rule being shortcircuited. This would allow you, for example, to define a rule such as</p>
+
+<pre><code> body TEST /test/
+ describe TEST test rule that scores barely over spam threshold
+ score TEST 5.5
+ priority TEST -100
+ shortcircuit TEST on</code></pre>
+
+<p>The result of a message hitting the above rule would be a final score of 5.5, as opposed to 100 (default) if it were classified as spam.</p>
+
+</dd>
+<dt id="off">off</dt>
+<dd>
+
+<p>Disables shortcircuiting on said rule.</p>
+
+</dd>
+<dt id="spam">spam</dt>
+<dd>
+
+<p>Shortcircuit the rule using a set of defaults; override the default score of this rule with the score from <code>shortcircuit_spam_score</code>, set the <code>noautolearn</code> tflag, and set priority to <code>-100</code>. In other words, equivalent to:</p>
+
+<pre><code> shortcircuit TEST on
+ priority TEST -100
+ score TEST 100
+ tflags TEST noautolearn</code></pre>
+
+</dd>
+<dt id="ham">ham</dt>
+<dd>
+
+<p>Shortcircuit the rule using a set of defaults; override the default score of this rule with the score from <code>shortcircuit_ham_score</code>, set the <code>noautolearn</code> and <code>nice</code> tflags, and set priority to <code>-100</code>. In other words, equivalent to:</p>
+
+<pre><code> shortcircuit TEST on
+ priority TEST -100
+ score TEST -100
+ tflags TEST noautolearn nice</code></pre>
+
+</dd>
+</dl>
+
+</dd>
+<dt id="shortcircuit_spam_score-n.nn-default:-100">shortcircuit_spam_score n.nn (default: 100)</dt>
+<dd>
+
+<p>When shortcircuit is used on a rule, and the shortcircuit classification type is set to <code>spam</code>, this value should be applied in place of the default score for that rule.</p>
+
+</dd>
+<dt id="shortcircuit_ham_score-n.nn-default:--100">shortcircuit_ham_score n.nn (default: -100)</dt>
+<dd>
+
+<p>When shortcircuit is used on a rule, and the shortcircuit classification type is set to <code>ham</code>, this value should be applied in place of the default score for that rule.</p>
+
+</dd>
+</dl>
+
+<h1 id="TAGS">TAGS</h1>
+
+<p>The following tags are added to the set available for use in reports, headers etc.:</p>
+
+<pre><code> _SC_ shortcircuit status (classification and rule name)
+ _SCRULE_ rulename that caused the shortcircuit
+ _SCTYPE_ shortcircuit classification ("spam", "ham", "default", "none")</code></pre>
+
+<h1 id="SEE-ALSO">SEE ALSO</h1>
+
+<p><code>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3109</code></p>
+
+
+</body>
+
+</html>
+
+
Added: spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt
URL: http://svn.apache.org/viewvc/spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt?rev=1871201&view=auto
==============================================================================
--- spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt (added)
+++ spamassassin/site/full/3.4.x/doc/Mail_SpamAssassin_Plugin_Shortcircuit.txt Wed Dec 11 22:18:49 2019
@@ -0,0 +1,95 @@
+NAME
+ Mail::SpamAssassin::Plugin::Shortcircuit - short-circuit evaluation for
+ certain rules
+
+SYNOPSIS
+ loadplugin Mail::SpamAssassin::Plugin::Shortcircuit
+
+ report Content analysis details: (_SCORE_ points, _REQD_ required, s/c _SCTYPE_)
+
+ add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_"
+
+DESCRIPTION
+ This plugin implements simple, test-based shortcircuiting.
+ Shortcircuiting a test will force all other pending rules to be skipped,
+ if that test is hit. In addition, a symbolic rule, "SHORTCIRCUIT", will
+ fire.
+
+ Recommended usage is to use "priority" to set rules with strong S/O
+ values (ie. 1.0) to be run first, and make instant spam or ham
+ classification based on that.
+
+CONFIGURATION SETTINGS
+ The following configuration settings are used to control
+ shortcircuiting:
+
+ shortcircuit SYMBOLIC_TEST_NAME {ham|spam|on|off}
+ Shortcircuiting a test will force all other pending rules to be
+ skipped, if that test is hit.
+
+ Recommended usage is to use "priority" to set rules with strong S/O
+ values (ie. 1.0) to be run first, and make instant spam or ham
+ classification based on that.
+
+ To override a test that uses shortcircuiting, you can set the
+ classification type to "off".
+
+ on Shortcircuits the rest of the tests, but does not make a strict
+ classification of spam or ham. Rather, it uses the default score
+ for the rule being shortcircuited. This would allow you, for
+ example, to define a rule such as
+
+ body TEST /test/
+ describe TEST test rule that scores barely over spam threshold
+ score TEST 5.5
+ priority TEST -100
+ shortcircuit TEST on
+
+ The result of a message hitting the above rule would be a final
+ score of 5.5, as opposed to 100 (default) if it were classified
+ as spam.
+
+ off Disables shortcircuiting on said rule.
+
+ spam
+ Shortcircuit the rule using a set of defaults; override the
+ default score of this rule with the score from
+ "shortcircuit_spam_score", set the "noautolearn" tflag, and set
+ priority to -100. In other words, equivalent to:
+
+ shortcircuit TEST on
+ priority TEST -100
+ score TEST 100
+ tflags TEST noautolearn
+
+ ham Shortcircuit the rule using a set of defaults; override the
+ default score of this rule with the score from
+ "shortcircuit_ham_score", set the "noautolearn" and "nice"
+ tflags, and set priority to -100. In other words, equivalent to:
+
+ shortcircuit TEST on
+ priority TEST -100
+ score TEST -100
+ tflags TEST noautolearn nice
+
+ shortcircuit_spam_score n.nn (default: 100)
+ When shortcircuit is used on a rule, and the shortcircuit
+ classification type is set to "spam", this value should be applied
+ in place of the default score for that rule.
+
+ shortcircuit_ham_score n.nn (default: -100)
+ When shortcircuit is used on a rule, and the shortcircuit
+ classification type is set to "ham", this value should be applied in
+ place of the default score for that rule.
+
+TAGS
+ The following tags are added to the set available for use in reports,
+ headers etc.:
+
+ _SC_ shortcircuit status (classification and rule name)
+ _SCRULE_ rulename that caused the shortcircuit
+ _SCTYPE_ shortcircuit classification ("spam", "ham", "default", "none")
+
+SEE ALSO
+ "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3109"
+