#!/usr/bin/perl -w -T use strict; use File::Spec; my $PREFIX = '@@PREFIX@@'; # substituted at 'make' time my $DEF_RULES_DIR = '@@DEF_RULES_DIR@@'; # substituted at 'make' time my $LOCAL_RULES_DIR = '@@LOCAL_RULES_DIR@@'; # substituted at 'make' time use lib '@@INSTALLSITELIB@@'; # substituted at 'make' time BEGIN { # Locate locally installed SA libraries *without* using FindBin, which generates # warnings and causes more trouble than its worth. We don't need to be too # smart about this BTW. my @bin = File::Spec->splitpath($0); my $bin = ($bin[0] ? File::Spec->catpath(@bin[0..1]) : $bin[1]) # /home/jm/foo -> /home/jm || File::Spec->curdir; # foo -> . # check to make sure it wasn't just installed in the normal way. # note that ./lib/Mail/SpamAssassin.pm takes precedence, for # building SpamAssassin on a machine where an old version is installed. if (-e $bin.'/lib/Mail/SpamAssassin.pm' || !-e '@@INSTALLSITELIB@@/Mail/SpamAssassin.pm') { # Firstly, are we running "make test" in the "t" dir? the test files # *need* to use 'blib', so that 'use bytes' is removed for pre-5.6 perls # beforehand by the preproc. However, ./spamassassin does not, as the # preproc will have stripped out the "use rule files from cwd" code from # Mail::SpamAssassin. So we want to use blib just for the t scripts. if ( $bin eq '../' && -e '../blib/lib/Mail/SpamAssassin.pm' ) { unshift(@INC, '../blib/lib'); } else { # These are common paths where the SA libs might be found. foreach (qw(lib ../lib/site_perl ../lib/spamassassin ../share/spamassassin/lib)) { my $dir = File::Spec->catdir($bin, split('/', $_)); if(-f File::Spec->catfile($dir, "Mail", "SpamAssassin.pm")) { unshift(@INC, $dir); last; } } } } } use Getopt::Long; use Pod::Usage; sub usage { my ($verbose, $message) = @_; my $ver = Mail::SpamAssassin::Version(); print "SpamAssassin version $ver\n"; pod2usage(-verbose => $verbose, -message => $message, -exitval => 64); } my %opt = ( 'create-prefs' => 1); eval { require Mail::SpamAssassin; require Mail::SpamAssassin::NoMailAudit; # gnu_getopt is not available in Getopt::Long 2.24, see bug 732 # gnu_compat neither. Getopt::Long::Configure(qw(bundling no_getopt_compat no_auto_abbrev no_ignore_case)); GetOptions( 'whitelist-factory|M=s' => \$opt{'whitelist-factory'}, 'auto-whitelist|a' => \$opt{'auto-whitelist'}, 'remove-from-whitelist|R' => \$opt{'remove-from-whitelist'}, 'add-to-whitelist|W' => \$opt{'add-to-whitelist'}, 'add-to-blacklist' => \$opt{'add-to-blacklist'}, 'remove-addr-from-whitelist=s' => \$opt{'remove-addr-from-whitelist'}, 'add-addr-to-whitelist=s' => \$opt{'add-addr-to-whitelist'}, 'add-addr-to-blacklist=s' => \$opt{'add-addr-to-blacklist'}, 'warning-from|w=s' => \$opt{'warning-from'}, 'local-only|local|L' => \$opt{'local'}, 'remove-markup|despamassassinify|d' => \$opt{'remove-markup'}, 'revoke|k' => \$opt{'revoke'}, 'report|r' => \$opt{'report'}, 'config-file|config-dir|c|C=s' => \$opt{'config-file'}, 'prefs-file|p=s' => \$opt{'prefs-file'}, 'create-prefs!' => \$opt{'create-prefs'}, 'x' => sub { $opt{'create-prefs'} = 0 }, 'log-to-mbox|l=s' => \$opt{'log-to-mbox'}, 'error-code|exit-code|e:i' => \$opt{'error-code'}, 'test-mode|test|t' => \$opt{'test-mode'}, 'lint' => \$opt{'lint'}, 'debug-level|debug|D:s' => \$opt{'debug-level'}, 'version|V' => \$opt{'version'}, 'help|h|?' => \$opt{'help'}, # NOTE: ignored for backwards compatibility. will be stripped # in a future release. 'pipe|P' => sub { warn "The -P option has been removed.\n" }, 'F=i' => sub { warn "The -F option has been removed.\n" }, 'add-from!' => sub { warn "The --add-from option has been removed.\n" }, 'stop-at-threshold|S' => sub { warn "The -S option has been removed.\n" }, ) or usage(0, "Unknown option!"); if (defined $opt{'help'}) { usage(0, "For more information read the spamassassin man page"); } if (defined $opt{'version'}) { print "SpamAssassin version " . Mail::SpamAssassin::Version() . "\n"; exit 0; } my $doing_whitelist_operation = 0; my $doing_address_only_whitelisting = 0; if ($opt{'remove-from-whitelist'} or $opt{'add-to-whitelist'} or $opt{'add-to-blacklist'}) { $doing_whitelist_operation = 1; } if ($opt{'remove-addr-from-whitelist'} or $opt{'add-addr-to-whitelist'} or $opt{'add-addr-to-blacklist'}) { $doing_whitelist_operation = 1; $doing_address_only_whitelisting = 1; } my $mail; # 1. # Standard Mail::Audit start. No longer used due to bugs in M:A, regarding # handling of slightly misformatted input. # # require Mail::Audit; # $mail = Mail::Audit->new(); # 2. # No use of Mail::Audit at all, apart from the accept(), reject() and # resend() methods (which are proxied transparently). Lovely. # use Mail::SpamAssassin::NoMailAudit; if (!$opt{'lint'} && !$doing_address_only_whitelisting) { $mail = Mail::SpamAssassin::NoMailAudit->new (); } # For Mail::Audit users -- this is the magic. Just create a Mail::SpamAssassin # object like this, then run the check() method as below; if it returns a # non-undef value, then you've got spam, otherwise it's normal mail. # # You can then use the rewrite() method (passing in the Mail::Audit object) to # rewrite the spam. # # (This implementation does other stuff though, such as -t support; ignore that # stuff.) # create the tester factory my $spamtest = new Mail::SpamAssassin ({ rules_filename => $opt{'config-file'}, userprefs_filename => $opt{'prefs-file'}, local_tests_only => $opt{'local'}, debug => defined($opt{'debug-level'}), dont_copy_prefs => ($opt{'create-prefs'} ? 0 : 1), PREFIX => $PREFIX, DEF_RULES_DIR => $DEF_RULES_DIR, LOCAL_RULES_DIR => $LOCAL_RULES_DIR, }); # set debug levels, if any specified (only useful for this command-line # tool really) if (defined $opt{'debug-level'} && $opt{'debug-level'} ne '') { my $levels = $opt{'debug-level'}; while ($levels =~ s/^([a-z]+)=([+-]?\d+)[,;:]*//s) { $Mail::SpamAssassin::DEBUG->{$1} = $2 + 0; } if ($levels !~ /^\s*$/) { usage(0, "bad areas in --debug option ($levels)!"); } } # handle logging of received mails if ($opt{'log-to-mbox'}) { $mail->{noexit} = 1; $mail->accept ($opt{'log-to-mbox'}); $mail->{noexit} = 0; } if ($opt{'lint'}) { exit $spamtest->lint_rules (); } # handle removing reports if ($opt{'remove-markup'}) { print $spamtest->remove_spamassassin_markup ($mail); $mail->ignore(); # will exit } # handle unconditional reportage if ($opt{'report'}) { if ( $spamtest->report_as_spam ($mail) ) { warn "Warning, unable to report spam\n"; } if ($opt{'warning-from'}) { $spamtest->reply_with_warning ($mail, $opt{'warning-from'}); } $mail->ignore(); # will exit } # handle revoke if ($opt{'revoke'}) { if ( $spamtest->revoke_as_spam ($mail) ) { warn "Warning, unable to revoke spam\n"; } $mail->ignore(); # will exit } if ($opt{'auto-whitelist'} || $doing_whitelist_operation) { # create a factory for the persistent address list. # choose one of these implementations! # The -M "Mail::SpamAssassin::ImplClassAddrList" flag can be used # to switch between them. my $addrlistfactory; if ($opt{'whitelist-factory'}) { $opt{'whitelist-factory'} =~ /^([_A-Za-z0-9:]+)$/; my $factory = $1; eval ' require '.$factory.'; $addrlistfactory = '.$factory.'->new(); '; if ($@) { warn $@; undef $addrlistfactory; } } else { require Mail::SpamAssassin::DBBasedAddrList; $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); } $spamtest->set_persistent_address_list_factory ($addrlistfactory); }; if ($@) { warn $@; } if ($doing_whitelist_operation) { # read the config! $spamtest->init (1); if ($opt{'add-to-whitelist'}) { $spamtest->add_all_addresses_to_whitelist ($mail); } elsif ($opt{'remove-from-whitelist'}) { $spamtest->remove_all_addresses_from_whitelist ($mail); } elsif ($opt{'add-to-blacklist'}) { $spamtest->add_all_addresses_to_blacklist ($mail); } elsif ($opt{'add-addr-to-whitelist'}) { $spamtest->add_address_to_whitelist ($opt{'add-addr-to-whitelist'}); exit; } elsif ($opt{'remove-addr-from-whitelist'}) { $spamtest->remove_address_from_whitelist ($opt{'remove-addr-from-whitelist'}); exit; } elsif ($opt{'add-addr-to-blacklist'}) { $spamtest->add_address_to_blacklist ($opt{'add-addr-to-blacklist'}); exit; } else { die "oops! unhandled whitelist operation"; } # don't need to log here -- it's already been done $mail->ignore(); # will exit } # not reporting? OK, do checks instead. Create a status object which # holds details of the message's spam/not-spam status. my $status = $spamtest->check ($mail); $status->rewrite_mail (); if ($opt{'test-mode'}) { # add the spam report to the end of the body as well, if testing. my $lines = $mail->body(); push (@{$lines}, split (/$/, $status->get_report())); $mail->body ($lines); } # if we're piping it, deliver it to stdout. print $mail->header(), "\n", join ('', @{$mail->body()}); if (defined $opt{'error-code'} && $status->is_spam ()) { exit ($opt{'error-code'} || 5) ; } exit; }; if ($@) { # eval failed; we died somewhere in there. warn $@; exit 70; # == EX_SOFTWARE in sysexits.h. caught by MTA } # this is never called, it's just used to shut up the warnings sub NEVERCALLED { $Mail::SpamAssassin::DEBUG = { }; } # --------------------------------------------------------------------------- =head1 NAME spamassassin - mail filter to identify spam using text analysis =head1 SYNOPSIS B [options] < I > I B B<-d> < I > B B<-r> [B<-w> I] < I B B<-W>|B<-R> < I Options: -P, --pipe Deliver to STDOUT (now default) -L, --local Local tests only (no online tests) -r, --report Report message as spam -k, --revoke Revoke message as spam -w addr, --warning-from=addr Send a warning mail to sender from addr -d, --remove-markup Remove spam reports from a message -C file, --config-file=file Path to standard configuration dir -p prefs, --prefs-file=file Set user preferences file -x, --nouser-config Disable user config files -e, --exit-code Exit with a non-zero exit code if the tested message was spam -l filename, --log-to-mbox=file Log messages to a mbox file -t, --test-mode Pipe message through and add extra report to the bottom --lint Lint the rule set: report syntax errors -a, --auto-whitelist Use auto-whitelists -W, --add-to-whitelist Add addresses in mail to whitelist --add-to-blacklist Add addresses in mail to blacklist -R, --remove-from-whitelist Remove all addresses found in mail from whitelist --add-addr-to-whitelist=addr Add addr to whitelist --add-addr-to-blacklist=addr Add addr to blacklist --remove-addr-from-whitelist=addr Remove addr from whitelist -M, --whitelist-factory Select whitelist factory -D, --debug [area=n,...] Print debugging messages -V, --version Print version -h, --help Print usage message =head1 OPTIONS =over 4 =item B<-P>, B<--pipe> The B<-P> parameter will cause SpamAssassin to pipe the output to STDOUT. This is now the default mode of operation, so this switch is obsolete, and should not be used anymore. =item B<-a>, B<--auto-whitelist>, B<--whitelist> Use auto-whitelists. Auto-whitelists track the long-term average score for each sender and then shift the score of new messages toward that long-term average. This can increase or decrease the score for messages, depending on the long-term behavior of the particular correspondent. See the README file for more details. =item B<-e>, B<--error-code>, B<--exit-code> Exit with a non-zero error code, if the message is determined to be spam. =item B<-h>, B<--help> Print help message and exit. =item B<-t>, B<--test-mode> Test mode. Pipe message through and add extra report. Note that the report text assumes that the message is spam, since in normal use it is only visible in this case. Pay attention to the score instead. If you run tests with the B<-a> option, the scores will be added to the AWL. This may not be what you want to do. If it is not, then don't use B<-a -t>. =item B<-r>, B<--report> Report this message as verified spam. This will submit the mail message read from STDIN to various spam-blocker databases. Currently, these are Vipul's Razor ( http://razor.sourceforge.net/ ), the Distributed Checksum Clearinghouse ( http://www.rhyolite.com/anti-spam/dcc/ ), and Pyzor. If the message contains SpamAssassin markup, this will be stripped out automatically before submission. The support modules for DCC, Razor and/or Pyzor must be installed for spam to be reported to each service. The message will also be submitted to SpamAssassin's learning systems; currently this is the internal Bayesian statistical-filtering system (the BAYES rules). =item B<-k>, B<--revoke> Revoke this message. This will revoke the mail message read from STDIN from various spam-blocker databases. Currently, these are Vipul's Razor ( http://razor.sourceforge.net/ ). Support for the Distributed Checksum Clearinghouse ( http://www.rhyolite.com/anti-spam/dcc/ ), and Pyzor is not currently available. If the message contains SpamAssassin markup, this will be stripped out automatically before submission. The support modules for Razor must be installed for spam to be revoked from the service. The message will also be submitted to SpamAssassin's learning systems; currently this is the internal Bayesian statistical-filtering system (the BAYES rules). =item B<--lint> Syntax check (lint) the rule set and configuration files, reporting typos and rules that do not compile correctly. Exits immediately with 0 if there are no errors, or greater than 0 if any errors are found. =item B<-W>, B<--add-to-whitelist> Add all email addresses, in the headers and body of the mail message read from STDIN, to the automatic whitelist. Note that you must be running C or C with the B<-a> switch for this to work. =item B<--add-to-blacklist> Add all email addresses, in the headers and body of the mail message read from STDIN, to the automatic whitelist with a high score (ensuring they will be ''blacklisted''). Note that you must be running C or C with the B<-a> switch. =item B<-R>, B<--remove-from-whitelist> Remove all email addresses, in the headers and body of the mail message read from STDIN, from the automatic whitelist. STDIN must contain a full email message, so to remove a single address you should use B<--remove-addr-from-whitelist> instead. Note that you must be running C or C with the B<-a> switch. =item B<--add-addr-to-whitelist> Add the named email address to the automatic whitelist. Note that you must be running C or C with the B<-a> switch. =item B<--add-addr-to-blacklist> Add the named email address to the automatic whitelist with a high score (ensuring they will be ''blacklisted''). Note that you must be running C or C with the B<-a> switch. =item B<--remove-addr-from-whitelist> Remove the named email address from the automatic whitelist. Note that you must be running C or C with the B<-a> switch. =item B<-w> I, B<--warning-from>=I This flag is only useful in conjunction with B<-r>. It will send a reply mail to the sender of the tested mail, notifying them that their message has been trapped as spam, from the address supplied in I. See L. =item B<-l> I, B<--log-to-mbox>=I Log all mail messages that pass through the filter, to an mbox-format file named by I. Handy for use with B<-r> and B<-w>. =item B<-L>, B<--local> Do only the ''local'' tests, ones that do not require an internet connection to operate. Normally, SpamAssassin will try to detect whether you are connected to the net before doing these tests anyway, but for faster checks you may wish to use this. =item B<-d>, B<--remove-markup> Remove SpamAssassin markup (the "SpamAssassin results" report, X-Spam-Status headers, etc.) from the mail message. The resulting message, which will be more or less identical to the original, pre-SpamAssassin input, will be output to stdout. (Note: the message will not be exactly identical; some headers will be reformatted due to some features of the Mail::Internet package, but the body text will be.) =item B<-C> I, B<--config-file>=I, B<-c> I (deprecated) Read configuration from I. =item B<-p> I, B<--prefs-file>=I Read user score preferences from I. =item B<-D> [I], B<--debug> [I] Produce diagnostic output. The level of diagnostic output can be set for each area separately; I is the area of the code to instrument, and I is a positive or negative number indicating the debug level or bitmask for that area of code. For example, to produce diagnostic output on all rules that hit, use: spamassassin -D rulesrun=255 =item B<-x>, B<--nouser-config> Disable per-user configuration files. =item B<-M> I, B<--whitelist-factory>=I Select alternative whitelist factory. =back =head1 DESCRIPTION SpamAssassin is a mail filter to identify spam using text analysis and several internet-based realtime blacklists. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email. Once identified, the mail is then tagged as spam for later filtering using the user's own mail user-agent application. SpamAssassin also includes support for reporting spam messages to collaborative filtering databases, such as Vipul's Razor ( http://razor.sourceforge.net/ ). The default tagging operations that take place are detailed in L. =head1 CONFIGURATION FILES The rule base, text templates, and rule description text are loaded from the configuration files. By default, configuration data is loaded from the first existing directory in: F;F;F<./rules>;F<../rules> The configuration data in the first existing directory in: F;F;F;F;F are used to override any values which had already been set Spamassassin will read *.cf in these directories, in alphanumeric order within each directory (similar to SysV-style startup scripts). In other words, it will read F<10_misc.cf> before F<50_scores.cf> and F<20_body_tests.cf> before F<20_head_test.cf>. Options in later files will override earlier files. The user preferences (such as scores to attach to each rule), are loaded from the file specified in the B<-p> argument. If this is not specified, F<~/.spamassassin/user_prefs> is used if it exists. C will create this file if it does not exist, using F as a template. This file will be looked for in F;F;F =head1 TAGGING The following two sections detail the tagging that takes place for messages. Note that if you use the B<-t> argument, all mails will be tagged as if they are spam messages. =head2 TAGGING FOR SPAM MAILS If an incoming message is tagged as spam, instead of modifying the original message, SpamAssassin will create a new report message and attach the original message as a message/rfc822 MIME part (ensuring the original message is completely preserved and easier to recover). The new report message inherits the following headers (if they are present) from the original spam message: =over 4 =item Subject: header The string C<*****SPAM*****> is also prepended to the subject, unless the C configuration option is given. =item From: header =item To: header =item Cc: header =item Date: header =back And these headers are added: =over 4 =item X-Spam-Status: header A string, C is set in this header to reflect the filter status. =item X-Spam-Flag: header Set to C. =item X-Spam-Report: header for spam mails The SpamAssassin report is added to the mail header if the C configuration option is given. =item spam mail body text The SpamAssassin report is added to top of the mail message body, if the message is marked as spam. =back =head2 TAGGING FOR HAM (NON-SPAM) MAILS =over 4 =item X-Spam-Status: header A string, C is set in this header to reflect the filter status. =back =head1 SPAM TRAPPING Quite often, if you've been on the internet for a while, you'll have accumulated a few old email accounts that nowadays get nothing but spam. SpamAssassin lets you set them up as aliases, as follows: =over 4 =item spamtrap1: "| /path/to/spamassassin -r -w spamtrap1" =back This will add any incoming mail messages straight into spam-tracking databases, such as Vipul's Razor; send an explanatory reply message to the sender, from the I address; then drop the mail into the bit-bucket. The explanatory reply text is taken from the SpamAssassin configuration file, where it is stored in the C lines. If you want to keep a copy of the mails, use something like this: =over 4 =item spamtrap1: "| /path/to/spamassassin -r -w spamtrap1 -l /var/spam/caught" =back It is suggested you familiarise yourself with how MTAs run programs specified in aliases, if you plan to do this; for one thing, B will not run under your user id in this case. If you are nervous about this, create a user for spamtrapping, and set up spamassassin in its F<.forward> file. =head1 INSTALLATION The B command is part of the B Perl module. Install this as a normal Perl module, using C, or by hand. For further details on how to install, please read the C file from the SpamAssassin distribution. =head1 ENVIRONMENT No environment variables, aside from those used by perl, are required to be set. =head1 SEE ALSO Mail::SpamAssassin(3) Mail::SpamAssassin::Conf(3) Mail::Audit(3) Razor(3) =head1 BUGS http://bugzilla.spamassassin.org/ =head1 AUTHOR Justin Mason Ejm /at/ jmason.orgE =head1 PREREQUISITES C =head1 COREQUISITES C C =cut