PC World 2007 June

home *** CD-ROM | disk | FTP | other *** search

/ PC World 2007 June / PCWorld_2007-06_cd.bin / akce / Panda / IS2007.exe / Files / RAntispam / spamcatcher.conf < prev next >

Wrap

Text File | 2006-11-28 | 24.3 KB | 859 lines

########################################################################### # spamcatcher.conf # # Sample configuration file for spamcatcher. Format of a line is: # # key=value # # Blank lines are ignored, as is anything starting with a '#' character # # ############################################################################ # Name: regkey # Arguments: xxxx-xxxx-xxxx-xxxx # Default: none # # Description: # A license key is needed to activate the SpamCatcher SDK regkey=A3%2%-5$5$$-EJ$%8-Z5%RE snhost=sn30.mailshell.net # Name: ruleupdate # Arguments: 0 | 600 - (2^31-1) # Default: 3600 # # Description: # How often to retrieve new rules from the Mailshell SpamLabs. The # value is specified in units of integral seconds. # Note that a value of "0" disables this feature and rule files will not be updated. ruleupdate=0 # Name: sntimeout # Arguments: 0 - 2^31-1 # Default: 5 # # Description: # Limit how long single request to the Mailshell SpamLabs can take. The value # is specified in units of integral seconds. # Note that a value of "0" disables this feature and no limit will be placed. # sntimeout=5 # Name: use_both_mimesections # Arguments: yes | no # Default: yes # # Description: # The SDK will analyze both text/plain and text/html MIME sections in a # message. If additional performance is desired, it is possible to only analyze # one section. If this option is set to "no", then only one section will be analyzed. # use_both_mimesections=yes # Name: use_score_history # Arguments: yes | no # Default: no # # Description: # Enables the tracking of historical scores for repeat senders. use_score_history=yes # Name: use_score_offsets # Arguments: yes | no # Default: no # # Description: # Enables fingerprint score offset training. use_score_offsets=yes # Name: use_https # Arguments: yes | no # Default: no # # Description: # Communication between the SDK and the Mailshell SpamLabs is always # encrypted. This option is now obsoleted and HTTP (port 80) is always # used. # use_https=no # Name: verbose # Arguments: yes | no # Default: no # # Description: # Enables increased verbose logging. # verbose=no # Name: dbg_logfile # Arguments: <filename> # Default: none # # Description: # Redirects log output to a file in the conf directory. # dbg_verbose_level=6 # dbg_logfile=mailshell.log # Name: extended_rules # Arguments: yes | no # Default: yes # # Description: # Enables the extended rule set. This replaces the old use_cache option. The # old use_cache option is now equivalent to this option. # This rule set extension is stored as as file sc1.bin.<date> and sc12.bin.<date> # extended_rules=yes # Name: extended_rules2 # Arguments: yes | no # Default: yes # # Description: # Enables the second extension to rule set. # This rule set extension is stored as as file sc6.bin.<date> extended_rules2=yes # Name: enable_fingerprint_cache # Arguments: yes | no # Default: yes # # Description: # Enables usage of a fingerprint cache. # The fingerprint cache is stored as file sc10.bin.<date>. enable_fingerprint_cache=yes # Name: enable_domain_cache # Arguments: yes|no # Default: yes # # Description: # Enables usage of a domain reputation cache. # If enabled, domains are extracted from messages and compared against # a domain reputation caches. # # The domain reputation cache is stored in file sc8.bin.<date> enable_domain_cache=yes # Name: netcheck # Arguments: yes | no # Default: no # # Description: # Whether to communicate with the Mailshell SpamLabs to determine scoring. netcheck=yes # Name: pcre_match_limit # Arguments: 0 - 2^32-1 # Default: 100 for FreeBSD, 10000 for others # # Description: # Sets the maximum thread stack size to use. If the thread stack size is set # to 64KB (e.g. FreeBSD), then this variable should be set to 100 or less. If the # thread stack size is set to greater than 1MB (e.g. Linux, Solaris, and MacOSX), # then this variable should be set to 10000 or less. If this variable is set # below 200, accuracy can be reduced by a couple of percentages. # pcre_match_limit=10000 # Name: proxy_host # Arguments: host:port # Default: none # # Description: # Specifies the host name and port number of a HTTPS proxy to connect to # the Mailshell servers. # proxy_host= # Name: proxy_userpwd # Arguments: username:password # Default: none # # Description: # Specifies the user name and password of the HTTPS proxy to connect to # the Mailshell servers. # proxy_userpwd= # Name: rbl_list # Arguments: servername:response:offset, # servername:response:offset,... # Default: none # # Description: # Specifies a list of Realtime Blackhole List (RBL) servers to query when # analyzing messages. Please refer to the RBL section in this document for # further information. # rbl_list= # Name: rbl_multihit # Arguments: yes | no # Default: no # # Description: # If this option is no, then the rbl servers are checked in the order that # they are listed. Once an IP address is found to be listed on an RBL # server, no further RBL queries are made. # # If this option is yes, then all of the rbl servers are checked in parallel # and the hits which return are added together. # # rbl_list must be specified or this option is ignored. # rbl_multihit= # Name: enable_word_training # Arguments: yes | no # Default: yes # # Description: # This option controls whether Bayesian Word Token analysis is # used. Accuracy can be greatly improved but more memory is used and # it is slightly slower. # # "no" - disables option # "yes" - enables option enable_word_training=yes # Name: max_word_entries # Arguments: integer # Default: 50000 # # Description: # This option specifies the number of word tokens to cache at any time. # The higher the number, the more memory is used but also the higher the # accuracy. enable_word_training must be yes or this option is ignored. # max_word_entries = 50000 # Name: enable_rules # Arguments: yes | no # Default: yes # # Description: # This option controls whether heuristic rules (like before v3.0) are # used. Accuracy can be greatly improved but more memory is used and it is much slower. # The rules are stored as file sc1.bin.<date> # # "no" - disables option # "yes" - enables option # enable_rules=yes # Name: rule_weights # Arguments: ruleidA:weightA,ruleidB:weightB,... # Default: none # # Description: # This option allows overriding weights associated with individual # Mailshell Rules. The format is a comma delimited list of "ruleid" and # "weight" pairs. The pairs are themselves delimited with a colon. # rule_weights= # Name: enable_training_updates # Arguments: yes | no # Default: yes # # Description: # This option controls whether the word, rules, and fingerprint training database # can be modified or is read-only after initial load. A read-only training database is faster. # # "no" - the training databases can be modified. # "yes" - the training databases are read-only. enable_training_updates=yes # Name: auto_training_threshold # Arguments: low:high # Default: 1:99 # # Description: # Sets a threshold for auto-training. If a message is scored at or above the # high threshold, that message is considered a definite spam and is then used # to train all the enabled bayesian modules (rules and/or word) but not # sender or fingerprint. # # If a message is scored at or below the low threshold, that message is considered # a definite ham and is then used to train all the enabled bayesian modules # (rules and/or word) but not sender or fingerprint. enable_word_training and # enable_training_updates must be yes or this option is ignored. auto_training_threshold=1:99 # Name: min_training # Arguments: integer # Default: 100 # # Description: # Initially, only the rule weights are used to compute the spam score. Once a minimum # set of training data is achieved, rule/word training data replaces the rule weights. # The default minimum is 100 which means that must train on at least 100 equivalent known # ham messages and 100 equivalent spam messages for a total of 200 messages before # the training data replaces the rule weights. If the number is too low then the accuracy could # be poor due to insufficient data. If the number is too high, then the training # data will not be fully taken advantage of. A value of 0 will cause # rule weights to always be ignored. min_training=100 # Name: full_training_weight # Arguments: yes | no # Default: no # # Description: # Controls whether to give full weight to training data. If this option # is set to "yes" then scoring will be based solely on training data. # If option is "no" then both rules and training data will be used. # full_training_weight=no # Name: training_write_buffer # Arguments: an integer # Default: 1000 # # Description: # While training, the SDK will process a configurable amount of messages # before writing the training database to disk. This option determines # how many messages to process before writing to disk. # # Writing to disk is expensive so this number you should made as large # as possible for maximum performance. # # If program is unexpectedly terminated before buffer has been written to # disk, then training performed since the last disk write will be lost. # The buffer is written to disk on normal termination. # training_write_buffer=1000 # Name: ignored_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be ignored when doing # RBL checks. Format is a comma delimited list of single IPs or ranges of # IPs. The following are always implicitly ignored: # 10.0.0.0/8, 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0 # # Ranges can be specified in three ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # ignored_ip_list= # Name: approved_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be approved # Format is a comma delimited list of single IPs or ranges of IPs. # Ranges can be specified in two ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # # If the first non-ignored IP in Received: headers match any in this list # then message is scored a 1 and no other checks are made. # approved_ip_list= # Name: blocked_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be blocked. # Format is a comma delimited list of single IPs or ranges of IPs. # # Ranges can be specified in three ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # # If any IP addresses in Received: headers match any in this list # then message is scored a 99 and no other checks are made. # blocked_ip_list= # Name: rbl_threshold # Arguments: low:high # Default: 1:99 # # Description: # Since RBL checks can introduce latency and a decrease in performance, # this option allows running RBLs check conditionally based on the score # prior to RBL checks. # # If score is greater than the "high" value then only those RBL servers # which can bring score below "high" value are queried. # # If score is less than the "low" value then only those RBL servers # which can bring score above "low" value are queried. # # If score is between "low" and "high" then all RBL servers are queried. # # rbl_list must be specified or this option is ignored. # rbl_threshold=1:99 # Name: rbl_timeout # Arguments: integer # Default: 5 # # Description: # This option allows setting a maximum timeout for finishing all RBL # queries. # RBL responses are only used from those RBL servers which responded in # time. # # If value is "0" then no timeout is enforced. # # rbl_list must be specified or this option is ignored. # rbl_timeout=5 # Name: rbl_max_ips # Arguments: integer # Default: 4 # # Description: # This option allows limiting how many IP addresses are queried against # the RBL server. Note that the total number of RBL queries will be # the number of IP addresses in the Received: headers (up to a max of # rbl_maxcheck_ips) multiplied by the number of RBL servers specified in # "rbl_list". # If the value is "0" then unlimited number of received headers are checked. # # Note that IPs which match against the "ignored_ip_list" option do not # count towards the rbl_max_ips limit. # # rbl_list must be specified or this option is ignored. # rbl_max_ips=4 # Name: home_country_list # Arguments: us,ca,kr,... # Default: none # # Description: # This option allows specifying a list of countries which are # considered "home" countries. Messages routed through a country # which is not on this list will be scored more aggressively. # If this option is empty then no penalty will occur. # # Countries are specified by their two-letter code as defined in ISO 3166 # # home_country_list= # Name: blocked_country_list # Arguments: countryCode1:offset1,countryCode2:offset2... # Default: none # # Description: # Allows blocking by country. The format is a comma delimited list of # "country" and "offset" pairs which are themselves delimited by a # colon. Country is specified as two letter code (ISO-3166). Offsets # are optional and default to a value of 100. # # If an IP address in a received header matches a listed country, then # that offset is used and we stop checking any other IPs. If one # is in Russia and the user has set "ru:someOffset", then it'll apply. # # The country codes aren't applied to sender addresses. # If you want to block From addresses ending in .ru, you can use the email # address block list. # # Note that it is possible for a message to have travelled through # various countries before reaching the final destination. # # Note that this option is only 98% accurate so blocking countries can # result in false positives. # blocked_country_list= # Name: blocked_charset_list # Arguments: charset1:offset1,charset2:offset2... # Default: none # # Description: # Allows blocking by character-set. The format is a comma delimited list of # "char-set" and "offset" pairs which are themselves delimited by a # colon. A char-set to foreign language map can be found at: # http://www.w3.org/International/O-charset-list.html # Offsets are optional and default to a value of 100. # # Note that language to char-set mapping is not 100% accurate # so blocking charsets can result in false positives. # blocked_charset_list= # Name: message_readsize # Arguments: integer # Default: 100000000 # Description: # This option instructs the SDK not to read more than a configurable # number of bytes from the message buffer when computing scores. # # This value is ignored if it is greater than the "size" parameter in the # SCMessage::computeScore() or MailshellMsg_computeScore() functions. # message_readsize=0 # Name: message_scansize # Arguments: integer # Default: 20000 # # Description: # This option instructs the SDK not to read more than "message_scansize" # bytes when computing the message fingerprint. This is useful to # for getting consistent fingerprints. # # This value is ignored if it is greater than either the message_scansize # value or the "size" parameter in the SCMessage::computeScore() or # MailshellMsg_computeScore() functions. # message_scansize=20000 # Name: netcheck_threshold # Arguments: low:high # Default: 1:99 # # Description: # Since networks can introduce latency and a decrease in performance, # this option allows running network checks conditionally based on the # score. netcheck must be yes or this option is ignored. # # Network is only queried if score is at or between the "low" and "high" range # specified via this option. netcheck_threshold=85:95 # Name: spoofed_sender_list # Arguments: address1:iprange1:offset1,address2:iprange2:offset2... # Default: none # # Description: # Allows blocking spammers who spoof your domain name and # other domain names. For example, spammers often use the recipient's # domain name as the From: domain name. This list allows you to specify which # mail servers are allowed to use which domain names in the From: address # spoofed_sender_list= # Name: scan_attachments # Arguments: yes | no # Default: no # # Description: # This option controls whether the SDK will scan and consider attachments # when computing the spam score. # "no" - disables option # "yes" - enables option scan_attachments=no # Name: enable_spamcompiler_cache # Arguments: yes|no # Default: yes # Description: If this option is set to yes, SpamCompiler will store the # compiled data on disk instead of memory to reduce memory usage. # enable_spamcompiler_cache=yes # Name: enable_legitrepute_cache # Arguments: yes|no # Default: yes # Description: Enables usage of a LegitRepute cache to reduce false positives # especially for newsletters. # enable_legitrepute_cache=yes # Name: convert_unicode # Arguments: yes|no # Default: yes # Description: Improves accuracy and throughput for email message bodies in Unicode # especially double-byte languages by converting the message into single-bytes. # convert_unicode=yes # Name: retrieverules_list # Arguments: index1,index2,... # Default: none # Description: This option specifies which rules files are downloaded when # retrieveRules() is called. If the option is blank then retrieveRules() # will only download files which are necessary to support a given # configuration (based on other options). # retrieverules_list=1,2,3,4,5,6,7,8,9,10,11,12,14,15 # Name: enable_spf # Arguments: yes|no # Default: yes # Description: # This option controls whether or not to do Sender Policy Framework (SPF) # checks. If set to yes, then attempt to validate that sender is allowed # to send from a particular domain based on the domain's published policy. # enable_spf=yes # Name: enable_all_spf # Arguments: yes|no # Default: no # Description: # This option controls whether or not domains which are not listed in # the spf_list option or in Mailshell's rule file will undergo SPF checks. # This option requires enable_realtime_spf to be set to yes. # enable_all_spf=no # Name: enable_realtime_spf # Arguments: yes|no # Default: no # Description: # This option controls whether live DNS queries will be performed for SPF # checks. This may result in greater latency. # enable_realtime_spf=no # Name: spf_list # Arguments: domain1:"weights1":"spf record1",domain2:"weights2":"spf record2": ... # Default: none # Description: # This option allows you to override a domain's SPF record. Through the "weights", # you can specify how a particular SPF result will affect the message score. # spf_list= # Name: spf_pass_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Pass for the from domain. # spf_pass_weight=0 # Name: spf_fail_weight # Arguments: integer # Default: 10 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Fail for the from domain. # spf_fail_weight=10 # Name: spf_neutral_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Neutral for the from domain. # spf_neutral_weight=0 # Name: spf_none_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is None for the from domain. # spf_none_weight=0 # Name: spf_softfail_weight # Arguments: integer # Default: 5 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is SoftFail for the from domain. # spf_softfail_weight=5 # Name: spf_permerror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Permanent Error for the from domain. # spf_permerror_weight=0 # Name: spf_temperror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Temporary Error for the from domain. # spf_temperror_weight=0 # Name: spf_helo_pass_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Pass for the HELO domain. # spf_helo_pass_weight=0 # Name: spf_helo_fail_weight # Arguments: integer # Default: 10 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Fail for the HELO domain. # spf_helo_fail_weight=10 # Name: spf_helo_neutral_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Neutral for the HELO domain. # spf_helo_neutral_weight=0 # Name: spf_helo_none_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is None for the HELO domain. # spf_helo_none_weight=0 # Name: spf_helo_softfail_weight # Arguments: integer # Default: 5 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is SoftFail for the HELO domain. # spf_helo_softfail_weight=5 # Name: spf_helo_permerror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Permanent Error for the HELO domain. # spf_helo_permerror_weight=0 # Name: spf_helo_temperror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Temporary Error for the HELO domain. # spf_helo_temperror_weight=0 # Name: spam_threshold # Arguments: integer # Default: 100 # Description: # This option allows you to tell the SDK to stop analyzing the message once # a score has been reached. This can reduce the number of rules and other # checks that are performed, thus improving throughput. # spam_threshold=100 # Name: target_throughput # Arguments: integer # Default: 0 # Description: # This option allows you to specify the desired throughput in messages per # second. The Mailshell SDK will attempt to reach that level by optimizing # the rules that are run. It is possible that accuracy may be reduced. # A value of 0 disables the option. target_throughput=0 # Name: enable_filecleanup_on_retrieve # Arguments: yes | no # Default: yes # Description: # The SDK, by default, will clean up older rule files from the # configuration directory when a new file is retrieved from the Mailshell # SpamCatcher network. However, some users of the SDK will want to # archive older rule files. This can be done by disabling the cleanup feature. # enable_filecleanup_on_retrieve=yes # Name: enable_filemerge_on_reload # Arguments: yes | no # Default: yes # Description: # The SDK, by default, will merge multiple incr files and a full file into a # single updated full file. This is done to reduce file clutter in the # configuration directory. # enable_filemerge_on_reload=yes # Name: retrieve_incr_only # Arguments: yes | no # Default: no # Description: # The SDK, by default, will attempt to download the most size efficient # combination of full and incr file. The SDK can be forced to only download # incr file by setting this option to yes. # retrieve_incr_only=no # Name: home_language_list # Arguments: languageCode1,languageCode2,... # Default: none # Description: # This option permits you to set languages which are preferred in your email messages. # The language codes are two character ISO-639 language codes. Please refer to the # SDK documentation for the list of supported codes. # home_language_list=