Initial commit

5 files changed, 728 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1ed2ca2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+release

+.project

+settings.xml

+.settings
+Thumbs.db

diff --git a/changelog.txt b/changelog.txt
new file mode 100644
index 0000000..eff779a
--- /dev/null
+++ b/changelog.txt
@@ -0,0 +1,214 @@
+SpamPD Change Log
+-----------------
+
+2.40 (10-Jan-09)
+
+- New config option to load a specific configuration file after the default
+  local.cf file, thereby overriding any settings therein.  The new option is
+  --saconfig=filename. Thanks to Sven Mueller for code and Bernd Zeimetz for 
+  bringing it up. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344373)
+  
+- Integrated code by Alexander Wirt to introduce a parameter which
+  sets a proper home directory (--homedir=path) and also cleans up the 
+  environment before backgrounding. 
+  (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421100)
+  * NOTE: * default homedir is /var/spool/spamassassin/spampd which needs to be 
+  writable by the user spampd is running as.  Previously, some files like the
+  auto-whitelist were written to the .spamassassin folder inside the users home
+  directory who started spampd, typically root.
+  
+- Integrated fix from Vladislav Kurz for LMTP multi-line response after DATA
+  is sent. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395355)
+  
+- Yet another fix for older Net::Server versions (<= 0.87) dying when logging 
+  a % character to Sys::Syslog. This also fixes the bug in 2.30 that logs "%s"
+  instead of the actual messages on some system.
+  
+- Fixed bug with temp files sticking around until spampd child exists, 
+  introduced when SA 3.0 was released 
+  (https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444).
+  Thanks to Simon Matter for bringing this to my attention.
+
+########
+  
+2.30 (31-Oct-05)
+- Another, hopefully final, fix for the Sys::Syslog issue of % signs in the log
+  string. Fixes possible DoS vulnerability. Thanks to Sven Mueller and Florian 
+  Weimer for the solution.
+- Added new options for adding X-Envelope-From and (optionally) X-Envelope-To
+  headers to messages before SA processing.  The idea is to help SA process any 
+  blacklist/whitelist to/from directives on the actual sender/recipients instead
+  of the possibly bogus envelope headers.  Use --seh or --set-envelope-headers 
+  to enable setting both headers, or use --sef or --set-envelope-from to enable
+  only X-Envelope-From.  If added, spampd attempts to remove the X-Envelope-To 
+  header after SA processing to preserve BCC recipient anonymity, but enabling 
+  this header may still expose recipient information. See man page for more 
+  details.  This patch was originally submitted by Sven Mueller, was slightly 
+  modified, and the --sef option was added.
+
+########
+  
+2.21 (23-Oct-05) (unreleased)
+- fixed SA version check on alphanumeric version strings.  Stops the annoying 
+  Perl warning messages in the mail log.  Thanks to Sven Mueller for the fix.
+
+########
+  
+2.20 (05-Oct-04)
+- added support for SpamAssassin version 3.  spampd should now support all 
+  SA versions (tested with 2.6.3 and 3.0.0).
+- removed --add-sc-header feature.  It is now redundant with SA v2.6 ability 
+  to (almost fully) customize headers, which v3 improves on.  If anyone
+  really needs this feature, please let me know.
+- added --nodetach option to prevent daemon process backgrounding. Patch
+  provided by Urban Petry. Can be useful for win32/cygwin.
+- if --debug is specified, Net::Server log level is increased to 4 (debug)
+  to provide some more info in the log (can be useful for diagnosing 
+  user/permission issues). Thanks to Urban Petry for idea.
+- the message sender (From header) is now included in the log along with message
+  ID, recipient, and scoring info. Thanks to Roland Koeckel for the patch.
+
+########
+  
+2.13 (24-Nov-03)
+- SA debug messages redirected from STDERR (warn) to syslog. Thanks to Roland 
+  Koeckel for the suggestion.
+
+########
+  
+2.12 (15-Nov-03)
+- fixed bug related to Sys::Syslog where we needed to escape % signs in
+  Message IDs. Thanks to Jeffrey W. Collyer and Yann Grossel for the bug reports.
+- minor performance improvement in SpamPD::Client using buffered write to send 
+  message data. Thanks to Sam Horrocks for the tip.
+- fixed error condition when an error response ([4|5]xx) was returned after a 
+  DATA command was sent. Thanks to Rodrigo Ventura for bug reports about this.
+
+########
+  
+2.11 (15-Jul-03):
+- fix for occasional corrupted message headers which caused blank messages
+  (seemed to have only affected certain malformed spam mail).
+- added --logsock option for syslog socket. Defaults to 'unix' except for
+  HP-UX and SunOS (Solaris) which I'm told prefer 'inet'.
+
+########
+  
+2.10 (01-Jul-03):
+- added optional 'X-Spam-Checked-By: {hostname}' header, where {hostname} is,
+  theoretically, the name of the machine doing the message scanning.  New
+  options --add-sc-header and --hostname=name control this behavior.
+
+########
+  
+2.00 (10-Jun-03):
+- major rewrite of how mail is handled internally.  spampd now takes no
+  responsibility for the mail at any point, instead acting as a transparent
+  proxy between the originating and the destination servers. That is, the
+  servers speak to each other through spampd so final mail delivery
+  occurs only when the destination server acknowledges receipt of the data.
+  Idea based on smtpprox by Bennett Todd (http://bent.latency.net/smtpprox/).
+  Unfortunately this breaks the ability to redirect the mail based on spam
+  score, since scoring happens after all recipients have been specified and
+  accepted.  But, it is much cleaner and safer than the previous method.
+
+- new architecture doesn't store the mail data in memory any more. Message
+  is still written to memory before scanning by SpamAssassin, but messages
+  larger than the --maxsize to be scanned won't eat up a bunch of memory.
+  From smtpprox documentation by Bennet Todd:
+  "it [spampd] stores the body of the message in an unlinked file
+  under /tmp, which should be a tmpfs; this prevents the allocation
+  overhead associated with large strings (often 2-3x) and ensures that
+  space will be returned to the OS as soon as it's not needed."
+  
+- as a bonus feature, LMTP is now supported by virtue of spampd's transparency.
+
+- added a timeout check around the socket operations as suggested in the 
+  Net::Server docs.  Added new parameter to control this: --childtimeout=n
+  where n is number of seconds.
+
+- added a timeout check around the message processing (spam checking) routines
+  to guard against a SpamAssassin hang. Added new parameter to control 
+  this: --satimeout=n where n is number of seconds.  If a timeout (or error)
+  occurs while processing, the mail is still passed on unless the new --dose
+  (die-on-sa-errors) paramater is given.
+  
+- added --children=n parameter to specify how many child 
+  servers to spawn and maintain. Default is 5 children (plus 
+  one parent).
+  
+- now uses Net::Server::PreForkSimple instead of PreFork.  (Tried utilizing the
+  advanced children pool features of PreFork but either couldn't figure it out
+  or they're kinda broken. If anyone has experience here, please let me know.)
+  
+- improved logging including the Message-ID, recipients, 100ths precision
+  on spam score, processing time, and file size. Logging format now better
+  resembles that of spamd (which hopefully means spamd log analysis tools can be
+  made to work with spampd easily).
+     
+- removed dependencies on Net::SMTP, Net::SMTP::Server::Client, and Error
+  modules.
+
+- host/port and relay host/port can both be specified as xx.xx.xx.xx:nn in
+  the --host and --relayhost parameters, or as individual parameters (--host,
+  --port, --relayhost, --relayport).
+  
+# The next 3 items are ideas/patches by 
+#	Kurt Andersen, 
+#	Agilent Technologies Postmaster
+#	Global Messaging Team, Agilent Technologies
+
+- added optional support for Time::HiRes for more accurate processing time 
+  reporting in the log (automatically loaded if Time::HiRes is available).
+
+- added optional logging of which SA rules matched a message. New option is
+  --log-rules-hit or --rh for short.
+  
+- Added auto HPUX OS detection for syslog loggging
+   "(for some reason HPUX chokes on using the 'unix' socket type)."
+
+# Thanks Kurt!
+
+- added much more verbose spampd logging when using the --debug option.
+  
+- 3 parameters are now deprecated but accepted for backwards compatability:
+     --dead-letters, --heloname, and --stop-at-threshold
+     
+- added shorthand choice for some options: 
+    --aw for --auto-whitelist; --L for --local-only; --a for --tagall
+    --u for --user; --g for --group; --p for --pid
+    --d for --debug; --h for --help; 
+
+- documentation updates
+
+- licensing change due to use of Bennet Todd's code (to GNU GPL from Perl 
+  Artistic).
+
+########
+  
+1.0.2 (13-Apr-03):
+- added 'local-only' parameter to pass on to SA which turns off all 
+  network-based tests (DNS, Razor, etc).
+
+########
+  
+1.0.1 (3-Feb-03): 
+- fixed minor but substantial bug preventing child processes 
+  from exiting properly since the counter wasn't being incremented (d'oh!).
+  Thanks to Mark Blackman for pointing this out.
+
+- fixed typo in pod docs (Thx to James Sizemore for pointing out)
+
+########
+
+Changes to assassind (1.0.0 initial release of spampd - May 2002):
+A different message rewriting method (using 
+  Mail::SpamAssassin::NoMailAudit instead of Dave Carrigan's 
+  custom headers and Mail::Audit); 
+Adding more options for message handling, network/protocol options, 
+  some options to pass on to SpamAssassin (such as whitelist usage);
+More orientation to being used as a content filter for the 
+  Postfix MTA, mostly by changing some default values; 
+Documentation changes;
+
+## EOF ##
\ No newline at end of file
diff --git a/misc/spampd-rh-rc-script.sh b/misc/spampd-rh-rc-script.sh
new file mode 100644
index 0000000..5b90c0b
--- /dev/null
+++ b/misc/spampd-rh-rc-script.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# This script starts and stops the spampd daemon
+#
+# chkconfig: 2345 80 30
+#
+# description: spampd is a daemon process which uses SpamAssassin to check
+#              email messages for SPAM.
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+[ -f /usr/bin/spampd -o -f /usr/local/bin/spampd ] || exit 0
+PATH=$PATH:/usr/bin:/usr/local/bin
+
+# See how we were called.
+case "$1" in
+  start)
+	# Start daemon.
+	echo -n "Starting spampd: "
+	daemon spampd --port=10025 --relayhost=127.0.0.1:25 --tagall --auto-whitelist
+	RETVAL=$?
+	touch /var/lock/spampd
+	echo
+	;;
+  stop)
+	# Stop daemons.
+	echo -n "Shutting down spampd: "
+	killproc spampd
+	RETVAL=$?
+	rm -f /var/lock/spampd
+	echo
+	;;
+  restart)
+	$0 stop
+	$0 start
+	;;
+  status)
+	status spampd
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|status}"
+	exit 1
+esac
+
+exit 0
diff --git a/readme.md b/readme.md
new file mode 100644
index 0000000..fee097e
--- /dev/null
+++ b/readme.md
@@ -0,0 +1,12 @@
+# SpamPD

+

+<span style="color: red">NOTE: please see Download section for official release versions.  The repository version IS NOT THOUROUGHLY TESTED.</span>

+

+spampd is a program used within an e-mail delivery system to scan messages for possible Unsolicited Commercial E-mail (UCE, aka spam) content. 

+It uses an excellent program called SpamAssassin (SA) to do the actual message scanning. spampd acts as a transparent SMTP/LMTP proxy between 

+two mail servers, and during the transaction it passes the mail through SA. If SA decides the mail could be spam, then spampd will ask SA to 

+add some headers and a report to the message indicating it's spam and why. spampd is written in Perl and should theoretically run on any 

+platform supported by Perl and SpamAssassin.

+

+More information is available at <a href="http://www.worlddesign.com/index.cfm/page/rd/mta/spampd.htm">here</a>.

+

diff --git a/spampd.html b/spampd.html
new file mode 100644
index 0000000..3b0d1f5
--- /dev/null
+++ b/spampd.html
@@ -0,0 +1,445 @@
+<HTML>
+<HEAD>
+<TITLE>SpamPD - Spam Proxy Daemon</TITLE>
+<LINK REV="made" HREF="mailto:root@worlddesign.com">
+</HEAD>
+
+<BODY>
+
+<A NAME="__index__"></A>
+<!-- INDEX BEGIN -->
+
+<UL>
+
+	<LI><A HREF="#name">NAME</A></LI>
+	<LI><A HREF="#synopsis">Synopsis</A></LI>
+	<LI><A HREF="#description">Description</A></LI>
+	<LI><A HREF="#requires">Requires</A></LI>
+	<LI><A HREF="#operation">Operation</A></LI>
+	<LI><A HREF="#upgrading">Upgrading</A></LI>
+	<LI><A HREF="#installation">Installation</A></LI>
+	<UL>
+
+		<LI><A HREF="#postfixspecific notes">Postfix-specific Notes</A></LI>
+	</UL>
+
+	<LI><A HREF="#options">Options</A></LI>
+	<UL>
+
+		<LI><A HREF="#deprecated options">Deprecated Options</A></LI>
+	</UL>
+
+	<LI><A HREF="#examples">Examples</A></LI>
+	<LI><A HREF="#credits">Credits</A></LI>
+	<LI><A HREF="#copyright, license, and disclaimer">Copyright, License, and Disclaimer</A></LI>
+	<LI><A HREF="#bugs">Bugs</A></LI>
+	<LI><A HREF="#to do">To Do</A></LI>
+	<LI><A HREF="#see also">See Also</A></LI>
+</UL>
+<!-- INDEX END -->
+
+<HR>
+<P>
+<HR>
+<H1><A NAME="name">NAME</A></H1>
+<P>SpamPD - Spam Proxy Daemon (version 2.10)</P>
+<P>
+<HR>
+<H1><A NAME="synopsis">Synopsis</A></H1>
+<P><STRONG>spampd</STRONG>
+[<STRONG>--host=host[:port]</STRONG>]
+[<STRONG>--relayhost=hostname[:port]</STRONG>]
+[<STRONG>--user|u=username</STRONG>]
+[<STRONG>--group|g=groupname</STRONG>]
+[<STRONG>--children|c=n</STRONG>]
+#[<STRONG>--maxchildren|mc=n</STRONG>]
+[<STRONG>--maxrequests=n</STRONG>]
+[<STRONG>--childtimeout=n</STRONG>]
+[<STRONG>--satimeout=n</STRONG>]
+[<STRONG>--pid|p=filename</STRONG>]
+[<STRONG>--maxsize=n</STRONG>]
+[<STRONG>--dose</STRONG>]
+[<STRONG>--tagall|a</STRONG>]
+[<STRONG>--log-rules-hit|rh</STRONG>]
+[<STRONG>--auto-whitelist|aw</STRONG>]
+[<STRONG>--local-only|L</STRONG>]
+[<STRONG>--debug|d</STRONG>]</P>
+<P><STRONG>spampd</STRONG> <STRONG>--help</STRONG></P>
+<P>
+<HR>
+<H1><A NAME="description">Description</A></H1>
+<P><EM>spampd</EM> is an SMTP/LMTP proxy that marks (or tags) spam using
+SpamAssassin (http://www.SpamAssassin.org/). The proxy is designed
+to be transparent to the sending and receiving mail servers and at no point
+takes responsibility for the message itself. If a failure occurs within
+<EM>spampd</EM> (or SpamAssassin) then the mail servers will disconnect and the
+sending server is still responsible for retrying the message for as long
+as it is configured to do so.</P>
+<P><EM>spampd</EM> uses SpamAssassin to modify (tag) relayed messages based on 
+their spam score, so all SA settings apply. This is described in the SA 
+documentation.  <EM>spampd</EM> will by default only tell SA to tag a 
+message if it exceeds the spam threshold score, however you can have 
+it rewrite all messages passing through by adding the --tagall option 
+(see SA for how non-spam messages are tagged).</P>
+<P><EM>spampd</EM> logs all aspects of its operation to syslog(8), using the
+mail syslog facility.</P>
+<P>The latest version can be found at 
+<A HREF="http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm">http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm</A>.</P>
+<P>
+<HR>
+<H1><A NAME="requires">Requires</A></H1>
+<P>Perl modules:</P>
+<DL>
+<DT><STRONG><A NAME="item_Mail%3A%3ASpamAssassin"><STRONG>Mail::SpamAssassin</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_Net%3A%3AServer%3A%3APreForkSimple"><STRONG>Net::Server::PreForkSimple</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_IO%3A%3AFile"><STRONG>IO::File</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_IO%3A%3ASocket"><STRONG>IO::Socket</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_HiRes"><STRONG>Time::HiRes</STRONG> (not actually required but recommended)</A></STRONG><BR>
+<DD>
+</DL>
+<P>
+<HR>
+<H1><A NAME="operation">Operation</A></H1>
+<P><EM>spampd</EM> is meant to operate as an S/LMTP mail proxy which passes
+each message through SpamAssassin for analysis.  Note that <EM>spampd</EM>
+does not do anything other than check for spam, so it is not suitable as
+an anti-relay system.  It is meant to work in conjunction with your
+regular mail system.  Typically one would pipe any messages they wanted
+scanned through <EM>spampd</EM> after initial acceptance by your MX host.
+This is especially useful for using Postfix's (http://www.postfix.org) 
+advanced content filtering mechanism, although certainly not limited to 
+that application.</P>
+<P>Please re-read the second sentence in the above paragraph.  You should NOT
+enable <EM>spampd</EM> to listen on a public interface (IP address) unless you
+know exactly what you're doing!  It is very easy to set up an open relay this
+way.</P>
+<P>Here are some simple examples (square brackets in the ``diagrams'' indicate
+physical machines):</P>
+<P><STRONG>Running between firewall/gateway and internal mail server</STRONG></P>
+<P>The firewall/gateway MTA would be configured to forward all of its mail 
+to the port that <EM>spampd</EM> listens on, and <EM>spampd</EM> would relay its 
+messages to port 25 of your internal server. <EM>spampd</EM> could either 
+run on its own host (and listen on any port) or it could run on either 
+mail server (and listen on any port except port 25).</P>
+<PRE>
+ Internet -&gt; [ MX gateway (@inter.net.host:25) -&gt; 
+        spampd (@localhost:2025) ] -&gt;
+        Internal mail (@private.host.ip:25)</PRE>
+<P><STRONG>Using Postfix advanced content filtering</STRONG></P>
+<P>Please see the <EM>FILTER_README</EM> that came with the Postfix distribution.  You
+need to have a version of Postfix which supports this (ideally v.2 and up).</P>
+<PRE>
+ Internet -&gt; [ Postfix (@inter.net.host:25) -&gt; 
+        spampd (@localhost:10025) -&gt; 
+        Postfix (@localhost:10026) ] -&gt; final delivery</PRE>
+<P>Note that these examples only show incoming mail delivery.  Since it is 
+usually unnecessary to scan mail coming from your network (right?),
+it may be desirable to set up a separate outbound route which bypasses
+<EM>spampd</EM>.</P>
+<P>
+<HR>
+<H1><A NAME="upgrading">Upgrading</A></H1>
+<P>Upgrading from version 1 simply involves replacing the <EM>spampd</EM> program file
+with the latest one.  Note that the <EM>dead-letters</EM> folder is no longer being
+used and the --dead-letters option is no longer needed (though no errors are
+thrown if it's present).  Check the <A HREF="#options">Options</A> list below for a full list of new
+and deprecated options.  Also be sure to check out the change log.</P>
+<P>
+<HR>
+<H1><A NAME="installation">Installation</A></H1>
+<P><EM>spampd</EM> can be run directly from the command prompt if desired.  This is
+useful for testing purposes, but for long term use you probably want to put
+it somewhere like /usr/bin or /usr/local/bin and execute it at system startup.
+For example on Red Hat-style Linux system one can use a script in 
+/etc/rc.d/init.d to start <EM>spampd</EM> (a sample script is available on the 
+<EM>spampd</EM> Web page @ <A HREF="http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm).">http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm).</A></P>
+<P>The options all have reasonable defaults, especially for a Postfix-centric
+installation.  You may want to specify the --children option if you have an
+especially beefy or weak server box because <EM>spampd</EM> is a memory-hungry 
+program.  Check the <A HREF="#options">Options</A> for details on this and all other parameters.</P>
+<P>Note that <EM>spampd</EM> <STRONG>replaces</STRONG> <EM>spamd</EM> from the <EM>SpamAssassin</EM> distribution
+in function. You do not need to run <EM>spamd</EM> in order for <EM>spampd</EM> to work.
+This has apparently been the source of some confusion, so now you know.</P>
+<P>
+<H2><A NAME="postfixspecific notes">Postfix-specific Notes</A></H2>
+<P>Here is a typical setup for Postfix ``advanced'' content filtering as described
+in the <EM>FILTER_README</EM> that came with the Postfix distribution (which you 
+really need to read):</P>
+<P><EM>/etc/postfix/master.cf</EM>:
+</P>
+<PRE>
+
+ smtp   inet    n       -       y       -       -       smtpd
+        -o content_filter=smtp:localhost:10025
+        -o myhostname=mx.example.com</PRE>
+<PRE>
+ localhost:10026        inet    n       -       n       -       10      smtpd
+        -o content_filter=
+        -o myhostname=mx-int.example.com</PRE>
+<P>The first entry is the main public-facing MTA which uses localhost:10025
+as the content filter for all mail.	The second entry receives mail from
+the content filter and does final delivery.  Both smtpd instances use
+the same Postfix <EM>main.cf</EM> file.  <EM>spampd</EM> is the process that listens on
+localhost:10025 and then connects to the Postfix listener on localhost:10026.
+Note that the <CODE>myhostname</CODE> options must be different between the two instances,
+otherwise Postfix will think it's talking to itself and abort sending.</P>
+<P>For the above example you can simply start <EM>spampd</EM> like this:</P>
+<PRE>
+ spampd --host=localhost:10025 --relayhost=localhost:10026</PRE>
+<P><EM>FILTER_README</EM> from the Postfix distro has more details and examples of
+various setups, including how to skip the content filter for outbound mail.</P>
+<P>Another tip for Postfix when considering what timeout values to use for
+--childtimout and --satimeout options is the following command:</P>
+<P><CODE># postconf | grep timeout</CODE></P>
+<P>This will return a list of useful timeout settings and their values.  For 
+explanations see the relevant <CODE>man</CODE> page (smtp, smtpd, lmtp).  By default
+<EM>spampd</EM> is set up for the default Postfix timeout values.</P>
+<P>
+<HR>
+<H1><A NAME="options">Options</A></H1>
+<DL>
+<DT><STRONG><A NAME="item_%2D%2Dhost%3Dip%5B%3Aport%5D_or_hostname%5B%3Aport"><STRONG>--host=ip[:port] or hostname[:port]</STRONG> <CODE>(changed in v2)</CODE></A></STRONG><BR>
+<DD>
+Specifies what hostname/IP and port <EM>spampd</EM> listens on. By default, it listens
+on 127.0.0.1 (localhost) on port 10025.
+<P><STRONG>Important!</STRONG> You should NOT enable <EM>spampd</EM> to listen on a
+public interface (IP address) unless you know exactly what you're doing!</P>
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dport%3Dn"><STRONG>--port=n</STRONG></A></STRONG><BR>
+<DD>
+Specifies what port <EM>spampd</EM> listens on. By default, it listens on
+port 10025. This is an alternate to using the above --host=ip:port notation.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Drelayhost%3Dip%5B%3Aport%5D_or_hostname%5B%3"><STRONG>--relayhost=ip[:port] or hostname[:port]</STRONG></A></STRONG><BR>
+<DD>
+Specifies the hostname/IP where <EM>spampd</EM> will relay all
+messages. Defaults to 127.0.0.1 (localhost). If the port is not provided, that
+defaults to 25.
+<P></P>
+<DT><STRONG><A NAME="item_n"><STRONG>--relayport=n</STRONG> <CODE>(new in v2)</CODE></A></STRONG><BR>
+<DD>
+Specifies what port <EM>spampd</EM> will relay to. Default is 25. This is an 
+alternate to using the above --relayhost=ip:port notation.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Duser%3Dusername_or_%2D%2Du%3Dusername"><STRONG>--user=username</STRONG> or <STRONG>--u=username</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_%2D%2Dgroup%3Dgroupname_or_%2D%2Dg%3Dgroupname"><STRONG>--group=groupname</STRONG> or  <STRONG>--g=groupname</STRONG></A></STRONG><BR>
+<DD>
+Specifies the user and group that the proxy will run as. Default is
+<EM>mail</EM>/<EM>mail</EM>.
+<P></P>
+<DT><STRONG><STRONG>--children=n</STRONG> or <STRONG>--c=n</STRONG> <CODE>(new in v2)</CODE></STRONG><BR>
+<DD>
+Number of child servers to start and maintain (where n &gt; 0). Each child will 
+process up to --maxrequests (below) before exiting and being replaced by 
+another child.  Keep this number low on systems w/out a lot of memory. 
+Default is 5 (which seems OK on a 512MB lightly loaded system).  Note that 
+there is always a parent process running, so if you specify 5 children you
+will actually have 6 <EM>spampd</EM> processes running.
+<P>You may want to set your origination mail server to limit the 
+number of concurrent connections to <EM>spampd</EM> to match this setting (for 
+Postfix this is the <CODE>xxxx_destination_concurrency_limit</CODE> setting where 
+'xxxx' is the transport being used, usually 'smtp', and the default is 100).</P>
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dmaxrequests%3Dn"><STRONG>--maxrequests=n</STRONG></A></STRONG><BR>
+<DD>
+<EM>spampd</EM> works by forking child servers to handle each message. The
+<STRONG>maxrequests</STRONG> parameter specifies how many requests will be handled
+before the child exits. Since a child never gives back memory, a large
+message can cause it to become quite bloated; the only way to reclaim
+the memory is for the child to exit. The default is 20.
+<P></P>
+<DT><STRONG><STRONG>--childtimeout=n</STRONG> <CODE>(new in v2)</CODE></STRONG><BR>
+<DD>
+This is the number of seconds to allow each child server before it times out
+a transaction. In an S/LMTP transaction the timer is reset for every command. 
+This timeout includes time it would take to send the message data, so it should 
+not be too short.  Note that it's more likely the origination or destination
+mail servers will timeout first, which is fine.  This is just a ``sane'' failsafe.
+Default is 360 seconds (6 minutes).
+<P></P>
+<DT><STRONG><STRONG>--satimeout=n</STRONG> <CODE>(new in v2)</CODE></STRONG><BR>
+<DD>
+This is the number of seconds to allow for processing a message with
+SpamAssassin (including feeding it the message, analyzing it, and adding 
+the headers/report if necessary).  
+This should be less than your origination and destination servers' timeout 
+settings for the DATA command. For Postfix the default is 300 seconds in both
+cases (smtp_data_done_timeout and smtpd_timeout). In the event of timeout
+while processing the message, the problem is logged and the message is passed
+on anyway (w/out spam tagging, obviously).  To fail the message with a temp
+450 error, see the --dose (die-on-sa-errors) option, below.
+Default is 285 seconds.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dpid%3Dfilename_or_%2D%2Dp%3Dfilename"><STRONG>--pid=filename</STRONG> or <STRONG>--p=filename</STRONG></A></STRONG><BR>
+<DD>
+Specifies a filename where <EM>spampd</EM> will write its process ID so
+that it is easy to kill it later. The directory that will contain this
+file must be writable by the <EM>spampd</EM> user. The default is
+<EM>/var/run/spampd.pid</EM>.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dmaxsize%3Dn"><STRONG>--maxsize=n</STRONG></A></STRONG><BR>
+<DD>
+The maximum message size to send to SpamAssassin, in KBytes. By default messages
+over 64KB are not scanned at all, and an appropriate message is logged
+indicating this.  The size includes headers and attachments (if any).
+<P></P>
+<DT><STRONG><A NAME="item_dose"><STRONG>--dose</STRONG> <CODE>(new in v2)</CODE></A></STRONG><BR>
+<DD>
+Acronym for (d)ie (o)n (s)pamAssassin (e)rrors.  By default if <EM>spampd</EM>
+encounters a problem with processing the message through Spam Assassin (timeout 
+or other error), it will still pass the mail on to the destination server.  If 
+you specify this option however, the mail is instead rejected with a temporary 
+error (code 450, which means the origination server should keep retrying to send 
+it).  See the related --satimeout option, above.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dtagall_or_%2D%2Da"><STRONG>--tagall</STRONG> or <STRONG>--a</STRONG></A></STRONG><BR>
+<DD>
+Tells <EM>spampd</EM> to have SpamAssassin add headers to all scanned mail,
+not just spam.  By default <EM>spampd</EM> will only rewrite messages which 
+exceed the spam threshold score (as defined in the SA settings).  Note that
+for this option to work as of SA-2.50, the <EM>always_add_report</EM> and/or 
+<EM>always_add_headers</EM> settings in your SpamAssassin <EM>local.cf</EM> need to be 
+set to 1/true.
+<P></P>
+<DT><STRONG><A NAME="item_rh"><STRONG>--log-rules-hit</STRONG> or <STRONG>--rh</STRONG> <CODE>(new in v2)</CODE></A></STRONG><BR>
+<DD>
+Logs the names of each SpamAssassin rule which matched the message being 
+processed.  This list is returned by SA.
+<P></P>
+<DT><STRONG><A NAME="item_ash"><STRONG>--add-sc-header</STRONG> or <STRONG>--ash</STRONG> <CODE>(new in v2.1)</CODE></A></STRONG><BR>
+<DD>
+Add a 'X-Spam-Checked-By: {hostname}' header to each scanned message.  By 
+default no such header is added. This can be useful in tracking which server
+in a pool did the scanning.  See below for how to specify a hostname.
+<P></P>
+<DT><STRONG><A NAME="item_hostname"><STRONG>--hostname=hostname</STRONG> <CODE>(new in v2.1)</CODE></A></STRONG><BR>
+<DD>
+Hostname to use in the X-Spam-Checked-By header. By default the value of the 
+environmental variable $HOSTNAME is used, or if that is undefined/blank then
+'localhost' is used as the hostname.  Only relevant if the --add-sc-header 
+option is specified.
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dauto%2Dwhitelist_or_%2D%2Daw"><STRONG>--auto-whitelist</STRONG> or <STRONG>--aw</STRONG></A></STRONG><BR>
+<DD>
+Turns on the SpamAssassin global whitelist feature.  See the SA docs. Note
+that per-user whitelists are not available.
+<P></P>
+<DT><STRONG><A NAME="item_L"><STRONG>--local-only</STRONG> or <STRONG>--L</STRONG> <CODE>(new in v2)</CODE></A></STRONG><BR>
+<DD>
+Turn off all SA network-based tests (DNS, Razor, etc).
+<P></P>
+<DT><STRONG><A NAME="item_d"><STRONG>--debug</STRONG> or <STRONG>--d</STRONG> <CODE>(changed in v2)</CODE></A></STRONG><BR>
+<DD>
+Turns on SpamAssassin debug messages which print to STDERR (usually the 
+console).  Also turns on more verbose logging of what spampd is doing (new in
+v2).
+<P></P>
+<DT><STRONG><A NAME="item_%2D%2Dhelp_or_%2D%2Dh"><STRONG>--help</STRONG> or <STRONG>--h</STRONG></A></STRONG><BR>
+<DD>
+Prints usage information.
+<P></P></DL>
+<P>
+<H2><A NAME="deprecated options">Deprecated Options</A></H2>
+<P>The following options are no longer used but still accepted for backwards
+compatibility with <EM>spampd</EM> v1:</P>
+<DL>
+<DT><STRONG><A NAME="item_%2D%2Ddead%2Dletters"><STRONG>--dead-letters</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_%2D%2Dheloname"><STRONG>--heloname</STRONG></A></STRONG><BR>
+<DD>
+<DT><STRONG><A NAME="item_%2D%2Dstop%2Dat%2Dthreshold"><STRONG>--stop-at-threshold</STRONG></A></STRONG><BR>
+<DD>
+</DL>
+<P>
+<HR>
+<H1><A NAME="examples">Examples</A></H1>
+<DL>
+<DT><STRONG><A NAME="item_Running_between_firewall%2Fgateway_and_internal_ma">Running between firewall/gateway and internal mail server</A></STRONG><BR>
+<DD>
+<EM>spampd</EM> listens on port 10025 on the same host as the internal mail server.
+<PRE>
+  spampd --host=192.168.1.10</PRE>
+<P>Same as above but <EM>spampd</EM> runs on port 10025 of the same host as 
+the firewall/gateway and passes messages on to the internal mail server 
+on another host.</P>
+<PRE>
+  spampd --relayhost=192.168.1.10</PRE>
+<P></P>
+<DT><STRONG><A NAME="item_Using_Postfix_advanced_content_filtering_example_a">Using Postfix advanced content filtering example
+and the SA auto-whitelist feature</A></STRONG><BR>
+<DD>
+<PRE>
+  spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist</PRE>
+</DL>
+<P>
+<HR>
+<H1><A NAME="credits">Credits</A></H1>
+<P><EM>spampd</EM> is written and maintained by Maxim Paperno &lt;<A HREF="mailto:MPaperno@WorldDesign.com">MPaperno@WorldDesign.com</A>&gt;.
+See <A HREF="http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm">http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm</A> for latest info.</P>
+<P><EM>spampd</EM> v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan 
+Stanley Dean Witter. These are distributed under the GNU GPL (see
+module code for more details). Both modules have been slightly modified 
+from the originals and are included in this file under new names.</P>
+<P>Also thanks to Bennet Todd for the example smtpproxy script which helped create
+this version of <EM>spampd</EM>.  See <A HREF="http://bent.latency.net/smtpprox/">http://bent.latency.net/smtpprox/</A> .</P>
+<P><EM>spampd</EM> v1 was based on code by Dave Carrigan named <EM>assassind</EM>. Trace 
+amounts of his code or documentation may still remain. Thanks to him for the
+original inspiration and code. See <A HREF="http://www.rudedog.org/assassind/">http://www.rudedog.org/assassind/</A> .</P>
+<P>Also thanks to <EM>spamd</EM> (included with SpamAssassin) and 
+<EM>amavisd-new</EM> (http://www.ijs.si/software/amavisd/) for some tricks.</P>
+<P>
+<HR>
+<H1><A NAME="copyright, license, and disclaimer">Copyright, License, and Disclaimer</A></H1>
+<P><EM>spampd</EM> is Copyright (c) 2002 by World Design Group and Maxim Paperno.</P>
+<P>Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above
+in the Credits section.</P>
+<PRE>
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.</PRE>
+<PRE>
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.</PRE>
+<PRE>
+    The GNU GPL can be found at <A HREF="http://www.fsf.org/copyleft/gpl.html">http://www.fsf.org/copyleft/gpl.html</A></PRE>
+<P>
+<HR>
+<H1><A NAME="bugs">Bugs</A></H1>
+<P>None known.  Please report any to <A HREF="mailto:MPaperno@WorldDesign.com.">MPaperno@WorldDesign.com.</A></P>
+<P>
+<HR>
+<H1><A NAME="to do">To Do</A></H1>
+<P>Figure out how to use Net::Server::PreFork because it has cool potential for
+load management.  I tried but either I'm missing something or PreFork is
+somewhat broken in how it works.  If anyone has experience here, please let 
+me know.</P>
+<P>Add configurable option for rejecting mail outright based on spam score.
+It would be nice to make this program safe enough to sit in front of a mail 
+server such as Postfix and be able to reject mail before it enters our systems.
+The only real problem is that Postfix will see localhost as the connecting
+client, so that disables any client-based checks Postfix can do and creates a 
+possible relay hole if localhost is trusted.</P>
+<P>Per-user preferences: The jury is still out on this one.  I'm thinking more
+and more that most per-user prefs should be specified on the final mailbox
+server.  Why? Because SMTP isn't designed with per-user preferences in mind.
+On a relay server, the same message body can go to multiple recipients who
+may have wildly different preferences when it comes to handilng junk mail.  The
+exception here might be the use of LMTP protocol, which bears further
+investigation.</P>
+<P>
+<HR>
+<H1><A NAME="see also">See Also</A></H1>
+<P>perl(1), Spam::Assassin(3), <A HREF="http://www.spamassassin.org/">http://www.spamassassin.org/</A>, 
+<A HREF="http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm">http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm</A></P>
+
+</BODY>
+
+</HTML>