#! /usr/bin/perl ###################### # SpamPD - spam proxy daemon # # v2.00 - 8-June-03 # v1.0.2 - 13-Apr-03 # v1.0.1 - 3-Feb-03 # v1.0.0 - May 2002 # # spampd is Copyright (c) 2002 by World Design Group and Maxim Paperno # (see http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm) # # Written and maintained by Maxim Paperno (MPaperno@WorldDesign.com) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html # # spampd v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan # Stanley Dean Witter. These are also distributed under the GNU GPL (see # module code for more details). Both modules have been slightly modified # from the originals and are included in this file under new names. # # spampd v1 was based on code by Dave Carrigan named assassind. Trace amounts # of his code or documentation may still remain. Thanks to him for the # original inspiration and code. (see http://www.rudedog.org/assassind/) # ###################### ################################################################################ package SpamPD::Server; # Originally known as MSDW::SMTP::Server # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =item DESCRIPTION # # This server simply gathers the SMTP acquired information (envelope # sender and recipient, and data) into unparsed memory buffers (or a # file for the data), and returns control to the caller to explicitly # acknowlege each command or request. Since acknowlegement or failure # are driven explicitly from the caller, this module can be used to # create a robust SMTP content scanning proxy, transparent or not as # desired. # # =cut use strict; use IO::File; #use IO::Socket; # =item new(interface => $interface, port => $port); # The #interface and port to listen on must be specified. The interface # must be a valid numeric IP address (0.0.0.0 to listen on all # interfaces, as usual); the port must be numeric. If this call # succeeds, it returns a server structure with an open # IO::Socket::INET in it, ready to listen on. If it fails it dies, so # if you want anything other than an exit with an explanatory error # message, wrap the constructor call in an eval block and pull the # error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. # # =cut sub new { # This now emulates Net::SMTP::Server::Client for use with Net::Server which # passes an already open socket. my($this, $socket) = @_; my $class = ref($this) || $this; my $self = {}; $self->{sock} = $socket; bless($self, $class); die "$0: socket bind failure: $!\n" unless defined $self->{sock}; $self->{state} = 'just bound'; return $self; # Original code, removed by MP for spampd use # # my ($this, @opts) = @_; # my $class = ref($this) || $this; # my $self = bless { @opts }, $class; # $self->{sock} = IO::Socket::INET->new( # LocalAddr => $self->{interface}, # LocalPort => $self->{port}, # Proto => 'tcp', # Type => SOCK_STREAM, # Listen => 65536, # Reuse => 1, # ); # die "$0: socket bind failure: $!\n" unless defined $self->{sock}; # $self->{state} = 'just bound', # return $self; } # =item accept([debug => FD]); # # accept takes optional args and returns nothing. If an error occurs # it dies, otherwise it returns when a client connects to this server. # This is factored out as a separate entry point to allow preforking # (e.g. Apache-style) or fork-per-client strategies to be implemented # on the common protocol core. If a filehandle is passed for debugging # it will receive a complete trace of the entire SMTP dialogue, data # and all. Note that nothing in this module sends anything to the # client, including the initial login banner; all such backtalk must # come from the calling program. # # =cut # sub accept { # my ($self, @opts) = @_; # %$self = (%$self, @opts); # #($self->{"s"}, $self->{peeraddr}) = $self->{sock}->accept # $self->{"s"} = $self->{sock} # or die "$0: accept failure: $!\n"; # $self->{state} = ' accepted'; # } # =item chat; # # The chat method carries the SMTP dialogue up to the point where any # acknowlegement must be made. If chat returns true, then its return # value is the previous SMTP command. If the return value begins with # 'mail' (case insensitive), then the attribute 'from' has been filled # in, and may be checked; if the return value begins with 'rcpt' then # both from and to have been been filled in with scalars, and should # be checked, then either 'ok' or 'fail' should be called to accept # or reject the given sender/recipient pair. If the return value is # 'data', then the attributes from and to are populated; in this case, # the 'to' attribute is a reference to an anonymous array containing # all the recipients for this data. If the return value is '.', then # the 'data' attribute (which may be pre-populated in the "new" or # "accept" methods if desired) is a reference to a filehandle; if it's # created automatically by this module it will point to an unlinked # tmp file in /tmp. If chat returns false, the SMTP dialogue has been # completed and the socket closed; this server is ready to exit or to # accept again, as appropriate for the server style. # # The return value from chat is also remembered inside the server # structure in the "state" attribute. # # =cut sub chat { my ($self) = @_; local(*_); if ($self->{state} !~ /^data/i) { return 0 unless defined($_ = $self->_getline); s/[\r\n]*$//; $self->{state} = $_; if (s/^helo\s+//i) { s/\s*$//;s/\s+/ /g; $self->{helo} = $_; } elsif (s/^rset\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; } elsif (s/^mail\s+from:\s*//i) { delete $self->{to}; delete $self->{data}; delete $self->{recipients}; s/\s*$//; $self->{from} = $_; } elsif (s/^rcpt\s+to:\s*//i) { s/\s*$//; s/\s+/ /g; $self->{to} = $_; push @{$self->{recipients}}, $_; } elsif (/^data/i) { $self->{to} = $self->{recipients}; } } else { if (defined($self->{data})) { $self->{data}->seek(0, 0); $self->{data}->truncate(0); # $self->{data} = undef; } else { $self->{data} = IO::File->new_tmpfile; # $self->{data} = undef; } while (defined($_ = $self->_getline)) { if ($_ eq ".\r\n") { $self->{data}->seek(0,0); return $self->{state} = '.'; } s/^\.\./\./; $self->{data}->print($_) or die "$0: write error saving data\n"; # $self->{data} .= $_; } return(0); } return $self->{state}; } # =item ok([message]); # # Approves of the data given to date, either the recipient or the # data, in the context of the sender [and, for data, recipients] # already given and available as attributes. If a message is given, it # will be sent instead of the internal default. # # =cut sub ok { my ($self, @msg) = @_; @msg = ("250 ok.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # =item fail([message]); # # Rejects the current info; if processing from, rejects the sender; if # processing 'to', rejects the current recipient; if processing data, # rejects the entire message. If a message is specified it means the # exact same thing as "ok" --- simply send that message to the sender. # # =cut sub fail { my ($self, @msg) = @_; @msg = ("550 no.") unless @msg; $self->_print("@msg\r\n") or die "$0: write error acknowledging $self->{state}: $!\n"; } # utility functions sub _getline { my ($self) = @_; local ($/) = "\r\n"; my $tmp = $self->{sock}->getline; if ( defined $self->{debug} ) { $self->{debug}->print($tmp) if ($tmp); } return $tmp; } sub _print { my ($self, @msg) = @_; $self->{debug}->print(@msg) if defined $self->{debug}; $self->{sock}->print(@msg); } 1; ################################################################################ package SpamPD::Client; # Originally known as MSDW::SMTP::Client # # This code is Copyright (C) 2001 Morgan Stanley Dean Witter, and # is distributed according to the terms of the GNU Public License # as found at . # # Modified for use in SpamPD by Maxim Paperno (June, 2003) # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Written by Bennett Todd # =head1 DESCRIPTION # # MSDW::SMTP::Client provides a very lean SMTP client implementation; # the only protocol-specific knowlege it has is the structure of SMTP # multiline responses. All specifics lie in the hands of the calling # program; this makes it appropriate for a semi-transparent SMTP # proxy, passing commands between a talker and a listener. # # =cut use strict; use IO::Socket; # =item new(interface => $interface, port => $port[, timeout = 300]); # # The interface and port to talk to must be specified. The interface # must be a valid numeric IP address; the port must be numeric. If # this call succeeds, it returns a client structure with an open # IO::Socket::INET in it, ready to talk to. If it fails it dies, # so if you want anything other than an exit with an explanatory # error message, wrap the constructor call in an eval block and pull # the error out of $@ as usual. This is also the case for all other # methods; they succeed or they die. The timeout parameter is passed # on into the IO::Socket::INET constructor. # # =cut sub new { my ($this, @opts) = @_; my $class = ref($this) || $this; my $self = bless { timeout => 300, @opts }, $class; $self->{sock} = IO::Socket::INET->new( PeerAddr => $self->{interface}, PeerPort => $self->{port}, Timeout => $self->{timeout}, Proto => 'tcp', Type => SOCK_STREAM, ); die "$0: socket connect failure: $!\n" unless defined $self->{sock}; return $self; } # =item hear # # hear collects a complete SMTP response and returns it with trailing # CRLF removed; for multi-line responses, intermediate CRLFs are left # intact. Returns undef if EOF is seen before a complete reply is # collected. # # =cut sub hear { my ($self) = @_; my ($tmp, $reply); return undef unless $tmp = $self->{sock}->getline; while ($tmp =~ /^\d{3}-/) { $reply .= $tmp; return undef unless $tmp = $self->{sock}->getline; } $reply .= $tmp; $reply =~ s/\r\n$//; return $reply; } # =item say("command text") # # say sends an SMTP command, appending CRLF. # # =cut sub say { my ($self, @msg) = @_; return unless @msg; $self->{sock}->print("@msg", "\r\n") or die "$0: write error: $!"; } # =item yammer(FILEHANDLE) # # yammer takes a filehandle (which should be positioned at the # beginning of the file, remember to $fh->seek(0,0) if you've just # written it) and sends its contents as the contents of DATA. This # should only be invoked after a $client->say("data") and a # $client->hear to collect the reply to the data command. It will send # the trailing "." as well. It will perform leading-dot-doubling in # accordance with the SMTP protocol spec, where "leading dot" is # defined in terms of CR-LF terminated lines --- i.e. the data should # contain CR-LF data without the leading-dot-quoting. The filehandle # will be left at EOF. # # =cut sub yammer { my ($self, $fh) = (@_); local (*_); local ($/) = "\r\n"; while (<$fh>) { s/^\./../; $self->{sock}->print($_) or die "$0: write error: $!\n"; } $self->{sock}->print(".\r\n") or die "$0: write error: $!\n"; } 1; ################################################################################ package SpamPD; use strict; use Net::Server::PreFork; use IO::File; use Getopt::Long; # use Net::SMTP; # use Net::SMTP::Server::Client; use Mail::SpamAssassin; use Mail::SpamAssassin::NoMailAudit; # use Error qw(:try); BEGIN { import SpamPD::Server; import SpamPD::Client; } use vars qw(@ISA $VERSION); our @ISA = qw(Net::Server::PreFork); our $VERSION = '2.00'; sub process_message { my ($self, $fh) = @_; my $start = time; # this gets info about the message file (my $dev,my $ino,my $mode,my $nlink,my $uid, my $gid,my $rdev,my $size, my $atime,my $mtime,my $ctime, my $blksize,my $blocks) = $fh->stat or die "Can't stat mail file: $!"; # Only process message under --maxsize KB if ( $size < ($self->{spampd}->{maxsize} * 1024) ) { # read message into array of lines to feed to SA # notes in the SA::NoMailAudit code indicate it should take a # filehandle... but that doesn't seem to work my(@msglines); $fh->seek(0,0) or die "Can't rewind message file: $!"; while (<$fh>) { push(@msglines,$_); } # Audit the message my $mail = Mail::SpamAssassin::NoMailAudit->new ( data => \@msglines ); # use the assassin object created during startup my $assassin = $self->{spampd}->{assassin}; # Check spamminess my $status = $assassin->check($mail); # Rewrite mail if high spam factor or option --tagall if ( $status->is_spam || $self->{spampd}->{tagall} ) { $status->rewrite_mail; # Build the new message to relay my $msg_resp = join '',$mail->header,"\r\n",@{$mail->body}; my @resplines = split(/\r?\n/, $msg_resp); my $arraycont = @resplines; $fh->seek(0,0) or die "Can't rewind message file: $!"; $fh->truncate(0) or die "Can't truncate message file: $!"; for (0..$arraycont) { $fh->print($resplines[$_] . "\r\n"); } } # Log what we did my $was_it_spam = 'clean message'; if($status->is_spam) { $was_it_spam = 'identified spam'; } my $msg_score = sprintf("%.1f",$status->get_hits); my $msg_threshold = sprintf("%.1f",$status->get_required_hits); $self->log(2, "$was_it_spam ($msg_score/$msg_threshold) in ". sprintf("%.1f", time - $start) ." seconds."); $status->finish(); } else { $self->log(2, "Scanning skipped due to size (". $size / 1024 ."KB)"); } return 1; } sub process_request { my $self = shift; my $msg; eval { local $SIG{ALRM} = sub { die "Child server process timed out!\n" }; my $timeout = $self->{spampd}->{childtimeout}; # start a timeout alarm alarm($timeout); # start an smtp server my $smtp_server = SpamPD::Server->new($self->{server}->{client}); unless ( defined $smtp_server ) { die "WARNING!! Failed to create listening Server: $!"; } # start an smtp "client" (really a sending server) my $client = SpamPD::Client->new(interface => $self->{spampd}->{relayhost}, port => $self->{spampd}->{relayport}); unless ( defined $client ) { die "WARNING!! Failed to create sending Client: $!"; } # pass on initial client response $smtp_server->ok($client->hear) or die "WARNING!! Error in initial server->ok(client->hear): $!"; # while loop over incoming data from the server while ( my $what = $smtp_server->chat ) { # until end of DATA is sent, just pass the commands on transparently if ($what ne '.') { $client->say($what) or die "WARNING!! Failure in client->say(what): $!"; # but once the data is sent now we want to process it } else { # spam checking routine - message might be rewritten here $self->process_message($smtp_server->{data}) or die "WARNING!! Error processing message (process_message(data)): $!"; # $self->log(0, $smtp_server->{data}); #debug # need to give the client a rewound file $smtp_server->{data}->seek(0,0) or die "WARNING!! Can't rewind mail file: $!"; # now send the data on through the client $client->yammer($smtp_server->{data}) or die "WARNING!! Failure in client->yammer(smtp_server->{data}): $!"; #close the file $smtp_server->{data}->close or die "WARNING!! Couldn't close smtp_server->{data} temp file: $!"; } # pass on whatever the relayhost said in response $smtp_server->ok($client->hear) or die "WARNING!! Error in server->ok(client->hear): $!"; # restart the timeout alarm alarm($timeout); } # server ends connection # close connections $client->{sock}->close or die "WARNING!! Couldn't close client->{sock}: $!"; $smtp_server->{sock}->close or die "WARNING!! Couldn't close smtp_server->{sock}: $!"; }; # end eval block alarm(0); # stop the timer # check for error in eval block if ($@ ne '') { chomp($@); $msg = "WARNING!! Error in process_request eval block: $@"; $self->log(0, $msg); die ($msg . "\n"); } $self->{spampd}->{instance} = 1 unless defined $self->{spampd}->{instance}; exit 0 if $self->{spampd}->{instance}++ > $self->{spampd}->{maxrequests}; } my $relayhost = '127.0.0.1'; # relay to ip my $relayport = 25; # relay to port my $host = '127.0.0.1'; # listen on ip my $port = 10025; # listen on port my $maxrequests = 20; # max requests handled by child b4 dying my $childtimeout = 5*60; # child process per-command timeout in seconds my $pidfile = '/var/run/spampd.pid'; # write pid to file my $user = 'mail'; # user to run as my $group = 'mail'; # group to run as my $tagall = 0; # mark-up all msgs with SA, not just spam my $maxsize = 64; # max. msg size to scan with SA, in KB. # the following are deprecated as of v.2 my $heloname = ''; my $dead_letters = ''; my %options = (port => \$port, host => \$host, relayhost => \$relayhost, relayport => \$relayport, 'dead-letters' => \$dead_letters, pid => \$pidfile, user => \$user, group => \$group, maxrequests => \$maxrequests, maxsize => \$maxsize, heloname => \$heloname, childtimeout => \$childtimeout ); usage(1) unless GetOptions(\%options, 'port=i', 'host=s', 'relayhost=s', 'relayport=i', 'maxrequests=i', 'dead-letters=s', 'user=s', 'group=s', 'pid=s', 'maxsize=i', 'heloname=s', 'tagall', 'auto-whitelist', 'stop-at-threshold', 'debug', 'help', 'local-only', 'childtimeout=i'); usage(0) if $options{help}; if ( $options{tagall} ) { $tagall = 1; } my @tmp = split (/:/, $relayhost); $relayhost = $tmp[0]; if ( $tmp[1] ) { $relayport = $tmp[1]; } @tmp = split (/:/, $host); $host = $tmp[0]; if ( $tmp[1] ) { $port = $tmp[1]; } my $assassin = Mail::SpamAssassin->new({ 'dont_copy_prefs' => 1, 'debug' => $options{'debug'} || 0, 'local_tests_only' => $options{'local-only'} || 0 }); # 'stop_at_threshold' => $options{'stop_at_threshold'} || 0, $options{'auto-whitelist'} and eval { require Mail::SpamAssassin::DBBasedAddrList; # create a factory for the persistent address list my $addrlistfactory = Mail::SpamAssassin::DBBasedAddrList->new(); $assassin->set_persistent_address_list_factory ($addrlistfactory); }; $assassin->compile_now(); my $server = bless { server => {host => $host, port => [ $port ], log_file => 'Sys::Syslog', syslog_ident => 'spampd', syslog_facility => 'mail', background => 1, pid_file => $pidfile, user => $user, group => $group, }, spampd => { maxrequests => $maxrequests, relayhost => $relayhost, relayport => $relayport, tagall => $tagall, maxsize => $maxsize, assassin => $assassin, childtimeout => $childtimeout }, }, 'SpamPD'; # call Net::Server to do the rest $server->run; exit 1; # shouldn't need this sub usage { print < [B<--host=host[:port]>] [B<--relayhost=hostname[:port]>] [B<--user=username>] [B<--group=groupname>] [B<--maxrequests=n>] [B<--childtimeout=n>] [B<--pid=filename>] [B<--maxsize=n>] [B<--tagall>] [B<--auto-whitelist>] [B<--local-only>] [B<--debug>] B B<--help> =head1 Description I is a relaying SMTP proxy that filters spam using SpamAssassin (http://www.SpamAssassin.org). The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. I uses SpamAssassin to modify (tag) relayed messages based on their spam score, so all SA settings apply. This is described in the SA documentation. I will by default only tell SA to tag a message if it exceeds the spam threshold score, however you can have it rewrite all messages passing through by adding the --tagall option (see SA for how non-spam messages are tagged). I logs all aspects of its operation to syslog(8), using the mail syslog facility. The latest version can be found at http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm =head1 Requires =over 5 Perl modules: =item B =item B =item B =item B =back =head1 Operation I is meant to operate as an SMTP mail proxy which passes each message through SpamAssassin for analysis. Note that I does not do anything other than check for spam, so it is not suitable as an anti-relay system. It is meant to work in conjunction with your regular mail system. Typically one would pipe any messages they wanted scanned through I after initial acceptance by your MX host. This is especially useful for using Postfix's (http://www.postfix.org) advanced content filtering mechanism, although certainly not limited to that application. Please re-read the second sentence in the above paragraph. You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! It is very easy to set up an open relay this way. Note that I U I from the I distribution in function. You do not need to run I in order for I to function. Here are some simple examples (square brackets in the "diagrams" indicate physical machines): B =over 3 The firewall/gateway MTA would be configured to forward all of its mail to the port that I listens on, and I would relay its messages to port 25 of your internal server. I could either run on its own host (and listen on any port) or it could run on either mail server (and listen on any port except port 25). Internet -> [ MX gateway (@inter.net.host:25) -> I (@localhost:2025) ] -> Internal mail (@private.host.ip:25) =back B =over 3 Please see the FILTER_README that came with the Postfix distribution. You need to have a version of Postfix which supports this. Internet -> [ I (@inter.net.host:25) -> I (@localhost:10025) -> I (@localhost:10026) ] -> final delivery =back Note that these examples only show incoming mail delivery. Since it is usually unnecessary to scan mail coming from your network (right?), it may be desirable to set up a separate outbound route which bypasses I. =head1 Installation I can be run directly from the command prompt if desired. This is useful for testing purposes, but for long term use you probably want to put it somewhere like /usr/bin or /usr/local/bin and execute it at system startup. For example on Red Hat-style Linux system one can use a script in /etc/rc.d/init.d to start I (a sample script is available on the I Web page @ http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm). Note that I B I from the I distribution in function. You do not need to run I in order for I to function. This has apparently been the source of some confusion, so now you know. =head2 Postfix-specific Notes Here is a typical setup for Postfix "advanced" content filtering as described in the FILTER_README that came with the Postfix distribution: F: smtp inet n - y - - smtpd -o content_filter=smtp:localhost:10025 -o myhostname=mx.example.com localhost:10026 inet n - n - 10 smtpd -o content_filter= -o myhostname=mx-int.example.com The first entry is the main public-facing MTA which uses localhost:10025 as the content filter for all mail. The second entry receives mail from the content filter and does final delivery. Both smtpd instances use the same Postfix F file. I is the process that listens on localhost:10025 and then connects to the Postfix listener on localhost:10026. Note that the C options must be different between the two instances, otherwise Postfix will think it's talking to itself and abort sending. For the above example you can simply start I like this: spampd --host=localhost:10025 --relayhost=localhost:10026 =head1 Options =over 5 =item B<--host=ip or hostname[:port]> Specifies what hostname/IP and port I listens on. By default, it listens on 127.0.0.1 (localhost) on port 10025. B You should NOT enable I to listen on a public interface (IP address) unless you know exactly what you're doing! =item B<--port=n> Specifies what port I listens on. By default, it listens on port 10025. This is an alternate to using the above --host=ip:port notation. =item B<--relayhost=ip or hostname[:port]> Specifies the hostname where I will relay all messages. Defaults to 127.0.0.1. If the port is not provided, that defaults to 25. =item B<--relayport=n> Specifies what port I will relay to. Default is 35. This is an alternate to using the above --relayhost=ip:port notation. =item B<--user=username> =item B<--group=groupname> Specifies the user and group that the proxy will run as. Default is I/I. =item B<--maxrequests=n> I works by forking child servers to handle each message. The B parameter specifies how many requests will be handled before the child exits. Since a child never gives back memory, a large message can cause it to become quite bloated; the only way to reclaim the memory is for the child to exit. The default is 20. =item B<--childtimeout=n> This is the number of seconds to allow each child server before it times out a transaction. In an SMTP transaction the timer is reset for every command. This timeout includes time it would take to send the message data, so it should not be too short. Default is 300 seconds (5 minutes). =item B<--pid=filename> Specifies a filename where I will write its process ID so that it is easy to kill it later. The directory that will contain this file must be writable by the I user. The default is F. =item B<--tagall> Tells I to have SpamAssassin add headers to all scanned mail, not just spam. By default I will only rewrite messages which exceed the spam threshold score (as defined in the SA settings). =item B<--maxsize=n> The maximum message size to send to SpamAssassin, in KB. By default messages over 64KB are not scanned at all, and an appropriate message is logged indicating this. This includes headers. =item B<--auto-whitelist> Turns on the SpamAssassin global whitelist feature. See the SA docs. Note that per-user whitelists are not available. =item B<--local-only> Turn off all SA network-based tests (DNS, Razor, etc). =item B<--debug> Turns on SpamAssassin debug messages. =item B<--help> Prints usage information. =back =head2 Deprecated Options =over 5 The following options are no longer used but still accepted for backwards compatibility with I v1: =item B<--dead-letters> =item B<--heloname> =item B<--stop-at-threshold> =back =head1 Examples =over 5 =item Running between firewall/gateway and internal mail server I listens on port 10025 on the same host as the internal mail server. spampd --host=192.168.1.10 Same as above but I runs on port 10025 of the same host as the firewall/gateway and passes messages on to the internal mail server on another host. spampd --relayhost=192.168.1.10 =item Using Postfix advanced content filtering example and the SA auto-whitelist feature spampd --port=10025 --relayhost=127.0.0.1:10026 --auto-whitelist =back =head1 Credits I is written and maintained by Maxim Paperno . See http://www.WorldDesign.com/index.cfm/rd/mta/spampd.htm for latest info. I v2 uses two Perl modules by Bennett Todd and Copyright (C) 2001 Morgan Stanley Dean Witter. These are distributed under the GNU GPL (see module code for more details). Both modules have been slightly modified from the originals and are included in this file under new names. Also thanks to Bennet Todd for the example smtpproxy script which helped create this version of I. See http://bent.latency.net/smtpprox/ . I v1 was based on code by Dave Carrigan named assassind. Trace amounts of his code or documentation may still remain. Thanks to him for the original inspiration and code. See http://www.rudedog.org/assassind/ . Also thanks to I (included with SpamAssassin) and I (http://www.ijs.si/software/amavisd/) for some tricks. =head1 Copyright and Disclaimer I is Copyright (c) 2002 by World Design Group and Maxim Paperno Portions are Copyright (C) 2001 Morgan Stanley Dean Witter as mentioned above in the CREDITS section. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. The GNU GPL can be found at http://www.fsf.org/copyleft/gpl.html =head1 Bugs None known. Please report any to MPaperno@WorldDesign.com. =head1 To Do Add configurable option for rejecting mail outright based on spam score. It would be nice to make this program safe enough to sit in front of a mail server such as Postfix and be able to reject mail before it enters our systems. The only real problem is that Postfix will see localhost as the connecting client, so that disables any client-based checks Postfix can do and creates a possible relay hole if localhost is trusted. Make it handle LMTP protocol. =head1 See Also perl(1), Spam::Assassin(3), L, L