Package: spamassassin
Version: 3.3.1-1
Severity: wishlist
Tags: patch
The following patch:
- Orders items alphabetically
- Removes extra EOL whitespaces from the moved items.
This helps searching in natural A-Z order. Compare to book indexes
where one reads from top to bottom; and programs like cp(1), mv(1),
ssh(1) etc.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spamassassin depends on:
pn libarchive-tar-perl <none> (no description available)
ii libdigest-sha1-perl 2.13-1 NIST SHA-1 message digest algorith
ii libhtml-parser-perl 3.68-1 collection of modules that parse H
ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc
ii libnetaddr-ip-perl 4.041+dfsg-1 IP address manipulation module
ii libsocket6-perl 0.23-1 Perl extensions for IPv6
ii libsys-hostname-long-perl 1.4-2 Figure out the long (fully-qualifi
ii libwww-perl 5.837-1 simple and consistent interface to
ii perl 5.10.1-18 Larry Wall's Practical Extraction
ii perl-modules [libio-zlib-pe 5.10.1-18 Core Perl modules
Versions of packages spamassassin recommends:
ii gcc 4:4.5.2-2 The GNU C compiler
ii gnupg 1.4.11-3 GNU privacy guard - a free PGP rep
ii libc6-dev 2.11.2-11 Embedded GNU C Library: Developmen
ii libio-socket-inet6-perl 2.65-1.1 Object interface for AF_INET6 doma
pn libmail-spf-perl <none> (no description available)
ii make 3.81-8 An utility for Directing compilati
ii perl [libsys-syslog-perl] 5.10.1-18 Larry Wall's Practical Extraction
ii re2c 0.13.5-1 tool for generating fast C-based r
ii spamc 3.3.1-1 Client for SpamAssassin spam filte
Versions of packages spamassassin suggests:
ii libcompress-zlib-perl 2.033-1 Transitional dummy package for Com
ii libdbi-perl 1.616-1 Perl Database Interface (DBI)
ii libio-compress-perl [libcompr 2.033-1 bundle of IO::Compress modules
ii libio-socket-ssl-perl 1.39-1 Perl module implementing object or
pn libmail-dkim-perl <none> (no description available)
pn libnet-ident-perl <none> (no description available)
ii perl [libcompress-zlib-perl] 5.10.1-18 Larry Wall's Practical Extraction
pn pyzor <none> (no description available)
pn razor <none> (no description available)
-- Configuration Files:
/etc/default/spamassassin changed [not included]
/etc/spamassassin/local.cf changed [not included]
/etc/spamassassin/v330.pre changed [not included]
-- no debconf information
>From f55251cf34d8f15d927e49d6baae3dc0d1499a8f Mon Sep 17 00:00:00 2001
From: Jari Aalto <jari.aa...@cante.net>
Date: Mon, 4 Apr 2011 01:44:28 +0300
Subject: [PATCH 2/2] spamd/spamd.raw: (OPTIONS): Order items alphabetically
Organization: Private
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Signed-off-by: Jari Aalto <jari.aa...@cante.net>
---
spamd/spamd.raw | 602 +++++++++++++++++++++++++++---------------------------
1 files changed, 301 insertions(+), 301 deletions(-)
diff --git a/spamd/spamd.raw b/spamd/spamd.raw
index 5323f39..35766ee 100755
--- a/spamd/spamd.raw
+++ b/spamd/spamd.raw
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w -T
+perldoc /srv/src/vc/spamassassin.svn/spamd/spamd.raw#!/usr/bin/perl -w -T
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
@@ -2926,20 +2926,37 @@ adding I<no> (B<--nouser-config>), however, this is usually unnecessary.
=over 4
-=item B<-l>, B<--allow-tell>
+=item B<-A> I<host,...>, B<--allowed-ips>=I<host,...>
-Allow learning and forgetting (to a local Bayes database), reporting
-and revoking (to a remote database) by spamd. The client issues a TELL
-command to tell what type of message is being processed and whether
-local (learn/forget) or remote (report/revoke) databases should be
-updated.
+Specify a list of authorized hosts or networks which can connect to this spamd
+instance. Single IP addresses can be given, ranges of IP addresses in
+address/masklength CIDR format, or ranges of IP addresses by listing 3 or less
+octets with a trailing dot. Hostnames are not supported, only IP addresses.
+This option can be specified multiple times, or can take a list of addresses
+separated by commas. Examples:
-Note that spamd always trusts the username passed in (unless
-B<--auth-ident> is used) so clients could maliciously learn messages
-for other users. (This is not ususally a concern with an SQL Bayes
-store as users will typically have read-write access directly to the
-database, and can also use C<sa-learn> with the B<-u> option to
-achieve the same result.)
+B<-A 10.11.12.13> -- only allow connections from C<10.11.12.13>.
+
+B<-A 10.11.12.13,10.11.12.14> -- only allow connections from C<10.11.12.13> and
+C<10.11.12.14>.
+
+B<-A 10.200.300.0/24> -- allow connections from any machine in the range
+C<10.200.300.*>.
+
+B<-A 10.> -- allow connections from any machine in the range C<10.*.*.*>.
+
+By default, connections are only accepted from localhost [127.0.0.1].
+
+=item B<--auth-ident>
+
+Verify the username provided by spamc using ident. This is only
+useful if connections are only allowed from trusted hosts (because an
+identd that lies is trivial to create) and if spamc REALLY SHOULD be
+running as the user it represents. Connections are terminated
+immediately if authentication fails. In this case, spamc will pass
+the mail through unchecked. Failure to connect to an ident server,
+and response timeouts are considered authentication failures. This
+requires that Net::Ident be installed.
=item B<-c>, B<--create-prefs>
@@ -2950,11 +2967,6 @@ Create user preferences files if they don't exist (default: don't).
Use the specified path for locating the distributed configuration files.
Ignore the default directories (usually C</usr/share/spamassassin> or similar).
-=item B<--siteconfigpath>=I<path>
-
-Use the specified path for locating site-specific configuration files. Ignore
-the default directories (usually C</etc/mail/spamassassin> or similar).
-
=item B<--cf='config line'>
Add additional lines of configuration directly from the command-line, parsed
@@ -2965,13 +2977,36 @@ used, and each will be considered a separate line of configuration.
Detach from starting process and run in background (daemonize).
-=item B<-h>, B<--help>
+=item B<-D> [I<area,...>], B<--debug> [I<area,...>]
-Print a brief help message, then exit without further action.
+Produce debugging output. If no areas are listed, all debugging information is
+printed. Diagnostic output can also be enabled for each area individually;
+I<area> is the area of the code to instrument. For example, to produce
+diagnostic output on bayes, learn, and dns, use:
-=item B<-V>, B<--version>
+ spamassassin -D bayes,learn,dns
-Print version information, then exit without further action.
+Higher priority informational messages that are suitable for logging in normal
+circumstances are available with an area of "info".
+
+For more information about which areas (also known as channels) are available,
+please see the documentation at:
+
+ C<http://wiki.apache.org/spamassassin/DebugChannels>
+
+=item B<-g> I<groupname>, B<--groupname>=I<groupname>
+
+Run as the named group if --username is being used. If this option is
+not set when --username is used then the primary group for the user
+given to --username is used.
+
+=item B<-H> I<directory>, B<--helper-home-dir>=I<directory>
+
+Specify that external programs such as Razor, DCC, and Pyzor should have
+a HOME environment variable set to a specific directory. The default
+is to use the HOME environment variable setting from the shell running
+spamd. By specifying no argument, spamd will use the spamc caller's
+home directory instead.
=item B<-i> [I<ipaddress>], B<--listen-ip>[=I<ipaddress>], B<--ip-address>[=I<ipaddress>]
@@ -2980,29 +3015,37 @@ you specify no IP address after the switch, spamd will listen on all interfaces.
(This is equal to the address 0.0.0.0). You can also use a valid hostname which
will make spamd listen on the first address that name resolves to.
-=item B<-p> I<port>, B<--port>=I<port>
+=item B<--ident-timeout>=I<timeout>
-Optionally specifies the port number for the server to listen on (default: 783).
+Wait at most I<timeout> seconds for a response to ident queries.
+Authentication that takes long that I<timeout> seconds will fail, and
+mail will not be processed. Setting this to 0.0 or less results in no
+timeout, which is STRONGLY discouraged. The default is 5 seconds.
-If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then this
-port will be used to accept SSL connections instead of unencrypted connections.
-If the B<--ssl> switch is used, and B<--ssl-port> is set, then unencrypted
-connections will be accepted on the B<--port> at the same time as encrypted
-connections are accepted at B<--ssl-port>.
+=item B<--ipv4only>, B<--ipv4-only>, B<--ipv4>
-=item B<-q>, B<--sql-config>
+Do not use IPv6 for DNS tests. Use if the existing tests
+for IPv6 availability produce incorrect results or crashes.
-Turn on SQL lookups even when per-user config files have been disabled
-with B<-x>. this is useful for spamd hosts which don't have user's
-home directories but do want to load user preferences from an SQL
-database.
+=item B<-l>, B<--allow-tell>
-If your spamc client does not support sending the C<User:> header,
-like C<exiscan>, then the SQL username used will always be B<nobody>.
+Allow learning and forgetting (to a local Bayes database), reporting
+and revoking (to a remote database) by spamd. The client issues a TELL
+command to tell what type of message is being processed and whether
+local (learn/forget) or remote (report/revoke) databases should be
+updated.
-This inhibits the setuid() behavior, so the C<-u> option is
-required. If you want the setuid() behaviour, use C<-Q> or
-C<--setuid-with-sql> instead.
+Note that spamd always trusts the username passed in (unless
+B<--auth-ident> is used) so clients could maliciously learn messages
+for other users. (This is not ususally a concern with an SQL Bayes
+store as users will typically have read-write access directly to the
+database, and can also use C<sa-learn> with the B<-u> option to
+achieve the same result.)
+
+=item B<-L>, B<--local>
+
+Perform only local tests on all mail. In other words, skip DNS and other
+network tests. Works the same as the C<-L> flag to C<spamassassin(1)>.
=item B<--ldap-config>
@@ -3012,64 +3055,98 @@ only it is using an LDAP server.
Like C<--sql-config>, this disables the setuid behavior, and requires
C<-u>. If you want it, use C<--setuid-with-ldap> instead.
-=item B<-Q>, B<--setuid-with-sql>
+=item B<--log-timestamp-fmt>=I<format>
-Turn on SQL lookups even when per-user config files have been disabled
-with B<-x> and also setuid to the user. This is useful for spamd hosts
-which want to load user preferences from an SQL database but also wish to
-support the use of B<-H> (Helper home directories.)
+The --log-timestamp-fmt option can provide a POSIX strftime(3) format for
+timestamps included in each logged message. Each logger (stderr, file,
+syslog) has its own default value for a timestamp format, which applies when
+--log-timestamp-fmt option is not given, or with --log-timestamp-fmt=default .
+Timestamps can be turned off by specifying an empty string with this
+option, e.g. --log-timestamp-fmt='' or just --log-timestamp-fmt= .
+Typical use: --log-timestamp-fmt='%a %b %e %H:%M:%S %Y' (provides
+localized weekday and month names in the ctime(3) style),
+or '%a, %e %b %Y %H:%M:%S %z (%Z)' for a RFC 2822 format,
+or maybe '%Y-%m-%d %H:%M:%S%z' for an ISO 8601 (EN 28601) format,
+or just '%Y%m%dT%H%M%S' .
-=item B<--setuid-with-ldap>
+=item B<-m> I<number> , B<--max-children>=I<number>
-Turn on LDAP lookups even when per-user config files have been disabled
-with B<-x> and also setuid to the user. This is again completely analog
-to C<--setuid-with-sql>, only it is using an LDAP server.
+This option specifies the maximum number of children to spawn.
+Spamd will spawn that number of children, then sleep in the background
+until a child dies, wherein it will go and spawn a new child.
-=item B<--virtual-config-dir>=I<pattern>
+Incoming connections can still occur if all of the children are busy,
+however those connections will be queued waiting for a free child.
+The minimum value is C<1>, the default value is C<5>.
-This option specifies where per-user preferences can be found for virtual
-users, for the B<-x> switch. The I<pattern> is used as a base pattern for the
-directory name. Any of the following escapes can be used:
+Please note that there is a OS specific maximum of connections that can be
+queued (Try C<perl -MSocket -e'print SOMAXCONN'> to find this maximum).
-=over 4
+Note that if you run too many servers for the amount of free RAM available, you
+run the danger of hurting performance by causing a high swap load as server
+processes are swapped in and out continually.
-=item %u -- replaced with the full name of the current user, as sent by spamc.
+=item B<--max-conn-per-child>=I<number>
-=item %l -- replaced with the 'local part' of the current username. In other
-words, if the username is an email address, this is the part before the C<@>
-sign.
+This option specifies the maximum number of connections each child
+should process before dying and letting the master spamd process spawn
+a new child. The minimum value is C<1>, the default value is C<200>.
-=item %d -- replaced with the 'domain' of the current username. In other
-words, if the username is an email address, this is the part after the C<@>
-sign.
+=item B<--max-spare>=I<number>
-=item %% -- replaced with a single percent sign (%).
+The upper limit for the number of spare children allowed to run. If there
+are too many spare children, one will be killed every second or so until
+the number of idle children is in the desired range. The default value
+is C<2>.
-=back
+=item B<--min-children>=I<number>
-So for example, if C</vhome/users/%u/spamassassin> is specified, and spamc
-sends a virtual username of C<j...@example.com>, the directory
-C</vhome/users/j...@example.com/spamassassin> will be used.
+The minimum number of children that will be kept running. The minimum value is
+C<1>, the default value is C<1>. If you have lots of free RAM, you may want to
+increase this.
-The set of characters allowed in the virtual username for this path are
-restricted to:
+=item B<--min-spare>=I<number>
- A-Z a-z 0-9 - + _ . , @ =
+The lower limit for the number of spare children allowed to run. A
+spare, or idle, child is one that is not handling a scan request. If
+there are too few spare children available, a new server will be started
+every second or so. The default value is C<1>.
-All others will be replaced by underscores (C<_>).
+=item B<-p> I<port>, B<--port>=I<port>
-This path must be a writable directory. It will be created if it does not
-already exist. If a file called B<user_prefs> exists in this directory (note:
-B<not> in a C<.spamassassin> subdirectory!), it will be loaded as the user's
-preferences. The Bayes databases for that user will be stored in this directory.
+Optionally specifies the port number for the server to listen on (default: 783).
-Note that this B<requires> that B<-x> is used, and cannot be combined with
-SQL- or LDAP-based configuration.
+If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then this
+port will be used to accept SSL connections instead of unencrypted connections.
+If the B<--ssl> switch is used, and B<--ssl-port> is set, then unencrypted
+connections will be accepted on the B<--port> at the same time as encrypted
+connections are accepted at B<--ssl-port>.
-The pattern B<must> expand to an absolute directory when spamd is running
-daemonized (B<-d>).
+=item B<-P>, B<--paranoid>
-Currently, use of this without B<-u> is not supported. This inhibits setuid.
+Die on user errors (for the user passed from spamc) instead of falling back to
+user I<nobody> and using the default configuration.
+
+=item B<-q>, B<--sql-config>
+
+Turn on SQL lookups even when per-user config files have been disabled
+with B<-x>. this is useful for spamd hosts which don't have user's
+home directories but do want to load user preferences from an SQL
+database.
+
+If your spamc client does not support sending the C<User:> header,
+like C<exiscan>, then the SQL username used will always be B<nobody>.
+
+This inhibits the setuid() behavior, so the C<-u> option is
+required. If you want the setuid() behaviour, use C<-Q> or
+C<--setuid-with-sql> instead.
+
+=item B<-Q>, B<--setuid-with-sql>
+
+Turn on SQL lookups even when per-user config files have been disabled
+with B<-x> and also setuid to the user. This is useful for spamd hosts
+which want to load user preferences from an SQL database but also wish to
+support the use of B<-H> (Helper home directories.)
=item B<-r> I<pidfile>, B<--pidfile>=I<pidfile>
@@ -3077,14 +3154,15 @@ Write the process ID of the spamd parent to the file specified by I<pidfile>.
The file will be unlinked when the parent exits. Note that when running
with the B<-u> option, the file must be writable by that user.
-=item B<-v>, B<--vpopmail>
-
-Enable vpopmail config. If specified with with B<-u> set to the vpopmail user,
-this allows spamd to lookup/create user_prefs in the vpopmail user's own
-maildir. This option is useful for vpopmail virtual users who do not have an
-entry in the system /etc/passwd file.
+=item B<--round-robin>
-Currently, use of this without B<-u> is not supported. This inhibits setuid.
+By default, C<spamd> will attempt to keep a small number of "hot" child
+processes as busy as possible, and keep any others as idle as possible, using
+something similar to the Apache httpd server scaling algorithm. This is
+accomplished by the master process coordinating the activities of the children.
+This switch will disable this scaling algorithm, and the behaviour seen in
+the 3.0.x versions will be used instead, where all processes receive an
+equal load and no scaling takes place.
=item B<-s> I<facility>, B<--syslog>=I<facility>
@@ -3096,12 +3174,12 @@ contains any characters except a-z and 0-9. C<null> disables logging completely
(used internally).
Examples:
- spamd -s mail # use syslog, facility mail (default)
- spamd -s ./mail # log to file ./mail
- spamd -s stderr 2>/dev/null # log to stderr, throw messages away
- spamd -s null # the same as above
- spamd -s file # log to file ./spamd.log
- spamd -s /var/log/spamd.log # log to file /var/log/spamd.log
+ spamd -s mail # use syslog, facility mail (default)
+ spamd -s ./mail # log to file ./mail
+ spamd -s stderr 2>/dev/null # log to stderr, throw messages away
+ spamd -s null # the same as above
+ spamd -s file # log to file ./spamd.log
+ spamd -s /var/log/spamd.log # log to file /var/log/spamd.log
If logging to a file is enabled and that log file is rotated, the spamd server
must be restarted with a SIGHUP. (If the log file is just truncated, this is
@@ -3116,279 +3194,201 @@ when you restart the syslogd daemon. (This is due to a shortcoming in Perl's
syslog handling, where the disappearance of the connection to the syslogd is
considered a fatal error.)
-=item B<--syslog-socket>=I<type>
+=item B<--server-cert> I<certfile>
-Specify how spamd should send messages to syslogd. The I<type> can be any
-of the socket types or logging mechanisms as accepted by the subroutine
-Sys::Syslog::setlogsock(). Depending on a version of Sys::Syslog and on the
-underlying operating system, one of the following values (or their subset) can
-be used: C<native>, C<eventlog>, C<tcp>, C<udp>, C<inet>, C<unix>, C<stream>,
-C<pipe>, or C<console>. The value C<eventlog> is specific to Win32 events
-logger and requires a perl module Win32::EventLog to be installed.
-For more information please consult the Sys::Syslog documentation.
+Specify the SSL certificate file to use for SSL connections.
-A historical setting --syslog-socket=none is mapped to --syslog=stderr.
+=item B<--server-key> I<keyfile>
-A default for Windows platforms is C<none>, otherwise the default is
-to try C<unix> first, falling back to C<inet> if perl detects errors
-in its C<unix> support.
-
-Some platforms, or versions of perl, are shipped with old or dysfunctional
-versions of the B<Sys::Syslog> module which do not support some socket types,
-so you may need to set this option explicitly. If you get error messages
-regarding B<__PATH_LOG> or similar spamd, try changing this setting.
-
-The socket types C<file> is used internally and should not be specified.
-Use the C<-s> switch instead.
-
-=item B<--log-timestamp-fmt>=I<format>
-
-The --log-timestamp-fmt option can provide a POSIX strftime(3) format for
-timestamps included in each logged message. Each logger (stderr, file,
-syslog) has its own default value for a timestamp format, which applies when
---log-timestamp-fmt option is not given, or with --log-timestamp-fmt=default .
-Timestamps can be turned off by specifying an empty string with this
-option, e.g. --log-timestamp-fmt='' or just --log-timestamp-fmt= .
-Typical use: --log-timestamp-fmt='%a %b %e %H:%M:%S %Y' (provides
-localized weekday and month names in the ctime(3) style),
-or '%a, %e %b %Y %H:%M:%S %z (%Z)' for a RFC 2822 format,
-or maybe '%Y-%m-%d %H:%M:%S%z' for an ISO 8601 (EN 28601) format,
-or just '%Y%m%dT%H%M%S' .
-
-=item B<-u> I<username>, B<--username>=I<username>
-
-Run as the named user. If this option is not set, the default behaviour
-is to setuid() to the user running C<spamc>, if C<spamd> is running
-as root.
-
-Note: "--username=root" is not a valid option. If specified, C<spamd> will
-exit with a fatal error on startup.
-
-=item B<-g> I<groupname>, B<--groupname>=I<groupname>
-
-Run as the named group if --username is being used. If this option is
-not set when --username is used then the primary group for the user
-given to --username is used.
-
-=item B<-x>, B<--nouser-config>, B<--user-config>
-
-Turn off (on) reading of per-user configuration files (user_prefs) from the
-user's home directory. The default behaviour is to read per-user
-configuration from the user's home directory (B<--user-config>).
-
-This option does not disable or otherwise influence the SQL, LDAP or
-Virtual Config Dir settings.
-
-=item B<--auth-ident>
-
-Verify the username provided by spamc using ident. This is only
-useful if connections are only allowed from trusted hosts (because an
-identd that lies is trivial to create) and if spamc REALLY SHOULD be
-running as the user it represents. Connections are terminated
-immediately if authentication fails. In this case, spamc will pass
-the mail through unchecked. Failure to connect to an ident server,
-and response timeouts are considered authentication failures. This
-requires that Net::Ident be installed.
-
-=item B<--ident-timeout>=I<timeout>
-
-Wait at most I<timeout> seconds for a response to ident queries.
-Authentication that takes long that I<timeout> seconds will fail, and
-mail will not be processed. Setting this to 0.0 or less results in no
-timeout, which is STRONGLY discouraged. The default is 5 seconds.
-
-=item B<-A> I<host,...>, B<--allowed-ips>=I<host,...>
-
-Specify a list of authorized hosts or networks which can connect to this spamd
-instance. Single IP addresses can be given, ranges of IP addresses in
-address/masklength CIDR format, or ranges of IP addresses by listing 3 or less
-octets with a trailing dot. Hostnames are not supported, only IP addresses.
-This option can be specified multiple times, or can take a list of addresses
-separated by commas. Examples:
-
-B<-A 10.11.12.13> -- only allow connections from C<10.11.12.13>.
-
-B<-A 10.11.12.13,10.11.12.14> -- only allow connections from C<10.11.12.13> and
-C<10.11.12.14>.
-
-B<-A 10.200.300.0/24> -- allow connections from any machine in the range
-C<10.200.300.*>.
+Specify the SSL key file to use for SSL connections.
-B<-A 10.> -- allow connections from any machine in the range C<10.*.*.*>.
+=item B<--siteconfigpath>=I<path>
-By default, connections are only accepted from localhost [127.0.0.1].
+Use the specified path for locating site-specific configuration files. Ignore
+the default directories (usually C</etc/mail/spamassassin> or similar).
-=item B<-D> [I<area,...>], B<--debug> [I<area,...>]
+=item B<--setuid-with-ldap>
-Produce debugging output. If no areas are listed, all debugging information is
-printed. Diagnostic output can also be enabled for each area individually;
-I<area> is the area of the code to instrument. For example, to produce
-diagnostic output on bayes, learn, and dns, use:
+Turn on LDAP lookups even when per-user config files have been disabled
+with B<-x> and also setuid to the user. This is again completely analog
+to C<--setuid-with-sql>, only it is using an LDAP server.
- spamassassin -D bayes,learn,dns
+=item B<--socketgroup> I<name>
-Higher priority informational messages that are suitable for logging in normal
-circumstances are available with an area of "info".
+Set UNIX domain socket to be owned by the group named I<name>. See
+C<--socketowner> for notes on ownership and permissions.
-For more information about which areas (also known as channels) are available,
-please see the documentation at:
+=item B<--socketmode> I<mode>
- C<http://wiki.apache.org/spamassassin/DebugChannels>
+Set UNIX domain socket to use the octal mode I<mode>. Note that if C<-u> is
+used, that user should have write permissions to unlink the file later, for
+when the C<spamd> server is killed.
-=item B< --ipv4only>, B<--ipv4-only>, B<--ipv4>
+=item B<--socketowner> I<name>
-Do not use IPv6 for DNS tests. Use if the existing tests
-for IPv6 availability produce incorrect results or crashes.
+Set UNIX domain socket to be owned by the user named I<name>. Note
+that this requires that spamd be started as C<root>, and if C<-u>
+is used, that user should have write permissions to unlink the file
+later, for when the C<spamd> server is killed.
-=item B<-L>, B<--local>
+=item B<--socketpath> I<pathname>
-Perform only local tests on all mail. In other words, skip DNS and other
-network tests. Works the same as the C<-L> flag to C<spamassassin(1)>.
+Listen on UNIX domain path I<pathname> instead of a TCP socket.
-=item B<-P>, B<--paranoid>
+Warning: the Perl support on BSD platforms for UNIX domain sockets seems to
+have a bug regarding paths of over 100 bytes or so (SpamAssassin bug 4380). If
+you see a 'could not find newly-created UNIX socket' error message, and the
+path appears truncated, this may be the cause. Try using a shorter path
+to the socket.
-Die on user errors (for the user passed from spamc) instead of falling back to
-user I<nobody> and using the default configuration.
+By default, use of B<--socketpath> will inhibit SSL connections and unencrypted
+TCP connections. To enable them, specify B<--port> and/or B<--ssl-port>
+explicitly.
-=item B<-m> I<number> , B<--max-children>=I<number>
+=item B<--ssl>
-This option specifies the maximum number of children to spawn.
-Spamd will spawn that number of children, then sleep in the background
-until a child dies, wherein it will go and spawn a new child.
+Accept only SSL connections on the associated port.
+The B<IO::Socket::SSL> perl module must be installed.
-Incoming connections can still occur if all of the children are busy,
-however those connections will be queued waiting for a free child.
-The minimum value is C<1>, the default value is C<5>.
+If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then
+B<--port> port will be used to accept SSL connections instead of unencrypted
+connections. If the B<--ssl> switch is used, and B<--ssl-port> is set, then
+unencrypted connections will be accepted on the B<--port>, at the same time as
+encrypted connections are accepted at B<--ssl-port>.
-Please note that there is a OS specific maximum of connections that can be
-queued (Try C<perl -MSocket -e'print SOMAXCONN'> to find this maximum).
+=item B<--ssl-port>=I<port>
-Note that if you run too many servers for the amount of free RAM available, you
-run the danger of hurting performance by causing a high swap load as server
-processes are swapped in and out continually.
+Optionally specifies the port number for the server to listen on for
+SSL connections (default: whatever --port uses). See B<--ssl> for
+more details.
-=item B<--min-children>=I<number>
+=item B<--ssl-version>=I<sslversion>
-The minimum number of children that will be kept running. The minimum value is
-C<1>, the default value is C<1>. If you have lots of free RAM, you may want to
-increase this.
+Specify the SSL protocol version to use, one of
+B<sslv2>, B<sslv3>, B<tlsv1>, or B<sslv23>.
+The default, B<sslv23>, is the most flexible, accepting a SSLv2 or higher
+hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client
+can accept it.
+Specifying B<--ssl-version> implies B<--ssl>.
-=item B<--min-spare>=I<number>
+=item B<--syslog-socket>=I<type>
-The lower limit for the number of spare children allowed to run. A
-spare, or idle, child is one that is not handling a scan request. If
-there are too few spare children available, a new server will be started
-every second or so. The default value is C<1>.
+Specify how spamd should send messages to syslogd. The I<type> can be any
+of the socket types or logging mechanisms as accepted by the subroutine
+Sys::Syslog::setlogsock(). Depending on a version of Sys::Syslog and on the
+underlying operating system, one of the following values (or their subset) can
+be used: C<native>, C<eventlog>, C<tcp>, C<udp>, C<inet>, C<unix>, C<stream>,
+C<pipe>, or C<console>. The value C<eventlog> is specific to Win32 events
+logger and requires a perl module Win32::EventLog to be installed.
+For more information please consult the Sys::Syslog documentation.
-=item B<--max-spare>=I<number>
+A historical setting --syslog-socket=none is mapped to --syslog=stderr.
-The upper limit for the number of spare children allowed to run. If there
-are too many spare children, one will be killed every second or so until
-the number of idle children is in the desired range. The default value
-is C<2>.
+A default for Windows platforms is C<none>, otherwise the default is
+to try C<unix> first, falling back to C<inet> if perl detects errors
+in its C<unix> support.
-=item B<--max-conn-per-child>=I<number>
+Some platforms, or versions of perl, are shipped with old or dysfunctional
+versions of the B<Sys::Syslog> module which do not support some socket types,
+so you may need to set this option explicitly. If you get error messages
+regarding B<__PATH_LOG> or similar spamd, try changing this setting.
-This option specifies the maximum number of connections each child
-should process before dying and letting the master spamd process spawn
-a new child. The minimum value is C<1>, the default value is C<200>.
+The socket types C<file> is used internally and should not be specified.
+Use the C<-s> switch instead.
-=item B<--round-robin>
+=item B<--timeout-child>=I<number>
-By default, C<spamd> will attempt to keep a small number of "hot" child
-processes as busy as possible, and keep any others as idle as possible, using
-something similar to the Apache httpd server scaling algorithm. This is
-accomplished by the master process coordinating the activities of the children.
-This switch will disable this scaling algorithm, and the behaviour seen in
-the 3.0.x versions will be used instead, where all processes receive an
-equal load and no scaling takes place.
+This option specifies the number of seconds to wait for a spamd child to
+process or check a message. The minimum value is C<1>, the default
+value is C<300>, and a value of C<0> will disable child timeouts completely.
=item B<--timeout-tcp>=I<number>
This option specifies the number of seconds to wait for headers from a
-client (spamc) before closing the connection. The minimum value is C<1>,
+client (spamc) before closing the connection. The minimum value is C<1>,
the default value is C<30>, and a value of C<0> will disable socket
timeouts completely.
-=item B<--timeout-child>=I<number>
+=item B<-u> I<username>, B<--username>=I<username>
-This option specifies the number of seconds to wait for a spamd child to
-process or check a message. The minimum value is C<1>, the default
-value is C<300>, and a value of C<0> will disable child timeouts completely.
+Run as the named user. If this option is not set, the default behaviour
+is to setuid() to the user running C<spamc>, if C<spamd> is running
+as root.
-=item B<-H> I<directory>, B<--helper-home-dir>=I<directory>
+Note: "--username=root" is not a valid option. If specified, C<spamd> will
+exit with a fatal error on startup.
-Specify that external programs such as Razor, DCC, and Pyzor should have
-a HOME environment variable set to a specific directory. The default
-is to use the HOME environment variable setting from the shell running
-spamd. By specifying no argument, spamd will use the spamc caller's
-home directory instead.
+=item B<-v>, B<--vpopmail>
-=item B<--ssl>
+Enable vpopmail config. If specified with with B<-u> set to the vpopmail user,
+this allows spamd to lookup/create user_prefs in the vpopmail user's own
+maildir. This option is useful for vpopmail virtual users who do not have an
+entry in the system /etc/passwd file.
-Accept only SSL connections on the associated port.
-The B<IO::Socket::SSL> perl module must be installed.
+Currently, use of this without B<-u> is not supported. This inhibits setuid.
-If the B<--ssl> switch is used, and B<--ssl-port> is not supplied, then
-B<--port> port will be used to accept SSL connections instead of unencrypted
-connections. If the B<--ssl> switch is used, and B<--ssl-port> is set, then
-unencrypted connections will be accepted on the B<--port>, at the same time as
-encrypted connections are accepted at B<--ssl-port>.
+=item B<--virtual-config-dir>=I<pattern>
-=item B<--ssl-port>=I<port>
+This option specifies where per-user preferences can be found for virtual
+users, for the B<-x> switch. The I<pattern> is used as a base pattern for the
+directory name. Any of the following escapes can be used:
-Optionally specifies the port number for the server to listen on for
-SSL connections (default: whatever --port uses). See B<--ssl> for
-more details.
+=over 4
-=item B<--ssl-version>=I<sslversion>
+=item %u -- replaced with the full name of the current user, as sent by spamc.
-Specify the SSL protocol version to use, one of
-B<sslv2>, B<sslv3>, B<tlsv1>, or B<sslv23>.
-The default, B<sslv23>, is the most flexible, accepting a SSLv2 or higher
-hello handshake, then negotiating use of SSLv3 or TLSv1 protocol if the client
-can accept it.
-Specifying B<--ssl-version> implies B<--ssl>.
+=item %l -- replaced with the 'local part' of the current username. In other
+words, if the username is an email address, this is the part before the C<@>
+sign.
-=item B<--server-key> I<keyfile>
+=item %d -- replaced with the 'domain' of the current username. In other
+words, if the username is an email address, this is the part after the C<@>
+sign.
-Specify the SSL key file to use for SSL connections.
+=item %% -- replaced with a single percent sign (%).
-=item B<--server-cert> I<certfile>
+=back
-Specify the SSL certificate file to use for SSL connections.
+So for example, if C</vhome/users/%u/spamassassin> is specified, and spamc
+sends a virtual username of C<j...@example.com>, the directory
+C</vhome/users/j...@example.com/spamassassin> will be used.
-=item B<--socketpath> I<pathname>
+The set of characters allowed in the virtual username for this path are
+restricted to:
-Listen on UNIX domain path I<pathname> instead of a TCP socket.
+ A-Z a-z 0-9 - + _ . , @ =
-Warning: the Perl support on BSD platforms for UNIX domain sockets seems to
-have a bug regarding paths of over 100 bytes or so (SpamAssassin bug 4380). If
-you see a 'could not find newly-created UNIX socket' error message, and the
-path appears truncated, this may be the cause. Try using a shorter path
-to the socket.
+All others will be replaced by underscores (C<_>).
-By default, use of B<--socketpath> will inhibit SSL connections and unencrypted
-TCP connections. To enable them, specify B<--port> and/or B<--ssl-port>
-explicitly.
+This path must be a writable directory. It will be created if it does not
+already exist. If a file called B<user_prefs> exists in this directory (note:
+B<not> in a C<.spamassassin> subdirectory!), it will be loaded as the user's
+preferences. The Bayes databases for that user will be stored in this directory.
-=item B<--socketowner> I<name>
+Note that this B<requires> that B<-x> is used, and cannot be combined with
+SQL- or LDAP-based configuration.
-Set UNIX domain socket to be owned by the user named I<name>. Note
-that this requires that spamd be started as C<root>, and if C<-u>
-is used, that user should have write permissions to unlink the file
-later, for when the C<spamd> server is killed.
+The pattern B<must> expand to an absolute directory when spamd is running
+daemonized (B<-d>).
-=item B<--socketgroup> I<name>
+Currently, use of this without B<-u> is not supported. This inhibits setuid.
-Set UNIX domain socket to be owned by the group named I<name>. See
-C<--socketowner> for notes on ownership and permissions.
+=item B<-x>, B<--nouser-config>, B<--user-config>
-=item B<--socketmode> I<mode>
+Turn off (on) reading of per-user configuration files (user_prefs) from the
+user's home directory. The default behaviour is to read per-user
+configuration from the user's home directory (B<--user-config>).
-Set UNIX domain socket to use the octal mode I<mode>. Note that if C<-u> is
-used, that user should have write permissions to unlink the file later, for
-when the C<spamd> server is killed.
+This option does not disable or otherwise influence the SQL, LDAP or
+Virtual Config Dir settings.
+
+=item B<-h>, B<--help>
+
+Print a brief help message, then exit without further action.
+
+=item B<-V>, B<--version>
+
+Print version information, then exit without further action.
=back
--
1.7.4.1
>From ee396f4c4089120ce5567b58f6a7d1709f436168 Mon Sep 17 00:00:00 2001
From: Jari Aalto <jari.aa...@cante.net>
Date: Mon, 4 Apr 2011 01:43:26 +0300
Subject: [PATCH 1/2] spamd/spamd.raw: (SYNOPSIS::Options): Order items alphabetically
Organization: Private
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Signed-off-by: Jari Aalto <jari.aa...@cante.net>
---
spamd/spamd.raw | 55 ++++++++++++++++++++++++++++---------------------------
1 files changed, 28 insertions(+), 27 deletions(-)
diff --git a/spamd/spamd.raw b/spamd/spamd.raw
index 9d1502c..5323f39 100755
--- a/spamd/spamd.raw
+++ b/spamd/spamd.raw
@@ -2840,58 +2840,59 @@ spamd [options]
Options:
- -l, --allow-tell Allow learning/reporting
+ -A host,..., --allowed-ips=..,.. Limit ip addresses which can connect
+ --auth-ident Use ident to authenticate spamc user
-c, --create-prefs Create user preferences files
-C path, --configpath=path Path for default config files
+ -D, --debug[=areas] Print debugging messages (for areas)
--siteconfigpath=path Path for site configs
--cf='config line' Additional line of configuration
-d, --daemonize Daemonize
- -h, --help Print usage message
+ -g groupname, --groupname=groupname Run as groupname
+ -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
-i [ipaddr], --listen-ip=ipaddr Listen on the IP ipaddr
+ --ident-timeout=timeout Timeout for ident connections
--ipv4only, --ipv4-only, --ipv4 Disable attempted use of ipv6 for DNS
- -p port, --port=port Listen on specified port
+ -l, --allow-tell Allow learning/reporting
+ -L, --local Use local tests only (no DNS)
+ --ldap-config Enable LDAP config (needs -x)
+ --log-timestamp-fmt=fmt strftime(3) format for timestamps, may be
+ empty to disable timestamps, or 'default'
-m num, --max-children=num Allow maximum num children
--min-children=num Allow minimum num children
--min-spare=num Lower limit for number of spare children
--max-spare=num Upper limit for number of spare children
--max-conn-per-child=num Maximum connections accepted by child
before it is respawned
- --round-robin Use traditional prefork algorithm
- --timeout-tcp=secs Connection timeout for client headers
- --timeout-child=secs Connection timeout for message checks
+ -p port, --port=port Listen on specified port
+ -P, --paranoid Die upon user errors
-q, --sql-config Enable SQL config (needs -x)
-Q, --setuid-with-sql Enable SQL config (needs -x,
enables use of -H)
- --ldap-config Enable LDAP config (needs -x)
+ -r file, --pidfile=file Write the process id to pidfile
+ --round-robin Use traditional prefork algorithm
+ -s facility, --syslog=facility Specify the syslog facility
--setuid-with-ldap Enable LDAP config (needs -x,
enables use of -H)
- --virtual-config-dir=dir Enable pattern based Virtual configs
- (needs -x)
- -r pidfile, --pidfile Write the process id to pidfile
- -s facility, --syslog=facility Specify the syslog facility
- --syslog-socket=type How to connect to syslogd
- --log-timestamp-fmt=fmt strftime(3) format for timestamps, may be
- empty to disable timestamps, or 'default'
- -u username, --username=username Run as username
- -g groupname, --groupname=groupname Run as groupname
- -v, --vpopmail Enable vpopmail config
- -x, --nouser-config Disable user config files
- --auth-ident Use ident to authenticate spamc user
- --ident-timeout=timeout Timeout for ident connections
- -A host,..., --allowed-ips=..,.. Limit ip addresses which can connect
- -D, --debug[=areas] Print debugging messages (for areas)
- -L, --local Use local tests only (no DNS)
- -P, --paranoid Die upon user errors
- -H [dir], --helper-home-dir[=dir] Specify a different HOME directory
--ssl Run an SSL server
--ssl-port port Listen on port for SSL connections
--ssl-version sslversion Specify SSL protocol version to use
--server-key keyfile Specify an SSL keyfile
--server-cert certfile Specify an SSL certificate
- --socketpath=path Listen on given UNIX domain socket
- --socketowner=name Set UNIX domain socket file's owner
--socketgroup=name Set UNIX domain socket file's group
--socketmode=mode Set UNIX domain socket file's mode
+ --socketowner=name Set UNIX domain socket file's owner
+ --socketpath=path Listen on given UNIX domain socket
+ --syslog-socket=type How to connect to syslogd
+ --timeout-tcp=secs Connection timeout for client headers
+ --timeout-child=secs Connection timeout for message checks
+ -u username, --username=username Run as username
+ --virtual-config-dir=dir Enable pattern based Virtual configs
+ (needs -x)
+ -v, --vpopmail Enable vpopmail config
+ -x, --nouser-config Disable user config files
+
+ -h, --help Print usage message
-V, --version Print version and exit
=head1 DESCRIPTION
--
1.7.4.1
