########################################################################### # spamcatcher.conf # # Sample configuration file for spamcatcher. Format of a line is: # # key=value # # Blank lines are ignored, as is anything starting with a '#' character # # ############################################################################ # Name: snhost # Arguments: servername # Default: none # Description: This parameter configures which SpamCatcher Network host to query # for rule updates and/or netchecks. # snhost= # Name: sdk_engine_repository # Arguments: path to directory # Default: http://[snhost]/spamcatchersdk/updates # Description: Directory where control.txt is located. # Notes: control.txt contains engine update configuration information. # sdk_engine_repository=http://www.mailshell.com/spamcatchersdk/updates # Name: ruleupdate # Arguments: 0 | 600 - (2^31-1) # Default: 300 # # Description: # How often to retrieve new rules from the Mailshell SpamLabs. The # value is specified in units of integral seconds. # Note that a value of "0" disables this feature and rule files will # not be updated. # This has a minimum value of 60 # ruleupdate=300 # Name: sntimeout # Arguments: 0 - 2^31-1 # Default: 5 # # Description: # Limit how long single request to the Mailshell SpamLabs can take. The value # is specified in units of integral seconds. # Note that a value of "0" disables this feature and no limit will be placed. # sntimeout=5 # Name: use_both_mimesections # Arguments: yes | no # Default: yes # # Description: # The SDK will analyze both text/plain and text/html MIME sections in a # message. If additional performance is desired, it is possible to only analyze # one section. If this option is set to "no", then only one section will be analyzed. # use_both_mimesections=yes # Name: use_score_history # Arguments: yes | no # Default: no # # Description: # Enables the tracking of historical scores for repeat senders. # use_score_history=no # Name: use_score_offsets # Arguments: yes | no # Default: no # # Description: # Enables fingerprint score offset training. use_score_offsets=yes # Name: use_https # Arguments: yes | no # Default: no # # Description: # Obsoleted. This option is ignored. # use_https=no # Name: verbose # Arguments: yes | no # Default: no # # Description: # Enables increased verbose logging. # verbose=no # Name: dbg_logfile # Arguments: filename # Default: none # # Description: # Redirects log output to a file in the conf directory. dbg_logfile=dbg_logfile.log # Name: extended_rules # Arguments: yes | no # Default: yes # # Description: # Enables the extended rule set. This replaces the old use_cache option. The # old use_cache option is now equivalent to this option. # This rule set extension is stored as file sc3.bin. # extended_rules=yes # Name: extended_rules2 # Arguments: yes | no # Default: yes # # Description: # Enables the second extension to rule set. # This rule set extension is stored as as file sc6.bin. # extended_rules2=yes # Name: enable_fingerprint_cache # Arguments: yes | no # Default: yes # # Description: # Enables usage of a fingerprint cache. # enable_fingerprint_cache=yes # Name: enable_domain_cache # Arguments: yes|no # Default: yes # # Description: # Enables usage of a domain reputation cache. # If enabled, domains are extracted from messages and compared against # a domain reputation cache. # # The domain reputation cache is stored in file sc8.bin. # enable_domain_cache=yes # Name: netcheck # Arguments: yes | no | auto # Default: no # # Description: # Whether to communicate with the Mailshell SpamLabs to determine scoring via # old slower v4.x protocol. # # Notes: 'auto' setting allows the SDK to automatically use the # netcheck feature as a fallback to LiveFeed queries. # netcheck=no # Name: pcre_match_limit # Arguments: 0 - 2^32-1 # Default: 100 for FreeBSD, 10000 for others # # Description: # Sets the maximum thread stack size to use. If the thread stack size is set # to 64KB (e.g. FreeBSD), then this variable should be set to 100 or less. If the # thread stack size is set to greater than 1MB (e.g. Linux, Solaris, and MacOSX), # then this variable should be set to 10000 or less. If this variable is set # below 200, accuracy can be reduced by a couple of percentages. # pcre_match_limit=10000 # Name: proxy_host # Arguments: host:port # Default: none # # Description: # Specifies the host name and port number of a HTTP proxy to connect to # the Mailshell servers. # proxy_host= # Name: proxy_userpwd # Arguments: username:password # Default: none # # Description: # Specifies the user name and password of the HTTP proxy to connect to # the Mailshell servers. # proxy_userpwd= # Name: rbl_list # Arguments: servername:response:offset, # Default: none # # Description: # Specifies a list of Realtime Blackhole List (RBL) servers to query when # analyzing messages. # Format: rbl_list=server:response:offset,server2:response2:offset2,... # rbl_list expects a comma separated list of RBL entries. In turn, each RBL entry consists of up to 3 colon separated items. Those items are: # 1) server - name of an RBL server # 2) response - the response given by an RBL server when an IP address is listed e.g. 127.0.0.2, 127.0.0.3, 127.0.0.4, etc. This is optional. The default is that all responses apply. # 3) offset - The numeric offset to apply to the spam score if an IP address is listed on this RBL server. This is optional. The default is an offset of 100 # Example: rbl_list=bl.spamcop.net::40,bl.spamcop.net:127.0.0.3:75 # rbl_list= # Name: enable_word_training # Arguments: yes | no # Default: no # # Description: # This option controls whether Bayesian Word Token analysis is # used. Accuracy can be greatly improved but more memory is used and # it is slightly slower. # # "no" - disables option # "yes" - enables option enable_word_training=yes # Name: max_word_entries # Arguments: integer # Default: 50000 # # Description: # This option specifies the number of word tokens to cache at any time. # The higher the number, the more memory is used but also the higher the # accuracy. enable_word_training must be yes or this option is ignored. # max_word_entries = 50000 # Name: enable_rules # Arguments: yes | no # Default: yes # # Description: # This option controls whether slower heuristic rules are used. Accuracy can be greatly # improved but more memory is used and it is much slower. # # "no" - disables option # "yes" - enables option # enable_rules=yes # Name: rule_weights # Arguments: ruleidA:weightA,ruleidB:weightB,... # Default: none # # Description: # This option allows overriding weights associated with individual # Mailshell Rules. The format is a comma delimited list of "ruleid" and # "weight" pairs. The pairs are themselves delimited with a colon. # rule_weights= # Name: enable_training_updates # Arguments: yes | no # Default: yes # # Description: # This option controls whether the word, rules, and fingerprint training database # can be modified or is read-only after initial load. A read-only training database is faster. # # "no" - the training databases can be modified. # "yes" - the training databases are read-only. # enable_training_updates=yes # Name: auto_training_threshold # Arguments: low:high # Default: -1:101 # # Description: # Sets a threshold for auto-training. If a message is scored at or above the # high threshold, that message is considered a definite spam and is then used # to train all the enabled bayesian modules (rules and/or word) but not # sender or fingerprint. # # If a message is scored at or below the low threshold, that message is considered # a definite ham and is then used to train all the enabled bayesian modules # (rules and/or word) but not sender or fingerprint. enable_word_training and # enable_training_updates must be yes or this option is ignored. auto_training_threshold=2:98 # Name: min_training # Arguments: integer # Default: 100 # # Description: # Initially, only the rule weights are used to compute the spam score. Once a minimum # set of training data is achieved, rule/word training data replaces the rule weights. # The default minimum is 100 which means that must train on at least 100 equivalent known # ham messages and 100 equivalent spam messages for a total of 200 messages before # the training data replaces the rule weights. If the number is too low then the accuracy could # be poor due to insufficient data. If the number is too high, then the training # data will not be fully taken advantage of. A value of 0 will cause # rule weights to always be ignored. # min_training=100 # Name: full_training_weight # Arguments: yes | no # Default: no # # Description: # Controls whether to give full weight to training data. If this option # is set to "yes" then scoring will be based solely on training data. # If option is "no" then both rules and training data will be used. full_training_weight=yes # Name: training_write_buffer # Arguments: an integer # Default: 1000 # # Description: # While training, the SDK will process a configurable amount of messages # before writing the training database to disk. This option determines # how many messages to process before writing to disk. # # Writing to disk is expensive so this number should be made as large # as possible for maximum performance. # # If program is unexpectedly terminated before buffer has been written to # disk, then training performed since the last disk write will be lost. # The buffer is written to disk on normal termination. # training_write_buffer=1000 # Name: dnsbl_list # Arguments: servername:response:offset, # Default: none # # Description: Specifies a list of DNS Blocklist (DNSBL) servers # to query with domains and IPs extracted from the message body. # dnsbl_list= # Name: dnsbl_max_domains # Arguments: integer # Default: 4 # # Description: Allows limiting how many domains and IPs are # queried against the DNS Blocklist server. # dnsbl_max_domains=4 # Name: dnsbl_threshold # Arguments: low:high # Default: 1:99 # # Description: If score is greater than value then only those DNSBL servers # which can bring score value are queried. If score is less than value # then only those DNSBL servers which can bring score above value # are queried. If score is then all DNSBL servers are queried. # dnsbl_threshold=1:99 # Name: dnsbl_timeout # Arguments: integer # Default: 1 # # Description: Allows setting a maximum timeout for # finishing all DNSBL queries. # dnsbl_timeout=1 # Name: ignored_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be ignored when doing # RBL checks. Format is a comma delimited list of single IPs or ranges of # IPs. The following are always implicitly ignored: # 10.0.0.0/8, 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0 # # Ranges can be specified in three ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # ignored_ip_list= # Name: approved_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be approved # Format is a comma delimited list of single IPs or ranges of IPs. # Ranges can be specified in two ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # # If the first non-ignored IP in Received: headers match any in this list # then message is scored a 0 and no other checks are made. # approved_ip_list= # Name: blocked_ip_list # Arguments: 1.2.3.4,2.3.4.5-2.3.4.8,2.3.4.0/24,5.6.0.0/16 # Default: none # # Description: # This option allows specifying IPs which should be blocked. # Format is a comma delimited list of single IPs or ranges of IPs. # # Ranges can be specified in three ways: # a) startingIP-endingIP # b) IP/netmask # c) IP # # If any IP addresses in Received: headers match any in this list # then message is scored a 100 and no other checks are made. # blocked_ip_list= # Name: approved_domain_list # Arguments: domain1,domain2 # Default: none # # Description: # This option allows specifying body domains and IPs which should # should always be approved # approved_domain_list= # Name: blocked_domain_list # Arguments: domain1,domain2 # Default: none # # Description: # This option allows specifying body domains and IPs which should # should always be blocked # blocked_domain_list= # Name: ignored_domain_list # Arguments: domain1,domain2 # Default: none # # Description: # This option allows specifying body domains and IPs which should # always be excluded from the DNSBL checks and ignored. # ignored_domain_list= # Name: rbl_threshold # Arguments: low:high # Default: 1:99 # # Description: # Since RBL checks can introduce latency and a decrease in performance, # this option allows running RBLs check conditionally based on the score # prior to RBL checks. # # If score is greater than the "high" value then only those RBL servers # which can bring score below "high" value are queried. # # If score is less than the "low" value then only those RBL servers # which can bring score above "low" value are queried. # # If score is between "low" and "high" then all RBL servers are queried. # # rbl_list must be specified or this option is ignored. # rbl_threshold=1:99 # Name: rbl_timeout # Arguments: integer # Default: 1 # # Description: # This option allows setting a maximum timeout for finishing all RBL # queries. # RBL responses are only used from those RBL servers which responded in # time. # # If value is "0" then no timeout is enforced. # # rbl_list must be specified or this option is ignored. # rbl_timeout=1 # Name: rbl_max_ips # Arguments: integer # Default: 4 # # Description: # This option allows limiting how many IP addresses are queried against # the RBL server. Note that the total number of RBL queries will be # the number of IP addresses in the Received: headers (up to a max of # rbl_maxcheck_ips) multiplied by the number of RBL servers specified in # "rbl_list". # If the value is "0" then unlimited number of received headers are checked. # # Note that IPs which match against the "ignored_ip_list" option do not # count towards the rbl_max_ips limit. # # rbl_list must be specified or this option is ignored. # rbl_max_ips=4 # Name: home_country_list # Arguments: us,ca,kr,... # Default: none # # Description: # This option allows specifying a list of countries which are # considered "home" countries. Messages routed through a country # which is not on this list will be scored more aggressively. # If this option is empty then no penalty will occur. # # Countries are specified by their two-letter code as defined in ISO 3166 # # home_country_list= # Name: blocked_country_list # Arguments: countryCode1:offset1,countryCode2:offset2... # Default: none # # Description: # Allows blocking by country. The format is a comma delimited list of # "country" and "offset" pairs which are themselves delimited by a # colon. Country is specified as two letter code (ISO-3166). Offsets # are optional and default to a value of 100. # # If an IP address in a received header matches a listed country, then # that offset is used and we stop checking any other IPs. If one # is in Russia and the user has set "ru:someOffset", then it will apply. # # The country codes aren't applied to sender addresses. # If you want to block From addresses ending in .ru, you can use the email # address block list. # # Note that it is possible for a message to have traveled through # various countries before reaching the final destination. # # Note that this option is only 98% accurate so blocking countries can # result in false positives. # blocked_country_list= # Name: blocked_charset_list # Arguments: charset1:offset1,charset2:offset2... # Default: none # # Description: # Allows blocking by character-set. The format is a comma delimited list of # "char-set" and "offset" pairs which are themselves delimited by a # colon. A char-set to foreign language map can be found at: # http://www.w3.org/International/O-charset-list.html # Offsets are optional and default to a value of 100. # # Note that language to char-set mapping is not 100% accurate # so blocking charsets can result in false positives. # blocked_charset_list= # Name: netcheck_threshold # Arguments: low:high # Default: 1:99 # # Description: # Since networks can introduce latency and a decrease in performance, # this option allows running network checks conditionally based on the # score. netcheck must be yes or this option is ignored. # # Network is only queried if score is at or between the "low" and "high" range # specified via this option. # netcheck_threshold=1:99 # Name: spoofed_sender_list # Arguments: address1:iprange1:offset1,address2:iprange2:offset2... # Default: none # # Description: # Allows blocking spammers who spoof your domain name and # other domain names. For example, spammers often use the recipient's # domain name as the From: domain name. This list allows you to specify which # mail servers are allowed to use which domain names in the From: address # spoofed_sender_list= # Name: scan_attachments # Arguments: yes | no # Default: no # # Description: # This option controls whether the SDK will scan and consider attachments # when computing the spam score. # "no" - disables option # "yes" - enables option scan_attachments=yes # Name: enable_spamcompiler_cache # Arguments: yes|no # Default: yes # Description: If this option is set to yes, SpamCompiler will store the # compiled data on disk instead of memory to reduce memory usage. # enable_spamcompiler_cache=yes # Name: spamcompiler_cache_list # Arguments: index1,index2,... # Default: none # Description: # Description: This option specifies which rules files are compiled # on disk instead of memory. # This option is only relevant if enable_spamcompiler_cache=yes # spamcompiler_cache_list= # Name: enable_legitrepute_cache # Arguments: yes|no # Default: yes # Description: Enables usage of a LegitRepute cache to reduce false positives # especially for newsletters. # enable_legitrepute_cache=yes # Name: convert_unicode # Arguments: yes|no # Default: yes # Description: Improves accuracy and throughput for email message bodies in Unicode # especially double-byte languages by converting the message into single-bytes. # convert_unicode=yes # Name: retrieverules_list # Arguments: index1,index2,... # Default: none # Description: This option specifies which rules files are downloaded when # retrieveRules() is called. If the option is blank then retrieveRules() # will only download files which are necessary to support a given # configuration (based on other options). # retrieverules_list= # Name: enable_spf # Arguments: yes|no # Default: yes # Description: # This option controls whether or not to do Sender Policy Framework (SPF) # checks. If set to yes, then the SDK will attempt to validate that the # sender is allowed to send from a particular domain based on the domain's # published policy. # enable_spf=yes # Name: enable_all_spf # Arguments: yes|no # Default: no # Description: # This option controls whether or not domains which are not listed in # the spf_list option or in Mailshell's rule file will undergo SPF checks. # This option requires enable_realtime_spf to be set to yes. # enable_all_spf=no # Name: enable_realtime_spf # Arguments: yes|no # Default: no # Description: # This option controls whether live DNS queries will be performed for SPF # checks. This may result in greater latency. # enable_realtime_spf=no # Name: spf_list # Arguments: domain1:"weights1":"spf record1",domain2:"weights2":"spf record2": ... # Default: none # Description: # This option allows you to override a domain's SPF record. Through the "weights", # you can specify how a particular SPF result will affect the message score. # spf_list= # Name: spf_pass_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Pass for the from domain. # spf_pass_weight=0 # Name: spf_fail_weight # Arguments: integer # Default: 10 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Fail for the from domain. # spf_fail_weight=10 # Name: spf_neutral_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Neutral for the from domain. # spf_neutral_weight=0 # Name: spf_none_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is None for the from domain. # spf_none_weight=0 # Name: spf_softfail_weight # Arguments: integer # Default: 5 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is SoftFail for the from domain. # spf_softfail_weight=5 # Name: spf_permerror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Permanent Error for the from domain. # spf_permerror_weight=0 # Name: spf_temperror_weight # Arguments: integer # Default: 0 # Description: # This option allows you to specify the default offset to apply to scores when # the SPF result is Temporary Error for the from domain. # spf_temperror_weight=0 # Name: spam_threshold # Arguments: integer # Default: 90 # Description: # This option allows you to tell the SDK to stop analyzing the message once # a score has been reached. This can reduce the number of rules and other # checks that are performed, thus improving throughput. # spam_threshold=90 # Name: target_throughput # Arguments: integer # Default: 0 # Description: # This option allows you to specify the desired throughput in messages per # second. The Mailshell SDK will attempt to reach that level by optimizing # the rules that are run. It is possible that accuracy may be reduced. # A value of 0 disables the option. # target_throughput=0 # Name: enable_filecleanup_on_retrieve # Arguments: yes | no # Default: yes # Description: # The SDK, by default, will clean up older rule files from the # configuration directory when a new file is retrieved from the Mailshell # SpamCatcher network. However, some users of the SDK will want to # archive older rule files. This can be done by disabling the cleanup feature. # enable_filecleanup_on_retrieve=yes # Name: enable_filemerge_on_reload # Arguments: yes | no # Default: yes # Description: # The SDK, by default, will merge multiple incr files and a full file into a # single updated full file. This is done to reduce file clutter in the # configuration directory. # enable_filemerge_on_reload=yes # Name: retrieve_incr_only # Arguments: yes | no # Default: no # Description: # The SDK, by default, will attempt to download the most size efficient # combination of full and incr file. The SDK can be forced to only download # incr file by setting this option to yes. # retrieve_incr_only=no # Name: home_language_list # Arguments: languageCode1,languageCode2,... # Default: none # Description: # This option permits you to set languages which are preferred in your email messages. # The country codes are two character ISO-639 language codes. Please refer to the # SDK documentation for the list of supported codes. # home_language_list= # Name: enable_auto_update_data_thread # Arguments: yes|no # Default: yes # Description: # Launches a thread to automatically download and update the engine data. # If no, then the data download and update occurs within the computeScore() # function as in SDK 4.X and before. # enable_auto_update_data_thread=yes # Name: enable_auto_update_engine_thread # Arguments: yes|no # Default: no # Description: # Launches a thread to automatically download and update the engine code. # If no, then the engine code must be manually updated. # enable_auto_update_engine_thread=no # Name: enable_stat_file # Arguments: yes|no # Default: yes # Description: # Logs IPs, Domains, URLs, suspicious words, etc. to the conf file system. # Logs can be automatically uploaded to Mailshell's analysis servers. # The logs can be converted to plain text for viewing. # enable_stat_file=yes # Name: enable_stat_file_upload_thread # Arguments: yes|no # Default: yes # Description: # Launches a thread to automatically upload statistics files to Mailshell's # analysis servers. Requires enable_stat_file=yes. # enable_stat_file_upload_thread=yes # Name: stat_file_upload_url # Arguments: URL # Default: http://tisdk.mailshell.net/cgi-bin/mailsh.cgi # Description: # URL where statistics files will be uploaded # stat_file_upload_url=http://tisdk.mailshell.net/cgi-bin/mailsh.cgi # Name: livefeed # Arguments: servername # Default: mailshell.net # Description: Specifies which server to query for LiveFeed requests. # livefeed=mailshell.net # Name: enable_dnscache # Arguments: yes|no # Default: yes # Description: Enable internal caching of DNS requests. # enable_dnscache=yes # Name: dnscache_max_entries # Arguments: integer # Default: 100000 # Description: Limits number of entries in internal DNS cache. # dnscache_max_entries=100000 # Name: dnscache_enable_filecache # Arguments: yes|no # Default: yes # Description: If enabled, DNS cache will store entries on disk on shutdown # and read from disk on initialization. # dnscache_enable_filecache=yes # Name: spambait_user_list # Arguments: List of email addresses. # Default: none # Description: If the RCPT TO: address from SMTP envelope matches an email # address in this list, then the statistics file will record tokens in email # message as being sent to a spambait address. Addresses must match exactly # ignoring case, wildcard entries are not supported. # spambait_user_list= # Name: nonexistent_user_list # Arguments: List of email addresses. # Default: none # Description: If the RCPT TO: address from SMTP envelope matches an email # address in this list, then the statistics file will record tokens in email # message as being sent to a nonexistent address. Addresses must match exactly # ignoring case, wildcard entries are not supported. # nonexistent_user_list= # Name: lbl_list # Arguments: List of LBL servers. # Default: none # Description: The Last Connecting IP is queried against the LBL server. # You can specify a different DNS lookup for the last connecting incoming IP. # Example: lbl_list=pbl.spamhaus.org # For the last connecting incoming IP, lbl_list is queried instead of rbl_list. # Otherwise, the rbl_list options such as rbl_threshold are also applied to lbl_list. # lbl_list= # Name: lbl_skip_list # Arguments: List of IPs not to query against LBL server. # Default: none # Description: If the Last Connecting IP matches against an IP in lbl_skip_list, # then that IP is queried against the RBL server(s) instead of the LBL server(s). # lbl_skip_list= # Name: ham_threshold # Arguments: integer # Default: 0 # Description: # This option allows you to tell the SDK to skip slow rule checks if the message # is likely to be ham. # ham_threshold=0 # Name: enable_country_training # Arguments: yes|no # Default: yes # Description: Controls whether country routing information should be considered # when training and scoring messages. # enable_country_training=yes # Name: enable_msf # Arguments: yes|no # Default: no # Description: Allows for use of an alternate fingerprinting algorithm known as MSF. # Not yet recommended for production. # enable_msf=no # Name: enable_spamcompiler # Arguments: yes|no # Default: yes # Description: Speeds up rules processing but requires a little bit more memory. # enable_spamcompiler=yes # Name: max_incr_size # Arguments: integer # Default: 100000 # Description: In order to reduce cpu usage while rule files are updated, the # on-disk cache files (sc*.tmp) are no longer regenerated on every single rule # update. Instead they are regenerated when there is a newer sc*.bin.full file # or when the sum of the sc*.bin.incr grows beyond the number of bytes # specified in max_incr_size. # max_incr_size=100000 # Name: msf_bulk_threshold # Arguments: integer # Default: 5 # Description: This option specifies how many similar messages are required in # order to consider a message bulk. # msf_bulk_threshold=5 # Name: msf_cleanup_threshold # Arguments: integer # Default: 5 # Description: This option specifies an internal variable which determines how # frequently the in-memory MSF cache is pruned. # msf_cleanup_threshold=5 # Name: msf_match_threshold # Arguments: integer between 0 and 100 # Default: 65 # Description: This option specifies the match percent threshold for two fingerprints. # If the match percent is higher than this threshold then messages are considered to # be the same. # msf_match_threshold=65 # Name: msf_max_entries # Arguments: integer # Default: 5000 # Description: This option specifies the number of MSF fingerprints to keep in memory. # The higher the number, the more memory is used but also the higher the accuracy. # msf_max_entries=5000 # Name: dnscache_dns_server # Arguments: Name of DNS server # Default: none # Description: DNS servers can now be explicitly specified to override # the default. # dnscache_dns_server= # Name: content_type # Arguments: category1:scaling_pct,category2:scaling_pct2,... # Default: auto # Description: Allows the end user to adjust the weights of categories # used in sc18 and in files used in custom_rules_list. # Notes: category: Name of category, currently limited to SPAM,PHISH,BOUNCE, # ADULT,FRAUD,BLANK,FORWARD and REPLY. This field is case insensitive. # scaling_pct: Any integer or BLOCK or APPROVE. The weight of rules matching # the corresponding category will be multiplied by the scaling factor to # produce a new effective weight. # Example: content_type=bounce:0,phish:-90,reply:APPROVE,BLANK:BLOCK,forward:150 # With this setting, 'bounce' rules will be ignored, 'phish' rules will # be diminished in weight by 90 percent, all 'reply' rules will be approved, # all 'blank' rules will be blocked, and all 'forward' rules will be # increased in weight by 150 percent. # content_type=auto # Name: enable_phrase_cache # Arguments: yes|no # Default: auto # Description: Enables usages of the sc18 phrase database # enable_phrase_cache=yes # Name: proxy_authtype # Arguments: auto|basic|digest # Default: auto # Description: Specifies which type of HTTP Proxy authentication should be used. # proxy_authtype=auto # Name: spamcompiler_version # Arguments: auto | 5.2 |5.1 | 6.0 # Default: auto # Description: Specifies what SpamCompiler version to use. When set to "auto", # the SDK will choose the best engine to use. # Notes: Improves accuracy and throughput. # spamcompiler_version=auto # Name: custom_rules_list # Arguments: filename1, filename2, ... # Default: none # Description: Allows user to specify a custom list of rules # (i.e. spam, ham, or phishing words/phrases). # Notes: Custom rules files contain phrases in the following # format on separate lines: phrase,type,confidence,caseSensitivity # phrase can be any text except commas. Any commas in the phrase # should be deleted. # type can be either SPAM, PHISH, BOUNCE, ADULT, or FRAUD. # If anything other than those are specified, the TYPE is automatically # assumed to be SPAM. # Confidence can be from 1 to 100. If type is SPAM, then 100 indicates # a higher confidence of spamminess. If type is PHISH, then 100 # indicates a higher confidence of phishiness. If type is BOUNCE, then # 100 indicates a higher confidence that phrase is related to bounces. # A higher confidence is more likely to impact the final score. # A value of 100 is a special case. If type is SPAM, then 100 will score # the message as 100. If type is PHISH, then 100 will score the message # as 100. If type is BOUNCE, then 100 will score the message as 100. # As always, any whitelist overrides any blacklist. # caseSensitivity value of 1 means that the phrase will be case sensitive; # 0 means that the phrase will be case insensitive. # Examples: # spamming is fun,SPAM,100,0 # phishing is Phun, PHISH,90,1 # return to sender,BOUNCE,80,0 # The first line means that all variations of "spamming is fun" are considered # as SPAM with a confidence of 100. The phrase is case insensitive. # The second line means that all variations of "phishing is phun" are considered # as PHISH with a confidence 90. The phrase is case sensitive. # The third line means that all variations of " return to sender " are considered # as BOUNCE with a confidence 80. The phrase is case insensitive. # custom_rules_list= # Name: enable_direct_dns # Arguments: auto|yes|no # Default: auto # Description: When set to yes and if dnscache_dns_server is not # specified, then the SDK will make LiveFeed requests directly to # the Mailshell LiveFeed servers. This option is ignored if # dnscache_dns_server is specified as it has precedence. # Notes: This option should be set to yes when direct queries are # more efficient than the default DNS servers. # enable_direct_dns=auto # Name: dnscache_min_ttl # Arguments: integer # Default: 0 seconds # Description: This option allows setting a minimum TTL for # entries in the SDK's internal DNS cache. # Notes: The option is specified in units of seconds. For # those DNS responses whose TTL value is less than dnscache_min_ttl, # the SDK's internal cache will instead use dnscache_min_ttl. # dnscache_min_ttl=0 # Name: livefeed_min_ttl # Arguments: integer # Default: 0 seconds # Description: This option allows setting a minimum TTL for entries # in the SDK's internal LiveFeed cache. # Notes: The option is specified in units of seconds. For those LiveFeed # responses whose TTL value is less than livefeed_min_ttl, the SDK's # internal cache will instead use livefeed_min_ttl. # livefeed_min_ttl=0 # Name: spf_recursion_depth # Arguments: integer # Default: 20 # Description: This option controls how many levels the SDK will recurse # when resolving SPF records. # Notes: Range of valid values 0 - MAX_INT (2^32) # RFC4408 Section 10.1 places a limit on recursion levels to prevent # Denial-of-Service attacks. The RFC specifies a value 10, however, some # real-world SPF records do not conform to this and higher levels of # recursion are required in order to fully resolve. # spf_recursion_depth=20 # Name: tmpdir # Arguments: path to directory # Default: none # Description: This parameter controls where the SDK will create # temporary files. # Notes: If argument is empty then temporary files will be created # in data directory # tmpdir= # Name: auto_config # Arguments: highend_desktop, lowend_desktop, highend_server, lowend_server # OR catch_rate:weight,fp_rate:weight, throughput:weight,latency:weight, # network:weight,cpu:weight, memory:weight,disk:weight, security:weight, # reliability:weight, privacy:weight,reporting:weight # Default: auto # Description: Sets options based on user-inputted system, performance, # and resource requirements # Notes: Weight can be either a number from 0-100 or "auto". Each key:weight # should be comma delimited. Inputting information for all key:weight # is not necessary. Missing key:weight will be assumed 'auto'. # auto_config=auto # Name: enable_livefeed_sender_repute # Arguments: auto|yes|no # Default: none # Description: If this option is set to no, SPF information via LiveFeed # is ignored. Instead the SDK will perform an independent SPF request. # enable_livefeed_sender_repute=