3
# Copyright (C) 2009-2010 Jari Aalto
7
# This program is free software; you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License as published by
9
# the Free Software Foundation; either version 2 of the License, or
10
# (at your option) any later version.
12
# This program is distributed in the hope that it will be useful,
13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
# GNU General Public License for more details.
17
# You should have received a copy of the GNU General Public License
18
# along with this program. If not, see <http://www.gnu.org/licenses/>.
22
# To learn what TOP LEVEL sections to use in manual pages,
23
# see POSIX/Susv standard and "Utility Description Defaults" at
24
# http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap01.html#tag_01_11
26
# This is manual page in Perl POD format. Read more at
27
# http://perldoc.perl.org/perlpod.html or run command:
29
# perldoc perlpod | less
31
# To check the syntax:
35
# Create manual page with command:
37
# pod2man PAGE.N.pod > PAGE.N
43
sa-heatu - Spamasassin Heuristic Email Address Tracker Utility
47
sa-heatu [options] [dbfile [timestamp-file]]
51
Check or clean a SpamAssassin auto-whitelist (AWL) database file.
53
The Auto-WhiteList (AWL) feature in Spamassassing tracks scores from
54
messages previously received and adjusts the message score, either by
55
boosting messages from senders who send ham or penalizing senders who
56
have sent spam previously. This not only treats some senders as if
57
they were whitelisted but also treats spammers as if they were
58
blacklisted. To enable AWL in spamassassin, read dcoumentation:
60
perldoc Mail::SpamAssassin::Conf
62
This is an enhanced version of the original AWL tool. The AWL database
63
can be examined and pruned; single email entries can be removed. This
64
is useful when a spammer sends one or more ham messages before sending
67
Without special options, the program generates a summary of the
70
$ sa-heatu -D -n /var/spool/spamassassin/auto-whitelist
73
0 entries would be expired.
74
0 timestamps would be added.
75
0 timestamps would be updated.
78
308 entries output = input - expired - removed.
80
With option B<--verbose> it generates output:
82
AVG TOTSCORE COUNT EMAIL IPBASE
84
I<AVG> is the average score; I<TOTSCORE> is the total score of all
85
mails seen so far; I<COUNT> is the number of messages seen from that
86
sender; I<EMAIL> is the sender's email address, and I<IPBASE> is the
87
B<AWL base IP address>.
89
I<AWL base IP address> is a way to identify the sender's IP address
90
they frequently send from, in an approximate way, but remaining hard
91
for spammers to spoof. The algorithm is as follows:
93
- Take the last Received header that contains a public IP address;
94
namely one which is not in private, unrouted IP space.
96
- Chop off the last two octets, assuming that the user may be in
97
an ISP's dynamic address pool.
99
Negative values indicate senders of ham:
102
6.8 6.8 1 support@midphase.com 72.26
103
-8.1 -16.2 2 users-return-@spamassassin.apache.org 98.109
104
1.4 15.9 11 partners@us.cyberoam.com 38.105
105
13.9 13.9 1 obdg@borgard.com 89.185
111
=item B<-D, --DONTupdatetimestamps>
113
No timestamps processing is done. Alias for B<--noTimestamps>.
115
=item B<-e, --expireOlderThan NUMBER>
117
Expire entries older than NUMBER of days.
119
=item B<-f, --firstTimes>
121
Use this for the first run to avoid reading timestamps.
127
=item B<-n, --noTimestamps>
129
No timestamps processing.
131
=item B<-p, --prune NUMBER>
133
Clean out infrequently-used AWL entries. The I<NUMBER> can be used to
134
select the threshold at which entries are kept or deleted. Value 1
135
means that entries seen once are deleted.
141
=item B<-r, --remove EMAIL>
143
Remove EMAIL from database.
145
=item B<-s, --showUpdates>
147
Output entries updated or added or removed, in addition to the
150
=item B<-v, --verbose>
152
Display more information. Note that this may display lot of
153
information from the database.
159
To see valid senders:
161
sa-heatu --verbose -D | sort -n | head -n 20
165
sa-heatu --verbose -D | sort -n | tail -n 20
167
To display single record:
169
sa-heatu --verbose -n | grep -i foo@example.com
171
To remove of I<foo@example.com> entry:
173
$ sa-heatu -n --remove foo@example.com
175
Using $HOME/.spamassassin/auto-whitelist
177
average total count found
178
34.5 34.5 1 foo@example.com 41.202
181
259 keys with 1 entry.
182
658 keys with 2 entries.
185
To shrink the database considerably by removing entries that only have
190
Average total count email address ip network address last time
191
updated: Note: the date and time stamp is the time sa-heatu was run,
192
not the time the email was received:
194
sa-heatu --verbose -D | sort -n | head -5
204
=item $HOME/.spamassassin
206
The default working directory of program where I<dbfile> etc. are
209
If I<dbfile> is not given the C<$HOME/.spamassassin/auto-whitelist> is
210
used. See also option B<auto_whitelist_path> in Spamassasin Perl module
211
I<Mail::SpamAssassin::Plugin::AWL> which typically points to
212
C</var/spool/spamassassin/auto-whitelist>.
219
Mail::SpamAssassin::Plugin::AWL(3p)
223
http://wiki.apache.org/spamassassin/AutoWhitelist
227
See STANDARDS for download link.
229
The original version this program is based on is at
230
http://svn.apache.org/repos/asf/spamassassin/branches/3.2/tools/check_whitelist
234
Program was written by Dennis G German <DGermansa@Real-world-Systems.com>
236
This manual page was written by Jari Aalto <jari.aalto@cante.net>.
237
Released under license GNU GPL version 2 or (at your option) any later
238
version. For more information about license, visit
239
<http://www.gnu.org/copyleft/gpl.html>.