@@ -117,16 +117,20 @@

 Directory in which MailScanner should find e\-mail messages for scanning. This can be any of the following:

 .br 

+.RS 7

+.IP  1. 4

+a directory name. 

+.br 

+Example: /var/spool/mqueue.in

+.IP  2. 4

+a wildcard giving directory names. 

+.br 

+Example: /var/spool/mqueue.in/*

+.IP  3. 4

+the name of a file containing a list of directory names, which can in turn contain wildcards. 

 .br 

-1. a directory name. Example: /var/spool/mqueue.in

-.br 

-

-.br 

-2. a wildcard giving directory names. Example: /var/spool/mqueue.in/*

-.br 

-

-.br 

-3. the name of a file containing a list of directory names, which can in turn contain wildcards. Example: /usr/local/etc/MailScanner/mqueue.in.list.conf

+Example: /usr/local/etc/MailScanner/mqueue.in.list.conf

+.RE

 .TP 

 \fBOutgoing Queue Dir\fR

@@ -515,17 +519,18 @@

 .br 

 Messages whose virus reports contain any of the words listed here will be treated as "silent" viruses. No messages will be sent back to the senders of these viruses, and the delivery to the recipient of the message can be controlled by the next option "Still Deliver Silent Viruses". This is primarily designed for viruses such as "Klez" and "Bugbear" which put fake addresses on messages they send, so there is no point informing the sender of the message, as it won't actually be them who sent it anyway. Other words that can be put in this list are the 5 special keywords

 .br 

+.RS 7

+.IP  \(bu 4

 HTML\-IFrame: inserting this will stop senders being warned about HTML Iframe tags, when they are not allowed.

-.br 

+.IP  \(bu 4

 HTML\-Codebase: inserting this will stop senders being warned about HTML Object Codebase tags, when they are not allowed.

-.br 

+.IP  \(bu 4

 Zip\-Password: inserting this will stop senders being warned about password\-protected zip files when they are not allowd. This keyword is not needed if you include All\-Viruses.

-.br 

+.IP  \(bu 4

 All\-Viruses: inserting this will stop senders being warned about any virus, while still allowing you to warn senders about HTML\-based attacks. This includes Zip\-Password so you don't need to include both.

 .br 

-

-.br 

 The default of "All\-Viruses" means that no senders of viruses will be notified (as the sender address is always forged these days anyway), but anyone who sends a message that is blocked for other reasons will still be notified.

+.RE

 .TP 

@@ -580,17 +585,16 @@

 .br 

 .br 

-Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. Possible Values:

-.br 

-

+Do you want to allow HTML <IFrame> tags in email messages? This is not a good idea as it allows various Microsoft Outlook security vulnerabilities to go unprotected, but if you have a load of mailing lists sending them, then you will want to allow them to keep your users happy. This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else. Possible Values:

 .br 

+.RS 7

+.IP  \(bu 4

 yes    => Allow these tags to be in the message

+.IP  \(bu 4

 no     => Ban messages containing these tags

+.IP  \(bu 4

 disarm => Allow these tags, but stop these tags from working

-.br 

-

-.br 

-This can also be the filename of a ruleset, so you can allow them from known mailing lists but ban them from everywhere else.

+.RE

 .TP 

 \fBLog IFrame Tags\fR

@@ -608,11 +612,14 @@

 .br 

 Do you want to allow <Form> tags in email messages? This is a bad idea as these are used as scams to pursuade people to part with credit card information and other personal data. This can also be the filename of a ruleset. Possible values:

 .br 

-

-.br 

+.RS 7

+.IP  \(bu 4

 yes    => Allow these tags to be in the message

+.IP  \(bu 4

 no     => Ban messages containing these tags

+.IP  \(bu 4

 disarm => Allow these tags, but stop these tags from working

+.RE

 .TP 

 \fBAllow Object Codebase Tags\fR

@@ -622,11 +629,14 @@

 .br 

 Do you want to allow <Object Codebase=...> tags in email messages? This is a bad idea as it leaves you unprotected against various Microsoft\-specific security vulnerabilities. But if your users demand it, you can do it. This can also be the filename of a ruleset. Possible values:

 .br 

-

-.br 

+.RS 7

+.IP  \(bu 4

 yes    => Allow these tags to be in the message

+.IP  \(bu 4

 no     => Ban messages containing these tags

+.IP  \(bu 4

 disarm => Allow these tags, but stop these tags from working

+.RE

 .TP 

 \fBConvert Dangerous HTML To Text\fR

@@ -1348,6 +1358,14 @@

 If a "Spam List" lookup times out for this many consecutive checks without ever succeeding, then the particular "Spam List" entry will not be used any more, as it appears to be unreachable. When MailScanner restarts itself after a few hours, MailScanner will try to use the entry again, in case service has resumed properly. 

 .TP 

+\fBSpam List Timeouts History\fR

+Default: 10

+.br 

+

+.br 

+The total number of Spam List attempts during which "Max Spam List Timeouts" will cause the spam list fo be marked as "unavailable". See the previous comment for more information. The default values of 5 and 10 mean that 5 timeouts in any sequence of 10 attempts will cause the list to be marked as "unavailable" until the next periodic restart (see "Restart Every").

+

+.TP 

 \fBIs Definitely Not Spam\fR

 Default: %rules\-dir%/spam.whitelist.rules

 .br 

@@ -1371,6 +1389,14 @@

 .br 

 Setting this to yes means that spam found in the blacklist is treated as "High Scoring Spam" in the "Spam Actions" section below. Setting it to no means that it will be treated as "normal" spam. This can also be the filename of a ruleset.

+

+.TP 

+\fBIgnore Spam Whitelist If Recipients Exceed\fR

+Default: 20

+.br 

+

+.br 

+Spammers have learnt that they can get their message through by sending a message with lots of recipients, one of which chooses to whitelist everything coming to them, including the spammer. So if a message arrives with more than this number of recipients, ignore the "Is Definitely Not Spam" whitelist.

 .SH "SpamAssassin"

 .TP 

 \fBUse SpamAssassin\fR

@@ -1420,11 +1446,7 @@

 .TP 

 \fBSpamAssassin Prefs File\fR

-Default: /opt/MailScanner/etc/spam.assassin.prefs.conf

-.br 

-Default Linux: /etc/MailScanner/spam.assassin.prefs.conf

-.br 

-Default FreeBSD: /usr/local/etc/MailScanner/spam.assassin.prefs.conf

+Default: %etc\-dir%/spam.assassin.prefs.conf

 .br 

 .br 

@@ -1447,6 +1469,14 @@

 If several consecutive calls to SpamAssassin time out, then MailScanner decides that there is something stopping SpamAssassin from working properly. It will therefore be disabled for the next few hours until MailScanner restarts itself, at which point it will be tried again. 

 .TP 

+\fBSpamAssassin Timeouts History\fR

+Default: 30

+.br 

+

+.br 

+The total number of SpamAssassin attempts during which "Max SpamAssassin Timeouts" will cause SpamAssassin to be marked as "unavailable". See the previous comment for more information. The default values of 10 and 20 mean that 10 timeouts in any sequence of 20 attempts will trigger the behaviour described above, until the next periodic restart (see "Restart Every").

+

+.TP 

 \fBCheck SpamAssassin If On Spam List\fR

 Default: yes

 .br 

@@ -1462,7 +1492,6 @@

 .br 

 If this option is set, then the "Spam Header" will be included in the header of every message, so its presence cannot be used to filter out spam by your users' e\-mail applications. 

-

 .TP 

 \fBSpam Score\fR

 Default: yes

@@ -1480,7 +1509,6 @@

 .br 

 If you are using the Bayesian statistics engine on a busy server, you may well need to force a Bayesian database rebuild and expiry at regular intervals. This is measures in seconds. 24 hours = 86400 seconds. To disable this feature set this to 0.

-

 .TP 

 \fBWait During Bayes Rebuild\fR

 Default: no

@@ -1502,35 +1530,25 @@

 .br 

 This can be any combination of 1 or more of the following keywords, and these actions are applied to any message which is spam. 

 .br 

-

-.br 

+.RS 7

+.IP  \(bu 4

 "deliver" \- the message is delivered to the recipient as normal 

-.br 

-

-.br 

+.IP  \(bu 4

 "delete" \- the message is deleted 

-.br 

-

-.br 

+.IP  \(bu 4

 "store" \- the message is stored in the quarantine 

-.br 

-.br 

+.IP  \(bu 4

 "forward" \- an email address is supplied, to which the message is forwarded 

-.br 

-

-.br 

+.IP  \(bu 4

 "notify" \- Send the recipients a short notification that spam addressed to them was not delivered. They can then take action to request retrieval of the orginal message if they think it was not spam.

-.br 

-

-.br 

+.IP  \(bu 4

 "striphtml" \- convert all in\-line HTML content in the message to be stripped to plain text, which removes all images and scripts and so can be used to protect your users from offensive spam. Note that using this action on its own does not imply that the message will be delivered, you will need to specify "deliver" or "forward" to actually deliver the message. 

-

-.br 

+.IP  \(bu 4

 "attachment" \- Convert the original message into an attachment of the message. This means the user has to take an extra step to open the spam, and stops "web bugs" very effectively.

-

-.br 

+.IP  \(bu 4

 "bounce" \- bounce the spam message. This option should not be used and must be enabled with the "Enable Spam Bounce" option first.

+.RE

 .TP 

 \fBHigh Scoring Spam Actions\fR

@@ -1654,10 +1672,12 @@

 .br 

 The per\-user files (bayes, auto\-whitelist, user_prefs) are looked for here and in ~/.spamassassin/. Note the files are mutable. If this is unset then no extra places are searched for. If using Postfix, you probably want to set this to /var/spool/MailScanner/spamassassin and do

-.br  

-	mkdir /var/spool/MailScanner/spamassassin

+

+.RS 10

+mkdir /var/spool/MailScanner/spamassassin

 .br 

-	chown postfix.postfix /var/spool/MailScanner/spamassassin

+chown postfix.postfix /var/spool/MailScanner/spamassassin

+.RE

 .TP 

 \fBSpamAssassin Install Prefix\fR

@@ -1673,7 +1693,21 @@

 .br 

 .br 

-The site\-local rules are searched for here, and in prefix /etc/spamassassin, prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin, /etc/mail/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect.

+This tells MailScanner where to look for the site\-local rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set):

+.RS 7

+.IP  \(bu 4

+prefix/etc/spamassassin

+.IP  \(bu 4

+prefix/etc/mail/spamassassin

+.IP  \(bu 4

+/usr/local/etc/spamassassin

+.IP  \(bu 4

+/etc/spamassassin

+.IP  \(bu 4

+/etc/mail/spamassassin

+.IP  \(bu 4

+maybe others as well

+.RE

 .TP 

 \fBSpamAssassin Default Rules Dir\fR

@@ -1681,7 +1715,17 @@

 .br 

 .br 

-The default rules are searched for here, and in prefix/share/spamassassin, /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others. If this is set then it adds to the list of places that are searched; otherwise it has no effect.

+This tells MailScanner where to look for the default rules. If this is set it adds to the list of places that are searched. MailScanner will always look at the following places (even if this option is not set):

+.RS 7

+.IP  \(bu 4

+prefix/share/spamassassin

+.IP  \(bu 4

+/usr/local/share/spamassassin

+.IP  \(bu 4

+/usr/share/spamassassin

+.IP  \(bu 4

+maybe others as well

+.RE

 .SH "Advanced Settings"

 .TP 

 \fBDebug\fR

@@ -1768,8 +1812,20 @@

 .br 

 .br 

-Some of the virus scanners are not supported by the authors of MailScanner, and they may use code contributed by another user. If this option is set to the wrong value for your virus scanners, then you will get an error message in your maillog (syslog) telling you tha# Are you using Exim with split spool directories? If you don't understand # this, the answer is probably "no". Refer to the Exim documentation for # more information about split spool directories.

-Split Exim Spool = yes

+Minimum acceptable code stability status \-\- if we come across code that's not at least as stable as this, we barf. This is currently only used to check that you don't end up using untested virus scanner support code without realising it. Don't even *think* about setting this to anything other than "beta" or "supported" on a system that receives real mail until you have tested it yourself and are happy that it is all working as you expect it to. Don't set it to anything other than "supported" on a system that could ever receive important mail. Levels used are:

+

+.RS 7

+.IP  \(bu 4

+none \- there may not even be any code.

+.IP  \(bu 4

+unsupported \- code may be completely untested, a contributed dirty hack, anything, really.

+.IP  \(bu 4

+alpha \- code is pretty well untested. Don't assume it will work.

+.IP  \(bu 4

+beta \- code is tested a bit. It should work.

+.IP  \(bu 4

+supported \- code *should* be reliable.

+.RE

 .TP 

 \fBSplit Exim Spool\fR

@@ -1785,20 +1841,17 @@

 .br 

 .br 

-When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the  "To:" addresses.  If this option is set to "yes", then the following happens when checking the ruleset:

-.br 

-

-.br 

-a) 1 recipient. Same behaviour as normal.

-.br 

-b) Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com".

+When trying to work out the value of configuration parameters which are using a ruleset, this controls the behaviour when a rule is checking the  "To:" addresses.  If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset. 

 .br 

-c) Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*".

-.br 

-

-.br 

-If this option is set to "no", then some rules will use the result they get from the first matching rule for any of the recipients of a message, so the exact value cannot be predicted for messages with more than 1 recipient. This value *cannot* be the filename of a ruleset.

-

+If this option is set to "yes", then the following happens when checking the ruleset:

+.RS 7

+.IP  a) 4

+1 recipient. Same behaviour as normal.

+.IP  b) 4

+Several recipients, but all in the same domain (domain.com for example). The rules are checked for one that matches the string "*@domain.com".

+.IP  c) 4

+Several recipients, not all in the same domain. The rules are checked for one that matches the string "*@*".

+.RE

 .SH "RULESETS"

 .LP 

 Ruleset files should all be put in /opt/MailScanner/etc/rules (FreeBSD: /usr/local/etc/MailScanner/rules) and their filename should end in ".rules" wherever possible.

--- ../MailScanner-4.30.3.orig/docs/man/MailScanner.conf.5.html	Mon May  3 10:48:25 2004

+++ docs/man/MailScanner.conf.5.html	Mon May  3 10:48:42 2004

@@ -1,5 +1,5 @@

 <!-- Creator     : groff version 1.19 -->

-<!-- CreationDate: Fri Apr  2 12:23:58 2004 -->

+<!-- CreationDate: Mon May  3 10:47:48 2004 -->

 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

 "http://www.w3.org/TR/html4/loose.dtd">

 <html>

@@ -331,17 +331,85 @@

 <!-- INDENTATION -->

 <p>Directory in which MailScanner should find e&minus;mail

 messages for scanning. This can be any of the following:</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="5" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>1.</p>

+</td>

+<td width="3%"></td>

+<td width="26%">

+

+<p>a directory name.</p>

+</td>

+<td width="46%">

+</td>

+</table>

 <!-- INDENTATION -->

-<p>1. a directory name. Example: /var/spool/mqueue.in</p>

-<!-- INDENTATION -->

-<p>2. a wildcard giving directory names. Example:

-/var/spool/mqueue.in/*</p>

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

+<p>Example: /var/spool/mqueue.in</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="5" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>2.</p>

+</td>

+<td width="3%"></td>

+<td width="52%">

+

+<p>a wildcard giving directory names.</p>

+</td>

+<td width="20%">

+</td>

+</table>

 <!-- INDENTATION -->

-<p>3. the name of a file containing a list of directory

-names, which can in turn contain wildcards. Example:

-/usr/local/etc/MailScanner/mqueue.in.list.conf</p>

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

+<p>Example: /var/spool/mqueue.in/*</p>

 </td>

 </table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>3.</p>

+</td>

+<td width="3%"></td>

+<td width="72%">

+

+<p>the name of a file containing a list of directory names,

+which can in turn contain wildcards.</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

+<p>Example:

+/usr/local/etc/MailScanner/mqueue.in.list.conf</p></td>

+</table>

 <!-- INDENTATION -->

 <table width="100%" border=0 rules="none" frame="void"

        cols="2" cellspacing="0" cellpadding="0">

@@ -1403,29 +1471,79 @@

 fake addresses on messages they send, so there is no point

 informing the sender of the message, as it won’t

 actually be them who sent it anyway. Other words that can be

-put in this list are the 5 special keywords<br>

-HTML−IFrame: inserting this will stop senders being

-warned about HTML Iframe tags, when they are not

-allowed.<br>

-HTML−Codebase: inserting this will stop senders being

-warned about HTML Object Codebase tags, when they are not

-allowed.<br>

-Zip−Password: inserting this will stop senders being

-warned about password−protected zip files when they

-are not allowd. This keyword is not needed if you include

-All&minus;Viruses.<br>

-All−Viruses: inserting this will stop senders being

-warned about any virus, while still allowing you to warn

-senders about HTML−based attacks. This includes

+put in this list are the 5 special keywords</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>HTML&minus;IFrame: inserting this will stop senders

+being warned about HTML Iframe tags, when they are not

+allowed.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>HTML&minus;Codebase: inserting this will stop senders

+being warned about HTML Object Codebase tags, when they are

+not allowed.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>Zip&minus;Password: inserting this will stop senders

+being warned about password−protected zip files when

+they are not allowd. This keyword is not needed if you

+include All&minus;Viruses.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>All&minus;Viruses: inserting this will stop senders

+being warned about any virus, while still allowing you to

+warn senders about HTML−based attacks. This includes

 Zip−Password so you don’t need to include

 both.</p>

+</td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>The default of &quot;All&minus;Viruses&quot; means that

 no senders of viruses will be notified (as the sender

 address is always forged these days anyway), but anyone who

 sends a message that is blocked for other reasons will still

-be notified.</p>

-</td>

+be notified.</p></td>

 </table>

 <!-- INDENTATION -->

 <table width="100%" border=0 rules="none" frame="void"

@@ -1590,15 +1708,47 @@

 Microsoft Outlook security vulnerabilities to go

 unprotected, but if you have a load of mailing lists sending

 them, then you will want to allow them to keep your users

-happy. Possible Values:</p>

-<!-- INDENTATION -->

-<p>yes =&gt; Allow these tags to be in the message no =&gt;

-Ban messages containing these tags disarm => Allow these

-tags, but stop these tags from working</p>

-<!-- INDENTATION -->

-<p>This can also be the filename of a ruleset, so you can

-allow them from known mailing lists but ban them from

-everywhere else.</p>

+happy. This can also be the filename of a ruleset, so you

+can allow them from known mailing lists but ban them from

+everywhere else. Possible Values:</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>yes =&gt; Allow these tags to be in the message</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>no =&gt; Ban messages containing these tags</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>disarm =&gt; Allow these tags, but stop these tags from

+working</p>

 </td>

 </table>

 <!-- INDENTATION -->

@@ -1615,8 +1765,14 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default: no</p>

+<p>Default: no</p></td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>You may receive complaints from your users that HTML

 mailing lists they subscribe to have been stopped by the

 "Allow IFrame Tags" option above. So before you

@@ -1649,10 +1805,44 @@

 people to part with credit card information and other

 personal data. This can also be the filename of a ruleset.

 Possible values:</p>

-<!-- INDENTATION -->

-<p>yes =&gt; Allow these tags to be in the message no =&gt;

-Ban messages containing these tags disarm => Allow these

-tags, but stop these tags from working</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>yes =&gt; Allow these tags to be in the message</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>no =&gt; Ban messages containing these tags</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>disarm =&gt; Allow these tags, but stop these tags from

+working</p>

 </td>

 </table>

 <!-- INDENTATION -->

@@ -1669,18 +1859,57 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default: no</p>

+<p>Default: no</p></td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>Do you want to allow &lt;Object Codebase=...&gt; tags in

 email messages? This is a bad idea as it leaves you

 unprotected against various Microsoft−specific

 security vulnerabilities. But if your users demand it, you

 can do it. This can also be the filename of a ruleset.

-Possible values:</p>

-<!-- INDENTATION -->

-<p>yes =&gt; Allow these tags to be in the message no =&gt;

-Ban messages containing these tags disarm => Allow these

-tags, but stop these tags from working</p>

+Possible values:</p></td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>yes =&gt; Allow these tags to be in the message</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>no =&gt; Ban messages containing these tags</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>disarm =&gt; Allow these tags, but stop these tags from

+working</p>

 </td>

 </table>

 <!-- INDENTATION -->

@@ -1697,8 +1926,14 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default: no</p>

+<p>Default: no</p></td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>This option interacts with the &quot;Allow ... Tags&quot;

 options above like this:</p>

 <!-- INDENTATION -->

@@ -3670,6 +3905,32 @@

 <tr valign="top" align="left">

 <td width="11%"></td>

 <td width="89%">

+<p><b>Spam List Timeouts History</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 10</p>

+<!-- INDENTATION -->

+<p>The total number of Spam List attempts during which

+"Max Spam List Timeouts" will cause the spam list

+fo be marked as "unavailable". See the previous

+comment for more information. The default values of 5 and 10

+mean that 5 timeouts in any sequence of 10 attempts will

+cause the list to be marked as "unavailable" until

+the next periodic restart (see "Restart

+Every&quot;).</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

 <p><b>Is Definitely Not Spam</b></p></td>

 </table>

 <!-- INDENTATION -->

@@ -3733,6 +3994,31 @@

 This can also be the filename of a ruleset.</p>

 </td>

 </table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

+<p><b>Ignore Spam Whitelist If Recipients

+Exceed</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 20</p>

+<!-- INDENTATION -->

+<p>Spammers have learnt that they can get their message

+through by sending a message with lots of recipients, one of

+which chooses to whitelist everything coming to them,

+including the spammer. So if a message arrives with more

+than this number of recipients, ignore the "Is

+Definitely Not Spam&quot; whitelist.</p>

+</td>

+</table>

 <a name="SpamAssassin"></a>

 <h2>SpamAssassin</h2>

 <!-- INDENTATION -->

@@ -3868,11 +4154,7 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default:

-/opt/MailScanner/etc/spam.assassin.prefs.conf<br>

-Default Linux: /etc/MailScanner/spam.assassin.prefs.conf<br>

-Default FreeBSD:

-/usr/local/etc/MailScanner/spam.assassin.prefs.conf</p>

+<p>Default: %etc&minus;dir%/spam.assassin.prefs.conf</p>

 <!-- INDENTATION -->

 <p>SpamAssassin uses a &quot;user preferences&quot; file

 which can be used to set the values of various SpamAssassin

@@ -3934,6 +4216,32 @@

 <tr valign="top" align="left">

 <td width="11%"></td>

 <td width="89%">

+<p><b>SpamAssassin Timeouts History</b></p></td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="78%">

+<p>Default: 30</p>

+<!-- INDENTATION -->

+<p>The total number of SpamAssassin attempts during which

+"Max SpamAssassin Timeouts" will cause

+SpamAssassin to be marked as "unavailable". See

+the previous comment for more information. The default

+values of 10 and 20 mean that 10 timeouts in any sequence of

+20 attempts will trigger the behaviour described above,

+until the next periodic restart (see "Restart

+Every&quot;).</p>

+</td>

+</table>

+<!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="11%"></td>

+<td width="89%">

 <p><b>Check SpamAssassin If On Spam List</b></p></td>

 </table>

 <!-- INDENTATION -->

@@ -4063,23 +4371,81 @@

 <p>This can be any combination of 1 or more of the following

 keywords, and these actions are applied to any message which

 is spam.</p>

-<!-- INDENTATION -->

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;deliver&quot; &minus; the message is delivered to

 the recipient as normal</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;delete&quot; &minus; the message is deleted</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;store&quot; &minus; the message is stored in the

 quarantine</p>

-<!-- INDENTATION -->

-<p>&quot;forward&quot; &minus; an email address is supplied,

-to which the message is forwarded</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>&quot;forward&quot; &minus; an email address is

+supplied, to which the message is forwarded</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;notify&quot; &minus; Send the recipients a short

 notification that spam addressed to them was not delivered.

 They can then take action to request retrieval of the

 orginal message if they think it was not spam.</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;striphtml&quot; &minus; convert all in&minus;line

 HTML content in the message to be stripped to plain text,

 which removes all images and scripts and so can be used to

@@ -4087,12 +4453,30 @@

 action on its own does not imply that the message will be

 delivered, you will need to specify "deliver" or

 &quot;forward&quot; to actually deliver the message.</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;attachment&quot; &minus; Convert the original

 message into an attachment of the message. This means the

 user has to take an extra step to open the spam, and stops

 &quot;web bugs&quot; very effectively.</p>

-<!-- INDENTATION -->

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

 <p>&quot;bounce&quot; &minus; bounce the spam message. This

 option should not be used and must be enabled with the

 &quot;Enable Spam Bounce&quot; option first.</p>

@@ -4112,8 +4496,14 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default: deliver</p>

+<p>Default: deliver</p></td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>This is the same as the &quot;Spam Actions&quot; option

 above, but it gives the actions to apply to any message

 whose SpamAssassin score is above the "High

@@ -4452,24 +4842,18 @@

 Note the files are mutable. If this is unset then no extra

 places are searched for. If using Postfix, you probably want

 to set this to /var/spool/MailScanner/spamassassin and

-do</p></td>

+do</p>

+</td>

 </table>

-<!-- TABS -->

+<!-- INDENTATION -->

 <table width="100%" border=0 rules="none" frame="void"

        cols="2" cellspacing="0" cellpadding="0">

 <tr valign="top" align="left">

-<td width="29%"></td>

-<td width="71%">

-

-<p>mkdir /var/spool/MailScanner/spamassassin</p>

-</td>

-<tr valign="top" align="left">

-<td width="29%"></td>

-<td width="71%">

-

-<p>chown postfix.postfix

-/var/spool/MailScanner/spamassassin</p>

-</td>

+<td width="26%"></td>

+<td width="74%">

+<p>mkdir /var/spool/MailScanner/spamassassin<br>

+chown postfix.postfix

+/var/spool/MailScanner/spamassassin</p></td>

 </table>

 <!-- INDENTATION -->

 <table width="100%" border=0 rules="none" frame="void"

@@ -4511,12 +4895,92 @@

 <td width="78%">

 <p>Default:</p>

 <!-- INDENTATION -->

-<p>The site&minus;local rules are searched for here, and in

-prefix /etc/spamassassin, prefix/etc/mail/spamassassin,

-/usr/local/etc/spamassassin, /etc/spamassassin,

-/etc/mail/spamassassin, and maybe others. If this is set

-then it adds to the list of places that are searched;

-otherwise it has no effect.</p>

+<p>This tells MailScanner where to look for the

+site−local rules. If this is set it adds to the list

+of places that are searched. MailScanner will always look at

+the following places (even if this option is not set):</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="5" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>prefix/etc/spamassassin</p>

+</td>

+<td width="29%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>prefix/etc/mail/spamassassin</p>

+</td>

+<td width="29%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>/usr/local/etc/spamassassin</p>

+</td>

+<td width="29%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>/etc/spamassassin</p>

+</td>

+<td width="29%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>/etc/mail/spamassassin</p>

+</td>

+<td width="29%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="43%">

+

+<p>maybe others as well</p>

+</td>

+<td width="29%">

 </td>

 </table>

 <!-- INDENTATION -->

@@ -4533,13 +4997,73 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default:</p>

+<p>Default:</p></td>

+</table>

 <!-- INDENTATION -->

-<p>The default rules are searched for here, and in

-prefix/share/spamassassin, /usr/local/share/spamassassin,

-/usr/share/spamassassin, and maybe others. If this is set

-then it adds to the list of places that are searched;

-otherwise it has no effect.</p>

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

+<p>This tells MailScanner where to look for the default

+rules. If this is set it adds to the list of places that are

+searched. MailScanner will always look at the following

+places (even if this option is not set):</p></td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="5" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="44%">

+

+<p>prefix/share/spamassassin</p>

+</td>

+<td width="28%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="44%">

+

+<p>/usr/local/share/spamassassin</p>

+</td>

+<td width="28%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="44%">

+

+<p>/usr/share/spamassassin</p>

+</td>

+<td width="28%">

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="44%">

+

+<p>maybe others as well</p>

+</td>

+<td width="28%">

 </td>

 </table>

 <a name="Advanced Settings"></a>

@@ -4797,15 +5321,78 @@

 <td width="78%">

 <p>Default: supported</p>

 <!-- INDENTATION -->

-<p>Some of the virus scanners are not supported by the

-authors of MailScanner, and they may use code contributed by

-another user. If this option is set to the wrong value for

-your virus scanners, then you will get an error message in

-your maillog (syslog) telling you tha# Are you using Exim

-with split spool directories? If you don’t understand

-# this, the answer is probably "no". Refer to the

-Exim documentation for # more information about split spool

-directories. Split Exim Spool = yes</p>

+<p>Minimum acceptable code stability status &minus;&minus;

+if we come across code that’s not at least as stable

+as this, we barf. This is currently only used to check that

+you don’t end up using untested virus scanner support

+code without realising it. Don’t even *think* about

+setting this to anything other than "beta" or

+"supported" on a system that receives real mail

+until you have tested it yourself and are happy that it is

+all working as you expect it to. Don’t set it to

+anything other than "supported" on a system that

+could ever receive important mail. Levels used are:</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>none &minus; there may not even be any code.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>unsupported &minus; code may be completely untested, a

+contributed dirty hack, anything, really.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>alpha &minus; code is pretty well untested. Don&rsquo;t

+assume it will work.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>beta &minus; code is tested a bit. It should work.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="1%">

+

+<p>&bull;</p>

+</td>

+<td width="5%"></td>

+<td width="72%">

+

+<p>supported &minus; code *should* be reliable.</p>

 </td>

 </table>

 <!-- INDENTATION -->

@@ -4822,8 +5409,14 @@

 <tr valign="top" align="left">

 <td width="22%"></td>

 <td width="78%">

-<p>Default: yes</p>

+<p>Default: yes</p></td>

+</table>

 <!-- INDENTATION -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="2" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="28%"></td>

+<td width="72%">

 <p>Are you using Exim with split spool directories? If you

 don’t understand this, the answer is probably

 "no". Refer to the Exim documentation for more

@@ -4850,22 +5443,55 @@

 <p>When trying to work out the value of configuration

 parameters which are using a ruleset, this controls the

 behaviour when a rule is checking the "To:"

-addresses. If this option is set to "yes", then

-the following happens when checking the ruleset:</p>

-<!-- INDENTATION -->

-<p>a) 1 recipient. Same behaviour as normal.<br>

-b) Several recipients, but all in the same domain

+addresses. If this option is set to "no", then

+some rules will use the result they get from the first

+matching rule for any of the recipients of a message, so the

+exact value cannot be predicted for messages with more than

+1 recipient. This value *cannot* be the filename of a

+ruleset.<br>

+If this option is set to "yes", then the following

+happens when checking the ruleset:</p>

+</td>

+</table>

+<!-- TABS -->

+<table width="100%" border=0 rules="none" frame="void"

+       cols="4" cellspacing="0" cellpadding="0">

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>a)</p>

+</td>

+<td width="3%"></td>

+<td width="72%">

+

+<p>1 recipient. Same behaviour as normal.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>b)</p>

+</td>

+<td width="3%"></td>

+<td width="72%">

+

+<p>Several recipients, but all in the same domain

 (domain.com for example). The rules are checked for one that

-matches the string &quot;*@domain.com&quot;.<br>

-c) Several recipients, not all in the same domain. The rules

-are checked for one that matches the string

+matches the string &quot;*@domain.com&quot;.</p>

+</td>

+<tr valign="top" align="left">

+<td width="22%"></td>

+<td width="3%">

+

+<p>c)</p>

+</td>

+<td width="3%"></td>

+<td width="72%">

+

+<p>Several recipients, not all in the same domain. The

+rules are checked for one that matches the string

 &quot;*@*&quot;.</p>

-<!-- INDENTATION -->

-<p>If this option is set to &quot;no&quot;, then some rules

-will use the result they get from the first matching rule

-for any of the recipients of a message, so the exact value

-cannot be predicted for messages with more than 1 recipient.

-This value *cannot* be the filename of a ruleset.</p>

 </td>

 </table>

 <a name="RULESETS"></a>

libexec/MailScanner/avg-wrapper.sample

libexec/MailScanner/avg-autoupdate.sample

%%PORTDOCS%%%%DOCSDIR%%/ellen2.jpg